[vlc-devel] CVE-2009-1045 VLC 0.9.8a DoS (crash) and possibly arbitrary code execution

Steven M. Christey coley at linus.mitre.org
Wed Mar 25 00:43:39 CET 2009

Apologies, below is the CVE as currently modified.

Name: CVE-2009-1045
Status: Candidate
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-1045
Reference: MILW0RM:8213
Reference: URL:http://www.milw0rm.com/exploits/8213
Reference: MLIST:[oss-security] 20090317 CVE request -- firefox, vlc, WeeChat
Reference: URL:http://www.openwall.com/lists/oss-security/2009/03/17/4
Reference: MISC:http://bugs.gentoo.org/show_bug.cgi?id=262708
Reference: XF:vlcmediaplayer-web-status-bo(49249)
Reference: URL:http://xforce.iss.net/xforce/xfdb/49249

requests/status.xml in VLC 0.9.8a allows remote attackers to cause a
denial of service (stack consumption and crash) via a long input
argument in an in_play action.

More information about the vlc-devel mailing list