VLC Media Player TiVo Demuxer Double Free Vulnerability (Mac OS X) Network Vulnerability

Summary

This host is installed with VLC Media Player and is prone to double free vulnerability.

Impact

Successful exploitation will allow an attacker to crash an affected application and denying service to legitimate users. Impact Level: Application

Solution

Upgrade VLC media player to 1.1.13 or later, For updates refer to http://www.videolan.org/vlc/

Insight

The flaw is due to a double-free error within the 'get_chunk_header()' function in 'modules/demux/ty.c' of the TiVo demuxer when opening a specially crafted TiVo (*.ty) file.

Affected

VLC media player version 0.9.0 to 1.1.12 on Mac OS X

References

http://secunia.com/advisories/47325
http://securitytracker.com/id?1026449
http://www.osvdb.org/77975
http://www.videolan.org/security/sa1108.html
http://xforce.iss.net/xforce/xfdb/71916

Updated on 2015-03-25

Severity

Classification

CVE CVE-2011-5231, CVE-2012-0023

CVSS	Base Score: 9.3 AV:N/AC:M/Au:N/C:C/I:C/A:C

Related Vulnerabilities

Aast! Antivirus 'aavmker4.sys' Denial Of Service Vulnerability (Win)
Apple Safari Multiple Vulnerabilities June-09 (Win) - I
AT-TFTP Server Long Filename BoF Vulnerability
Cogent DataHub Multiple Vulnerabilities
CUPS Multiple Vulnerabilities - Oct08

Take action and discover your vulnerabilities