Summary : Heap overflow in RealMedia demuxer
Date : 12 July 2011
Affected versions : VLC media player 1.1.10 down to 1.1.0
ID : VideoLAN-SA-1105
CVE references : CVE-2011-2587
Details
VLC media player suffers from a heap overflow vulnerability
in the Real Media file parser.
Impact
If successful, a malicious third party could crash the player instance.
Arbitrary code execution within the context of VLC media player might be
possible, though it was unconfirmed.
Threat mitigation
Exploitation of those bugs requires the user to explicitly open specifically
crafted malicious files.
Workarounds
The user may refrain from opening files from untrusted sources.
Alternatively, the RealMedia plugin (demux/libreal_plugin.*) can be removed.
This will however prevent use of any of Real Media files.
Solution
VLC media player 1.1.11 addresses this issue
and introduces further stability fixes.
A source code patch is also available as an alternative.
Credits
This vulnerability was discovered by Hossein Lotfi
and reported via Secunia.
