Buffer Overflow Vulnerability Identified in VLC 2.0.5 and Earlier

The issue will be addressed with the release of VLC 2.0.6

By on January 31st, 2013 09:05 GMT

Security researcher Debasish Mandal has identified a buffer overflow vulnerability in the ASF demuxer of the popular VLC media player.

VideoLAN, the company that develops VLC, warns that successful exploitation of the vulnerability can lead to a crash and, possibly, even execution of arbitrary code within the context of the application.

The issue can be exploited if the attacker convinces the user to open a specially crafted ASF file.

VLC media player 2.0.5 and earlier variants are affected by the security whole.

The flaw will be addressed with the future 2.0.6 release. In the meantime, users are advised to refrain from opening suspicious ASF files.

In addition, customers can disable ASF movie playback altogether by removing the ASF demuxer (libasf_plugin.*) from the VLC plugin directory.

Another solution is to install one of the nightly builds. However, these builds might be unstable and they might not even work at all.

Comments