I found another exploitable security vulnerability in VLC media player. This time it's an integer overflow that leads to a fully controllable heap overflow.
Sunday, November 30, 2008
Thursday, November 06, 2008
Yesterday, the VideoLAN team released a new version of their VLC media player. The new version fixes two stack overflow vulnerabilities I found in the RealText (TKADV2008-011) and CUE (TKADV2008-012) demuxers of VLC.
This movie shows the exploitability of TKADV2008-011.
Posted by tk at 9:18 PM