[vlc-devel] CVE-2009-1045 VLC 0.9.8a DoS (crash) and possibly arbitrary code execution
Jean-Baptiste Kempf
jb at videolan.org
Tue Mar 24 22:56:37 CET 2009
Hello,
On Tue, Mar 24, 2009 at 06:26:02PM +0100, Ján iankko Lieskovský wrote :
> http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-1045
>
> Checked it affects VLC 0.9.8a (but didn't try the latest git version).
>
> PoC is available here: http://www.milw0rm.com/exploits/8213
>
> Could you please address this flaw?
This was already addressed in :
http://git.videolan.org/?p=vlc.git;a=commitdiff;h=abc867adb981772703c5d33711736f531a4551b4
> P.S.: Is there some dedicated e-mail address to report potential security issues in VLC other
> from this one?
videolan@ or security@
Best Regards,
--
Jean-Baptiste Kempf
http://www.jbkempf.com/
More information about the vlc-devel
mailing list