Test ID:	1.3.6.1.4.1.25623.1.1.10.2013.0241
Category:	Mageia Linux Local Security Checks
Title:	Mageia: Security Advisory (MGASA-2013-0241)
Summary:	The remote host is missing an update for the 'vlc' package(s) announced via the MGASA-2013-0241 advisory.
Description:	Summary: The remote host is missing an update for the 'vlc' package(s) announced via the MGASA-2013-0241 advisory. Vulnerability Insight: 2.0.8 Demux: * sgimb: use after free (fixes #8724 [link moved to references] ) * Improve resistance and checking against malformed MKV files (Check element size before reading it. This should avoid integer overflows inside the libebml causing heap buffer overflow. Since new called by the lib is limited to SIZE_MAX bytes.) Access: * qtsound: fix crash when freeing memory 2.0.7 Input: * Fix memory exhaustion vulnerability when playing specifically crafted playlist files. (stream_ReadLine: correctly return an error on overflow fixes #7361 [link moved to references] ) HTTP Interface: * lua http: Fix two xss vulnerabilities (CVE-2013-3565) Affected Software/OS: 'vlc' package(s) on Mageia 2, Mageia 3. Solution: Please install the updated package(s). CVSS Score: 4.3 CVSS Vector: AV:N/AC:M/Au:N/C:N/I:P/A:N
Cross-Ref:	Common Vulnerability Exposure (CVE) ID: CVE-2013-3565 http://git.videolan.org/gitweb.cgi/vlc.git/?p=vlc.git;a=commitdiff;h=bf02b8dd211d5a52aa301a9a2ff4e73ed8195881 http://lists.opensuse.org/opensuse-updates/2014-03/msg00001.html http://www.videolan.org/developers/vlc-branch/NEWS https://www3.trustwave.com/spiderlabs/advisories/TWSL2013-007.txt
Copyright	Copyright (C) 2022 Greenbone AG

This is only one of 145615 vulnerability tests in our test suite. Find out more about running a complete security audit. To run a free test of this vulnerability against your system, register below.