1. Symantec/
  2. Security Response/
  3. Attack Signatures/
  4. Web Attack: VLC Media Player RealText Subtitle CVE-2008-5036

Web Attack: VLC Media Player RealText Subtitle CVE-2008-5036

Severity: High

This attack could pose a serious security threat. You should take immediate action to stop any damage or prevent further damage from happening.

Description

This signature detects a stack-based buffer-overflow vulnerability in the VLC media player.

Additional Information

VLC is a cross-platform media player.

VLC is prone to multiple stack-based buffer-overflow vulnerabilities because it fails to perform adequate checks on user-supplied input. The following issues have been disclosed:

1. A buffer-overflow vulnerability affects RealText subtitle file processing. This error occurs in the 'modules\demux\subtitle.c' source file. User-supplied data from a malicious subtitle file can be copied into static buffers without proper validation, causing a stack-based buffer overflow. Note that the vulnerable application may automatically load applicable subtitle files when video content is opened.

2. A stack-based buffer-overflow vulnerability affects CUE image file processing. This error occurs in the 'modules\access\vcd\cdrom.c' source file. Data supplied by the CUE file is used as an array index without proper validation.

Attackers may leverage these issues to execute arbitrary code in the context of the application. Failed attacks will cause denial-of-service conditions.

Versions prior to VLC media player 0.9.6 are vulnerable.

Response

The vendor has released an updated version; please see the references for more information.

Additional References

  • Twitter
  • Facebook
  • LinkedIn
  • Google+
  • YouTube