VLC Media Player Libmodplug CSoundFile::ReadS3M() Function S3M File Handling Overflow

Added: 05/26/2011
CVE: CVE-2011-1574
OSVDB: 72143

Background

VideoLAN VLC media player is a media player supporting various audio and video formats for multiple platforms.

Problem

VLC media player is vulnerable to a stack buffer overflow because the ReadS3M() function in libmodplug fails to properly sanitize user-supplied input. A remote attack who entices a user to open a specially crafted file in the vulnerable VLC media player could potentially execute arbitrary code.

Resolution

Upgrade to VLC 1.1.9 or higher.

References

http://secunia.com/advisories/44054/

Limitations

Exploit runs on VideoLAN VLC media player 1.1.8.

Platforms

Windows

Back to exploit index