Detections
Analytics
VLC Media Player < 2.2.2 Multiple Vulnerabilities
critical Nessus Network Monitor Plugin ID 9267
Synopsis
The remote host contains a media application that is affected by multiple attack vectors.Description
The remote host is running VLC 2.x prior to 2.0.2 and is affected by multiple vulnerabilities :- An invalid pointer dereference flaw exists in the 3GP file format parser. With a specially crafted 3GP file, a context-dependent attacker can potentially execute arbitrary code.
- The libpng library used by VLC contains an out-of-bounds read flaw in the 'png_convert_to_rfc1123()' function in 'png.c' that may allow a context-dependent attacker to crash an application linked against the library or disclose memory contents.
- The libEBML library used by VLC contains a use-after-free error in the 'EblMaster::Read()' function in 'EbmlMaster.cpp' that is triggered when handling deeply nested elements with an infinite size. This may allow a context-dependent attacker to dereference already freed memory and potentially execute arbitrary code.
- The libEBML library used by VLC contains an out-of-bounds read condition in the 'UTFstring::UpdateFromUTF8()' function in 'EbmlUnicodeString.cpp' that is triggered when reading UTF-8 strings. This may allow a context-dependent attacker to crash an application linked against the library or potentially disclose memory contents.
- The libpng library contains overflow conditions in the 'png_set_PLTE()' function in 'pngset.c' and 'png_get_PLTE()' function in 'pngget.c' that are triggered when handling bit depths less than 8. With a specially crafted PNG image, a context-dependent attacker can cause a buffer overflow, crashing an application linked against the library or potentially execute arbtirary code.
- A flaw exists that allows a cross-site scripting (XSS) attack. This flaw exists because the web interface does not validate files' title metadata before returning it to users. This may allow a context-dependent attacker to create a specially crafted request that would execute arbitrary script code in a user's browser session within the trust relationship between their browser and the server.
- A flaw exists that is triggered as user-supplied input is not properly validated when handling a specially crafted MP4 file. This may allow a context-dependent attacker to corrupt memory and potentially execute arbitrary code.
- An unspecified double-free flaw exists in the ADPCM decoder, which may allow an attacker to have an unspecified impact.
- Multiple unspecified double-frees, integer overflows, infinite loops, read overflows, invalid frees, and division-by-zero flaws exist. No further details have been provided by the vendor.
- A flaw exists that allows a cross-site scripting (XSS) attack. This flaw exists because the HTTP interface does not validate input before returning it to users. This may allow a remote attacker to create a specially crafted request that would execute arbitrary script code in a user's browser session within the trust relationship between their browser and the server.
- An off-by-one overflow condition exists in the RealRtsp module. The issue is triggered as user-supplied input is not properly validated. This may allow a context-dependent attacker to cause a buffer overflow, resulting in an unspecified impact.
Solution
Upgrade to VLC Media Player version 2.2.2 or later.See Also
Plugin Details
Severity: Critical
ID: 9267
Family: Web Clients
Published: 4/22/2016
Updated: 3/6/2019
Risk Information
VPR
Risk Factor: Medium
Score: 6.7
CVSS v2
Risk Factor: High
Base Score: 9.3
Temporal Score: 8.1
Vector: CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C
CVSS v3
Risk Factor: Critical
Base Score: 9.6
Temporal Score: 9.2
Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H
Temporal Vector: CVSS:3.0/E:X/RL:O/RC:C
Vulnerability Information
CPE: cpe:/a:videolan:vlc_media_player
Patch Publication Date: 2/6/2016
Vulnerability Publication Date: 10/22/2015
Reference Information
CVE: CVE-2015-1659, CVE-2015-5949, CVE-2015-7981, CVE-2015-8126, CVE-2015-8472, CVE-2015-8789, CVE-2015-8790