Secunia Advisory: SA32267
Critical: Highly critical
Impact: DoS
System access
Where: From remote
Solution Status: Vendor Patch
Software: VLC media player 0.x
Description:
A vulnerability has been reported by VLC Media Player, which potentially can be exploited by malicious people to compromise a user's system.
The vulnerability is caused due to a signedness error within the "parse_track_node()" function in modules/demux/playlist/xspf.c. This can be exploited to corrupt memory via a specially crafted XSPF file containing a negative "identifier" attribute.
Successful exploitation may allow execution of arbitrary code.
The vulnerability is reported in versions prior to 0.9.3.
Solution:
Update to version 0.9.3 or later.
Bollettino Sicurezza
Critical: Highly critical
Impact: DoS
System access
Where: From remote
Solution Status: Vendor Patch
Software: VLC media player 0.x
Description:
A vulnerability has been reported by VLC Media Player, which potentially can be exploited by malicious people to compromise a user's system.
The vulnerability is caused due to a signedness error within the "parse_track_node()" function in modules/demux/playlist/xspf.c. This can be exploited to corrupt memory via a specially crafted XSPF file containing a negative "identifier" attribute.
Successful exploitation may allow execution of arbitrary code.
The vulnerability is reported in versions prior to 0.9.3.
Solution:
Update to version 0.9.3 or later.
Bollettino Sicurezza