Multiple Videolan VLC Player Flaw Leads to Memory Corruption: Update Now!

Recently, two significant vulnerabilities related to memory corruption have been uncovered in the popular VLC media player.

These vulnerabilities were found in the Microsoft Media Server (MMS), which has two implementations in VLC: MMS over TCP (MMST) and MMS over HTTP (MMSH). These vulnerabilities could potentially create security breaches and cause harm to users.

The GetPacket function that is responsible for receiving packets was found to contain two significant vulnerabilities – Heap Overflow and Integer Underflow.

Although the vulnerabilities have been identified, the CVEs for these issues are still pending assignment. It is crucial to address these vulnerabilities promptly to ensure the security of the system.

Packet Receiving Format

2 bytes2 bytes4 bytes2 bytes2 bytesn bytes
i_typei_sizei_sequencei_unknowni_size2data
Package Format

GetPacket – Heap overflow

According to the reports, 3 data sequences were received in VLC. 4 bytes of type and i_size describing the next read’s size. 8 bytes of the headers like i_sequence, i_unknown, and i_size2. The third sequence was reading the data.

However, when calculating the read sequence, instead of reducing it to 12 bytes, it is only reduced to 8 bytes, resulting in buffer overflow. 

GetPacket – Integer underflow

As mentioned, the data size is calculated to be 8 bytes. Additionally, the i_size2 is controlled by the user, which could result in an underflow. According to the definitions, the data type of i_size2 is uint16_t.

We can copy the uint16 to the int and subtract 8 to get an int underflow due to the disassembly of the relevant function.

A complete report about these vulnerabilities has been published on GitHub, providing detailed information about the source code, method of exploitation, and other additional information. 

Users of VLC are recommended to upgrade to version 3.0.20 to fix these vulnerabilities and prevent them from getting exploited by threat actors.

Secures your storage & backup systems With StorageGuard – Watch a 40-second Video Tour.

Eswar is a Cyber security reporter with a passion for creating captivating and informative content. With years of experience under his belt in Cyber Security, he is reporting data breach, Privacy and APT Threats.