Fortinet Discovers VLC Media Player mp4 File 'trun' Atom Handling NULL Pointer Dereference Vulnerability
Summary
Fortinet's FortiGuard Labs has discovered a null pointer dereference vulnerability in VLC media player.
VLC is a free and open source cross-platform multimedia player and framework that plays most multimedia files as well as DVDs, Audio CDs, VCDs, and various streaming protocols.
The null pointer dereference vulnerability exists due to insufficiently sanitizing the value of the 'size' field in atom 'trun' when parsing 'traf' atoms in a mp4 file.
VLC is a free and open source cross-platform multimedia player and framework that plays most multimedia files as well as DVDs, Audio CDs, VCDs, and various streaming protocols.
The null pointer dereference vulnerability exists due to insufficiently sanitizing the value of the 'size' field in atom 'trun' when parsing 'traf' atoms in a mp4 file.
Solutions
FortiGuard Labs released the following FortiGate IPS signature which covers this specific vulnerability:VLC.Media.Player.mp4.trun.Atom.NULL.Pointer.Dereference
Released May 01, 2015
Users should apply the solution provided by VideoLAN.