Vigil@nce - VLC: denial of service via ID3v2
August 2010 by Vigil@nce
This bulletin was written by Vigil@nce : http://vigilance.fr/
SYNTHESIS OF THE VULNERABILITY
An attacker can invite the victim to open a malicious MP3
document, in order to stop VLC.
Severity: 1/4
Creation date: 12/08/2010
DESCRIPTION OF THE VULNERABILITY
The VLC program displays multimedia documents.
The ID3 protocol is used to add information (author, singer, etc.)
to an MP3 audio document.
The ReadMetaFromId3v2() function of the VLC/modules/meta_engine/taglib.cpp
file reads ID3 version fields. However, this function does not
correctly manage error cases and dereferences a NULL pointer.
An attacker can therefore invite the victim to open a malicious
MP3 document, in order to stop VLC.
ACCESS TO THE COMPLETE VIGIL@NCE BULLETIN
http://vigilance.fr/vulnerability/VLC-denial-of-service-via-ID3v2-9844