Facebook Google Plus Twitter LinkedIn YouTube RSS Menu Search Resource - BlogResource - WebinarResource - ReportResource - Eventicons_066 icons_067icons_068icons_069icons_070

VLC Media Player 0.5.0 to 0.9.5 Stack-Based Buffer Overflows

Medium

Synopsis

The remote Windows host contains an application that is affected by multiple buffer overflow vulnerabilities.

Description

A version of VLC between 0.5.0 and 0.9.5 is installed on the remote host. Such versions are affected by the following vulnerabilities :

- RealText subtitle file (modules\demux\subtitle.c) processing is susceptible to a buffer overflow caused by user-supplied data from a malicious subtitle file being copied into static buffers without proper validation. - CUE image file (modules\access\vcd\cdrom.c) processing is susceptible to a stack-based buffer overflow because data supplied by the CUE file is supplied as an array index without proper validation.

An attacker may be able to leverage these issues to execute arbitrary code on the remote host by tricking a user into opening a specially crafted video file using the affected application.

Solution

Upgrade to version 0.9.6 or higher.