vlc
Page content
- Author: voroskoi
- Vulnerable: 0.8.6-7
- Unaffected: 0.8.6-8sayshell1
Some vulnerabilities have been discovered in VLC Media Player, which can be exploited by malicious people to compromise a user’s system.
- Boundary errors in the “ParseMicroDvd()”, “ParseSSA()”, and “ParseVplayer()” functions when handling subtitles can be exploited to cause stack-based buffer overflows.
- A format string error in the web interface listening on port 8080/tcp (disabled by default) can be exploited via a specially crafted HTTP request with a “Connection” header value containing format specifiers. Successful exploitation of the vulnerabilities allows execution of arbitrary code.
- Bug Tracker URL: http://bugs.frugalware.org/task/2682
CVEs:
- There is no CVE entry for these issues.