Another vulnerability in VLC media player
A vulnerability in VLC media player allows an attacker to write and execute arbitrary code via malformed RealMedia files. The victim would have to download and open a RealMedia file or visit a web site transmitting a specially crafted RealMedia stream.
The security advisory says the problem is caused by a heap overflow in modules\demux\real.c
. An update to Version 0.9.7 should solve the problem. Alternatively, the Real demuxer plugin libreal_plugin.*
can be removed manually from the VLC plugin installation directory.
In view of the large number of critical vulnerabilities discovered in VLC recently, users should perhaps consider an alternative media player. Admittedly, the VLC's network and streaming capabilities make it difficult to replace, but if you do not need these functions and need a media player to just replay films stored on your system, then an alternative player may be more suitable.
See Also:
- VLC media player RealMedia Processing Integer, security advisory by Tobias Kleinz
- Buffer overflow in Real demuxer, security advisory by VLC
(djwm)