VLC Media Player "smb://" URI Handler ".xspf" File Buffer Overflow Issue
14 September 2010
VLC is a cross-platform multimedia player and framework. VLC is exposed to a buffer overflow issue because it fails to perform adequate boundary checks on user-supplied input. Specifically, this issue occurs when parsing a specially crafted ".xspf" file with the "smb://" URI handler. VLC media player version 1.1.3 is affected.
The existence of a botnet comprising of tens of thousands of compromised routers and other IoT devices is not news. Nevertheless, this latest one is special, as it seems that its herder does not have malicious intentions.