Zero-Day Advisory
Fortinet Discovers VLC Player AVI File Parsing Heap Corruption Vulnerability
Summary
Fortinet's FortiGuard Labs has discovered a heap corruption vulnerability in VideoLan VLC Media Player.
VLC Media Player is a popular media player software that supports many audio and video file formats.
A heap corruption vulnerability has been discovered in VLC Media Player. The vulnerability is caused by incorrectly parsing a crafted AVI file which causes a Write Access violation. It could allow malicious users to create code execution scenarios.
Solutions
FortiGuard Labs released the following FortiGate IPS signature which covers this specific vulnerability:VideoLan.VLC.Player.AVI.File.Parsing.Heap.Corruption
Released Nov 04, 2016
Users should apply the solution provided by VideoLAN.
References
Acknowledgement
This vulnerability was discovered by Xiaopeng Zhang of Fortinet's FortiGuard Labs.