OFFSITE.DARK
← Signals

Jun 29, 2026

1 min

Sploitus / Exploitarium

  • vlc
  • vp9
  • crash
  • exploitarium

news

VLC 3.0.23 VP9 Resolution-Change Crash

405-byte IVF 64×64 then 64×8192 frame hits stale slice-thread entries allocation — research ongoing toward stronger impact.

Summary

405-byte IVF 64×64 then 64×8192 frame hits stale slice-thread entries allocation — research ongoing toward stronger impact. This proof-of-concept is one of 30 folders in the Exploitarium collection. OFFSITE.DARK summarizes the upstream README and PoC design; we did not discover or weaponize this flaw.

Key Findings

FindingDetail
Product / targetVLC 3.0.23 Windows VP9 decoder
Primitivesb_rows allocation too small for height change between frames
ImpactDenial of service / memory corruption primitive in VP9 resolution change path.

Attack Chain

IVF frame1 64x64 → frame2 64x8192 → decoder uses stale entries buffer

Mitigation

Update VLC/FFmpeg VP9 builds; avoid autoplay of untrusted VP9 IVF.

Related Signals

Sources

→ Source