Security Advisory 1003

Summary           : Heap buffer overflow vulnerability in A/52, DTS
                     and MPEG Audio decoders
                    Invalid memory access in AVI, ASF, Matroska (MKV) demuxers
                    Invalid memory access in XSPF playlist parser
                    Invalid memory access in ZIP archive decompressor
                    Heap buffer overflow in RTMP access
Date              : 19 April 2010
Affected versions : VLC media player 1.0.5 down to 0.5.0
ID                : VideoLAN-SA-1003
CVE references    : N/A (at the time of writing)

Details

VLC media player suffers from various vulnerabilities when attempting to parse malformatted or overly long byte streams.
Impact

If successful, a malicious third party could crash the player instance or perhaps execute arbitrary code within the context of VLC media player.
Threat mitigation

Exploitation of those bugs requires the user to explicitly open specifically crafted malicious files.
Workarounds

The user may refrain from opening files from untrusted sources.
Solution

VLC media player 1.0.6 addresses these issues and introduces further stability fixes.

VLC media player 1.1.0 (currently in pre-release stage) addresses these issues as well and introduces further enhancements and fixes over version 1.0.6.
Credits

These vulnerabilities were discovered by the development team while working on VLC 1.1.0.
References

The VideoLAN Project
    http://www.videolan.org/ 

History

21 April 2010
    VLC 1.0.6 bugfix release
    Initial advisory

Rémi Denis-Courmont,
on behalf of the VideoLAN project