VLC Media Player XSPF Processing Memory Corruption Vulnerability

ERCOLINO

Membro dello Staff
Amministratore
Registrato
3 Marzo 2003
Messaggi
246.259
Località
Torino
Secunia Advisory: SA32267

Critical: Highly critical
Impact: DoS
System access
Where: From remote
Solution Status: Vendor Patch

Software: VLC media player 0.x




Description:
A vulnerability has been reported by VLC Media Player, which potentially can be exploited by malicious people to compromise a user's system.

The vulnerability is caused due to a signedness error within the "parse_track_node()" function in modules/demux/playlist/xspf.c. This can be exploited to corrupt memory via a specially crafted XSPF file containing a negative "identifier" attribute.

Successful exploitation may allow execution of arbitrary code.

The vulnerability is reported in versions prior to 0.9.3.

Solution:
Update to version 0.9.3 or later.



Bollettino Sicurezza
 
Indietro
Alto Basso