PROBLEM:
VLC Media Player Buffer Overflow in HTML Subtitle Parser Lets Remote Users Execute Arbitrary Code
PLATFORM:
VLC Media Player 2.0.4, possibly earlier versions
ABSTRACT:
Some vulnerabilities have been reported in VLC Media Player
REFERENCE LINKS:
SecurityTracker Alert ID: 1027929
Secunia Advisory SA51692
IMPACT ASSESSMENT:
Medium
DISCUSSION:
Some vulnerabilities have been reported in VLC Media Player, which can be exploited by malicious people to compromise a user's system.
The vulnerabilities are caused due to errors when parsing HTML subtitles in modules/codec/subsdec.c and can be exploited to cause buffer overflows via a specially crafted subtitle file.
IMPACT:
A remote user can create a file that, when loaded by the target user, will execute arbitrary code on the target user's system.