Secunia Research has discovered a vulnerability in VLC Media Player, which can be exploited by malicious people to compromise a user's system.
The vulnerability is caused due to an integer overflow error within the "Open()" function in "modules/demux/wav.c". This can be exploited to cause a heap-based buffer overflow via a specially crafted WAV file having an overly large "fmt" chunk.
Successful exploitation may allow execution of arbitrary code.
The vulnerability is confirmed in version 0.8.6h on Windows. Prior versions may also be affected.
The vulnerability will be fixed in an upcoming version 0.8.6i.
Fixed in the GIT repository.
FYI: 0.9.0-test1 (_beta1 for us) isn't affected, but it is not really possible to stabilise it yet. Imho we should wait for 0.8.6i that should come with a couple of other bugfixes too.
As I understood it, this is a Windows-only problem. I already saw the advisory some days ago (well, maybe it was only yesteday) and didnt file a bug for this reason.
See http://securitytracker.com/alerts/2008/Jul/1020429.html -- it says
Underlying OS: Windows (Any)
Secunia ($URL) says:
The vulnerability is confirmed in version 0.8.6h *on Windows*.
No idea whether this really means that only Windows is affected, the wording is a bit ambiguous, imo.
The Secunia advisory stated that it is confirmed with version 0.8.6h on Windows, but that does not mean that only Windows versions are affected (neither does it mean that 0.8.6g is unaffected). The code path that is changed by the patch is not specific to Windows, so I would assume this issue affects Linux.
Any news on the new version?
0.8.6i is in the tree now.
Changes from current stable aslo contains:
Arches, please test and mark stable:
Target keywords : "alpha amd64 ppc sparc x86"
Stable on alpha.
GLSA request filed.