Summary : Clam AntiVirus input validation error Date : February 2010 Affected versions : VLC media player 1.0.5 for Windows Clam AntiVirus all versions ID : VideoLAN-SA-1001 CVE reference : N/A
Clam AntiVirus incorrectly claims that the x86 SSE2-accelerated I:4:2:2 chroma conversion plugin as being a computer trojan. This affects builds of VLC media player with recent versions of the MingW compilation toolchain.
Copy, installation and/or use of VLC media player or applications based on LibVLC may be impossible.
This issue only affects users of Clam AntiVirus or anti-virus software using the same virus database.
Remove Clam AntiVirus before downloading VLC media player.
An anti-virus database has to be up-to-date to be of much use. Around 20% of tested antivirus incorrectly detected as VLC 1.0.5 as a trojan at the time of release. Kaspersky Anti-Virus was updated within one business day. The VideoLAN project advises against the use of Clam AntiVirus. Users should not rely on a security software which fails to be updated within a full month period (to date).
This vulnerability was reported by many different people individiually.