VLC Media Player 'CDG Decoder' Multiple Buffer Overflow Vulnerabilities (Windows) Network Vulnerability

Summary

The host is installed with VLC Media Player and is prone multiple buffer overflow vulnerabilities.

Impact

Successful exploitation could allow attackers to crash the affected application, or execute arbitrary code by convincing a user to open a malicious CD+G (CD+Graphics) media file or visit a specially crafted web page. Impact Level: Application

Solution

Upgrade to the VLC media player version 1.1.6 or later, For updates refer to http://www.videolan.org/vlc/

Insight

The flaws are due to an array indexing errors in the 'DecodeTileBlock()' and 'DecodeScroll()' [modules/codec/cdg.c] functions within the CDG decoder module when processing malformed data.

Affected

VLC media player version prior to 1.1.6 on Windows.

References

http://openwall.com/lists/oss-security/2011/01/20/3
http://www.vupen.com/english/advisories/2011/0185

Updated on 2015-03-25

Severity

Classification

CVE CVE-2011-0021

CVSS	Base Score: 9.3 AV:N/AC:M/Au:N/C:C/I:C/A:C

Related Vulnerabilities

Adobe Acrobat Multiple Vulnerabilities-01 Dec14 (Mac OS X)
Adobe AIR Multiple Vulnerabilities(APSB14-22)-(Mac OS X)
Adobe Acrobat Multiple Vulnerabilities -01 Jan 13 (Windows)
Adobe Flash Player Arbitrary Code Execution Vulnerability - 01 Feb14 (Mac OX S)
Adobe Air Code Execution and DoS Vulnerabilities (MAC OS X)

VLC Media Player 'CDG decoder' multiple buffer overflow vulnerabilities (Windows)

Take action and discover your vulnerabilities