CVE-2010-1443
published 2014-12-26CVE-2010-1443: The parse_track_node function in modules/demux/playlist/xspf.c in the XSPF playlist parser in VideoLAN VLC media player before 1.0.6 allows remote attackers to…
PriorityP419medium5CVSS 2.0
AVNACLAuNCNINAP
EPSS
2.45%
82.4th percentile
The parse_track_node function in modules/demux/playlist/xspf.c in the XSPF playlist parser in VideoLAN VLC media player before 1.0.6 allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) via an empty location element in an XML Shareable Playlist Format (XSPF) document.
Affected
49 ranges· showing 25
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| debian | vlc | < vlc 1.0.6-1 (bookworm) | vlc 1.0.6-1 (bookworm) |
| videolan | vlc_media_player | <= 1.0.5 | — |
| videolan | vlc_media_player | — | — |
| videolan | vlc_media_player | — | — |
| videolan | vlc_media_player | — | — |
| videolan | vlc_media_player | — | — |
| videolan | vlc_media_player | — | — |
| videolan | vlc_media_player | — | — |
| videolan | vlc_media_player | — | — |
| videolan | vlc_media_player | — | — |
| videolan | vlc_media_player | — | — |
| videolan | vlc_media_player | — | — |
| videolan | vlc_media_player | — | — |
| videolan | vlc_media_player | — | — |
| videolan | vlc_media_player | — | — |
| videolan | vlc_media_player | — | — |
| videolan | vlc_media_player | — | — |
| videolan | vlc_media_player | — | — |
| videolan | vlc_media_player | — | — |
| videolan | vlc_media_player | — | — |
| videolan | vlc_media_player | — | — |
| videolan | vlc_media_player | — | — |
| videolan | vlc_media_player | — | — |
| videolan | vlc_media_player | — | — |
| videolan | vlc_media_player | — | — |
CVSS provenance
nvdv2.05.0MEDIUMAV:N/AC:L/Au:N/C:N/I:N/A:P
osv5.0MEDIUM
vendor_debian5.0LOW
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
GHSA
GHSA-3g28-22mv-7m5h: The parse_track_node function in modules/demux/playlist/xspf
ghsa_unreviewed·2022-05-02
CVE-2010-1443 [MEDIUM] GHSA-3g28-22mv-7m5h: The parse_track_node function in modules/demux/playlist/xspf
The parse_track_node function in modules/demux/playlist/xspf.c in the XSPF playlist parser in VideoLAN VLC media player before 1.0.6 allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) via an empty location element in an XML Shareable Playlist Format (XSPF) document.
OSV
CVE-2010-1443: The parse_track_node function in modules/demux/playlist/xspf
osv·2014-12-26·CVSS 5.0
CVE-2010-1443 [MEDIUM] CVE-2010-1443: The parse_track_node function in modules/demux/playlist/xspf
The parse_track_node function in modules/demux/playlist/xspf.c in the XSPF playlist parser in VideoLAN VLC media player before 1.0.6 allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) via an empty location element in an XML Shareable Playlist Format (XSPF) document.
Debian
CVE-2010-1443: vlc - The parse_track_node function in modules/demux/playlist/xspf.c in the XSPF playl...
vendor_debian·2010·CVSS 5.0
CVE-2010-1443 [MEDIUM] CVE-2010-1443: vlc - The parse_track_node function in modules/demux/playlist/xspf.c in the XSPF playl...
The parse_track_node function in modules/demux/playlist/xspf.c in the XSPF playlist parser in VideoLAN VLC media player before 1.0.6 allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) via an empty location element in an XML Shareable Playlist Format (XSPF) document.
Scope: local
bookworm: resolved (fixed in 1.0.6-1)
bullseye: resolved (fixed in 1.0.6-1)
forky: resolved (fixed in 1.0.6-1)
sid: resolved (fixed in 1.0.6-1)
trixie: resolved (fixed in 1.0.6-1)
No detection rules found.
No public exploits indexed.
No writeups or analysis indexed.
http://git.videolan.org/?p=vlc/vlc-1.1.git%3Ba=commit%3Bh=8902488ba529c0cf4c903a8a84ff20b5737cc753http://openwall.com/lists/oss-security/2010/04/28/4http://www.videolan.org/security/sa1003.htmlhttp://git.videolan.org/?p=vlc/vlc-1.1.git%3Ba=commit%3Bh=8902488ba529c0cf4c903a8a84ff20b5737cc753http://openwall.com/lists/oss-security/2010/04/28/4http://www.videolan.org/security/sa1003.html
2014-12-26
Published