VLC Media Player < 2.0.2 Ogg_DecodePacket Function OGG File Handling Overflow
High Nessus Plugin ID 60049
The remote Windows host contains a media player that is affected by a buffer overflow vulnerability.
The version of VLC media player installed on the remote host is earlier than 2.0.2. It is, therefore, reportedly affected by a heap- based buffer overflow vulnerability. An error exists in the function 'Ogg_DecodePacket' in the file 'modules/demux/ogg.c' that does not properly validate input and could allow a heap-based buffer overflow. Opening a specially crafted file can result in the execution of arbitrary code.
Upgrade to VLC Media Player version 2.0.2 or later. Alternatively, remove any affected plugin files from VLC's plugins directory.