Secunia Advisory: SA32942
Release Date: 2008-12-01
Critical: Highly critical
Impact: DoS
System access
Where: From remote
Solution Status: Vendor Patch
Software: VLC media player 0.x
Description:
A vulnerability has been reported in VLC Media Player, which potentially can be exploited by malicious people to compromise a user's system.
The vulnerability is caused due to an integer overflow within the "ReadRealIndex()" function in modules/demux/real.c. This can be exploited to e.g. cause a heap-based buffer overflow by tricking a user into opening a malicious file.
Successful exploitation may allow the execution of arbitrary code.
The vulnerability is reported in versions 0.9.0 through 0.9.6.
Solution:
Update to version 0.9.7.
Bollettino Sicurezza
Release Date: 2008-12-01
Critical: Highly critical
Impact: DoS
System access
Where: From remote
Solution Status: Vendor Patch
Software: VLC media player 0.x
Description:
A vulnerability has been reported in VLC Media Player, which potentially can be exploited by malicious people to compromise a user's system.
The vulnerability is caused due to an integer overflow within the "ReadRealIndex()" function in modules/demux/real.c. This can be exploited to e.g. cause a heap-based buffer overflow by tricking a user into opening a malicious file.
Successful exploitation may allow the execution of arbitrary code.
The vulnerability is reported in versions 0.9.0 through 0.9.6.
Solution:
Update to version 0.9.7.
Bollettino Sicurezza
