Forum Thread: Secunia Advisory SA51995 for VLC Media Player ASF Processing Buff...

You are currently viewing a forum thread in the Secunia Community Forum. Please note that opinions expressed here are not of Secunia but solely reflect those of the user who wrote it.

This thread was submitted in the following forum:
Programs

Relating to this vendor:
VideoLAN
And, this specific program:
VLC Media Player 2.x

This thread has been marked as locked.
gregorio2 Secunia Advisory SA51995 for VLC Media Player ASF Processing Buffer Overflow Vulnerability
Member 6th Apr, 2013 13:20
Ranking: 2
Posts: 14
User Since: 20th Jan, 2009
System Score: N/A
Location: US
Last edited on 6th Apr, 2013 13:23

Secunia Advisory SA51995 for VLC Media Player ASF Processing Buffer Overflow Vulnerability is not showing up in Online References section of Additional Information pop-up for this program.
Advisory states it affects version 2.0.5.0 yet scan says this version of program is patched.
I am using PSI version 2.0.0.3003.
I only discovered this vulnerability by going to Advisories by product and looking at latest list.
(List for 2013)
http://secunia.com/advisories/product/39838/?task=...

What gives? You put out a advisory you rate as highly critical but do not really get it out?
How is your database updated or is it broken? SA released 2013-01-30, over two months ago.
Please, can a Secunia Official post an answer?

PS: Link information on VideoLan
It seems they have not put up a link for sa1302 on their main security page and that is why I am posting it here.
http://www.videolan.org/security/sa1302.html

They say fix was made 17 Jan 2013 in up coming version 2.0.6.0 but are still working on other fixes going into 2.0.6.0

This is from above page:
Workarounds
The user should refrain from opening files from untrusted third parties or accessing untrusted remote sites (or disable the VLC browser plugins), until the patch is applied.
Alternatively, the ASF demuxer (libasf_plugin.*) can be removed manually from the VLC plugin installation directory. This will prevent ASF movie playback.

This user no longer exists RE: Secunia Advisory SA51995 for VLC Media Player ASF Processing Buffer Overflow Vulnerability
Secunia Official 8th Apr, 2013 12:00
Are you by any chance referring to the Secure Browsing page in PSI 2?
Since the advisory for SA51995 has the solution status of unpatched it will only show up on the Secure Browsing page, not on the Scan Results page. However, the Secure Browsing page currently shows SA51464. If or when that advisory changes solution status to patched, SA51995 should show up.
klausus02 RE: Secunia Advisory SA51995 for VLC Media Player ASF Processing Buffer Overflow Vulnerability
Member 11th Apr, 2013 19:08
Score: 89
Posts: 144
User Since: 4th Feb 2011
System Score: N/A
Location: DE
@ E.Jeppesen

... may I use this opportunity to remember the thread:

http://secunia.com/community/forum/thread/show/136... ?

On 5th Feb 2013 I posted some findings about the possible solution status of SA51464. Am I right in assuming that my line of arguments is not sufficient to regard SA51464 as fixed?




Was this reply relevant?
+0
-0
This user no longer exists RE: Secunia Advisory SA51995 for VLC Media Player ASF Processing Buffer Overflow Vulnerability
Secunia Official 12th Apr, 2013 09:47
@klausus02
As already mentioned in the thread, I have no further information than what I have previously supplied. I will update the thread if I should receive any.

This thread has been marked as locked.