There has been found two vulnerabilities in VLC media player. When parsing the header of an invalid CUE image file or an invalid RealText subtitle file, stack-based buffer overflows might occur. This might allow attacker to trigger execution of arbitrary code within the context of the VLC media player. To successfully exploit the vulnerabilities victim must be made open specially crafted CUE image file or RealText subtitle file.
Vulnerabilities affect VLC media player versions 0.5.0 - 0.9.5. Users of these versions are recommended to update their versions to 0.9.6.
VideoLAN's security advisory provides more information on the issue.
Subscribe to:
Post Comments (Atom)
No comments:
Post a Comment