VLC Media Player 1.1.13 patched Buffer Overflow vulnerability

VLC released updated version 1.1.13 in order to fix the Security vulnerability in the TiVo demuxer.
About the Vulnerability:
When parsing the header of an invalid TY file, the heap might be corrupted.If successful, a malicious third party could crash the VLC media player process. Arbitrary code execution might be possible on some systems, though this is unconfirmed.

Solution:
VLC media player 1.1.13 addresses this issue. Patches for older versions are available from the official VLC source code repository vlc-1.1.git.

Alternatively, the TY demux plugin (libty_plugin.*) can be removed manually from the VLC plugin installation directory. This will prevent opening of TiVo files.

Advertisements

Leave a Reply

Please log in using one of these methods to post your comment:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s