Opened 3 years ago

Closed 2 years ago

Last modified 2 years ago

#7361 closed defect (fixed)

VLC - All Versions Memory Exhaustion vulnerability

Reported by: dark-puzzle Owned by: jb, fkuehne
Priority: high Milestone: 2.1.0 release
Component: Core: Input Version: Other
Severity: critical Keywords:
Cc: Difficulty: hard
Platform(s): all Work status: Not started


Hello , I've Already Found many vulnerabilities in your software VLC in different versions, but this is the first time that I contacted you .

All versions of VLC are prone to a memory exhaustion vulnerability that deny service for users by creating a malicious file .m3u or .vlc that increases CPU usage to 98% and stop the program from working 'no response' I've already published the exploit here :

Thanks, for your cooperation .

Please Contact : dark-puzzle[at]live[dot]fr

Attachments (1)

vlc.txt (230 bytes) - added by dark-puzzle 3 years ago.
Vulnerability Proof Of Concept .

Download all attachments as: .zip

Change History (5)

Changed 3 years ago by dark-puzzle

Vulnerability Proof Of Concept .

comment:1 Changed 2 years ago by jb

  • Milestone changed from Bugs paradize to 2.1.0 bugs

To Be Investigated...

comment:2 Changed 2 years ago by jb

  • Priority changed from highest to high
  • Severity changed from blocker to critical

comment:3 Changed 2 years ago by courmisch

  • Component changed from Unknown to Core: Input
  • Platform(s) changed from Windows to all
  • Resolution set to fixed
  • Status changed from new to closed

comment:4 Changed 2 years ago by remi@…

commit 5e7e45dead26528d648a645b907df877100ecc31 Author: Rémi Denis-Courmont <remi@…> Date: Thu Apr 25 18:04:07 2013 +0300

stream_ReadLine: correctly return an error on overflow (fixes #7361)

Note: See TracTickets for help on using tickets.