vlc -- arbitrary pointer dereference vulnerability

2015-08-20T00:00:00
ID A0A4E24C-4760-11E5-9391-3C970E169BC2
Type freebsd
Reporter FreeBSD
Modified 2015-08-20T00:00:00

Description

oCERT reports:

The stable VLC version suffers from an arbitrary pointer dereference vulnerability. The vulnerability affects the 3GP file format parser, insufficient restrictions on a writable buffer can be exploited to execute arbitrary code via the heap memory. A specific 3GP file can be crafted to trigger the vulnerability. Credit: vulnerability reported by Loren Maggiore of Trail of Bits.