VLC Media Player RTSP Remote Buffer Overflow Vulnerability

VLC Media Player RTSP Remote Buffer Overflow Vulnerability

VLC Media Player is prone to a remote heap-based buffer-overflow vulnerability because the application fails to perform adequate boundary checks on user-supplied data.

Exploiting this issue allows remote attackers to execute arbitrary machine code in the context of the affected application. Failed exploit attempts will result in a denial-of-service condition.

VLC Media Player 1.0.3 is vulnerable; other versions may also be affected.

UPDATE (December 9, 2009): The vendor refutes this issue because they cannot reproduce it with the exploit provided.