vlc
Page content
- Author: Miklos Vajna
- Vulnerable: 0.9.1-1
- Unaffected: 0.9.4-1solaria1
A vulnerability has been reported by VLC Media Player, which potentially can be exploited by malicious people to compromise a user’s system. The vulnerability is caused due to a signedness error within the “parse_track_node()” function in modules/demux/playlist/xspf.c. This can be exploited to corrupt memory via a specially crafted XSPF file containing a negative “identifier” attribute. Successful exploitation may allow execution of arbitrary code.
- Bug Tracker URL: http://bugs.frugalware.org/task/3408