Summary
This host is installed with VLC Media Player and is prone to Buffer Overflow Vulnerability.
Impact
Successful exploitation allows attackers to execute arbitrary code by tricking a user into opening a specially crafted TY file or can even crash an affected application.
Impact Level: Application
Solution
Upgrade to Version 0.9.5, or
Apply the available patch from below link,
http://git.videolan.org/?p=vlc.git
a=commitdiff
h=26d92b87bba99b5ea2e17b7eaa39c462d65e9133#patch1
*****
NOTE: Ignore this warning if above mentioned patch is already applied.
*****
Insight
The flaw is due to a boundary error while parsing the header of an invalid TY file.
Affected
VLC media player 0.9.0 through 0.9.4 on Linux (Any).
References
Severity
Classification
-
CVE CVE-2008-4654, CVE-2008-4686 -
CVSS Base Score: 9.3
AV:N/AC:M/Au:N/C:C/I:C/A:C
Related Vulnerabilities