فا

‫ VLC Media Player Multiple Vulnerabilities

ID: IRCAD2015023729
Release Date: 2015-02-02
Criticality level: Highly critical
Software:
VLC Media Player 2.x
Description:
Multiple vulnerabilities have been reported in VLC Media Player, which can be exploited by malicious people to compromise a user's system.
1) An error within the decomp stream filter can be exploited to cause a heap-based buffer overflow.
2) An error within updater can be exploited to cause a buffer overflow.
3) An error within the schroedinger encoder can be exploited to cause a buffer overflow.
4) An error within the mp4 demuxer when parsing string boxes can be exploited to cause a buffer overflow.
5) An error when streaming ogg vorbis files via rtp can be exploited to corrupt memory via an ogg vorbis file containing an overly long "configuration" string.
Successful exploitation of the vulnerabilities may allow execution of arbitrary code.
The vulnerabilities are reported in version 2.1.5. Other versions may also be affected.
Solution
Fixed in the GIT repository.
References:
VLC:
VLC:
Fabian Yamaguchi:
Secunia:

نظرات

بدون نظر
شما برای نظر دادن باید وارد شوید

نوشته

 
تاریخ ایجاد: 19 بهمن 1393

امتیاز

امتیاز شما
تعداد امتیازها: 0