Bug 88825

Summary: SEGFAULT in VLC due to crash in fribidi
Product: FriBidi Reporter: FuzzDragon <fuzzdragon1337>
Component: bidiAssignee: Behdad Esfahbod <freedesktop>
Status: NEW --- QA Contact:
Severity: critical    
Priority: high CC: freedesktop, fuzzdragon1337
Version: unspecified   
Hardware: All   
OS: All   
URL: https://car-online.fr:444/files/.vlc_report/.crashes/VLC-Mac/1416903622.458407.2/
Whiteboard:
i915 platform: i915 features:

Description FuzzDragon 2015-01-27 13:47:17 UTC 
crash in Fribidi
please see VLC security team analysis
https://trac.videolan.org/vlc/ticket/13297#comment:2


to reproduce, 
use repro.sh on Mac OS X, with VLC 2.1.5 installed:

wget --cut-dirs=3 --reject "index.html*" --relative -e robots=off --no-check-certificate -r --no-parent ​https://car-online.fr:444/files/.vlc_report/.crashes/VLC-Mac/1416903622.458407.2/


do you assign a CVE number or do I need to contact MITRE?
Comment 1 Behdad Esfahbod 2015-01-27 19:02:09 UTC 
Looks like this:

https://bugs.freedesktop.org/show_bug.cgi?id=79385

It's been fixed in master but we have not made any releases yet :(.

Behnam, would you be able to make a release soon?  Thanks.

If you need a CVE number, please report to MITRE.  Thanks.

Use of freedesktop.org services, including Bugzilla, is subject to our Code of Conduct. How we collect and use information is described in our Privacy Policy.