VLC Media Player < 2.1.5 Multiple Vulnerabilities

This script is Copyright (C) 2014 Tenable Network Security, Inc.

Synopsis :

The remote Windows host contains a media player that is affected by
multiple vulnerabilities.

Description :

The version of VLC media player installed on the remote host is prior
to 2.1.5. It is, therefore, affected by the following
vulnerabilities :

- An error exists in the png_push_read_chunk() function
within the file 'pngpread.c' from the included libpng
library that can allow denial of service attacks.

- A buffer overflow error exists in the
read_server_hello() function within the file
'lib/gnutls_handshake.c' from the included GnuTLS
library that can allow arbitrary code execution or
denial of service. (CVE-2014-3466)

- A heap-based buffer overflow error exists in the
transcode module due to improper validation of
user-supplied input when handling invalid channel
counts. An attacker can exploit this to execute
arbitrary code. (CVE-2014-6440)

See also :


Solution :

Upgrade to version 2.1.5 or later.

Risk factor :

Medium / CVSS Base Score : 6.8
CVSS Temporal Score : 5.9
Public Exploit Available : false

Family: Windows

Nessus Plugin ID: 78626 ()

Bugtraq ID: 65776

CVE ID: CVE-2014-0333

Ready to Amp Up Your Nessus Experience?

Get Nessus Professional to scan unlimited IPs, run compliance checks & more

Buy Nessus Professional Now