cbcvebase.
CVE-2007-3316
published 2007-06-21

CVE-2007-3316: Multiple format string vulnerabilities in plugins in VideoLAN VLC Media Player before 0.8.6c allow remote attackers to cause a denial of service (crash) or…

PriorityP346critical9.3CVSS 2.0
AVNACMAuNCCICAC
EPSS
17.08%
96.7th percentile
Multiple format string vulnerabilities in plugins in VideoLAN VLC Media Player before 0.8.6c allow remote attackers to cause a denial of service (crash) or execute arbitrary code via format string specifiers in (1) an Ogg/Vorbis file, (2) an Ogg/Theora file, (3) a CDDB entry for a CD Digital Audio (CDDA) file, or (4) Service Announce Protocol (SAP) multicast packets.

Affected

7 ranges
VendorProductVersion rangeFixed in
debianvlc< vlc 0.8.6.c-1 (bookworm)vlc 0.8.6.c-1 (bookworm)
videolanvlc_media_player
videolanvlc_media_player
videolanvlc_media_player>= 0 < 0.8.6.c-10.8.6.c-1
videolanvlc_media_player>= 0 < 0.8.6.c-10.8.6.c-1
videolanvlc_media_player>= 0 < 0.8.6.c-10.8.6.c-1
videolanvlc_media_player>= 0 < 0.8.6.c-10.8.6.c-1

CVSS provenance

nvdv2.09.3CRITICALAV:N/AC:M/Au:N/C:C/I:C/A:C
osv9.3CRITICAL
vendor_debian9.3MEDIUM
Stop checking back — get the weekly exploitation signal.

Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.