Public exploit available
Public proof-of-concept or exploit code exists (ExploitDB / Metasploit / Nuclei).

CVE-2007-6682Use of Externally-Controlled Format String in VLC

7 documents6 sources
Severity
7.5HIGHNVD
EPSS
34.4%
top 3.00%
CISA KEV
Not in KEV
Exploit
PoC available
Public exploit / PoC exists
Affected products
2
Videolan VLC Media PlayerVideolan VLC
Timeline
PublishedJan 17
Latest updateMay 1

Description

Format string vulnerability in the httpd_FileCallBack function (network/httpd.c) in VideoLAN VLC 0.8.6d allows remote attackers to execute arbitrary code via format string specifiers in the Connection parameter.

CVSS vector

AV:N/AC:L/C:P/I:P/A:PExploitability: 10.0 | Impact: 6.4

Affected Packages2 packages

Debianvideolan/vlc_media_player< 0.8.6.c-4.1+3
NVDvideolan/vlc0.8.6d

🔴Vulnerability Details

3
GHSA
GHSA-prxp-p3xh-w4mq: Format string vulnerability in the httpd_FileCallBack function (network/httpd2022-05-01
OSV
CVE-2007-6682: Format string vulnerability in the httpd_FileCallBack function (network/httpd2008-01-17
CVEList
CVE-2007-6682: Format string vulnerability in the httpd_FileCallBack function (network/httpd2008-01-17

💥Exploits & PoCs

2
Exploit-DB
Microsoft Office 2007 - MSPTLS Heap Index Integer Underflow (MS15-081)2015-08-21
Exploit-DB
VideoLAN VLC Media Player 0.8.6d - 'httpd_FileCallBack' Remote Format String2008-04-28

📋Vendor Advisories

1
Debian
CVE-2007-6682: vlc - Format string vulnerability in the httpd_FileCallBack function (network/httpd.c)...2007
CVE-2007-6682 — Videolan VLC vulnerability | cvebase