VideoLAN has addressed a critical double-free vulnerability in the VLC media player that could allow an attacker to execute arbitrary code on target systems.
VLC is a popular open-source media player that is also portable and works across platforms, and which also provides media streaming capabilities. The application can parse and render a large number of media file formats.
Tracked as CVE-2019-12874, the security flaw features a CVSS v3 score of 9.8. The bug resides in the zlib_decompress_extra function of the VLC media player and could be triggered during the parsing of a malformed MKV file type within the Matroska demuxer.
Discovered by Symeon Paraschoudis from Pen Test Partners, the issue allows a remote attacker to create a specially crafted file to trigger a double free in zlib_decompress_extra() (demux/mkv/utils.cpp).
This could then be leveraged to execute arbitrary code on the vulnerable system, the researcher says.
The vulnerability has been addressed with the release of VLC 3.0.7, which also fixes a high-severity heap buffer overflow, along with various other vulnerabilities.
Tracked as CVE-2019-5439 and residing in the ReadFrame (demux/avi/avi.c) function, the buffer overflow could be exploited through a specially crafted .avi file. The bug was reported through HackerOne, as part of a bug bounty program run by the European Union.
The issue is that the ReadFrame function uses a variable obtained directly from the file. Because no strict check is performed before the memory operation (memmove, memcpy), a buffer overflow could be triggered.
“If ..
Support the originator by clicking the read the rest link below.