Remi Denis-Courmont

**Name of the Vulnerable Software and Affected Versions** VideoLAN VLC Media Player versions 0.8.6d and earlier **Description** The issue is related to a heap-based buffer overflow in the `real sdpplin.c` module of the Xine library, used in VideoLAN VLC Media Player. This allows user-assisted remote attackers to cause a denial of service (crash) or execute arbitrary code via long Session Description Protocol (SDP) data. The exploitation of this issue can lead to the execution of arbitrary code or a denial of service. **Recommendations** For versions 0.8.6d and earlier, consider disabling the `real sdpplin.c` module or restricting the use of long SDP data to minimize the risk of exploitation until a patch is available.

**Name of the Vulnerable Software and Affected Versions** VideoLAN VLC Media Player versions 0.8.6d and earlier **Description** The issue is related to a heap-based buffer overflow in the libaccess realrtsp plugin. This might allow remote RTSP servers to cause a denial of service, such as an application crash, or potentially execute arbitrary code via a long string. The vulnerability can be exploited by a remote attacker, leading to either a denial of service or the execution of arbitrary code. **Recommendations** For VideoLAN VLC Media Player versions 0.8.6d and earlier, consider updating to a newer version to mitigate the risk of exploitation. As a temporary workaround, restrict access to the libaccess realrtsp plugin to minimize the risk of exploitation. Avoid using the vulnerable plugin until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.