Skip to main content

VLC Media Player HTML Subtitle Parsing Buffer Overflow Vulnerabilities

Last Update Date: 2 Jan 2013 Release Date: 31 Dec 2012 4989 Views

RISK: High Risk

TYPE: Clients - Audio & Video

TYPE: Audio & Video

Multiple vulnerabilities have been identified in  VLC Media Player, which can be exploited by malicious people to compromise a user's system.

 

The vulnerabilities are caused due to errors when parsing HTML subtitles in modules/codec/subsdec.c and can be exploited to cause buffer overflows via a specially crafted subtitle file.


Impact

  • Remote Code Execution

System / Technologies affected

  • VLC Media Player 2.x

Solutions

Before installation of the software, please visit the software manufacturer web-site for more details.

  • Update to version 2.0.5.

Vulnerability Identifier

  • No CVE information is available

Source


Related Link