VLC Media Player 'MP4_ReadBox_skcr()' Buffer Overflow Vulnerability (Linux) Network Vulnerability

Summary

The host is installed with VLC Media Player and is prone buffer overflow vulnerability.

Impact

Successful exploitation could allow attackers to execute arbitrary code by tricking a user into opening a malicious file or visiting a specially crafted web page. Impact Level: Application

Solution

Upgrade to the VLC media player version 1.1.9 or later, For updates refer to http://download.videolan.org/pub/videolan/vlc/

Insight

The flaw is caused by a heap corruption error in the 'MP4_ReadBox_skcr()' [modules/demux/mp4/libmp4.c] function when processing malformed MP4 (MPEG-4 Part 14) data.

Affected

VLC media player version prior to 1.1.9 on Linux

References

http://secunia.com/advisories/44022
http://www.vupen.com/english/advisories/2011/0916
http://xforce.iss.net/xforce/xfdb/66664

Updated on 2015-03-25

Severity

Classification

CVE CVE-2011-1684

CVSS	Base Score: 6.8 AV:N/AC:M/Au:N/C:P/I:P/A:P

Related Vulnerabilities

Oracle MySQL 'COM_FIELD_LIST' Command Buffer Overflow Vulnerability
Foxit Reader Multiple Buffer Overflow Vulnerabilities
Groovy Media Player '.m3u' File Remote Stack Buffer Overflow Vulnerability
SlySoft Product(s) Code Execution Vulnerability
Firebird Relational Database CNCT Group Number Buffer Overflow Vulnerability (Win)

Take action and discover your vulnerabilities