VLC get_chunk_header Function TiVo File Remote Code Execution
High Nessus Plugin ID 63137
SynopsisThe remote Windows host contains a media player that is affected by a code execution vulnerability.
DescriptionThe version of VLC installed on the remote host is 0.x later than 0.9.0 or 1.x earlier than or equal to 1.1.12. It, therefore, contains a double-free error in the function 'get_chunk_header' in the file 'modules/demux/ty.c'. This error can be exploited by a specially crafted TiVo (TY) file, which could lead to remote arbitrary code execution.
SolutionUpgrade to VLC version 1.1.13 / 2.0.0 or later. Alternatively, remove any affected plugin files from VLC's plugins directory.