VLC Media Player susceptible to buffer overflow vulnerability

in

According to an advisory from security services provider Secunia, the VLC Media Player is susceptible to a vulnerability in the Libmodplug library which it rates as highly critical. Libmodplug, also known as the ModPlug XMMS Plugin, is reportedly prone to a stack-based buffer overflow issue caused by insufficient validation of user supplied data. This could be exploited by an attacker, for example, to execute arbitrary code on a user's system. For an attack to be successful, a user must first open a specially crafted S3M media file. Secunia notes that this may only affect the precompiled versions.

The vulnerability is confirmed to affect version 1.1.8 of the VLC Media Player, the latest stable release, on Windows and Mac OS X. Other versions may also be affected. Until a patch or update has been released that corrects the issue, users are advised not to open untrusted *.S3M files. At the time of this posting, the VideoLAN project's Security information page does not list the problem.