VLC Media Player USF and Text Subtitles Decoders BOF Vulnerabilities (Linux)

Summary
The host is installed with VLC Media Player and is prone to buffer overflow vulnerabilities.
Impact
Successful exploitation could allow attackers to crash an affected application or execute arbitrary by convincing a user to open a malicious media file. Impact Level: Application
Solution
Upgrade to the VLC media player version 1.1.6-rc or later, For updates refer to http://download.videolan.org/pub/videolan/vlc/
Insight
The flaws are caused by buffer overflow errors in the 'StripTags()' function within the USF and Text subtitles decoders 'modules/codec/subtitles/subsdec.c' and 'modules/codec/subtitles/subsusf.c' when processing malformed data.
Affected
VLC media player version 1.x before 1.1.6-rc
References