VLC Player 2.1.5 Write Access Violation Vulnerability

Title : VLC Player 2.1.5 Write Access Violation Vulnerability Discoverer: Veysel HATAS (vhatas@gmail.com) Web page : www.binarysniper.net Test: Windows XP SP3 Status: Not Fixed Severity : High

Discovered: 24 November 2014

Description : VLC Player contains a flaw that is triggered as user-supplied input is not properly sanitized when handling a specially crafted m2v file. This may allow a context-dependent attacker to corrupt memory and cause a denial of service or potentially execute arbitrary code.

attachment 1: windbglog.txt

To upload designs, you'll need to enable LFS and have an admin enable hashed storage. More information