|
|
Log in / Subscribe / Register

vlc: arbitrary code execution

Package(s):vlc CVE #(s):
Created:April 12, 2011 Updated:April 13, 2011
Description: From the Debian advisory:

Aliz Hammond discovered that the MP4 decoder plugin of vlc, a multimedia player and streamer, is vulnerable to a heap-based buffer overflow. This has been introduced by a wrong data type being used for a size calculation. An attacker could use this flaw to trick a victim into opening a specially crafted MP4 file and possibly execute arbitrary code or crash the media player.

Alerts:
Debian DSA-2218-1 vlc 2011-04-12
to post comments


Copyright © 2026, Eklektix, Inc.
Comments and public postings are copyrighted by their creators.
Linux is a registered trademark of Linus Torvalds