VideoLAN VLC media player version 0.8.6 i contains an integer overflow in the application that could allow an unauthenticated, remote attacker to execute arbitrary code with the privileges of the user.
The vulnerability is in the VideoLAN Client (VLC) media player due to an integer overflow error when processing True Audio (TTA) files. An unauthenticated, remote attacker could exploit this vulnerability by convincing a targeted user to view a malicious TTA file with the affected application. This could result in code execution with the privileges of the user.
Proof-of-concept code is publicly available.
VideoLAN has confirmed this vulnerability in an e-mail to a mailing list, and updated software is available.