VULNERABILITIES / FIXES - July 09, 2012
by Carol~ - 7/9/12 5:46 AM
VLC Media Player OGG Demuxer Buffer Overflow Vulnerability
Release Date : 2012-07-09
Criticality level : Highly critical
Impact : System access
Where : From remote
Solution Status : Vendor Patch
Software: VLC Media Player 2.x
A vulnerability has been reported in VLC Media Player, which can be exploited by malicious people to compromise a user's system.
The vulnerability is due to a boundary error in the "Ogg_DecodePacket()" function (modules/demux/ogg.c) when processing OGG container files. This can be exploited to cause a heap-based buffer overflow via a specially crafted OGG file.
Successful exploitation may allow execution of arbitrary code, but requires tricking a user into opening a malicious file.
The vulnerability is reported in versions prior to 2.0.2.
Update to version 2.0.2.
Provided and/or discovered by:
The vendor credits an anonymous person via SecuriTeam Secure Disclosure (SSD).