Facebook Google Plus Twitter LinkedIn YouTube RSS Menu Search Resource - BlogResource - WebinarResource - ReportResource - Eventicons_066 icons_067icons_068icons_069icons_070

VLC Media Player < 2.2.2 Multiple Vulnerabilities

High

Synopsis

The remote host contains a media application that is affected by multiple attack vectors.

Description

The remote host is running VLC 2.x prior to 2.0.2 and is affected by multiple vulnerabilities :

- An invalid pointer dereference flaw exists in the 3GP file format parser. With a specially crafted 3GP file, a context-dependent attacker can potentially execute arbitrary code. (OSVDB 126522) - The libpng library used by VLC contains an out-of-bounds read flaw in the 'png_convert_to_rfc1123()' function in 'png.c' that may allow a context-dependent attacker to crash an application linked against the library or disclose memory contents. (OSVDB 129444) - The libEBML library used by VLC contains a use-after-free error in the 'EblMaster::Read()' function in 'EbmlMaster.cpp' that is triggered when handling deeply nested elements with an infinite size. This may allow a context-dependent attacker to dereference already freed memory and potentially execute arbitrary code. (OSVDB 129620) - The libEBML library used by VLC contains an out-of-bounds read condition in the 'UTFstring::UpdateFromUTF8()' function in 'EbmlUnicodeString.cpp' that is triggered when reading UTF-8 strings. This may allow a context-dependent attacker to crash an application linked against the library or potentially disclose memory contents. (OSVDB 129622) - The libpng library contains overflow conditions in the 'png_set_PLTE()' function in 'pngset.c' and 'png_get_PLTE()' function in 'pngget.c' that are triggered when handling bit depths less than 8. With a specially crafted PNG image, a context-dependent attacker can cause a buffer overflow, crashing an application linked against the library or potentially execute arbtirary code. (OSVDB 130175) - A flaw exists that allows a cross-site scripting (XSS) attack. This flaw exists because the web interface does not validate files' title metadata before returning it to users. This may allow a context-dependent attacker to create a specially crafted request that would execute arbitrary script code in a user's browser session within the trust relationship between their browser and the server. (OSVDB 130352) - A flaw exists that is triggered as user-supplied input is not properly validated when handling a specially crafted MP4 file. This may allow a context-dependent attacker to corrupt memory and potentially execute arbitrary code. (OSVDB 133862) - An unspecified double-free flaw exists in the ADPCM decoder, which may allow an attacker to have an unspecified impact. (OSVDB 134597) - Multiple unspecified double-frees, integer overflows, infinite loops, read overflows, invalid frees, and division-by-zero flaws exist. No further details have been provided by the vendor. (OSVDB 134598) - A flaw exists that allows a cross-site scripting (XSS) attack. This flaw exists because the HTTP interface does not validate input before returning it to users. This may allow a remote attacker to create a specially crafted request that would execute arbitrary script code in a user's browser session within the trust relationship between their browser and the server. (OSVDB 134599) - An off-by-one overflow condition exists in the RealRtsp module. The issue is triggered as user-supplied input is not properly validated. This may allow a context-dependent attacker to cause a buffer overflow, resulting in an unspecified impact. (OSVDB 134600)

Solution

Upgrade to VLC Media Player version 2.2.2 or later.