VLC Media Player "get_chunk_header ()" dual-release Vulnerability
Release date: 2011-12-21
Updated on: 2011-12-22
Affected Systems:
VideoLAN VLC Media Player 1.x
Description:
--------------------------------------------------------------------------------
Bugtraq id: 51147
VLC Media Player is a multimedia Player named VideoLAN client.
The "get_chunk_header ()" function (modules/demux/ty. c) there is a dual release vulnerability in implementation. By enticing users to open a specially crafted TiVo (*. ty) file destroys the memory.
<* Source: Clement Lecigne
Link: http://www.videolan.org/security/sa1108.html
*>
Suggestion:
--------------------------------------------------------------------------------
Vendor patch:
VideoLAN
--------
VideoLAN has released a Security Bulletin (sa1108) and corresponding patches for this purpose:
Sa1108: Buffer overflow in VLC TiVo demuxer
Link: http://www.videolan.org/security/sa1108.html