VLC Media Player OGG Demuxer Buffer Overflow Vulnerability (Windows) Network Vulnerability

Summary

This host is installed with VLC Media Player and is prone to buffer overflow vulnerability.

Impact

Successful exploitation could allow attackers to execute arbitrary code on the target system. Impact Level: Application/System

Solution

Upgrade to VLC media player version 2.0.2 or later For updates refer to http://www.videolan.org/vlc/

Insight

A boundary error exists within the 'Ogg_DecodePacket()' function (modules/demux/ogg.c) when processing OGG container files. This can be exploited to cause heap-based buffer overflow via a specially crafted OGG file.

Affected

VLC media player versions prior to 2.0.2 on Windows

References

http://git.videolan.org/?p=vlc/vlc-2.0.git;a=commitdiff;h=16e9e126333fb7acb47d363366fee3deadc8331e
http://secunia.com/advisories/49835
http://www.openwall.com/lists/oss-security/2012/07/06/1
http://www.openwall.com/lists/oss-security/2012/07/06/2
http://www.osvdb.org/83615
http://www.securitytracker.com/id?1027224
http://xforce.iss.net/xforce/xfdb/76800

Updated on 2015-03-25

Severity

Classification

CVE CVE-2012-3377
CVSS Base Score: 6.8
AV:N/AC:M/Au:N/C:P/I:P/A:P

Related Vulnerabilities

NTP 'ntpd' Autokey Stack Overflow Vulnerability
INN buffer overflow
Personal File Share HTTP Server Remote Buffer Overflow Vulnerability
AbsoluteFTP 'LIST' Command Remote Buffer Overflow Vulnerability
CoCSoft Stream Down Buffer overflow Vulnerability

Take action and discover your vulnerabilities