VLC Media Player SWF Video Decoding Use-After-Free Vulnerability

Last Update Date: 13 Dec 2012 10:31 Release Date: 13 Dec 2012 4890 Views

RISK: High Risk

High Risk

TYPE: Clients - Audio & Video

TYPE: Audio & Video

A vulnerability has been identified in VLC Media Player, which can be exploited by malicious people to potentially compromise a user's system.

 

The vulnerability is caused due to a use-after-free error when releasing a picture object during video decoding of Flash (SWF) files. This can be exploited to reference an object's callback function pointer from already freed memory.

 

Successful exploitation may allow execution of arbitrary code.

 

Note: Vendor patch is currently unavailable.

Impact

  • Remote Code Execution

System / Technologies affected

  • VLC Media Player 2.x

Solutions

  • Note: Vendor patch is currently unavailable.

Vulnerability Identifier

  • No CVE information is available

Source

Related Link

Share with

Previous

Microsoft Windows Revoked Certificate Bypass Vulnerability

12 Dec 2012 4575 Views

Next

Citrix XenApp XML Service Interface Vulnerability

13 Dec 2012 4705 Views

We use cookies to give you the best possible experience on our website. By continuing to browse this site, you give consent for cookies to be used. For more details please read our Cookie Policy.

PRIVACY POLICY