CVE-2007-6684Improper Input Validation in VLC

CWE-20Improper Input Validation5 documents5 sources
Severity
5.0MEDIUMNVD
EPSS
0.9%
top 24.66%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
2
Videolan VLC Media PlayerVideolan VLC
Timeline
PublishedJan 17
Latest updateMay 1

Description

The RTSP module in VideoLAN VLC 0.8.6d allows remote attackers to cause a denial of service (crash) via a request without a Transport parameter, which triggers a NULL pointer dereference.

CVSS vector

AV:N/AC:L/C:N/I:N/A:PExploitability: 10.0 | Impact: 2.9

Affected Packages2 packages

Debianvideolan/vlc_media_player< 0.8.6.c-4.1+3
NVDvideolan/vlc0.8.6d

🔴Vulnerability Details

3
GHSA
GHSA-wrpc-hp74-59hv: The RTSP module in VideoLAN VLC 02022-05-01
CVEList
CVE-2007-6684: The RTSP module in VideoLAN VLC 02008-01-17
OSV
CVE-2007-6684: The RTSP module in VideoLAN VLC 02008-01-17

📋Vendor Advisories

1
Debian
CVE-2007-6684: vlc - The RTSP module in VideoLAN VLC 0.8.6d allows remote attackers to cause a denial...2007
CVE-2007-6684 — Improper Input Validation in VLC | cvebase