VLC Media Player TY Processing BOF Vulnerability (Linux) Network Vulnerability

Summary

This host is installed with VLC Media Player and is prone to Buffer Overflow Vulnerability.

Impact

Successful exploitation allows attackers to execute arbitrary code by tricking a user into opening a specially crafted TY file or can even crash an affected application. Impact Level: Application

Solution

Upgrade to Version 0.9.5, or Apply the available patch from below link, http://git.videolan.org/?p=vlc.git a=commitdiff h=26d92b87bba99b5ea2e17b7eaa39c462d65e9133#patch1 ***** NOTE: Ignore this warning if above mentioned patch is already applied. *****

Insight

The flaw is due to a boundary error while parsing the header of an invalid TY file.

Affected

VLC media player 0.9.0 through 0.9.4 on Linux (Any).

References

http://secunia.com/advisories/32339/
http://www.frsirt.com/english/advisories/2008/2856
http://www.trapkit.de/advisories/TKADV2008-010.txt
http://www.videolan.org/security/sa0809.html

Updated on 2015-03-25

Severity

Classification

CVE CVE-2008-4654, CVE-2008-4686

CVSS	Base Score: 9.3 AV:N/AC:M/Au:N/C:C/I:C/A:C

Related Vulnerabilities

7-Zip Unspecified Archive Handling Vulnerability (Win)
Adobe Flash Player/Air Multiple Vulnerabilities - August10 (Win)
Adersoft VbsEdit '.vbs' File Denial Of Service Vulnerability
Freeciv Multiple Remote Denial Of Service Vulnerabilities
Asterisk SIP Channel Driver Denial Of Service Vulnerability (Linux)

Take action and discover your vulnerabilities