CVE-2014-9625

Name of the Vulnerable Software and Affected Versions VideoLAN VLC media player versions prior to 2.1.6

Description The issue is related to an integer truncation in the automated updater, specifically in the GetUpdateFile function, which allows remote attackers to conduct buffer overflow attacks. This can lead to the execution of arbitrary code or cause a denial of service, resulting in an application crash. The attack can be performed via a crafted file containing an overly long string argument.

Recommendations For versions prior to 2.1.6, update to version 2.1.6 or later to resolve the issue. As a temporary workaround, consider disabling the automated updater until a patch is available.