VLC Media Player TiVo Demuxer远程堆缓冲区溢出漏洞

漏洞起因
边界条件错误
危险等级

影响系统
VideoLAN VLC media player 1.1.12
VideoLAN VLC media player 1.1.9
VideoLAN VLC media player 1.1.8
VideoLAN VLC media player 1.1.7
VideoLAN VLC media player 1.1.6 1
VideoLAN VLC media player 1.1.4
VideoLAN VLC media player 1.1.4
VideoLAN VLC media player 1.1.3
VideoLAN VLC media player 1.1.2
VideoLAN VLC media player 1.1.1
VideoLAN VLC media player 1.1
VideoLAN VLC media player 1.0.6
VideoLAN VLC media player 1.0.5
VideoLAN VLC media player 1.0.3
VideoLAN VLC media player 1.0.2
VideoLAN VLC media player 1.0.1
VideoLAN VLC media player 1.0
VideoLAN VLC media player 0.9.9
VideoLAN VLC media player 0.9.7
VideoLAN VLC media player 0.9.6
VideoLAN VLC media player 0.9.5
VideoLAN VLC media player 0.9.4
VideoLAN VLC media player 0.9.3
VideoLAN VLC media player 0.9.2
VideoLAN VLC media player 0.9.1
VideoLAN VLC media player 0.9
VideoLAN VLC media player 1.1.6
VideoLAN VLC media player 1.1.5
VideoLAN VLC media player 1.1.3
VideoLAN VLC media player 1.1.2
VideoLAN VLC media player 1.1.11
VideoLAN VLC media player 1.1.10
VideoLAN VLC media player 1.1.1
VideoLAN VLC media player 1.1.0
VideoLAN VLC media player 1.0.4
VideoLAN VLC media player 0.9.8a

不受影响系统
VideoLAN VLC media player 1.1.13

危害
远程攻击者可以利用漏洞以应用程序上下文执行任意代码。

攻击所需条件
攻击者必须构建恶意文件,诱使用户打开。

漏洞信息
VLC Media Player是一款流行的多媒体播放程序。
当解析非法TY文件的头字段数据时,可造成堆破坏。成功利用漏洞恶意第三方插件可使VLC媒体播放器进程崩溃,并可能以应用程序上下文执行任意代码。

测试方法

厂商解决方案
VideoLAN VLC media player 1.1.13已经修复此漏洞,建议用户下载使用:
http://www.videolan.org/

漏洞提供者
Clement Lecigne

评论关闭。