VLC Media Player format string vulnerability

Overview

VLC contains a format string vulnerability that may allow an attacker to execute code.

Description

VideoLAN (VLC) is a streaming media player that runs on multiple platforms.

From VideoLAN Security Advisory 0702:

_VLC media player Ogg/Vorbis, Ogg/Theora, CDDA (CD Digital Audio) and SAP (Service Announce Protocol) plugins are prone to a C-style format string vulnerability when trying to parse a media data stream.

Valid but carefully crafted .ogg (Vorbis) or .ogm (Theora) files, CDDB entries or SAP/SDP messages can trigger the bug. We therefore consider this bug to have a high severity._

Note that VLC distributes a plugin for Mozilla-based browsers. If the VLC browser plugin is used, an attacker may be able to exploit this vulnerability by convincing a user to go to a webpage.

---

Impact

A remote, unauthenticated attacker may be able to execute arbitrary code with the privileges of the user running VLC.

---

Solution

Upgrade
VLC media player 0.8.6c has been released to address this issue.

---

Disable the affected components

Disabling the affected VLC plugins and components may mitigate this vulnerability. See the workarounds section of VideoLAN Security Advisory 0702 for more details.

---

Vendor Information

200928

Filter by status: All Affected Not Affected Unknown

Filter by content: __ Additional information available

__ Sort by: Status Alphabetical

Expand all

Javascript is disabled. Click here to view vendors.

VideoLAN __ Affected

Updated: July 23, 2007

Status

Affected

Vendor Statement

We have not received a statement from the vendor.

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

Addendum

See <http://www.videolan.org/sa0702.html&gt; for more details.

If you have feedback, comments, or additional information about this vulnerability, please send us [email](<mailto:[email protected]?Subject=VU%23200928 Feedback>).

CVSS Metrics

Group	Score	Vector
Base
Temporal
Environmental

References

• <http://www.videolan.org/sa0702.html&gt;
• <http://www.tech-faq.com/format-string-vulnerability.shtml&gt;
• <http://www.securityfocus.com/bid/24555&gt;
• <http://www.frsirt.com/english/advisories/2007/2262&gt;
• <http://secunia.com/advisories/25753&gt;
• <http://www.isecpartners.com/advisories/2007-001-vlc.txt&gt;

Acknowledgements

Thanks to the VLC team for information that was used in this report.

This document was written by Ryan Giobbi.

Other Information

CVE IDs:	CVE-2007-3316
Severity Metric:	8.82 Date Public: