VLC Media Player Multiple Stack-Based BOF Vulnerabilities - Nov08 (Linux)

Summary
This host is installed with VLC Media Player and is prone to Multiple Stack-Based Buffer Overflow Vulnerabilities.
Impact
Successful exploitation allows attackers to execute arbitrary code within the context of the VLC media player by tricking a user into opening a specially crafted file or can even crash an affected application. Impact Level: Application
Solution
Upgrade to 0.9.6, or Apply the available patch from below link, http://git.videolan.org/?p=vlc.git a=commitdiff h=e3cef651125701a2e33a8d75b815b3e39681a447 http://git.videolan.org/?p=vlc.git a=commitdiff h=5f63f1562d43f32331006c2c1a61742de031b84d ***** NOTE: Ignore this warning if above mentioned patch is already applied. *****
Insight
The flaws are caused while parsing, - header of an invalid CUE image file related to modules/access/vcd/cdrom.c. - an invalid RealText(rt) subtitle file related to the ParseRealText function in modules/demux/subtitle.c.
Affected
VLC media player 0.5.0 through 0.9.5 on Windows (Any).
References