An exploitable code execution vulnerability exists in the label-parsing functionality of Videolabs libmicrodns 0.1.0. When parsing compressed labels in mDNS messages, the rr_decode functions return value is not checked, leading to a double free that could be exploited to execute arbitrary code. An attacker can send an mDNS message to trigger this vulnerability.
The product calls free() twice on the same memory address, potentially leading to modification of unexpected memory locations.
Name | Vendor | Start Version | End Version |
---|---|---|---|
Libmicrodns | Videolabs | 0.1.0 (including) | 0.1.0 (including) |
Libmicrodns | Ubuntu | bionic | * |
Libmicrodns | Ubuntu | eoan | * |
Libmicrodns | Ubuntu | trusty | * |
Libmicrodns | Ubuntu | upstream | * |
Vlc | Ubuntu | bionic | * |
Vlc | Ubuntu | groovy | * |
Vlc | Ubuntu | hirsute | * |
Vlc | Ubuntu | impish | * |
Vlc | Ubuntu | kinetic | * |
Vlc | Ubuntu | lunar | * |
Vlc | Ubuntu | mantic | * |
Vlc | Ubuntu | trusty | * |
Vlc | Ubuntu | xenial | * |