• IDP Daily Update #1164
  posted: 05/09/08
  
• NSM Daily Update #1164
  posted: 05/09/08
  
• Deep Inspection 5.3r5 and above, 5.4, 6.0 #1164
  posted: 05/09/08
  
• Deep Inspection 5.1, 5.2, 5.3r4 and below #1155
  posted: 05/09/08
  
• Deep Inspection 5.0 #1132
  posted: 04/01/08
  
• Antivirus
  posted: 05/09/08

Text Size:        

• Product Information
• Security Products Overview
• Juniper Networks ISG Series
• IDP Demo
• Product Poster & Z-Card 

Title: VLC Media Player Cinepak Codec Buffer Overflow Vulnerability

Severity: HIGH

Description:

VLC is a cross-platform media player that can be used to serve streaming data.

VLC is prone to a buffer-overflow vulnerability because it fails to perform adequate boundary checks on user-supplied input. The issue stems from an integer overflow within the Cinepak decoder. Attackers can exploit this issue by enticing an unsuspecting user to open a specially crafted MP4 or MOV file or stream.

Attackers may leverage this issue to execute arbitrary code in the context of the application. Failed attacks will cause denial-of-service conditions.

VLC media player 0.8.6e is vulnerable; other versions may also be affected.

Affected Products:

• Debian Linux 4.0
• Debian Linux 4.0 alpha
• Debian Linux 4.0 amd64
• Debian Linux 4.0 arm
• Debian Linux 4.0 hppa
• Debian Linux 4.0 ia-32
• Debian Linux 4.0 ia-64
• Debian Linux 4.0 m68k
• Debian Linux 4.0 mips
• Debian Linux 4.0 mipsel
• Debian Linux 4.0 powerpc
• Debian Linux 4.0 s/390
• Debian Linux 4.0 sparc
• Gentoo Linux
• VideoLAN VLC media player 0.8.6
• VideoLAN VLC media player 0.8.6a
• VideoLAN VLC media player 0.8.6b
• VideoLAN VLC media player 0.8.6c
• VideoLAN VLC media player 0.8.6d
• VideoLAN VLC media player 0.8.6e

References:

• VideoLAN: VLC Homepage
• VideoLan: VideoLan Security Advisory 0803