VLC Windows 2.2.7 Crash due to Out-of-Bound Heap Memory Write

Overview

I have found a vulnerability of VLC media player 2.2.7 for windows which will cause crash due to out-of-bound heap memory write in calling memcpy() with wrong size. The vulnerability can cause Denial-of-Service and maybe further cause code execution by overwriting the next heap structure.

The attachment is a rar package which includes a detailed analysis report and a PoC file. In order to avoid disclosing it before patch is released, I have encrypted it. The developers can communicate with me to get the password.

Author

name: Jiaqi Peng, Bingchang Liu @VARAS of IIE email: pjqruc@gmail.com