VLC Media Player 'Bookmark Creation' Buffer Overflow Vulnerability (Linux) Network Vulnerability

Summary

The host is installed with VLC Media Player and is prone buffer overflow vulnerability.

Impact

Successful exploitation could allow attackers to execute arbitrary code in the context of the application. Failed attacks will cause denial-of-service conditions. Impact Level: Application

Solution

Upgrade to the VLC media player version 1.0.6 or later, For updates refer to http://download.videolan.org/pub/videolan/vlc/

Insight

The flaw is due to a race condition error when creating bookmarks and can be exploited to corrupt memory by tricking a user into creating a bookmark while playing a specially crafted file.

Affected

VLC media player version prior to 1.0.6 on Linux

References

http://osvdb.org/62728
http://secunia.com/advisories/38853

Updated on 2015-03-25

Severity

Classification

CVE CVE-2011-1087
CVSS Base Score: 7.6
AV:N/AC:H/Au:N/C:C/I:C/A:C

Related Vulnerabilities

Adobe Flash CS3 SWF Processing Buffer Overflow Vulnerabilities
Apple iTunes '.pls' Files Buffer Overflow Vulnerability
Adobe Reader '/Registry' and '/Ordering' Buffer Overflow Vulnerability (Win)
Beatport Player '.m3u' File Buffer Overflow Vulnerability
Apache APR and APR-util Multiple Integer Overflow Vulnerabilities

Take action and discover your vulnerabilities