Bug 53635 – vlc: Multiple issues (4.4)

Bug 53635 - vlc: Multiple issues (4.4)


Summary:	vlc: Multiple issues (4.4)

Status:	CLOSED FIXED

Product:	UCS
Classification:	Unclassified
Component:	Security updates
Version:	UCS 4.4
Hardware:	All Linux

Importance:	P3 normal (vote)
Target Milestone:	UCS 4.4-8-errata
Assigned To:	Quality Assurance
QA Contact:	Philipp Hahn

URL:
Keywords:

Depends on:
Blocks:
	Show dependency tree / graph

Reported:	2021-08-09 11:11 CEST by Quality Assurance
Modified:	2021-08-11 16:48 CEST (History)
CC List:	0 users

See Also:
What kind of report is it?:	Security Issue
What type of bug is this?:	---
Who will be affected by this bug?:	---
How will those affected feel about the bug?:	---
User Pain:
Enterprise Customer affected?:
School Customer affected?:
ISV affected?:
Waiting Support:
Flags outvoted (downgraded) after PO Review:
Ticket number:
Bug group (optional):
Max CVSS v3 score:	7.5 (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H) NVD

Attachments
Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.

Description Quality Assurance

2021-08-09 11:11:59 CEST

New Debian vlc 3.0.11-0+deb9u2 fixes:
This update addresses the following issues:
* A buffer overflow vulnerability in the __Parse_indx component of VideoLAN  VLC Media Player 3.0.11 allows attackers to cause an out-of-bounds read via  a crafted .avi file. (CVE-2021-25801)
* A buffer overflow vulnerability in the AVI_ExtractSubtitle component of  VideoLAN VLC Media Player 3.0.11 allows attackers to cause an out-of-bounds  read via a crafted .avi file. (CVE-2021-25802)
* A buffer overflow vulnerability in the vlc_input_attachment_New component  of VideoLAN VLC Media Player 3.0.11 allows attackers to cause an  out-of-bounds read via a crafted .avi file. (CVE-2021-25803)
* A NULL-pointer dereference in "Open" in avi.c of VideoLAN VLC Media Player  3.0.11 can a denial of service (DOS) in the application. (CVE-2021-25804)

Comment 1 Quality Assurance

2021-08-09 12:00:19 CEST

--- mirror/ftp/4.4/unmaintained/4.4-5/source/vlc_3.0.11-0+deb9u1.dsc
+++ apt/ucs_4.4-0-errata4.4-8/source/vlc_3.0.11-0+deb9u2.dsc
@@ -1,3 +1,17 @@
+3.0.11-0+deb9u2 [Tue, 03 Aug 2021 13:53:11 +0100] Chris Lamb <lamby@debian.org>:
+
+  * CVE-2021-25801: A buffer overflow vulnerability in the __Parse_indx
+    component allowed attackers to cause an out-of-bounds read via a crafted
+    .avi file.
+  * CVE-2021-25802: A buffer overflow vulnerability in the AVI_ExtractSubtitle
+    component could have allowed attackers to cause an out-of-bounds read via a
+    crafted .avi file.
+  * CVE-2021-25803: A buffer overflow vulnerability in the
+    vlc_input_attachment_New component allowed attackers to cause an
+    out-of-bounds read via a specially-crafted .avi file.
+  * CVE-2021-25804: A NULL-pointer dereference in "Open" in avi.c can result in
+    a denial of service (DoS) vulnerability.
+
 3.0.11-0+deb9u1 [Mon, 15 Jun 2020 23:12:02 +0200] Sebastian Ramacher <sramacher@debian.org>:
 
   * New upstream release

<http://piuparts.knut.univention.de/4.4-8/#4033823145912759852>

Comment 2 Philipp Hahn

2021-08-09 15:33:13 CEST

OK: yaml
OK: announce_errata
OK: patch
OK: piuparts

[4.4-8] a072eb3bf3 Bug #53635: vlc 3.0.11-0+deb9u2
 doc/errata/staging/vlc.yaml | 22 +++++++++++-----------
 1 file changed, 11 insertions(+), 11 deletions(-)

[4.4-8] c11b2f4a53 Bug #53635: vlc 3.0.11-0+deb9u2
 doc/errata/staging/vlc.yaml | 25 +++++++++++++++++++++++++
 1 file changed, 25 insertions(+)

Comment 3 Philipp Hahn

2021-08-11 16:48:32 CEST

<https://errata.software-univention.de/#/?erratum=4.4x1026>