-
This patch resolves two heap corruption vulnerabilities in the CDG decoder for VLC media player. In both cases, a failure to properly validate indexes into statically-sized arrays on the heap could allow a maliciously crafted CDG video to corrupt the heap in a controlled manner, potentially leading to code execution. The patch is against v1.1.5 from vlc git, but this decoder hasn't been touched in awhile, so I'd expect it to cleanly apply to older versions. I've tested it and confirmed it resolves the heap corruption issues and does not break functionality. (...) Signed-off-by:Rémi Denis-Courmont <remi@remlab.net>
f9b664ea
