VLC Media Player HTML Subtitle Parsing Buffer Overflow
VLC Media Player HTML Subtitle Parsing Buffer Overflow Vulnerabilities
Release Date : 2012-12-28
Last Update : 2013-01-04
Criticality level : Highly critical
Impact System access
Where : From remote
Solution Status: Vendor Patch
Software: VLC Media Player 2.x
Some vulnerabilities have been reported in VLC Media Player, which can be exploited by malicious people to compromise a user's system.
The vulnerabilities are caused due to errors when parsing HTML subtitles in modules/codec/subsdec.c and can be exploited to cause buffer overflows via a specially crafted subtitle file.
Successful exploitation may allow execution of arbitrary code.
The vulnerabilities are reported in versions prior to 2.0.5.
Update to version 2.0.5.
Provided and/or discovered by:
The vendor credits Kaveh Ghaemmaghami(coolkaveh).