VLC Media Player chokes on music files
Specially crafted WAV files can trigger a buffer overflow on the heap in VLC Media Player. This could be exploited by attackers to inject and execute code, prompting Secunia, which discovered the vulnerability, to class it as highly critical. The Windows version of VLC Media Player 0.8.6h and possibly earlier versions are affected. Version 0.8.6i is reported to fix the bug. Although the changelog for this version is already available, the download page is still offering the vulnerable version 0.8.6h.
See also:
- VLC Media Player WAV Processing Integer Overflow, Security alert from Secunia
(trk)