VLC media player 3.0.6 and earlier: Read buffer overflow and double free
source link: https://www.tuicool.com/articles/UzQBjuq
Go to the source link to view the article. You can view the picture content, updated content and better typesetting reading experience. If the link is broken, please click the button below to view the snapshot at that time.
Security Advisory 1901
Summary : Read buffer overflow & double free Date : June 2019 Affected versions : VLC media player 3.0.6 and earlier ID : VideoLAN-SA-1901 CVE reference : CVE-2019-5439, CVE-2019-12874
Details
A remote user can create some specially crafted avi or mkv files that, when loaded by the target user, will trigger a heap buffer overflow (read) in ReadFrame (demux/avi/avi.c), or a double free in zlib_decompress_extra() (demux/mkv/utils.cpp) respectively
Impact
If successful, a malicious third party could trigger either a crash of VLC or an arbitratry code execution with the privileges of the target user.
Threat mitigation
Exploitation of those issues requires the user to explicitly open a specially crafted file or stream.
Workarounds
The user should refrain from opening files from untrusted third parties or accessing untrusted remote sites (or disable the VLC browser plugins), until the patch is applied.
Solution
VLC media player 3.0.7 addresses the issues. This release also fixes an important security issue that could lead to code execution when playing an AAC file.
Credits
The MKV double free vulnerability was reported by Symeon Paraschoudis from Pen Test Partners
References
The VideoLAN project http://www.videolan.org/ VLC official GIT repository http://git.videolan.org/?p=vlc.gitRecommend
About Joyk
Aggregate valuable and interesting links.
Joyk means Joy of geeK