Buffer overflow in Videolan Vlc_media_player

CVE-2010-1445

Heap-based buffer overflow in VideoLAN VLC media player before 1.0.6 allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a crafted byte stream in an RTMP session.

Vulnerability class: Buffer Overflow

EPSS: 0.018 (83.1th percentile) — read the EPSS interpretation.

Affected products

Videolan Vlc_media_player — versions 0.5.0, 0.5.1, 0.5.2
N/a — versions n/a

Weakness classification (CWE)

CWE-119 — Improper Restriction of Operations within the Bounds of a Memory Buffer

References

secalert@redhat.com (x_refsource_CONFIRM, Vendor Advisory)
[oss-security] 20100428 Re: CVE request: VLC <1.0.6 Multiple issues (mailing-list, x_refsource_MLIST)