VLC Media Player < 1.0.1 real_get_rdt_chunk() Function Overflow
High Nessus Plugin ID 40466
SynopsisThe remote Windows host contains an application that is affected by a buffer overflow vulnerability.
DescriptionThe version of VLC media player installed on the remote host is earlier than 1.0.1. Such versions contain an integer underflow involving the integer 'size' in the 'real_get_rdt_chunk_header()' function that can be triggered when reading Real Data Transport (RDT) chunk headers. This 'size' variable is used before the underflow to allocate storage on the heap and then after it to read an excessive amount of data from the network via the 'rtsp_read_data()' function, resulting in a buffer overflow. If an attacker can trick a user into opening a specially crafted RTSP stream with the affected application, arbitrary code could be executed, subject to the user's privileges.
SolutionUpgrade to VLC Media Player version 1.0.1 or later.