Fortinet Discovers VLC Player AVI File Parsing Heap Corruption Vulnerability
Fortinet's FortiGuard Labs has discovered a heap corruption vulnerability in VideoLan VLC Media Player.
VLC Media Player is a popular media player software that supports many audio and video file formats.
A heap corruption vulnerability has been discovered in VLC Media Player. The vulnerability is caused by incorrectly parsing a crafted AVI file which causes a Write Access violation. It could allow malicious users to create code execution scenarios.
SolutionsFortiGuard Labs released the following FortiGate IPS signature which covers this specific vulnerability:
Released Nov 04, 2016
Users should apply the solution provided by VideoLAN.
This vulnerability was discovered by Xiaopeng Zhang of Fortinet's FortiGuard Labs.