Hole in VLC Media Player
According to security service provider Secunia, a vulnerability in the Windows version of the VLC media player can be exploited in order to compromise a system. An attack would require the attacker to get the victim to open a play list file with an overly long smb:// URI. The cause of the problem is a buffer overflow in the Win32AddConnection
function in modules/access/smb.c
The error was discovered in version 0.9.9 of VLC, but is likely to exist in other versions. The VLC developers have fixed the problem in their Git repository, but describe the problem only as a denial of service vulnerability which crashes the player. Officially, only version 0.9.9 is available as source code and binary for Windows.
See also:
- Fix a segfault (buffer overflow for win32 only), VLC commit.
- VLC Media Player SMB Input Module Buffer Overflow Vulnerability, Secunia advisory.
(djwm)