X
Tech
Home Tech Security

Remote code execution flaw in VLC Media Player

Researchers at Secunia have found a "highly critical" vulnerability that puts users of the cross-platform VLC Media Player at risk of remote code execution attacks.The vulnerability is confirmed in version 0.
Written by Ryan Naraine, Contributor
Remote code execution flaw in VLC media player
Researchers at Secunia have found a "highly critical" vulnerability that puts users of the cross-platform VLC Media Player at risk of remote code execution attacks.

The vulnerability is confirmed in version 0.8.6h on Windows. Prior versions may also be affected.    A patch is expected soon from the VLC team.

According to statistics from VLC, the download count for the open-source media player exceeds 89 million.

From the Secunia advisory:

The vulnerability is caused due to an integer overflow error within the "Open()" function in modules/demux/wav.c. This can be exploited to cause a heap-based buffer overflow via a specially crafted WAV file having an overly large "fmt" chunk. Successful exploitation may allow execution of arbitrary code.

Secunia recommends that VLC users avoid opening untrusted WAV files.

Editorial standards
Show Comments

Related

Microsoft Copilot

7 reasons I use Copilot instead of ChatGPT

pxl-20240424-181716738

Facebook's Meta AI is lying when it says you can disable it - but here's what you can do

asus-zenbook-14-main

The work laptop I recommend to most people is not made by Apple or Lenovo