HTTP: VideoLAN VLC Media Player Subtitle StripTags Heap Buffer Overflow
A code execution vulnerability exists in VLC Media Player. The vulnerability is due to insufficient input validation in the StripTags() function when processing strings with an opening "<" without the terminating ''>''. An attacker can exploit this vulnerability by enticing a user to open a specially crafted Matroska file with an affected version of VLC Media Player. In attack scenarios where code execution is successful the behaviour of the target machine is dependent entirely on the logic of the injected code, which will run within the security context of the target user. When code execution is not successful the affected application may terminate abnormally.
Extended Description
VLC media player is prone to a heap-based memory-corruption vulnerability. Attackers may leverage this issue to execute arbitrary code in the context of the application. Failed attacks will cause denial-of-service conditions.
Affected Products
Pardus linux_2009
Short Name
HTTP:STC:DL:VLC-MATROSKA
Severity
Major
Recommended
False
Recommended Action
Drop
Category
HTTP
Keywords
Buffer CVE-2011-0522 Heap Media Overflow Player StripTags Subtitle VLC VideoLAN bid:46008
Release Date
07/11/2011
Supported Platforms
srx-branch-12.3
srx-19.3
srx-branch-19.3
vsrx3bsd-19.2
srx-branch-19.4
vsrx-19.4
mx-12.3
mx-19.4
vmx-19.4
mx-19.3
vsrx3bsd-19.4
srx-19.4
vsrx-12.3
vmx-19.3
vsrx-19.2
srx-12.3
Sigpack Version
3336
False Positive
Unknown
Vendors
Videolan
Pardus
CVSS Score
6.8