← Signals
- vlc
- vp9
- crash
- exploitarium
news
VLC 3.0.23 VP9 Resolution-Change Crash
405-byte IVF 64×64 then 64×8192 frame hits stale slice-thread entries allocation — research ongoing toward stronger impact.
Summary
405-byte IVF 64×64 then 64×8192 frame hits stale slice-thread entries allocation — research ongoing toward stronger impact. This proof-of-concept is one of 30 folders in the Exploitarium collection. OFFSITE.DARK summarizes the upstream README and PoC design; we did not discover or weaponize this flaw.
Key Findings
| Finding | Detail |
|---|---|
| Product / target | VLC 3.0.23 Windows VP9 decoder |
| Primitive | sb_rows allocation too small for height change between frames |
| Impact | Denial of service / memory corruption primitive in VP9 resolution change path. |
Attack Chain
IVF frame1 64x64 → frame2 64x8192 → decoder uses stale entries buffer
Mitigation
Update VLC/FFmpeg VP9 builds; avoid autoplay of untrusted VP9 IVF.