Debian DSA-1332-1 : vlc - several vulnerabilities

high Nessus Plugin ID 25695

Synopsis

The remote Debian host is missing a security-related update.

Description

Several remote vulnerabilities have been discovered in the VideoLan multimedia player and streamer, which may lead to the execution of arbitrary code. The Common Vulnerabilities and Exposures project identifies the following problems :

- CVE-2007-3316 David Thiel discovered that several format string vulnerabilities may lead to the execution of arbitrary code.

- CVE-2007-3467 David Thiel discovered an integer overflow in the WAV processing code.

This update also fixes several crashes, which can be triggered through malformed media files.

Solution

Upgrade the vlc packages.

For the oldstable distribution (sarge) these problems have been fixed in version 0.8.1.svn20050314-1sarge3. Packages for the powerpc architecture are not yet available. They will be provided later.

For the stable distribution (etch) these problems have been fixed in version 0.8.6-svn20061012.debian-5etch1.

Plugin Details

Severity: High

ID: 25695

File Name: debian_DSA-1332.nasl

Version: 1.20

Type: local

Agent: unix

Family: Debian Local Security Checks

Published: 7/11/2007

Updated: 1/4/2021

Supported Sensors: Agentless Assessment, Continuous Assessment, Frictionless Assessment Agent, Nessus Agent, Nessus

Risk Information

VPR

Risk Factor: High

Score: 7.4

CVSS v2

Risk Factor: High

Base Score: 9.3

Vector: CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C

Vulnerability Information

CPE: p-cpe:/a:debian:debian_linux:vlc, cpe:/o:debian:debian_linux:4.0, cpe:/o:debian:debian_linux:3.1

Required KB Items: Host/local_checks_enabled, Host/Debian/release, Host/Debian/dpkg-l

Exploit Available: true

Exploit Ease: Exploits are available

Patch Publication Date: 7/9/2007

Exploitable With

Core Impact

Reference Information

CVE: CVE-2007-3316, CVE-2007-3467, CVE-2007-3468

DSA: 1332

Detections

Analytics