Claudio Bozzato of Cisco Talos discovered these vulnerabilities. Blog by Jon Munshaw.
A specific library in the Videolabs family of software contains multiple vulnerabilities that could lead to denial of service and code execution. Videolabs is a company founded by VideoLAN members and is the current editor of the VLC mobile applications and one of the largest contributors to VLC. They
also develop libmicrodns, a library which is used by VLC media player for mDNS services discovery. The libmicrodns library contains multiple vulnerabilities that could allow attackers to carry out a variety of malicious actions, including causing a denial of service and gaining the ability to execute arbitrary code.
In accordance with our coordinated disclosure policy, Cisco Talos worked with Videolabs to ensure that these issues are resolved and that an update is available for affected customers.
Vulnerability details
Videolabs libmicrodns 0.1.0 resource record recursive label uncompression denial-of-service vulnerability (TALOS-2020-0994/CVE-2020-6071)
An exploitable denial-of-service vulnerability exists in the resource record-parsing functionality of Videolabs libmicrodns 0.1.0. When parsing compressed labels in mDNS messages, the compression pointer is followed without checking for recursion, leading to a denial of service. An attacker can send an mDNS message to trigger this vulnerability.
Read the complete vulnerability advisory here for additional information.
Videolabs libmicrodns 0.1.0 rr_decode return value remote code execution vulnerability (TALOS-2020-0995/CVE-2020-6072)
An exploitable code execution vulnerability exists ..
Support the originator by clicking the read the rest link below.