[vlc-devel] [LATTE] Re: commit: Fix sscanf overflow
Rémi Denis-Courmont
rdenis at simphalempin.com
Thu Nov 6 12:39:40 CET 2008
On Wed, 5 Nov 2008 21:38:15 +0100 (CET), git at videolan.org (git version
control) wrote:
> vlc | branch: 0.9-bugfix | Rémi Denis-Courmont <rdenis at simphalempin.com>
|
> Wed Nov 5 22:04:56 2008 +0200|
[e3cef651125701a2e33a8d75b815b3e39681a447]
> | committer: Rémi Denis-Courmont
>
> Fix sscanf overflow
I have to say I am pretty pissed off that this sort of UTTERLY STUPID
BRAIN-DAMAGED CRAP can still get committed.
The CUE bug is obvious, but not completely obvious. It's rather old code
from 2002. At that time, it seems that nobody cared about vulnerabilities
in this project [1] and most of the currently active developers were not
even involved yet.
[1]
http://mailman.videolan.org/pipermail/vlc-devel/2003-October/008484.html
But this subtitle bug! That is not even a year old. And it's blatantly
_OBVIOUS_: reading an arbitrary sized input into a fixed size buffer. And
it's trivially exploitable: stack-based buffer overflow.
Seriously. We have now way more advisories than Wireshark this year.
--
Rémi Denis-Courmont
More information about the vlc-devel
mailing list