Summary : Insufficient input validation in VLC TagLib plugin
Date : August 2010
Affected versions : VLC media player versions 1.1.2 down to 0.9.0
ID : VideoLAN-SA-1004
CVE reference : CVE-2010-2937
Details
VLC fails to perform sufficient input validation
when trying to extract some meta-informations about input media
through ID3v2 tags.
In the failure case, VLC attempt dereference an invalid memory address,
and a crash will ensure.
Impact
In the failure case, VLC will dereference a memory address within
the first page of its process virtual memory. In normal conditions,
this will result in a segmentation fault
(a general protection fault on Windows), and the process will terminate
abruptly.
This vulnerability alone is not sufficient for an attacker to
execute arbitraty code or otherwise alter the flow of execution
other than to crash the process.
In most usage scenarii, this will only cause user annoyance.
Threat mitigation
Exploitation of this issue requires the user
to include a file in its playlist or to attempt to open it.
Workarounds
The user should refrain from opening files from untrusted third parties
or accessing untrusted remote sites (or disable the VLC browser plugins),
until the patch is applied.
Solution
VLC media player 1.1.3 addresses this issue.
Patches for VLC media player 1.1.x and 1.0.x are available
from the corresponding official VLC source code repositories.
Credits
This vulnerability was reported by FortiGuard Labs.
