You are here

V-060: VLC Media Player Buffer Overflow in HTML Subtitle Parser Lets Remote Users Execute Arbitrary Code

January 2, 2013 - 1:00am

Addthis

PROBLEM:

VLC Media Player Buffer Overflow in HTML Subtitle Parser Lets Remote Users Execute Arbitrary Code

PLATFORM:

VLC Media Player 2.0.4, possibly earlier versions

ABSTRACT:

Some vulnerabilities have been reported in VLC Media Player

REFERENCE LINKS:

SecurityTracker Alert ID:  1027929
Secunia Advisory  SA51692

IMPACT ASSESSMENT:

Medium

DISCUSSION:

Some vulnerabilities have been reported in VLC Media Player, which can be exploited by malicious people to compromise a user's system.

The vulnerabilities are caused due to errors when parsing HTML subtitles in modules/codec/subsdec.c and can be exploited to cause buffer overflows via a specially crafted subtitle file.

IMPACT:

A remote user can create a file that, when loaded by the target user, will execute arbitrary code on the target user's system.

SOLUTION:

The vendor has issued a fix (2.0.5).

Addthis