Secunia Advisory: SA32569
Release Date: 2008-11-06
Critical: Highly critical
Impact: System access
Where: From remote
Solution Status: Vendor Patch
Software: VLC media player 0.x
Description:
Two vulnerabilities have been reported in VLC Media Player, which potentially can be exploited by malicious people to compromise a user's system.
1) An error in the CUE demuxer can be exploited to cause a stack-based buffer overflow via a specially crafted CUE image file.
2) An error in the RealText demuxer can be exploited to cause a stack-based buffer overflow via a specially crafted RealText subtitle file.
Successful exploitation of the vulnerabilities may allow execution of arbitrary code.
The vulnerabilities are reported in versions 0.5.0 through 0.9.5.
Solution:
Update to version 0.9.6.
Bollettino di Sicurezza
Release Date: 2008-11-06
Critical: Highly critical
Impact: System access
Where: From remote
Solution Status: Vendor Patch
Software: VLC media player 0.x
Description:
Two vulnerabilities have been reported in VLC Media Player, which potentially can be exploited by malicious people to compromise a user's system.
1) An error in the CUE demuxer can be exploited to cause a stack-based buffer overflow via a specially crafted CUE image file.
2) An error in the RealText demuxer can be exploited to cause a stack-based buffer overflow via a specially crafted RealText subtitle file.
Successful exploitation of the vulnerabilities may allow execution of arbitrary code.
The vulnerabilities are reported in versions 0.5.0 through 0.9.5.
Solution:
Update to version 0.9.6.
Bollettino di Sicurezza