VLC Media Player 'CDG Decoder' Multiple Buffer Overflow Vulnerabilities (Windows) Network Vulnerability

Summary

The host is installed with VLC Media Player and is prone multiple buffer overflow vulnerabilities.

Impact

Successful exploitation could allow attackers to crash the affected application, or execute arbitrary code by convincing a user to open a malicious CD+G (CD+Graphics) media file or visit a specially crafted web page. Impact Level: Application

Solution

Upgrade to the VLC media player version 1.1.6 or later, For updates refer to http://www.videolan.org/vlc/

Insight

The flaws are due to an array indexing errors in the 'DecodeTileBlock()' and 'DecodeScroll()' [modules/codec/cdg.c] functions within the CDG decoder module when processing malformed data.

Affected

VLC media player version prior to 1.1.6 on Windows.

References

http://openwall.com/lists/oss-security/2011/01/20/3
http://www.vupen.com/english/advisories/2011/0185

Updated on 2015-03-25

Severity

Classification

CVE CVE-2011-0021
CVSS Base Score: 9.3
AV:N/AC:M/Au:N/C:C/I:C/A:C

Related Vulnerabilities

Adobe Air Multiple Vulnerabilities -01 August 12 (Windows)
Adobe Air Multiple Vulnerabilities - October 12 (Mac OS X)
Adobe Captivate Insecure Library Loading Vulnerability
Adobe Dreamweaver Insecure Library Loading Vulnerability
Adobe Acrobat Multiple Unspecified Vulnerabilities -01 Feb13 (Windows)

VLC Media Player 'CDG decoder' multiple buffer overflow vulnerabilities (Windows)

Take action and discover your vulnerabilities