CVE-2009-1045

Publication date 23 March 2009

Last updated 24 July 2024


Ubuntu priority

requests/status.xml in VLC 0.9.8a allows remote attackers to cause a denial of service (stack consumption and crash) via a long input argument in an in_play action.

Read the notes from the security team

Status

No maintained releases are affected by this CVE.

Package Ubuntu Release Status
vlc 9.10 karmic
Not affected
9.04 jaunty
Not affected
8.10 intrepid
Fixed 0.9.4-1ubuntu3.2
8.04 LTS hardy
Not affected
7.10 gutsy Ignored end of life, was needed
6.06 LTS dapper Ignored end of life

Notes


mdeslaur

PoC: http://www.milw0rm.com/exploits/8213

Patch details

For informational purposes only. We recommend not to cherry-pick updates. How can I get the fixes?

Package Patch details
vlc