Facebook Google Plus Twitter LinkedIn YouTube RSS Menu Search Resource - BlogResource - WebinarResource - ReportResource - Eventicons_066 icons_067icons_068icons_069icons_070

VLC Media Player 2.x < 2.2.5 Multiple RCE

High

Synopsis

The remote host contains a media application that is affected by multiple Remote Code Execution (RCE) vectors.

Description

The remote host is running VLC 2.x prior to 2.2.5 and is affected by multiple RCE vulnerabilities :

- An overflow condition exists that is triggered as certain input is not properly validated. With a specially crafted AVI file, a context-dependent attacker can cause a heap-based buffer overflow, potentially allowing the execution of arbitrary code. (OSVDB 158159) - An unspecified flaw exists that is triggered when handling LPCM in VOB files. This may allow a context-dependent attacker to corrupt memory and potentially execute arbitrary code. (OSVDB 158214)

Solution

Upgrade to VLC Media Player 2.x version 2.2.5 or later.