1. Symantec-Broadcom-Horizontal/
  2. Security Response/
  3. Attack Signatures/
  4. Attack: VLC Media Player S3M

Attack: VLC Media Player S3M

Severity: High

This attack could pose a serious security threat. You should take immediate action to stop any damage or prevent further damage from happening.

Description

This signature detects a buffer-overflow vulnerability in VLC Media Player which may result in remote execution.

Additional Information

The libmodplug library allows various media players to play multiple
media formats.

The library is prone to a stack-based buffer-overflow vulnerability
because it fails to properly bounds check user-supplied data before
copying it into an insufficiently sized buffer. Specifically, this issue
occurs due to an error in the 'ReadS3M()' function of the 'load_s3m.cpp'
source file when processing a specially crafted 'S3M' media file.

An attacker could exploit this issue to execute arbitrary code in the
context of the affected application. Failed exploit attempts will likely
result in denial-of-service conditions.

Affected

  • VLC Media Player

Response

Updates are available. Please see the references for more information.
  • Twitter
  • Facebook
  • LinkedIn
  • Google+
  • YouTube