Some vulnerabilities have been reported in VLC Media Player, which can be exploited by malicious people to potentially compromise a user's system.

1) An array indexing error exists within the Real demuxer when processing certain Real Media files, which can be exploited by e.g. tricking a user into opening a specially crafted Real Media file.

2) An error exists within the "DecodeTileBlock()" function in modules/codec/cdg.c when processing certain CDG files, which can be exploited by to cause a heap corruption by e.g. tricking a user into opening a specially crafted CDG file.

3) An error exists within the "DecodeScroll()" function in modules/codec/cdg.c when processing certain CDG files, which can be exploited to cause a heap corruption by e.g. tricking a user into opening a specially crafted CDG file.

4) A boundary error within the "StripTags()" functions in modules/codec/subtitles/subsdec.c and modules/codec/subtitles/subsusf.c can be exploited to cause a heap-based buffer overflow by e.g. tricking a user into opening a media file containing specially crafted subtitles.

The vulnerabilities are reported in version 1.1.5. Prior versions may also be affected.

Solution
Update to version 1.1.6.

Provided and/or discovered by
1,2,3) Dan Rosenberg
4) Harry Sintonen

Changelog
Further details available to Secunia VIM customers

Original Advisory
VideoLAN:
http://www.videolan.org/security/sa1007.html
http://www.videolan.org/security/sa1101.html

Launchpad Bug #690173:
https://bugs.launchpad.net/ubuntu/maverick/+source/vlc/+bug/690173

1) http://git.videolan.org/?p=vlc.git;a=commitdiff;h=6568965770f906d34d4aef83237842a5376adb55
2,3) http://git.videolan.org/?p=vlc.git;a=commitdiff;h=f9b664eac0e1a7bceed9d7b5854fd9fc351b4aab
4) http://mailman.videolan.org/pipermail/vlc-devel/2011-January/078607.html

Technical Analysis
Further details available to Secunia VIM customers

Deep Links
Links available to Secunia VIM customers