CVE-2007-3316 — Use of Externally-Controlled Format String in VLC Media Player

5 documents5 sources

Severity

9.3CRITICALNVD

EPSS

30.3%

top 3.31%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Videolan VLC Media Player

Timeline

PublishedJun 21

Latest updateMay 1

Description

Multiple format string vulnerabilities in plugins in VideoLAN VLC Media Player before 0.8.6c allow remote attackers to cause a denial of service (crash) or execute arbitrary code via format string specifiers in (1) an Ogg/Vorbis file, (2) an Ogg/Theora file, (3) a CDDB entry for a CD Digital Audio (CDDA) file, or (4) Service Announce Protocol (SAP) multicast packets.

CVSS vector

AV:N/AC:M/C:C/I:C/A:CExploitability: 8.6 | Impact: 10.0

Affected Packages2 packages

▶Debianvideolan/vlc_media_player< 0.8.6.c-1+3

▶NVDvideolan/vlc_media_player0.8.6a, 0.8.6b+1

Patches

Patch: secunia.com ↗Patch: www.videolan.org ↗Patch: secunia.com ↗

🔴Vulnerability Details

GHSA

GHSA-qf8q-r97f-f4p9: Multiple format string vulnerabilities in plugins in VideoLAN VLC Media Player before 0↗2022-05-01

▶

CVEList

CVE-2007-3316: Multiple format string vulnerabilities in plugins in VideoLAN VLC Media Player before 0↗2007-06-21

▶

OSV

CVE-2007-3316: Multiple format string vulnerabilities in plugins in VideoLAN VLC Media Player before 0↗2007-06-21

▶

📋Vendor Advisories

Debian

CVE-2007-3316: vlc - Multiple format string vulnerabilities in plugins in VideoLAN VLC Media Player b...↗2007

▶