1. Symantec/
  2. Security Response/
  3. Attack Signatures/
  4. HTTP VLC Tivo Decoder BO

HTTP VLC Tivo Decoder BO

Severity: High

This attack could pose a serious security threat. You should take immediate action to stop any damage or prevent further damage from happening.

Description

This signature will detect attempts to exploit a buffer overflow vulnerability in VLC Media Player.

Additional Information

VLC is a cross-platform media player.

VLC is prone to a stack-based buffer-overflow vulnerability because it fails to perform adequate checks on user-supplied input. This issue occurs in the 'parse_master()' function of the 'modules/demux/Ty.c' source file when parsing malformed TY files. Specifically, if an attacker passes more than 32 bytes of data to the ' uint8_t mst_buf' array, a stack overflow will occur.

Attackers may leverage this issue to execute arbitrary code in the context of the application. Failed attacks will cause denial-of-service conditions.

VLC media player 0.9.0 up to and including 0.9.4 are vulnerable.

Response

Fixes are available in the VLC source code repositories. Please see the references for more information.

Reportedly, the issue will also be fixed in the upcoming release of VLC media player 0.9.5.

Additional References

  • Twitter
  • Facebook
  • LinkedIn
  • Google+
  • YouTube