In association with heise online

04 May 2011, 12:07

VLC Media Player vulnerable to buffer overflow exploits

  • Twitter
  • Facebook
  • submit to slashdot
  • StumbleUpon
  • submit to reddit

VLC Logo According to an advisory from security services provider Secunia, the VLC Media Player is at risk from multiple vulnerabilities in the Libmodplug library, which it rates as "highly critical". First reported by a user with the pseudonym of "epiphant", Libmodplug, also known as the ModPlug XMMS Plugin, is said to be prone to stack-based buffer overflows caused by "boundary errors within the 'abc_new_macro()' and 'abc_new_umacro()' functions in src/load_abc.cpp".

This could be exploited by an attacker to execute arbitrary code on a victim's system. For an attack to be successful, a user must first open a specially crafted malicious media file. Secunia notes that this may, however, only affect precompiled versions of VLC.

The vulnerabilities have been confirmed to affect the latest 1.1.9 release of VLC for Windows. Other versions may also be affected. Until a patch or update has been released to fix the bug, users are advised not to open untrusted files.

See also:


Print Version | Send by email | Permalink:

  • July's Community Calendar

The H Open

The H Security

The H Developer

The H Internet Toolkit