BeyondTrust

Security in Context: The BeyondTrust Blog

Welcome to the Zeroday Tracker: Your Vulnerability Watchlist

Get critical updates on the latest zeroday threats, including impact, mitigation and protection information - only from BeyondTrust.

VideoLAN VLC Media Player CDG Decoder Module Array Indexing Vulnerabilities

Disclosed January 21, 2011    No Patch Available

Vulnerability Description:

VideoLan VLC Media Player contains a vulnerability in its CDG decoder, specifically the "DecodeTileBlock()" and "DecodeScroll()" functions. When these functions process maliciously crafted data, an array index issue arises. Successful exploitation could allow remote arbitrary code execution.

Vendors:

VideoLAN

Vulnerable Software/Devices:

VLC Media Player 1.x

Vulnerability Severity:

High

Exploit Availability:

N/A

BeyondTrust Prevention and Detection:

Mitigation:

Upgrade VLC to version 1.1.6 or newer.

Links:

CVE(s):

None

Leave a Reply