CVE-2007-3467 — VLC Media Player vulnerability

5 documents5 sources

Severity

7.8HIGHNVD

EPSS

1.0%

top 22.64%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Videolan VLC Media Player

Timeline

PublishedJun 27

Latest updateMay 1

Description

Integer overflow in the __status_Update function in stats.c VideoLAN VLC Media Player before 0.8.6c allows remote attackers to cause a denial of service (crash) via a WAV file with a large sample rate.

CVSS vector

AV:N/AC:L/C:N/I:N/A:CExploitability: 10.0 | Impact: 6.9

Affected Packages2 packages

▶Debianvideolan/vlc_media_player< 0.8.6.c-1+3

▶NVDvideolan/vlc_media_player0.8.6b

Patches

Patch: www.isecpartners.com ↗Patch: www.isecpartners.com ↗

🔴Vulnerability Details

GHSA

GHSA-4h4h-8wm7-vc9v: Integer overflow in the __status_Update function in stats↗2022-05-01

▶

CVEList

CVE-2007-3467: Integer overflow in the __status_Update function in stats↗2007-06-27

▶

OSV

CVE-2007-3467: Integer overflow in the __status_Update function in stats↗2007-06-27

▶

📋Vendor Advisories

Debian

CVE-2007-3467: vlc - Integer overflow in the __status_Update function in stats.c VideoLAN VLC Media P...↗2007

▶