Summary
The host is installed with VLC Media Player and is prone multiple buffer overflow vulnerabilities.
Impact
Successful exploitation could allow attackers to crash the affected application, or execute arbitrary code by convincing a user to open a malicious CD+G (CD+Graphics) media file or visit a specially crafted web page.
Impact Level: Application
Solution
Upgrade to the VLC media player version 1.1.6 or later, For updates refer to http://download.videolan.org/pub/videolan/vlc/
Insight
The flaws are due to an array indexing errors in the 'DecodeTileBlock()' and 'DecodeScroll()' [modules/codec/cdg.c] functions within the CDG decoder module when processing malformed data.
Affected
VLC media player version prior to 1.1.6 on Linux
References
Severity
Classification
-
CVE CVE-2011-0021 -
CVSS Base Score: 9.3
AV:N/AC:M/Au:N/C:C/I:C/A:C
Related Vulnerabilities