VLC Media Player < 1.0.2 Multiple Buffer Overflows (deprecated)

Medium Nessus Network Monitor Plugin ID 5188


The remote host contains an application that is vulnerable to multiple attack vectors.


The version of VLC media player installed on the remote host that is earlier than 1.0.2. Such versions are potentially vulnerable to a stack overflow when parsing a MPF, ASF, or AVI file with an overly deep box structure. If an attacker can trick a user into opening a specially crafted MP4, ASF, or AVI file with the affected application, he may be able to execute arbitrary code subject to the user's privileges.


Upgrade to VLC Media Player 1.0.2 or later.

See Also


Plugin Details

Severity: Medium

ID: 5188

Family: Web Clients

Published: 2009/09/25

Modified: 2016/01/19

Dependencies: 1735, 8314

Nessus ID: 41626

Risk Information

Risk Factor: Medium


Base Score: 6.8

Temporal Score: 5.6

Vector: CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P

Temporal Vector: CVSS2#E:F/RL:OF/RC:C


Base Score: 5.6

Temporal Score: 5.2


Temporal Vector: CVSS3#E:F/RL:O/RC:C

Vulnerability Information

Patch Publication Date: 2009/09/22

Vulnerability Publication Date: 2009/09/17

Reference Information

BID: 36439