VLC Media Player ASS File Buffer Overflow Vulnerability (Linux) Network Vulnerability

Summary

This host is installed with VLC Media Player and is prone to Stack-Based Buffer Overflow Vulnerability.

Impact

Successful exploitation allows attackers to execute arbitrary code, and can casue application crash. Impact Level: Application

Solution

Upgrade to VLC Media Player version 1.0.5 or later For updates refer to http://www.videolan.org/vlc/

Insight

The flaw exists due to stack-based buffer overflow error in Aegisub Advanced SubStation ('.ass') file handler that fails to perform adequate boundary checks on user-supplied input.

Affected

VLC Media Player version 0.8.6 on Linux.

References

http://www.exploit-db.com/exploits/11174
http://xforce.iss.net/xforce/xfdb/55717

Updated on 2015-03-25

Severity

Classification

CVE CVE-2010-0364
CVSS Base Score: 9.3
AV:N/AC:M/Au:N/C:C/I:C/A:C

Related Vulnerabilities

Adobe Reader Integer Overflow Vulnerability - Jan 12 (Linux)
BSPlayer Stack Overflow Vulnerability BLS
Apache APR and APR-util Multiple Integer Overflow Vulnerabilities
CA eTrust PestPatrol Anti-Spyware 'ppctl.dll' ActiveX Control BOF Vulnerability
Adobe Reader 'XFDF' File Buffer Overflow Vulnerability (Mac OS X)

Take action and discover your vulnerabilities