VLC media player 3.0.6 and earlier: Read buffer overflow and double free

Aside | Posted on by

VLC media player 3.0.6 and earlier: Read buffer overflow and double free

A remote user can create some specially crafted avi or mkv files that, when loaded by the target user, will trigger a heap buffer overflow (read) in ReadFrame (demux/avi/avi. cpp) respectively

If successful, a malicious third party could trigger either a crash of VLC or an arbitratry code execution with the privileges of the target user. The user should refrain from opening files from untrusted third parties or accessing untrusted remote sites (or disable the VLC browser plugins), until the patch is applied.

Source: www.videolan.org