CVE-2014-9627

Name of the Vulnerable Software and Affected Versions VideoLAN VLC media player versions prior to 2.1.6

Description The issue is related to an integer truncation in the MP4 Demuxer of the VideoLAN VLC media player. This can be exploited by remote attackers to cause a denial of service or possibly execute arbitrary code via a specially crafted .MP4 file. The problem arises from an incorrect cast operation from a 64-bit integer to a 32-bit integer in the MP4 ReadBox String function.

Recommendations For versions prior to 2.1.6, update to version 2.1.6 or later to resolve the issue. As a temporary workaround, consider avoiding the use of .MP4 files from untrusted sources until the update is applied.