FreeBSD VuXML: Documenting security issues in FreeBSD and the FreeBSD Ports Collection

vlc -- invalid id3v2 tags may lead to invalid memory dereferencing

Affected packages
0.9.0,3 < vlc < 1.1.2_1,3

Details

VuXML ID e7d91a3c-a7c9-11df-870c-00242b513d7c
Discovery 2010-07-29
Entry 2010-08-14

VideoLAN project reports:

VLC fails to perform sufficient input validation when trying to extract some meta-informations about input media through ID3v2 tags. In the failure case, VLC attempt dereference an invalid memory address, and a crash will ensure.

References

CVE Name CVE-2010-2937
URL http://www.videolan.org/security/sa1004.html