Information

Potential heap based buffer overflow in ParseJSS due to skipping NULL terminator in an input string.
Allows attacker to execute arbitrary code.
Poc for trigger included.


Attachments:
crash-skip-null.srt

References:
http://git.videolan.org/?p=vlc.git;a=commitdiff;h=775de716add17322f24b476439f903a829446eb6
http://git.videolan.org/?p=vlc.git;a=blobdiff;f=modules/demux/subtitle.c;h=9726bc26bb61c0062f4a8b27211ba5f7fdf8045b;hp=5e4fcdb7f25b2819f5441156c7c0ea2a7d112ca3;hb=f2b1f9e3538fc30ecc22b90bcb4300f68d703d30;hpb=e6a3b00b02c90f2e52bba530da736d3079d40626