VideoLAN association
A project and a non-profit organization, composed of volunteers, developing and promoting free, open-source multimedia solutions.
Facebook
Twitter

Security Advisory 1105

Summary           : Heap overflow in RealMedia demuxer
Date              : 12 July 2011
Affected versions : VLC media player 1.1.10 down to 1.1.0
ID                : VideoLAN-SA-1105
CVE references    : CVE-2011-2587

Details

VLC media player suffers from a heap overflow vulnerability in the Real Media file parser.

Impact

If successful, a malicious third party could crash the player instance. Arbitrary code execution within the context of VLC media player might be possible, though it was unconfirmed.

Threat mitigation

Exploitation of those bugs requires the user to explicitly open specifically crafted malicious files.

Workarounds

The user may refrain from opening files from untrusted sources.

Alternatively, the RealMedia plugin (demux/libreal_plugin.*) can be removed. This will however prevent use of any of Real Media files.

Solution

VLC media player 1.1.11 addresses this issue and introduces further stability fixes. A source code patch is also available as an alternative.

Credits

This vulnerability was discovered by Hossein Lotfi and reported via Secunia.

References

The VideoLAN Project
http://www.videolan.org/
Source code patch
git commit 1bce40644cddee93b4b1877a94a6ce345f32852c
Secunia
http://www.secunia.com/

History

15 July 2011
VLC 1.1.11 released
12 July 2011
Initial advisory
10 July 2011
Issue resolved privately
08 July 2011
CVE identifier assigned
07 June 2011
Bug reported
Rémi Denis-Courmont,
on behalf of the VideoLAN project