Summary : Clam AntiVirus input validation error
Date : February 2010
Affected versions : VLC media player 1.0.5 for Windows
Clam AntiVirus all versions
ID : VideoLAN-SA-1001
CVE reference : N/A
Details
Clam AntiVirus incorrectly claims that the x86 SSE2-accelerated I:4:2:2
chroma conversion plugin as being a computer trojan.
This affects builds of VLC media player with recent versions of the MingW
compilation toolchain.
Impact
Copy, installation and/or use of VLC media player or applications based
on LibVLC may be impossible.
Threat mitigation
This issue only affects users of Clam AntiVirus or anti-virus software
using the same virus database.
Solution
Remove Clam AntiVirus before downloading VLC media player.
An anti-virus database has to be up-to-date to be of much use.
Around 20% of tested antivirus incorrectly detected as VLC 1.0.5 as a
trojan at the time of release.
Kaspersky Anti-Virus was updated within one business day.
The VideoLAN project advises against the use of Clam AntiVirus.
Users should not rely on a security software which fails to be
updated within a full month period (to date).
Credits
This vulnerability was reported by many different people individiually.
