Vulnerability Spotlight: Multiple vulnerabilities in Videolabs libmicrodns

Vulnerability Spotlight: Multiple vulnerabilities in Videolabs libmicrodns

Claudio Bozzato of Cisco Talos discovered these vulnerabilities. Blog by Jon Munshaw.

A specific library in the Videolabs family of software contains multiple vulnerabilities that could lead to denial of service and code execution. Videolabs is a company founded by VideoLAN members and is the current editor of the VLC mobile applications and one of the largest contributors to VLC. They


also develop libmicrodns, a library which is used by VLC media player for mDNS services discovery. The libmicrodns library contains multiple vulnerabilities that could allow attackers to carry out a variety of malicious actions, including causing a denial of service and gaining the ability to execute arbitrary code.

In accordance with our coordinated disclosure policy, Cisco Talos worked with Videolabs to ensure that these issues are resolved and that an update is available for affected customers.

Vulnerability details


Videolabs libmicrodns 0.1.0 resource record recursive label uncompression denial-of-service vulnerability (TALOS-2020-0994/CVE-2020-6071)

An exploitable denial-of-service vulnerability exists in the resource record-parsing functionality of Videolabs libmicrodns 0.1.0. When parsing compressed labels in mDNS messages, the compression pointer is followed without checking for recursion, leading to a denial of service. An attacker can send an mDNS message to trigger this vulnerability.

Read the complete vulnerability advisory here for additional information.

Videolabs libmicrodns 0.1.0 rr_decode return value remote code execution vulnerability (TALOS-2020-0995/CVE-2020-6072)

An exploitable code execution vulnerability exists ..

Support the originator by clicking the read the rest link below.