Vigil@nce - VLC: buffer overflow of MPEG-4
March 2016 by Vigil@nce
This bulletin was written by Vigil@nce : https://vigilance.fr/offer
SYNTHESIS OF THE VULNERABILITY
An attacker can generate a buffer overflow in the MPEG-4 player of
VLC, in order to trigger a denial of service, and possibly to run
code.
Impacted products: VLC.
Severity: 2/4.
Creation date: 29/01/2016.
DESCRIPTION OF THE VULNERABILITY
The VLC product manages the MPEG-4 format.
An MPEG-4 file may include an H.264 video which may include a
section of type "Sample Table and Sample Description". However, if
the size of data is greater than the size of the storage array, an
overflow occurs.
An attacker can therefore generate a buffer overflow in the MPEG-4
player of VLC, in order to trigger a denial of service, and
possibly to run code.
ACCESS TO THE COMPLETE VIGIL@NCE BULLETIN
https://vigilance.fr/vulnerability/VLC-buffer-overflow-of-MPEG-4-18841