KLA11759 Multiple vulnerabilities in VLC media player

Multiple vulnerabilities were found in VLC media player. Malicious users can exploit these vulnerabilities to cause denial of service, execute arbitrary code.

Below is a complete list of vulnerabilities:

1. Vulnerability related to parsing compressed labels in mDNS messages can be exploited to cause denial of service;
2. Vulnerability related to parsing compressed labels in mDNS messages can be exploited to execute arbitrary code;
3. Vulnerability related to parsing the RDATA section in mDNS messages can be exploited to cause denial of service;
4. Out-of-bound read vulnerability can be exploited to cause a denial of service;
5. Vulnerability related to parsing mDNS messages in mdns_recv can be exploited to cause denial of service;
6. Vulnerability related to parsing mDNS messages can be exploited to cause denial of service;

Original advisories

sb-vlc309

Related products

VLC-media-player

CVE list

CVE-2020-6071 warning

CVE-2020-6072 critical

CVE-2020-6073 warning

CVE-2020-6077 warning

CVE-2020-6078 warning

CVE-2020-6079 warning

Solution

Update to the latest version

Download VLC media player

Impacts

• ACE

Arbitrary code execution. Exploitation of vulnerabilities with this impact can lead to executing by abuser any code or commands at vulnerable machine or process.

• DoS

Denial of service. Exploitation of vulnerabilities with this impact can lead to loss of system availability or critical functional fault.

Affected Products

• VLC media player version 3.0.0 to 3.0.8