Skip to main content

VLC media player denial of service vulnerability

Last Update Date: 7 Nov 2012 12:58 Release Date: 7 Nov 2012 5755 Views

RISK: Medium Risk

TYPE: Clients - Audio & Video

TYPE: Audio & Video

A vulnerability was identified in VLC media player, which can be exploited by malicious people to cause denial of service condition.

 

When parsing an invalid PNG image file, a buffer overflow might occur.

If successful, a malicious third party could trigger an invalid memory access, leading to a crash of the process of the VLC media player.

Because the overflow occurs while reading a buffer, rather than writing, it is believed that this issue cannot lead to arbitrary code execution.

 

Exploitation of this issue requires the user to explicitly open a specially crafted file.


Impact

  • Denial of Service

System / Technologies affected

  • VLC media player 2.0.3 and earlier

Solutions

Before installation of the software, please visit the software manufacturer web-site for more details.

  • Update to VLC media player 2.0.4

Vulnerability Identifier


Source