• IDP Daily Update #1203
  posted: 07/02/08
  
• NSM Daily Update #1203
  posted: 07/02/08
  
• Deep Inspection 5.3r5 and above, 5.4, 6.0 #1203
  posted: 07/02/08
  
• Deep Inspection 5.1, 5.2, 5.3r4 and below #1201
  posted: 07/02/08
  
• Deep Inspection 5.0 #1132
  posted: 04/01/08
  
• Antivirus
  posted: 07/01/08

Text Size:        

• Product Information
• Security Products Overview
• Juniper Networks ISG Series
• IDP Demo
• Product Poster & Z-Card 

Title: VLC Media Player MP4 Demuxer Buffer Overflow Vulnerability

Severity: HIGH

Description:

VLC is a cross-platform media player that can be used to serve streaming data.

VLC is prone to a buffer-overflow vulnerability because it fails to perform adequate boundary checks on user-supplied input. This issue stems from an integer-overflow vulnerability occurring in the MP4 demuxer.

Attackers may leverage this issue to execute arbitrary code in the context of the application. Failed attacks will cause denial-of-service conditions.

Versions prior to VLC media player 0.8.6f are vulnerable.

Affected Products:

• Debian Linux 4.0
• Debian Linux 4.0 alpha
• Debian Linux 4.0 amd64
• Debian Linux 4.0 arm
• Debian Linux 4.0 hppa
• Debian Linux 4.0 ia-32
• Debian Linux 4.0 ia-64
• Debian Linux 4.0 m68k
• Debian Linux 4.0 mips
• Debian Linux 4.0 mipsel
• Debian Linux 4.0 powerpc
• Debian Linux 4.0 s/390
• Debian Linux 4.0 sparc
• Gentoo Linux
• VideoLAN VLC media player 0.8.6
• VideoLAN VLC media player 0.8.6a
• VideoLAN VLC media player 0.8.6b
• VideoLAN VLC media player 0.8.6c
• VideoLAN VLC media player 0.8.6d
• VideoLAN VLC media player 0.8.6e

References:

• VideoLAN: VLC Homepage
• VideoLan: VLC Release Notes
• VideoLan: VideoLan Security Advisory 0803