VLC Media Player libmodplug Buffer Overflow Vulnerabilities

Last Update Date: 4 May 2011 12:18 Release Date: 4 May 2011 6894 Views

RISK: High Risk

High Risk

TYPE: Clients - Audio & Video

TYPE: Audio & Video

Multiple vulnerabilities have been identified in VLC Media Player, which could be exploited by malicious people to compromise a user's system.  The vulnerabilities are caused due to the application using a vulnerable version of the libmodplug library.  This issues are caused by the boundary errors within the "abc_new_macro()" and "abc_new_umacro()" functions in src/load_abc.cpp, which can be exploited to cause stack-based buffer overflows by tricking a user into opening specially crafted ABC files.

Note: This may only affect the precompiled versions and it is not aware of any vendor-supplied patch available

Impact

  • Remote Code Execution

System / Technologies affected

  • VLC media player 1.x

Solutions

  • it is not aware of any vendor-supplied patch available
  • Workaround: Do not open untrusted files.

Vulnerability Identifier

  • No CVE information is available

Source

Related Link

Share with

Previous

Check Point SSL VPN On-Demand Applications Remote Code Execution Vulnerability

4 May 2011 7108 Views

Next

Adobe Photoshop File Processing Unspecified Security Vulnerabilities

5 May 2011 6863 Views

We use cookies to give you the best possible experience on our website. By continuing to browse this site, you give consent for cookies to be used. For more details please read our Cookie Policy.

PRIVACY POLICY