Internet threat level: 1
Home→Descriptions→SA45066
VLC Media Player Multiple Vulnerabilities
| Secunia ID | |
| CVE-ID | |
| Release Date |
13 Jul 2011 |
| Last Change |
03 Aug 2011 |
| Criticality | |
| Solution Status |
Vendor Patch |
| Software |
VLC media player 1.x |
| Where | |
| Impact |
System accessThis covers vulnerabilities where malicious people are able to gain system access and execute arbitrary code with the privileges of a local user. |
| Description |
Some vulnerabilities have been reported in VLC Media Player, which can be exploited by malicious people to compromise a user's system. 1) Missing input validation when allocating memory using certain values from a RealAudio data block within RealMedia (RM) files can be exploited to cause a heap-based buffer overflow. 2) An integer underflow error when parsing the "strf" chunk within AVI files can be exploited to cause a heap-based buffer overflow. 3) A vulnerability is caused due to the use of vulnerable ffmpeg code. For more information: Successful exploitation of the vulnerabilities allows execution of arbitrary code. Vulnerabilities #1 and #2 are confirmed in version 1.1.10. Vulnerability #3 is reported in versions prior to 1.1.10 (Windows) and 1.1.11 (MacOS X). Other versions may also be affected. |
| Solution |
Update to version 1.1.11. |
| Reported by |
1, 2) Hossein Lotfi via Secunia |
| Original Advisory |
VideoLAN-SA-1105: VideoLAN-SA-1106: NGS Secure: |
© 1997-2013 Kaspersky Lab ZAO. All Rights Reserved.
Industry-leading Antivirus Software.
Registered trademarks and service marks are the property of their respective owners.
The authors' opinions do not necessarily reflect the official positions of Kaspersky Lab.