PT-2014-2078 · Videolan+1 · Vlc Media Player+1

Tixxdz

Published

2014-12-26

Updated

2014-12-29

CVE-2010-2062

CVSS v2.0

7.5

High

Vector

AV:N/AC:L/Au:N/C:P/I:P/A:P

Name of the Vulnerable Software and Affected Versions VLC media player versions prior to 1.0.1 MPlayer versions prior to r29447

Description The issue is related to an integer underflow in the real get rdt chunk function, which can be exploited by remote attackers to execute arbitrary code. This is achieved by providing a crafted length value in an RDT chunk header.

Recommendations For VLC media player versions prior to 1.0.1, update to version 1.0.1 or later to resolve the issue. For MPlayer versions prior to r29447, update to version r29447 or later to resolve the issue. As a temporary workaround, consider restricting access to the real get rdt chunk function in the affected modules until a patch is available.

Exploit

Fix

RCE

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-189

Related Identifiers

CVE-2010-2062

DSA-2043-1

DSA-2044-1

Affected Products

Mplayer

Vlc Media Player

PT-2014-2078 · Videolan+1 · Vlc Media Player+1

CVE-2010-2062

Weakness Enumeration

Related Identifiers

Affected Products

References · 9