- 28 May 2008Advisories » VLC Media Player MP4 Demuxer Arbitrary Memory Overwrite Vulnerability
| Release Date: | 27/02/2008 | Severity: | Highly Critical  |
| SecWatch Advisory: | SWID1020500 | Cause: | Boundary error |
| Solution Status: | Vendor Patch | Impact: | Execution of arbitrary code |
| Exploit Status: | None Available | Access Vector: | From remote |
| Affected Software: | VLC media player 0.x | ||
Description:
A vulnerability in VLC Media Player has been reported, which can potentially be exploited by remote users to compromise a user's system.
A boundary error exists when handling crafted MPEG-4 files within the MP4 demuxer (modules/demux/mp4/mp4.c), which can be exploited to overwrite arbitrary memory and execute arbitrary code.
Affected:
VLC version 0.8.6d. Prior versions may also be affected.
Solution:
The vulnerability has been fixed in version 0.8.6e or apply patch, available:
http://www.videolan.org/patche...vlc-0.8.6-CORE-2008-0130.patch
Credits:
Free Vulnerability Notification Service
Receive free instant and customisable notifications of new vulnerabilities or exploits via e-mail, web or RSS feeds. Click here for more information.
Related Vulnerabilities and Exploits
18 Apr 08: VLC Speex Header Processing Remote Code Execution Vulnerability
25 Mar 08: VLC Media Player "MP4_ReadBox_rdrf()" Remote Buffer Overflow Vuln..
10 Jan 08: VLC Media Player SDP Data Processing Remote Buffer Overflow Vulne..
26 Dec 07: VLC Media Player Multiple Buffer Overflow and Format String Vulne..
03 Dec 07: VideoLAN VLC Media Player ActiveX Plugin and FLAC Vulnerabilities