Security Advisory 1104

Summary           : Integer overflow in XSPF playlist parser
Date              : 07 June 2011
Affected versions : VLC media player 1.1.9 down to 0.8.5
ID                : VideoLAN-SA-1104
CVE references    : CVE-2011-2194

Details

VLC media player suffers from an integer overflow vulnerability in the XSPF playlist file parser.

Impact

If successful, a malicious third party could crash the player instance. Arbitrary code execution within the context of VLC media player might be possible, though it seems impractical.

Threat mitigation

Exploitation of those bugs requires the user to explicitly open specifically crafted malicious files.

Workarounds

The user may refrain from opening files from untrusted sources.

Alternatively, the playlist plugin (demux/libplaylist_plugin.*) can be removed. This will however prevent use of any of all supported playlist file formats.

Solution

VLC media player 1.1.10 addresses this issue and introduces further stability fixes.

Credits

This vulnerability was reported by Rocco Calvi from stratsec on the VLC bug tracker.

References

The VideoLAN Project: http://www.videolan.org/
stratsec: http://www.stratsec.net/

History

08 June 2011: CVE identifer assigned
07 June 2011: Initial advisory
06 June 2011: VLC 1.1.10 released
04 June 2011: Bug fixed
03 June 2011: Bug reported

Rémi Denis-Courmont,
on behalf of the VideoLAN project