There has been found a vulnerability in popular VLC media player. When parsing some MP4 (MPEG-4 Part 14) files, insufficient buffer size might lead to corruption of the heap (advisory). At the moment it's unknown whether malicious 3rd party could exploit the vulnerability to trigger arbitrary code execution.
The vulnerability affects VLC Player version 1.1.8 and earlier. Upcoming version 1.1.9 will patch this vulnerability. As a temporary workaround user should refrain from opening files from untrusted third parties or accessing untrusted remote sites (or disable the VLC browser plugins), until the patch is applied. Another option is to remove the MP4 decoder plugin (libmp4_plugin.*) manually from the VLC plugin installation directory.
Sunday, April 10, 2011
Subscribe to:
Post Comments (Atom)
No comments:
Post a Comment