VLC Media Player 'Bookmark Creation' Buffer Overflow Vulnerability (Linux) Network Vulnerability

Summary

The host is installed with VLC Media Player and is prone buffer overflow vulnerability.

Impact

Successful exploitation could allow attackers to execute arbitrary code in the context of the application. Failed attacks will cause denial-of-service conditions. Impact Level: Application

Solution

Upgrade to the VLC media player version 1.0.6 or later, For updates refer to http://download.videolan.org/pub/videolan/vlc/

Insight

The flaw is due to a race condition error when creating bookmarks and can be exploited to corrupt memory by tricking a user into creating a bookmark while playing a specially crafted file.

Affected

VLC media player version prior to 1.0.6 on Linux

References

http://osvdb.org/62728
http://secunia.com/advisories/38853

Updated on 2015-03-25

Severity

Classification

CVE CVE-2011-1087

CVSS	Base Score: 7.6 AV:N/AC:H/Au:N/C:C/I:C/A:C

Related Vulnerabilities

Beatport Player '.m3u' File Buffer Overflow Vulnerability
Adobe Reader Integer Overflow Vulnerability - Jan 12 (Linux)
Adobe Audition '.ses' Multiple Buffer Overflow Vulnerabilities (Windows)
Avaya WinPDM Multiple Buffer Overflow Vulnerabilities
ACDSee FotoSlate PLP Multiple Buffer Overflow Vulnerabilities

Take action and discover your vulnerabilities