28 Dec 2012
19 Mar 2013
VLC Media Player 2.x
This covers vulnerabilities where malicious people are able to gain system access and execute arbitrary code with the privileges of a local user.
Some vulnerabilities have been reported in VLC Media Player, which can be exploited by malicious people to compromise a user's system.
The vulnerabilities are caused due to errors when parsing HTML subtitles in modules/codec/subsdec.c and can be exploited to cause buffer overflows via a specially crafted subtitle file.
Successful exploitation may allow execution of arbitrary code.
The vulnerabilities are reported in versions prior to 2.0.5.
Update to version 2.0.5.
The vendor credits Aliz Hammond.