Multiple Videolan VLC Player Flaws Leads to Memory Corruption: Update Now!

These days, two major vulnerabilities linked to memory corruption had been uncovered in the usual VLC media participant.

These vulnerabilities had been stumbled on in the Microsoft Media Server (MMS), which has two implementations in VLC: MMS over TCP (MMST) and MMS over HTTP (MMSH). These vulnerabilities would possibly perchance potentially construct safety breaches and motive injure to customers.

The GetPacket feature that is liable for receiving packets used to be stumbled on to have two major vulnerabilities – Heap Overflow and Integer Underflow.

Even though the vulnerabilities had been known, the CVEs for these factors are mute pending task. It’ll be major to address these vulnerabilities promptly to be particular the protection of the machine.

Packet Receiving Structure

GetPacket – Heap overflow

In line with the experiences, 3 knowledge sequences had been got in VLC. 4 bytes of form and i_size describing the next learn’s size. 8 bytes of the headers enjoy i_sequence, i_unknown, and i_size2. The third sequence used to be discovering out the records.

Alternatively, when calculating the learn sequence, rather than reducing it to 12 bytes, it’s miles easiest reduced to eight bytes, ensuing in buffer overflow.

GetPacket – Integer underflow

As mentioned, the records size is calculated to be 8 bytes. Additionally, the i_size2 is controlled by the user, which would possibly perchance end result in an underflow. In line with the definitions, the records form of i_size2 is uint16_t.

We can reproduction the uint16 to the int and subtract 8 to get an int underflow as a result of the disassembly of the relevant feature.

An total describe about these vulnerabilities has been printed on GitHub, providing detailed knowledge about the offer code, job of exploitation, and other extra knowledge.

Customers of VLC are advised to upgrade to version 3.0.20 to repair these vulnerabilities and stop them from getting exploited by possibility actors.