BID:30718

VLC Media Player 'demux\tta.c' TTA File Handling Buffer Overflow Vulnerability

Info

VLC Media Player 'demux\tta.c' TTA File Handling Buffer Overflow Vulnerability

Bugtraq ID:	30718
Class:	Boundary Condition Error
CVE:	CVE-2008-3732
Remote:	Yes
Local:	No
Published:	Aug 16 2008 12:00AM
Updated:	Sep 08 2008 09:21PM
Credit:	Orange Bat Labs
Vulnerable:	VideoLAN VLC media player 0.8.6 i Pardus Linux 2008 0 Gentoo Linux

Not Vulnerable:

Discussion

VLC Media Player 'demux\tta.c' TTA File Handling Buffer Overflow Vulnerability

VLC media player is prone to a heap-based buffer-overflow vulnerability because the application fails to perform adequate boundary checks on user-supplied input.

Attackers may leverage this issue to execute arbitrary code in the context of the application. Failed attacks will cause denial-of-service conditions.

VLC media player 0.8.6i is vulnerable; other versions may also be affected.

Exploit / POC

VLC Media Player 'demux\tta.c' TTA File Handling Buffer Overflow Vulnerability

A proof of concept is available at the following location:

http://www.orange-bat.com/adv/2008/vlc.dos.tta

Note that Symantec has not tested or verified this proof of concept.

Solution / Fix

VLC Media Player 'demux\tta.c' TTA File Handling Buffer Overflow Vulnerability

Solution:
The vendor has released fixes. Please see the references for more information.

References

VLC Media Player 'demux\tta.c' TTA File Handling Buffer Overflow Vulnerability

References:

[vlc-devel] CVE-2008-3732 (VideoLAN)
VLC 0.8.6i .tta parsing heap overflow (Orange Bat Labs)
VLC Homepage (VideoLAN)