VLC Media Player trips up on True Audio
The open source VideoLAN project's VLC multimedia player contains a critical security vulnerability. Crafted True Audio files can trigger an integer overflow, allowing arbitrary data to be overwritten on the heap.
The anonymous discoverer of the vulnerability, known only as "g_", gives the proviso that an attacker would have little control over what exactly would get written to the heap. It is therefore unclear whether the problem can actually be exploited. According to the advisory, the current version, VLC 0.8.6i, is affected. In a quick test carried out by heise Security, VLC promptly crashed on opening the demo file provided.
See also:
- Orange Bat advisory, security advisory by the discoverer of the vulnerability.
- A Heap Of Risk, background article on heap overflows by FX
(djwm)