Buffer Overflow Vulnerabilty in VLC Media Player ASF Demuxer

Affected versions  : VLC media player 2.0.5 and earlier
CVE reference      : CVE-2013-1954
Official Advisory:


Image Source : http://hackread.com/critical-vulnerability-found-on-vlc-media-player/

When parsing a specially crafted ASF movie, a buffer overflow might occur.
If successful, a malicious third party could trigger an invalid memory access, leading to a crash of VLC media player's process. In some cases attackers might exploit this issue to execute arbitrary code within the context of the application.
Threat mitigation
Exploitation of this issue requires the user to explicitly open a specially crafted ASF movie.
The user should refrain from opening files from untrusted third parties or accessing untrusted remote sites (or disable the VLC browser plugins), until the patch is applied.
Alternatively, the ASF demuxer (libasf_plugin.*) can be removed manually from the VLC plugin installation directory. This will prevent ASF movie playback.
This issue is addressed in VLC media player 2.0.x source code repository by replacing a macro with a static inline and improved bounds checking.
This patch is included in VLC's 2.0.6 release.
Windows and Mac OS X builds can be found on the VideoLAN nightlies website.


  1. Ms windows media player runs slowly sometimes. The problems seems to be unchecked in most PCs as there is no obvious cause for this issue recognized. What is noticed after examining this issue in PCs around the world is that there can be many problems which make Ms windows Press Gamer slowly.

  2. The application that supports users to download their favorite movies today is: https://terrariumtvultimate.com a good platform terrarium TV that helps users to search and save good movies.
    Download terrarium TV for equipment:
    Download Terrarium TV App For Android Free
    Download Terrarium TV App For PC Free
    Download Terrarium TV App For Smart TV Free

  3. Alternatively, the ASF demuxer (libasf_plugin.*) can be removed manually from the VLC plugin installation directory. This will prevent ASF movie playback. new summer lawn collection 2016 , pakistani designer lawn clothes


  4. unikaas Let ShirtSpace’s collection of wholesale clothing provide the perfect blank canvas for the design you’ll share with the world! Royal Apparel Is a Unique Blank Apparel Supplier and Manufacturer.

  5. The Ventum 33 Best crossbow under 500 is Hoyt’s smoothest, quietest bow to date — and by a long shot. The bow features an all-new HBX cam system specifically designed for unparalleled performance. HBX comes in one cam size that covers the full draw length range by using two different module sizes, so you get the fastest performance across all draw lengths.Best crossbow under 1000

  6. Builders Terminal carry out all aspect of building work including loft conversions, property maintenance, structural alterations, bathroom refurbishments, roofing works - Request a hassle free Builders south east London or building contractors south London quote today.

  7. Over the last couple of decades, Best mig welder under 500 revolutionized welding.With prices at all-time lows, the problem is narrowing the selection. A professional welder needs quality and reliability above all else. Best mig welder under 1000

  8. Looking for 24/7 online Laundry service in Norwich? You have come to the right place. Smart Image Dry cleaners Norwich provides an online platform where customers can order clean clothes, home linen and more at the click of a few buttons.

  9. Our Chelsea chauffeurs luxury services and uncompromised standards come highly recommended by our clients. Our highly trained and professional London chauffeurs and Heathrow chauffeurs strive to provide you with personalised and tailored services that will meet your every need.

  10. Smart, professional and experienced chauffeurs are assigned for the airport transfers in London. All London Heathrow taxi (LHT) airport transfer vehicles, Heathrow taxi and Heathrow executive taxi, taxi to Heathrow airport are reliable and safe.


Post a Comment