VLC Media Player Demuxer拒绝服务漏洞

漏洞起因
输入验证错误
危险等级

影响系统
VideoLAN VLC media player 1.1.9
VideoLAN VLC media player 1.1.8
VideoLAN VLC media player 1.1.7
VideoLAN VLC media player 1.1.6 1
VideoLAN VLC media player 1.1.4
VideoLAN VLC media player 1.1.4
VideoLAN VLC media player 1.1.3
VideoLAN VLC media player 1.1.2
VideoLAN VLC media player 1.1.1
VideoLAN VLC media player 1.1
VideoLAN VLC media player 1.0.6
VideoLAN VLC media player 1.0.5
VideoLAN VLC media player 1.0.3
VideoLAN VLC media player 1.0.2
VideoLAN VLC media player 1.0.1
VideoLAN VLC media player 1.0
VideoLAN VLC media player 0.9.9
VideoLAN VLC media player 0.9.7
VideoLAN VLC media player 0.9.6
VideoLAN VLC media player 0.9.5
VideoLAN VLC media player 0.9.4
VideoLAN VLC media player 0.9.3
VideoLAN VLC media player 0.9.2
VideoLAN VLC media player 0.9.1
VideoLAN VLC media player 0.9
VideoLAN VLC media player 0.8.6 i
VideoLAN VLC media player 0.8.6 h
VideoLAN VLC media player 0.8.6 g
VideoLAN VLC media player 0.8.6 d
VideoLAN VLC media player 0.8.6
+ Debian Linux 4.0 sparc
+ Debian Linux 4.0 s/390
+ Debian Linux 4.0 powerpc
+ Debian Linux 4.0 mipsel
+ Debian Linux 4.0 mips
+ Debian Linux 4.0 m68k
+ Debian Linux 4.0 ia-64
+ Debian Linux 4.0 ia-32
+ Debian Linux 4.0 hppa
+ Debian Linux 4.0 arm
+ Debian Linux 4.0 amd64
+ Debian Linux 4.0 alpha
+ Debian Linux 4.0
VideoLAN VLC media player 0.6.8
VideoLAN VLC media player 0.5
VideoLAN VLC media player 1.1.6
VideoLAN VLC media player 1.1.5
VideoLAN VLC media player 1.1.3
VideoLAN VLC media player 1.1.2
VideoLAN VLC media player 1.1.11
VideoLAN VLC media player 1.1.10
VideoLAN VLC media player 1.1.1
VideoLAN VLC media player 1.1.0
VideoLAN VLC media player 1.0.4
VideoLAN VLC media player 0.9.8a
VideoLAN VLC media player 0.8.6f
VideoLAN VLC media player 0.8.6e
VideoLAN VLC media player 0.8.6c
VideoLAN VLC media player 0.8.6b
VideoLAN VLC media player 0.8.6a

不受影响系统
VideoLAN VLC media player 1.1.12

危害
远程攻击者可以利用漏洞使应用程序崩溃,或可能以应用程序上下文执行任意代码。

攻击所需条件
攻击者必须启用HTTP WEB接口,HTTP输出,RTSP输出或RTSP VoD功能。

漏洞信息
VLC Media Player是一款流行的多媒体播放程序。
VLC Media Player AVI分路器存在一个整数溢出,HTTP和RTSP服务器组件存在空指针引用,可导致VLC media player崩溃,要成功利用此漏洞需要用户启用HTTP WEB接口,HTTP输出,RTSP输出或RTSP VoD功能。

测试方法

厂商解决方案
VideoLAN VLC media player 1.1.12已经修复此漏洞,建议用户下载使用:
http://www.videolan.org/

漏洞提供者
Jouni Knuutinen and Antti Kiuru

发表评论?

0 条评论。

发表评论