11/06/2008
VLC Mediaplayer Urgent update (secunia)
VLC Media Player CUE and RealText Processing Buffer Overflows | ||
| Secunia Advisory: | SA32569 | |
| Release Date: | 2008-11-06 | |
Highly critical | ||
| Impact: | System access | |
| Where: | From remote | |
| Solution Status: | Vendor Patch | |
| Software: | VLC media player 0.x | |
| Subscribe: | Instant alerts on relevant vulnerabilities | |
| Description: Two vulnerabilities have been reported in VLC Media Player, which potentially can be exploited by malicious people to compromise a user's system. 1) An error in the CUE demuxer can be exploited to cause a stack-based buffer overflow via a specially crafted CUE image file. 2) An error in the RealText demuxer can be exploited to cause a stack-based buffer overflow via a specially crafted RealText subtitle file. Successful exploitation of the vulnerabilities may allow execution of arbitrary code. The vulnerabilities are reported in versions 0.5.0 through 0.9.5. Solution: Update to version 0.9.6. Provided and/or discovered by: The vendor credits Tobias Klein. Original Advisory: VideoLAN: http://www.videolan.org/security/sa0810.html Tobias Klein: http://www.trapkit.de/advisories/TKADV2008-011.txt http://www.trapkit.de/advisories/TKADV2008-012.txt | ||
11:54 | Permalink | Comments (0) | Email this
| 
| 
del.icio.us
|
| 
Digg | 
Facebook
Post a comment