In association with heise online

08 April 2011, 10:05

VLC Media Player susceptible to buffer overflow vulnerability

  • Twitter
  • Facebook
  • submit to slashdot
  • StumbleUpon
  • submit to reddit

VLC Logo According to an advisory from security services provider Secunia, the VLC Media Player is susceptible to a vulnerability in the Libmodplug library which it rates as highly critical. Libmodplug, also known as the ModPlug XMMS Plugin, is reportedly prone to a stack-based buffer overflow issue caused by insufficient validation of user supplied data. This could be exploited by an attacker, for example, to execute arbitrary code on a user's system. For an attack to be successful, a user must first open a specially crafted S3M media file. Secunia notes that this may only affect the precompiled versions.

The vulnerability is confirmed to affect version 1.1.8 of the VLC Media Player, the latest stable release, on Windows and Mac OS X. Other versions may also be affected. Until a patch or update has been released that corrects the issue, users are advised not to open untrusted *.S3M files. At the time of this posting, the VideoLAN project's Security information page does not list the problem.

See also:


Print Version | Send by email | Permalink:

  • July's Community Calendar

The H Open

The H Security

The H Developer

The H Internet Toolkit