FreeBSD : vlc -- arbitrary pointer dereference vulnerability (a0a4e24c-4760-11e5-9391-3c970e169bc2)
Medium Nessus Plugin ID 85574
SynopsisThe remote FreeBSD host is missing a security-related update.
DescriptionoCERT reports :
The stable VLC version suffers from an arbitrary pointer dereference vulnerability.
The vulnerability affects the 3GP file format parser, insufficient restrictions on a writable buffer can be exploited to execute arbitrary code via the heap memory. A specific 3GP file can be crafted to trigger the vulnerability.
Credit: vulnerability reported by Loren Maggiore of Trail of Bits.
SolutionUpdate the affected package.