Signature Detail
Short Name |
HTTP:STC:DL:VLC-XSPF-MC |
|---|---|
Severity |
High |
Recommended |
No |
Recommended Action |
Drop |
Category |
HTTP |
Keywords |
VideoLAN VLC Media Player XSPF Playlist Integer Overflow Memory Corruption |
Release Date |
2011/06/15 |
Update Number |
1939 |
Supported Platforms |
idp-4.0+, isg-3.1.134269+, j-series-9.5+, mx-9.4+, srx-9.2+, srx-branch-9.4+, vsrx-12.1+ |
HTTP: VideoLAN VLC Media Player XSPF Playlist Integer Overflow Memory Corruption
This signature detects attempts to exploit a known memory corruption vulnerability in VideoLAN VLC Media Player. It is due to an integer-overflow error in the XSPF playlist file parser. An attacker can entice the target user to open a crafted XSPF file to exploit this. A successful attack can lead to arbitrary code execution within the context of the application.
Extended Description
VLC media player is prone to a memory-corruption vulnerability because of an integer-overflow error in the XSPF playlist file parser. Attackers may leverage this issue to execute arbitrary code in the context of the application. Failed attacks will cause denial-of-service conditions. Versions prior to VLC Media Player 1.1.10 are vulnerable.
Affected Products
- Debian Linux 4.0
- Debian Linux 4.0 Alpha
- Debian Linux 4.0 Amd64
- Debian Linux 4.0 Arm
- Debian Linux 4.0 Armel
- Debian Linux 4.0 Hppa
- Debian Linux 4.0 Ia-32
- Debian Linux 4.0 Ia-64
- Debian Linux 4.0 M68k
- Debian Linux 4.0 Mips
- Debian Linux 4.0 Mipsel
- Debian Linux 4.0 Powerpc
- Debian Linux 4.0 S/390
- Debian Linux 4.0 Sparc
- Debian Linux 5.0
- Debian Linux 5.0 Alpha
- Debian Linux 5.0 Amd64
- Debian Linux 5.0 Arm
- Debian Linux 5.0 Armel
- Debian Linux 5.0 Hppa
- Debian Linux 5.0 Ia-32
- Debian Linux 5.0 Ia-64
- Debian Linux 5.0 M68k
- Debian Linux 5.0 Mips
- Debian Linux 5.0 Mipsel
- Debian Linux 5.0 Powerpc
- Debian Linux 5.0 S/390
- Debian Linux 5.0 Sparc
- Debian Linux 6.0
- Pardus Linux 2009
- Pardus Linux 2011
- VideoLAN VLC media player 0.8.5
- VideoLAN VLC media player 0.8.6
- VideoLAN VLC media player 0.8.6A
- VideoLAN VLC media player 0.8.6B
- VideoLAN VLC media player 0.8.6C
- VideoLAN VLC media player 0.8.6D
- VideoLAN VLC media player 0.8.6E
- VideoLAN VLC media player 0.8.6F
- VideoLAN VLC media player 0.8.6G
- VideoLAN VLC media player 0.8.6H
- VideoLAN VLC media player 0.8.6I
- VideoLAN VLC media player 0.9.0
- VideoLAN VLC media player 0.9.1
- VideoLAN VLC media player 0.9.10
- VideoLAN VLC media player 0.9.2
- VideoLAN VLC media player 0.9.3
- VideoLAN VLC media player 0.9.4
- VideoLAN VLC media player 0.9.5
- VideoLAN VLC media player 0.9.6
- VideoLAN VLC media player 0.9.7
- VideoLAN VLC media player 0.9.8A
- VideoLAN VLC media player 0.9.9
- VideoLAN VLC media player 1.0.0
- VideoLAN VLC media player 1.0.1
- VideoLAN VLC media player 1.0.2
- VideoLAN VLC media player 1.0.3
- VideoLAN VLC media player 1.0.4
- VideoLAN VLC media player 1.0.5
- VideoLAN VLC media player 1.0.6
- VideoLAN VLC media player 1.1.0
- VideoLAN VLC media player 1.1.0
- VideoLAN VLC media player 1.1.1
- VideoLAN VLC media player 1.1.1
- VideoLAN VLC media player 1.1.2
- VideoLAN VLC media player 1.1.2
- VideoLAN VLC media player 1.1.3
- VideoLAN VLC media player 1.1.3
- VideoLAN VLC media player 1.1.4
- VideoLAN VLC media player 1.1.4
- VideoLAN VLC media player 1.1.5
- VideoLAN VLC media player 1.1.6
- VideoLAN VLC media player 1.1.6.1
- VideoLAN VLC media player 1.1.7
- VideoLAN VLC media player 1.1.8
- VideoLAN VLC media player 1.1.9
References
- BugTraq: 48171
- URL: http://www.videolan.org/security/sa1104.html
- URL: http://www.videolan.org/