VLC media player TY file parse_master buffer overflow

Added: 12/04/2008
CVE: CVE-2008-4654
BID: 31813
OSVDB: 49181

Background

VLC media player is a media player supporting various audio and video formats for multiple platforms.

Problem

A buffer overflow vulnerability in the parse_master function in the Ty demux plugin allows command execution when a user opens a specially crafted TiVo TY media file.

Resolution

Upgrade to VLC media player 0.9.5 or higher.

References

http://www.videolan.org/security/sa0809.html
http://archives.neohapsis.com/archives/bugtraq/2008-10/0155.html

Limitations

Exploit works on VLC media player 0.9.4 and requires a user to open the exploit file in VLC media player.

Platforms

Windows 2000
Windows XP

Back to exploit index