Facebook Google Plus Twitter LinkedIn YouTube RSS Menu Search Resource - BlogResource - WebinarResource - ReportResource - Eventicons_066 icons_067icons_068icons_069icons_070

VLC Media Player 2.x < 2.2.4 RCE

High

Synopsis

The remote host contains a media application that is affected by a remote code execution attack vector.

Description

The remote host is running VLC 2.x prior to 2.2.4 and is affected by an out-of-bounds write flaw in the 'DecodeAdpcmImaQT()' function in 'modules/codec/adpcm.c' that is triggered when handling a specially crafted media file. This may allow a context-dependent attacker to potentially execute arbitrary code.

Solution

Upgrade to VLC Media Player 2.x version 2.2.4 or later.