VLC Media Player susceptible to buffer overflow vulnerability
According to an advisory from security services provider Secunia, the VLC Media Player is susceptible to a vulnerability in the Libmodplug library which it rates as highly critical. Libmodplug, also known as the ModPlug XMMS Plugin, is reportedly prone to a stack-based buffer overflow issue caused by insufficient validation of user supplied data. This could be exploited by an attacker, for example, to execute arbitrary code on a user's system. For an attack to be successful, a user must first open a specially crafted S3M media file. Secunia notes that this may only affect the precompiled versions.
The vulnerability is confirmed to affect version 1.1.8 of the VLC Media Player, the latest stable release, on Windows and Mac OS X. Other versions may also be affected. Until a patch or update has been released that corrects the issue, users are advised not to open untrusted *.S3M files. At the time of this posting, the VideoLAN project's Security information page does not list the problem.
- Libmodplug ReadS3M Stack Overflow, security advisory from SEC Consult.
- VLC Media Player 1.1.8 updates UI elements on Mac, a report from The H.