CVE-2014-9630

Name of the Vulnerable Software and Affected Versions VLC media player versions prior to 2.1.6

Description The issue is related to a buffer overflow in the RTP streaming code, specifically in the rtp packetize xiph config function, due to improper bounds checking. This allows remote attackers to cause a denial of service or possibly execute arbitrary code via a crafted file containing an overly long string argument. The vulnerability can be exploited by a specially crafted ogg file, potentially leading to memory corruption or arbitrary code execution.

Recommendations For versions prior to 2.1.6, update to version 2.1.6 or later to resolve the issue. As a temporary workaround, consider disabling the RTP streaming functionality until a patch is available. Restrict access to potentially malicious files, especially those containing overly long string arguments, to minimize the risk of exploitation.