VLC Media Player TiVo Demuxer Double Free Vulnerability (Windows) Network Vulnerability

Summary

This host is installed with VLC Media Player and is prone to double free vulnerability.

Impact

Successful exploitation will allow an attacker to crash an affected application and denying service to legitimate users. Impact Level: Application

Solution

Upgrade VLC media player to 1.1.13 or later, For updates refer to http://www.videolan.org/vlc/

Insight

The flaw is due to a double-free error within the 'get_chunk_header()' function in 'modules/demux/ty.c' of the TiVo demuxer when opening a specially crafted TiVo (*.ty) file.

Affected

VLC media player version 0.9.0 to 1.1.12 on Windows

References

http://secunia.com/advisories/47325
http://securitytracker.com/id?1026449
http://www.osvdb.org/77975
http://www.videolan.org/security/sa1108.html
http://xforce.iss.net/xforce/xfdb/71916

Updated on 2015-03-25

Severity

Classification

CVE CVE-2011-5231, CVE-2012-0023
CVSS Base Score: 9.3
AV:N/AC:M/Au:N/C:C/I:C/A:C

Related Vulnerabilities

Google Chrome Multiple Denial of Service Vulnerabilities - February 11(Windows)
Abyss httpd crash
7-Zip Unspecified Archive Handling Vulnerability (Linux)
Asterisk SIP Channel Driver Denial Of Service Vulnerability (Linux)
Google Chrome Multiple Denial of Service Vulnerabilities - January12 (Linux)

Take action and discover your vulnerabilities