FreeBSD VuXML: Documenting security issues in FreeBSD and the FreeBSD Ports Collection

vlc -- format string vulnerability and integer overflow

Affected packages
vlc < 0.8.6c


VuXML ID 7128fb45-2633-11dc-94da-0016179b2dd5
Discovery 2007-06-05
Entry 2007-06-18
Modified 2010-05-12

isecpartners reports:

VLC is vulnerable to a format string attack in the parsing of Vorbis comments in Ogg Vorbis and Ogg Theora files, CDDA data or SAP/SDP service discovery messages. Additionally, there are two errors in the handling of wav files, one a denial of service due to an uninitialized variable, and one integer overflow in sampling frequency calculations.


CVE Name CVE-2007-3316
CVE Name CVE-2007-3467
CVE Name CVE-2007-3468