Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
N/A
Vulnerability Description
The GetUpdateFile function in misc/update.c in the Updater in VideoLAN VLC media player before 2.1.6 performs an incorrect cast operation from a 64-bit integer to a 32-bit integer, which allows remote attackers to conduct buffer overflow attacks and execute arbitrary code via a crafted update status file, aka an "integer truncation" vulnerability.
CVSS Information
N/A
Vulnerability Type
N/A
Vulnerability Title
VideoLAN VLC media player 缓冲区错误漏洞
Vulnerability Description
VideoLAN VLC media player是法国VideoLAN组织的一款免费、开源的跨平台多媒体播放器(也是一个多媒体框架)。该产品支持播放多种介质(文件、光盘等)、多种音视频格式(WMV,MP3等)等。 VideoLAN VLC media player 2.1.6之前版本中的Updater的misc/update.c文件的‘GetUpdateFile’函数存在缓冲区错误漏洞,该漏洞源于程序错误地将64位整数转换成32位整数。远程攻击者可通过特制的更新状态文件利用该漏洞执行任意代码。
CVSS Information
N/A
Vulnerability Type
N/A