Facebook Google Plus Twitter LinkedIn YouTube RSS Menu Search Resource - BlogResource - WebinarResource - ReportResource - Eventicons_066 icons_067icons_068icons_069icons_070

VLC Media Player 2.x < 2.2.1 Multiple Vulnerabilities

High

Synopsis

The remote host contains a media application that is affected by multiple attack vectors.

Description

The remote host is running VLC 2.x prior to 2.2.1 and is affected by multiple vulnerabilities :

- A flaw exists that is triggered as user-supplied input is not properly validated when handling a specially crafted MP4 file. This may allow a context-dependent attacker to corrupt memory and potentially execute arbitrary code. (OSVDB 133862) - An overflow condition exists that is triggered as user-supplied input is not properly validated when handling a WAV file. This may allow a context-dependent attacker to cause a heap-based buffer overflow, resulting in a denial of service or potentially allowing the execution of arbitrary code. (OSVDB 136501)

Solution

Upgrade to VLC Media Player 2.x version 2.2.1 or later.