VLC Media Player 2.x < 2.2.1 Multiple Vulnerabilities
High Nessus Network Monitor Plugin ID 9798
SynopsisThe remote host contains a media application that is affected by multiple attack vectors.
DescriptionThe remote host is running VLC 2.x prior to 2.2.1 and is affected by multiple vulnerabilities :
- A flaw exists that is triggered as user-supplied input is not properly validated when handling a specially crafted MP4 file. This may allow a context-dependent attacker to corrupt memory and potentially execute arbitrary code. (OSVDB 133862)
- An overflow condition exists that is triggered as user-supplied input is not properly validated when handling a WAV file. This may allow a context-dependent attacker to cause a heap-based buffer overflow, resulting in a denial of service or potentially allowing the execution of arbitrary code. (OSVDB 136501)
SolutionUpgrade to VLC Media Player 2.x version 2.2.1 or later.