Public exploit available

Public proof-of-concept or exploit code exists (ExploitDB / Metasploit / Nuclei).

CVE-2010-0364 — Improper Restriction of Operations within the Bounds of a Memory Buffer in VLC Media Player

CWE-119 — Improper Restriction of Operations within the Bounds of a Memory Buffer6 documents6 sources

Severity

9.3CRITICALNVD

EPSS

6.7%

top 8.76%

CISA KEV

Not in KEV

Exploit

PoC available

Public exploit / PoC exists

Affected products

Videolan VLC Media Player

Timeline

PublishedJan 21

Latest updateMay 2

Description

Stack-based buffer overflow in VideoLAN VLC Media Player 0.8.6 allows user-assisted remote attackers to execute arbitrary code via an ogg file with a crafted Advanced SubStation Alpha Subtitle (.ass) file, probably involving the Dialogue field.

CVSS vector

AV:N/AC:M/C:C/I:C/A:CExploitability: 8.6 | Impact: 10.0

Affected Packages2 packages

▶Debianvideolan/vlc_media_player< 0.8.6.c-4.1+3

▶NVDvideolan/vlc_media_player0.8.6

🔴Vulnerability Details

GHSA

GHSA-g7vj-rmhg-q3rh: Stack-based buffer overflow in VideoLAN VLC Media Player 0↗2022-05-02

▶

CVEList

CVE-2010-0364: Stack-based buffer overflow in VideoLAN VLC Media Player 0↗2010-01-21

▶

OSV

CVE-2010-0364: Stack-based buffer overflow in VideoLAN VLC Media Player 0↗2010-01-21

▶

💥Exploits & PoCs

Exploit-DB

VideoLAN VLC Media Player 0.8.6 a/b/c/d (Win32 Universal) - '.ass' Local Buffer Overflow↗2010-01-17

▶

📋Vendor Advisories

Debian

CVE-2010-0364: vlc - Stack-based buffer overflow in VideoLAN VLC Media Player 0.8.6 allows user-assis...↗2010

▶