Summary : Buffer overflows in multiple modules
Date : 13 April 2008
Affected versions : VLC media player 0.8.6e and earlier
ID : VideoLAN-SA-0803
CVE reference : CVE-2008-0073, CVE-2008-1489, CVE-2008-1768, CVE-2008-1769
Details
VLC media player's following modules suffer from arbitrary memory overwrite vulnerabilities when using specially crafted (invalid) input streams / files:
Real RTSP and Real media demuxers, MP4 demuxer, Cinepak decoder.
Impact
If successful, a malicious third party could trigger the execution of arbitrary code within the context of the running instance or terminate the application unexpectedly.
Threat mitigation
Exploitation of the MP4 / Real Media demuxer or the Cinepak decoder issues requires the user to explicitly open specially crafted files or streams.
Exploitation of the Real RTSP problems requires the user to explicitly open streams provided by malicious third parties.
Workarounds
The user is asked to open Real RTSP / Real Media streams and MP4 files as well as files containing Cinepak video streams from trusted content providers only. In case of uncertainess, it is recommended not to open this kind of streams or files. RTSP streams can easily be identified by the rtsp prefix of their URL/MRL, while the MP4 container file type is recognizable by the mp4 suffix. Cinepak encoded video streams are usually found in MOV and MP4 container files only, which may be perceived by their mp4 and mov suffixes. Real Media files usually include ram, ra or rm suffixes.
Solution
VLC media player 0.8.6f addresses these issues and introduces further
usability fixes.
Pre-compiled packages are available at the usual download locations.
Credits
The Real RTSP demuxer, Real media demuxer, MP4 demuxer and Cinepak codec vulnerabilities were discovered by Drew Yao of Apple Product Security.
