Rocco Calvi discovered that the XSPF playlist parser of VLC, a multimedia player and streamer, is prone to an integer overflow resulting in a heap-based buffer overflow. This might allow an attacker to execute arbitrary code by tricking a victim into opening a specially crafted file. The oldstable distribution (lenny) is not affected by this problem. For the stable distribution (squeeze), this problem has been fixed in version 1.1.3-1squeeze6. For the testing (wheezy) and unstable (sid) distributions, this problem will be fixed soon. We recommend that you upgrade your vlc packages.
Rocco Calvi discovered that the XSPF playlist parser of VLC, a multimedia player and streamer, is prone to an integer overflow resulting in a heap-based buffer overflow. This might allow an attacker to execute arbitrary code by tricking a victim into opening a specially crafted file.
The oldstable distribution (lenny) is not affected by this problem.
For the stable distribution (squeeze), this problem has been fixed in version 1.1.3-1squeeze6.
For the testing (wheezy) and unstable (sid) distributions, this problem will be fixed soon.
We recommend that you upgrade your vlc packages.