SecuritySpace - CVE-2014-9628

Vulnerability Search		Search 324607 CVE descriptions and 145615 test descriptions, access 10,000+ cross references.
	Tests CVE All

CVE ID: CVE-2014-9628

Description: The MP4_ReadBox_String function in modules/demux/mp4/libmp4.c in VideoLAN VLC media player before 2.1.6 allows remote attackers to trigger an unintended zero-size malloc and conduct buffer overflow attacks, and consequently execute arbitrary code, via a box size of 7.

Test IDs: 1.3.6.1.4.1.25623.1.0.703150

Cross References: Common Vulnerability Exposure (CVE) ID: CVE-2014-9628
http://openwall.com/lists/oss-security/2015/01/20/5
https://github.com/videolan/vlc/commit/2e7c7091a61aa5d07e7997b393d821e91f593c39

CVE ID:	CVE-2014-9628
Description:	The MP4_ReadBox_String function in modules/demux/mp4/libmp4.c in VideoLAN VLC media player before 2.1.6 allows remote attackers to trigger an unintended zero-size malloc and conduct buffer overflow attacks, and consequently execute arbitrary code, via a box size of 7.
Test IDs:	1.3.6.1.4.1.25623.1.0.703150
Cross References:	Common Vulnerability Exposure (CVE) ID: CVE-2014-9628 http://openwall.com/lists/oss-security/2015/01/20/5 https://github.com/videolan/vlc/commit/2e7c7091a61aa5d07e7997b393d821e91f593c39