VLC Media Player 'AMV' Denial Of Service Vulnerability (Linux) Network Vulnerability

Summary

The host is installed with VLC Media Player and is prone to denial of service vulnerability.

Impact

Successful exploitation could allow attackers to cause a denial of service or possibly execute arbitrary code via a malformed AMV file. Impact Level: System/Application

Solution

Upgrade to VLC media player version 1.1.10 or later, For updates refer to http://www.videolan.org/vlc/

Insight

The flaw is due to error while handling 'sp5xdec.c' in the Sunplus SP5X JPEG decoder in libavcodec, performs a write operation outside the bounds of an unspecified array.

Affected

VLC media player version 1.1.9 and prior on Linux.

References

http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=624339
http://www.securityfocus.com/archive/1/517706

Updated on 2015-03-25

Severity

Classification

CVE CVE-2011-1931
CVSS Base Score: 6.8
AV:N/AC:M/Au:N/C:P/I:P/A:P

Related Vulnerabilities

Firebird SQL 'op_connect_request' Denial Of Service Vulnerability (Win)
DB2 DOS
Apache Subversion 'mod_dav_svn' Module Multiple DoS Vulnerabilities
Apache APR-util 'buckets/apr_brigade.c' Denial Of Service Vulnerability
Dopewars Server 'REQUESTJET' Message Remote Denial of Service Vulnerability

VLC Media Player 'AMV' Denial of Service Vulnerability (Linux)

Take action and discover your vulnerabilities