VLC Media Player 2.x < 2.2.5 Multiple RCE
High Nessus Network Monitor Plugin ID 700130
SynopsisThe remote host contains a media application that is affected by multiple Remote Code Execution (RCE) vectors.
DescriptionThe remote host is running VLC 2.x prior to 2.2.5 and is affected by multiple RCE vulnerabilities :
- An overflow condition exists that is triggered as certain input is not properly validated. With a specially crafted AVI file, a context-dependent attacker can cause a heap-based buffer overflow, potentially allowing the execution of arbitrary code. (OSVDB 158159)
- An unspecified flaw exists that is triggered when handling LPCM in VOB files. This may allow a context-dependent attacker to corrupt memory and potentially execute arbitrary code. (OSVDB 158214)
SolutionUpgrade to VLC Media Player 2.x version 2.2.5 or later.