VLC Media Player < 2.1.5 Multiple Vulnerabilities
Medium Nessus Network Monitor Plugin ID 9265
SynopsisThe remote host contains a media application that is affected by two memory corruption vulnerabilities.
DescriptionThe remote host is running VLC 2.x prior to 2.1.5 and is affected by multiple vulnerabilities :
- An error exists in the 'png_push_read_chunk()' function within the file 'pngpread.c' from the included libpng library that can allow denial of service attacks. (CVE-2014-0333)
- A buffer overflow error exists in the 'read_server_hello()' function within the file 'lib/gnutls_handshake.c' from the included GnuTLS library that can allow arbitrary code execution or denial of service. (CVE-2014-3466)
- A heap-based buffer overflow error exists in the transcode module due to improper validation of user-supplied input when handling invalid channel counts. An attacker can exploit this to execute arbitrary code. (CVE-2014-6440)
SolutionUpgrade to VLC Media Player version 2.1.5 or later.