DSA-2218-1 vlc -- heap-based buffer overflowID: oval:org.secpod.oval:def:600234 | Date: (C)2011-04-19 (M)2023-11-09 |
Class: PATCH | Family: unix |
Aliz Hammond discovered that the MP4 decoder plugin of vlc, a multimedia player and streamer, is vulnerable to a heap-based buffer overflow. This has been introduced by a wrong data type being used for a size calculation. An attacker could use this flaw to trick a victim into opening a specially crafted MP4 file and possibly execute arbitrary code or crash the media player. The oldstable distribution is not affected by this problem.