Vigil@nce: VLC, integer overflow of RealMedia
January 2011 by Vigil@nce
This bulletin was written by Vigil@nce : http://vigilance.fr/
SYNTHESIS OF THE VULNERABILITY
An attacker can invite the victim to open a malicious RealMedia
file with VLC, in order to execute code on his computer.
– Severity: 2/4
– Creation date: 03/01/2011
IMPACTED PRODUCTS
– Unix - plateform
DESCRIPTION OF THE VULNERABILITY
The VideoLAN VLC program displays multimedia documents.
The libreal_plugin plugin opens documents in the RealMedia (.rm)
format.
The DemuxAudioMethod1() function of the modules/demux/real.c file
does not check a value from the RealMedia header, and uses it as a
counter which overflows.
An attacker can therefore invite the victim to open a malicious
RealMedia file with VLC, in order to execute code on his computer.
ACCESS TO THE COMPLETE VIGIL@NCE BULLETIN
http://vigilance.fr/vulnerability/VLC-integer-overflow-of-RealMedia-10244