VLC Media Player '.AVI' File BOF Vulnerability (Linux) Network Vulnerability

Summary

The host is installed with VLC Media Player and is prone to buffer overflow vulnerability.

Impact

Successful exploitation could allow attackers to execute arbitrary code in the context of the application. Failed attacks will cause denial-of-service conditions. Impact Level: Application

Solution

Upgrade to the VLC media player version 1.1.11 or later, For updates refer to http://www.videolan.org/

Insight

The flaw is due to an integer underflow error when parsing the 'strf' chunk within AVI files can be exploited to cause a heap-based buffer overflow.

Affected

VLC media player version prior to 1.1.11 on Linux.

References

http://secunia.com/advisories/45066
http://www.videolan.org/security/sa1106.html
http://xforce.iss.net/xforce/xfdb/68532

Updated on 2015-03-25

Severity

Classification

CVE CVE-2011-2588

CVSS	Base Score: 6.8 AV:N/AC:M/Au:N/C:P/I:P/A:P

Related Vulnerabilities

ScriptFTP 'GETLIST' or 'GETFILE' Commands Remote Buffer Overflow Vulnerability
Personal File Share HTTP Server Remote Buffer Overflow Vulnerability
XnView Multiple Image Decompression Heap Overflow Vulnerabilities (Windows)
Simple Web Server Connection Header Buffer Overflow Vulnerability
Yahoo Messenger JPG Photo Sharing Integer Overflow Vulnerability

Take action and discover your vulnerabilities