In association with heise online

18 August 2008, 12:29

VLC Media Player trips up on True Audio

  • Twitter
  • Facebook
  • submit to slashdot
  • StumbleUpon
  • submit to reddit

The open source VideoLAN project's VLC multimedia player contains a critical security vulnerability. Crafted True Audio files can trigger an integer overflow, allowing arbitrary data to be overwritten on the heap.

The anonymous discoverer of the vulnerability, known only as "g_", gives the proviso that an attacker would have little control over what exactly would get written to the heap. It is therefore unclear whether the problem can actually be exploited. According to the advisory, the current version, VLC 0.8.6i, is affected. In a quick test carried out by heise Security, VLC promptly crashed on opening the demo file provided.

See also:


Print Version | Send by email | Permalink:

  • July's Community Calendar

The H Open

The H Security

The H Developer

The H Internet Toolkit