CVE-2008-2147
published 2008-05-12CVE-2008-2147: Untrusted search path vulnerability in VideoLAN VLC before 0.9.0 allows local users to execute arbitrary code via a malicious library under the modules/ or…
PriorityP414medium4.6CVSS 2.0
AVLACLAuNCPIPAP
EPSS
0.42%
33.4th percentile
Untrusted search path vulnerability in VideoLAN VLC before 0.9.0 allows local users to execute arbitrary code via a malicious library under the modules/ or plugins/ subdirectories of the current working directory.
Affected
29 ranges· showing 25
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| debian | vlc | < vlc 0.8.6.e-2.2 (bookworm) | vlc 0.8.6.e-2.2 (bookworm) |
| videolan | vlc | <= 0.8.6 | — |
| videolan | vlc | — | — |
| videolan | vlc | — | — |
| videolan | vlc | — | — |
| videolan | vlc | — | — |
| videolan | vlc | — | — |
| videolan | vlc | — | — |
| videolan | vlc | — | — |
| videolan | vlc | — | — |
| videolan | vlc | — | — |
| videolan | vlc | — | — |
| videolan | vlc | — | — |
| videolan | vlc | — | — |
| videolan | vlc | — | — |
| videolan | vlc | — | — |
| videolan | vlc | — | — |
| videolan | vlc | — | — |
| videolan | vlc | — | — |
| videolan | vlc | — | — |
| videolan | vlc | — | — |
| videolan | vlc | — | — |
| videolan | vlc | — | — |
| videolan | vlc | — | — |
| videolan | vlc | — | — |
CVSS provenance
nvdv2.04.6MEDIUMAV:L/AC:L/Au:N/C:P/I:P/A:P
osv4.6MEDIUM
vendor_debian4.6LOW
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
GHSA
GHSA-f2wq-qcrw-36wc: Untrusted search path vulnerability in VideoLAN VLC before 0
ghsa_unreviewed·2022-05-01
CVE-2008-2147 [MEDIUM] GHSA-f2wq-qcrw-36wc: Untrusted search path vulnerability in VideoLAN VLC before 0
Untrusted search path vulnerability in VideoLAN VLC before 0.9.0 allows local users to execute arbitrary code via a malicious library under the modules/ or plugins/ subdirectories of the current working directory.
OSV
CVE-2008-2147: Untrusted search path vulnerability in VideoLAN VLC before 0
osv·2008-05-12·CVSS 4.6
CVE-2008-2147 [MEDIUM] CVE-2008-2147: Untrusted search path vulnerability in VideoLAN VLC before 0
Untrusted search path vulnerability in VideoLAN VLC before 0.9.0 allows local users to execute arbitrary code via a malicious library under the modules/ or plugins/ subdirectories of the current working directory.
Debian
CVE-2008-2147: vlc - Untrusted search path vulnerability in VideoLAN VLC before 0.9.0 allows local us...
vendor_debian·2008·CVSS 4.6
CVE-2008-2147 [MEDIUM] CVE-2008-2147: vlc - Untrusted search path vulnerability in VideoLAN VLC before 0.9.0 allows local us...
Untrusted search path vulnerability in VideoLAN VLC before 0.9.0 allows local users to execute arbitrary code via a malicious library under the modules/ or plugins/ subdirectories of the current working directory.
Scope: local
bookworm: resolved (fixed in 0.8.6.e-2.2)
bullseye: resolved (fixed in 0.8.6.e-2.2)
forky: resolved (fixed in 0.8.6.e-2.2)
sid: resolved (fixed in 0.8.6.e-2.2)
trixie: resolved (fixed in 0.8.6.e-2.2)
No detection rules found.
No writeups or analysis indexed.
http://git.videolan.org/?p=vlc.git%3Ba=commit%3Bh=c7cef4fdd8dd72ce0a45be3cda8ba98df5e83181http://secunia.com/advisories/31317http://security.gentoo.org/glsa/glsa-200807-13.xmlhttp://trac.videolan.org/vlc/ticket/1578https://exchange.xforce.ibmcloud.com/vulnerabilities/42377http://git.videolan.org/?p=vlc.git%3Ba=commit%3Bh=c7cef4fdd8dd72ce0a45be3cda8ba98df5e83181http://secunia.com/advisories/31317http://security.gentoo.org/glsa/glsa-200807-13.xmlhttp://trac.videolan.org/vlc/ticket/1578https://exchange.xforce.ibmcloud.com/vulnerabilities/42377
2008-05-12
Published