VLC Media Player 2.x < 2.2.4 RCE
High Nessus Network Monitor Plugin ID 9799
SynopsisThe remote host contains a media application that is affected by a remote code execution attack vector.
DescriptionThe remote host is running VLC 2.x prior to 2.2.4 and is affected by an out-of-bounds write flaw in the 'DecodeAdpcmImaQT()' function in 'modules/codec/adpcm.c' that is triggered when handling a specially crafted media file. This may allow a context-dependent attacker to potentially execute arbitrary code.
SolutionUpgrade to VLC Media Player 2.x version 2.2.4 or later.