Summary : Buffer overflows in multiple modules Date : 13 April 2008 Affected versions : VLC media player 0.8.6e and earlier ID : VideoLAN-SA-0803 CVE reference : CVE-2008-0073, CVE-2008-1489, CVE-2008-1768, CVE-2008-1769
VLC media player's following modules suffer from arbitrary memory overwrite vulnerabilities when using specially crafted (invalid) input streams / files: Real RTSP and Real media demuxers, MP4 demuxer, Cinepak decoder.
If successful, a malicious third party could trigger the execution of arbitrary code within the context of the running instance or terminate the application unexpectedly.
Exploitation of the MP4 / Real Media demuxer or the Cinepak decoder issues requires the user to explicitly open specially crafted files or streams.
Exploitation of the Real RTSP problems requires the user to explicitly open streams provided by malicious third parties.
The user is asked to open Real RTSP / Real Media streams and MP4 files as well as files containing Cinepak video streams from trusted content providers only. In case of uncertainess, it is recommended not to open this kind of streams or files. RTSP streams can easily be identified by the
rtsp prefix of their URL/MRL, while the MP4 container file type is recognizable by the
mp4 suffix. Cinepak encoded video streams are usually found in MOV and MP4 container files only, which may be perceived by their
mov suffixes. Real Media files usually include
VLC media player 0.8.6f addresses these issues and introduces further usability fixes.
Pre-compiled packages are available at the usual download locations.
The Real RTSP demuxer, Real media demuxer, MP4 demuxer and Cinepak codec vulnerabilities were discovered by Drew Yao of Apple Product Security.