CVE-2013-1954

Name of the Vulnerable Software and Affected Versions VLC media player versions 2.0.5 and earlier

Description The issue allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a crafted ASF movie that triggers an out-of-bounds read. When parsing a specially crafted ASF movie, a buffer overflow might occur, leading to a crash of VLC media player's process. In some cases, attackers might exploit this issue to execute arbitrary code within the context of the application.

Recommendations For versions 2.0.5 and earlier, update to a version later than 2.0.5 to resolve the issue. As a temporary workaround, consider avoiding the use of the ASF Demuxer module until a patch is available. Restrict access to crafted ASF movies to minimize the risk of exploitation.