 |
Inicial ▼ Bookkeeping
Online ▼ Auditorias ▼
DNS
Administrado ▼
Acerca de DNS
Ordenar/Renovar
Preguntas Frecuentes
AUP
Dynamic DNS Clients
Configurar Dominios Dynamic DNS Update Password Monitoreo
de Redes ▼
Enterprise
Avanzado
Estándarr
Prueba
Preguntas Frecuentes
Resumen de Precio/Funciones
Ordenar
Muestras
Configure/Status Alert Profiles | ||
| ID de Prueba: | 1.3.6.1.4.1.25623.1.1.10.2015.0053 |
| Categoría: | Mageia Linux Local Security Checks |
| Título: | Mageia: Security Advisory (MGASA-2015-0053) |
| Resumen: | The remote host is missing an update for the 'vlc' package(s) announced via the MGASA-2015-0053 advisory. |
| Descripción: | Summary: The remote host is missing an update for the 'vlc' package(s) announced via the MGASA-2015-0053 advisory. Vulnerability Insight: Updated vlc packages fix security vulnerabilities: On 32 bit builds, parsing of update status files with a size of 4294967295 or more lead to an integer truncation caused by a cast to size_t in a call to malloc and a subsequent buffer overflow. This happened prior to checking the files' signature (CVE-2014-9625). The MP4 demuxer, when parsing string boxes, did not properly check the length of the box, leading to a possible integer underflow when using this length value in a call to memcpy(). This could allow remote attackers to cause a denial of service (crash) or arbitrary code execution via crafted MP4 files (CVE-2014-9626). The MP4 demuxer, when parsing string boxes, did not properly check that the conversion of the box length from 64bit integer to 32bit integer on 32bit platforms did not cause a truncation, leading to a possible buffer overflow. This could allow remote attackers to cause a denial of service (crash) or arbitrary code execution via crafted MP4 files (CVE-2014-9627). The MP4 demuxer, when parsing string boxes, did not properly check the length of the box, leading to a possible buffer overflow. This could allow remote attackers to cause a denial of service (crash) or arbitrary code execution via crafted MP4 files (CVE-2014-9628). The Dirac and Schroedinger encoders did not properly check for an integer overflow on 32bit platforms, leading to a possible buffer overflow. This could allow remote attackers to cause a denial of service (crash) or arbitrary code execution (CVE-2014-9629). When streaming ogg-files via rtp, an ogg-file can trigger an invalid memory write access using an overly long 'configuration' string, which causes an attempted stack allocation with an attacker-controlled size (CVE-2014-9630). Affected Software/OS: 'vlc' package(s) on Mageia 4. Solution: Please install the updated package(s). CVSS Score: 6.8 CVSS Vector: AV:N/AC:M/Au:N/C:P/I:P/A:P |
| Referencia Cruzada: |
Common Vulnerability Exposure (CVE) ID: CVE-2014-9625 http://openwall.com/lists/oss-security/2015/01/20/5 https://github.com/videolan/vlc/commit/fbe2837bc80f155c001781041a54c58b5524fc14 Common Vulnerability Exposure (CVE) ID: CVE-2014-9626 https://github.com/videolan/vlc/commit/2e7c7091a61aa5d07e7997b393d821e91f593c39 Common Vulnerability Exposure (CVE) ID: CVE-2014-9627 Common Vulnerability Exposure (CVE) ID: CVE-2014-9628 Common Vulnerability Exposure (CVE) ID: CVE-2014-9629 https://github.com/videolan/vlc/commit/9bb0353a5c63a7f8c6fc853faa3df4b4df1f5eb5 Common Vulnerability Exposure (CVE) ID: CVE-2014-9630 https://github.com/videolan/vlc/commit/204291467724867b79735c0ee3aeb0dbc2200f97 |
| Copyright | Copyright (C) 2022 Greenbone AG |
| Esta es sólo una de 145615 pruebas de vulnerabilidad en nuestra serie de pruebas. Encuentre más sobre cómo ejecutar una auditoría de seguridad completa. Para ejecutar una prueba gratuita de esta vulnerabilidad contra su sistema, regístrese ahora. |