Intrusion Prevention

VLC.Media.Player.mp4.trun.Atom.NULL.Pointer.Dereference

Description

This indicates an attack attempt against a Null Pointer Dereference vulnerability in VLC which is a cross-platform media player.
The vulnerability is due to insufficient validation on the value of the 'size' field in atom 'trun' when parsing "traf" atoms. A remote attacker may be able to exploit this to cause a denial of service condition on the affected system.

Affected Products

VLC media player 2.2.1
Prior versions may be affected too

Impact

Denial of Service: Remote attackers can crash vulnerable systems.

Recommended Actions

Upgrade to the latest version which can be downloaded from http://www.videolan.org/index.html.