VLC Media Player HTML Subtitle Parsing Buffer Overflow Vulnerabilities
Last Update Date:
2 Jan 2013
Release Date:
31 Dec 2012
4989
Views
RISK: High Risk
TYPE: Clients - Audio & Video
Multiple vulnerabilities have been identified in VLC Media Player, which can be exploited by malicious people to compromise a user's system.
The vulnerabilities are caused due to errors when parsing HTML subtitles in modules/codec/subsdec.c and can be exploited to cause buffer overflows via a specially crafted subtitle file.
Impact
- Remote Code Execution
System / Technologies affected
- VLC Media Player 2.x
Solutions
Before installation of the software, please visit the software manufacturer web-site for more details.
- Update to version 2.0.5.
Vulnerability Identifier
- No CVE information is available
Source
Related Link
Share with