FreeBSD VuXML: Documenting security issues in FreeBSD and the FreeBSD Ports Collection

vlc -- stack overflow in MPA, AVI and ASF demuxer

Affected packages
0.5.0 <= vlc < 1.0.2

Details

VuXML ID 3149ab1c-c8b9-11de-b87b-0011098ad87f
Discovery 2009-09-14
Entry 2009-11-03

VideoLAN reports:

When parsing a MP4, ASF or AVI file with an overly deep box structure, a stack overflow might occur. It would overwrite the return address and thus redirect the execution flow.

If successful, a malicious third party could trigger execution of arbitrary code within the context of the VLC media player.

References

URL http://www.videolan.org/security/sa0901.html