Buffer Overflow Vulnerability Found in VLC Media Player

A buffer overflow could occur in VideoLAN’s VLC cross-platform multimedia player when attempting to parse a specially crafted advanced systems format (ASF) movie, a researcher reported.

A buffer overflow could occur in VideoLAN’s VLC cross-platform multimedia player when attempting to parse a specially crafted advanced systems format (ASF) movie, a researcher reported.

The vulnerability, found by security researcher Debasish Mandal, exists in the ASF demuxer of VLC media player versions 2.0.5 and earlier. To exploit the vulnerability, a user must “explicitly open a specially crafted ASF movie.”

According to a security advisory on the VideoLAN site, an attacker who exploits the bug could cause invalid memory access, which could in turn cause the player to crash. It has not yet been confirmed, but the advisory also warns that attackers may be able to use an exploit to execute arbitrary code “within the context of the application.”

The problem will be resolved with the release of VLC’s 2.0.6 release, slated to ship sometime in January, which ends today. VideoLAN’s patch will fix the bug by replacing a macro with static inline and improved bounds checking in the VLV player’s source code repository.

The advisory recommends that users excercise caution and avoid opening files from third-party untrusted remote sites until they install the patch. VideoLAN also claims that the ASF demuxer can be removed manually, but that doing so will prevent ASF movie playback.

Suggested articles

Discussion

  • VLC Player on

    Thanks for the great work and providing these valuable information.. I’m looking forward to the next time that I get to come to your blog because your blog is different from other blogs.
  • VLC Media Player on

      Continue the wonderful good article, I just read couple of articles about this web page and i believe    that the blog is rattling intriguing and consists of sets of helpful information.

  • VLC Media Player on

    Continue the wonderful good article, I just read couple of articles about this web page and i believe    that the blog is rattling intriguing and consists of sets of helpful information.

Subscribe to our newsletter, Threatpost Today!

Get the latest breaking news delivered daily to your inbox.