• Dan Rosenberg's avatar
    Fix heap overflows in CDG decoder · f9b664ea
    Dan Rosenberg authored
    This patch resolves two heap corruption vulnerabilities in the CDG
    decoder for VLC media player.  In both cases, a failure to properly
    validate indexes into statically-sized arrays on the heap could allow a
    maliciously crafted CDG video to corrupt the heap in a controlled
    manner, potentially leading to code execution.
    
    The patch is against v1.1.5 from vlc git, but this decoder hasn't been
    touched in awhile, so I'd expect it to cleanly apply to older versions.
    I've tested it and confirmed it resolves the heap corruption issues and
    does not break functionality.
    
    (...)
    Signed-off-by: default avatarRémi Denis-Courmont <remi@remlab.net>
    f9b664ea
cdg.c 13.1 KB