VLC Media Player < 2.2.2 Multiple Vulnerabilities

High Nessus Network Monitor Plugin ID 9267

Synopsis

The remote host contains a media application that is affected by multiple attack vectors.

Description

The remote host is running VLC 2.x prior to 2.0.2 and is affected by multiple vulnerabilities :

- An invalid pointer dereference flaw exists in the 3GP file format parser. With a specially crafted 3GP file, a context-dependent attacker can potentially execute arbitrary code. (OSVDB 126522)
- The libpng library used by VLC contains an out-of-bounds read flaw in the 'png_convert_to_rfc1123()' function in 'png.c' that may allow a context-dependent attacker to crash an application linked against the library or disclose memory contents. (OSVDB 129444)
- The libEBML library used by VLC contains a use-after-free error in the 'EblMaster::Read()' function in 'EbmlMaster.cpp' that is triggered when handling deeply nested elements with an infinite size. This may allow a context-dependent attacker to dereference already freed memory and potentially execute arbitrary code. (OSVDB 129620)
- The libEBML library used by VLC contains an out-of-bounds read condition in the 'UTFstring::UpdateFromUTF8()' function in 'EbmlUnicodeString.cpp' that is triggered when reading UTF-8 strings. This may allow a context-dependent attacker to crash an application linked against the library or potentially disclose memory contents. (OSVDB 129622)
- The libpng library contains overflow conditions in the 'png_set_PLTE()' function in 'pngset.c' and 'png_get_PLTE()' function in 'pngget.c' that are triggered when handling bit depths less than 8. With a specially crafted PNG image, a context-dependent attacker can cause a buffer overflow, crashing an application linked against the library or potentially execute arbtirary code. (OSVDB 130175)
- A flaw exists that allows a cross-site scripting (XSS) attack. This flaw exists because the web interface does not validate files' title metadata before returning it to users. This may allow a context-dependent attacker to create a specially crafted request that would execute arbitrary script code in a user's browser session within the trust relationship between their browser and the server. (OSVDB 130352)
- A flaw exists that is triggered as user-supplied input is not properly validated when handling a specially crafted MP4 file. This may allow a context-dependent attacker to corrupt memory and potentially execute arbitrary code. (OSVDB 133862)
- An unspecified double-free flaw exists in the ADPCM decoder, which may allow an attacker to have an unspecified impact. (OSVDB 134597)
- Multiple unspecified double-frees, integer overflows, infinite loops, read overflows, invalid frees, and division-by-zero flaws exist. No further details have been provided by the vendor. (OSVDB 134598)
- A flaw exists that allows a cross-site scripting (XSS) attack. This flaw exists because the HTTP interface does not validate input before returning it to users. This may allow a remote attacker to create a specially crafted request that would execute arbitrary script code in a user's browser session within the trust relationship between their browser and the server. (OSVDB 134599)
- An off-by-one overflow condition exists in the RealRtsp module. The issue is triggered as user-supplied input is not properly validated. This may allow a context-dependent attacker to cause a buffer overflow, resulting in an unspecified impact. (OSVDB 134600)

Solution

Upgrade to VLC Media Player version 2.2.2 or later.

See Also

http://www.videolan.org/developers/vlc-branch/NEWS

http://www.videolan.org/vlc/releases/2.2.2.html

Plugin Details

Severity: High

ID: 9267

Family: Web Clients

Published: 2016/04/22

Modified: 2016/12/06

Dependencies: 9797

Risk Information

Risk Factor: High

CVSSv2

Base Score: 9.3

Temporal Score: 8.1

Vector: CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C

Temporal Vector: CVSS2#E:ND/RL:OF/RC:C

CVSSv3

Base Score: 9.6

Temporal Score: 9.1

Vector: CVSS3#AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H

Temporal Vector: CVSS3#E:X/RL:O/RC:C

Vulnerability Information

CPE: cpe:/a:videolan:vlc_media_player

Patch Publication Date: 2016/02/06

Vulnerability Publication Date: 2015/10/22

Reference Information

CVE: CVE-2015-1659, CVE-2015-5949, CVE-2015-7981, CVE-2015-8126, CVE-2015-8472, CVE-2015-8789, CVE-2015-8790

BID: 76448, 77304, 77568, 78624