CVE-2007-3468 — VLC Media Player vulnerability

5 documents5 sources

Severity

7.8HIGHNVD

EPSS

1.0%

top 22.64%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Videolan VLC Media Player

Timeline

PublishedJun 27

Latest updateMay 1

Description

input.c in VideoLAN VLC Media Player before 0.8.6c allows remote attackers to cause a denial of service (crash) via a crafted WAV file that causes an uninitialized i_nb_resamplers variable to be used.

CVSS vector

AV:N/AC:L/C:N/I:N/A:CExploitability: 10.0 | Impact: 6.9

Affected Packages2 packages

▶Debianvideolan/vlc_media_player< 0.8.6.c.debian-1+3

▶NVDvideolan/vlc_media_player0.8.6b

Patches

Patch: www.isecpartners.com ↗Patch: www.isecpartners.com ↗

🔴Vulnerability Details

GHSA

GHSA-jpg5-4x2v-qmh4: input↗2022-05-01

▶

CVEList

CVE-2007-3468: input↗2007-06-27

▶

OSV

CVE-2007-3468: input↗2007-06-27

▶

📋Vendor Advisories

Debian

CVE-2007-3468: vlc - input.c in VideoLAN VLC Media Player before 0.8.6c allows remote attackers to ca...↗2007

▶