CVE-2010-1444
published 2014-12-26CVE-2010-1444: The ZIP archive decompressor in VideoLAN VLC media player before 1.0.6 allows remote attackers to cause a denial of service (invalid memory access and…
PriorityP337high7.5CVSS 2.0
AVNACLAuNCPIPAP
EPSS
3.58%
88.0th percentile
The ZIP archive decompressor in VideoLAN VLC media player before 1.0.6 allows remote attackers to cause a denial of service (invalid memory access and application crash) or possibly execute arbitrary code via a crafted archive.
Affected
49 ranges· showing 25
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| debian | vlc | < vlc 1.0.6-1 (bookworm) | vlc 1.0.6-1 (bookworm) |
| videolan | vlc_media_player | <= 1.0.5 | — |
| videolan | vlc_media_player | — | — |
| videolan | vlc_media_player | — | — |
| videolan | vlc_media_player | — | — |
| videolan | vlc_media_player | — | — |
| videolan | vlc_media_player | — | — |
| videolan | vlc_media_player | — | — |
| videolan | vlc_media_player | — | — |
| videolan | vlc_media_player | — | — |
| videolan | vlc_media_player | — | — |
| videolan | vlc_media_player | — | — |
| videolan | vlc_media_player | — | — |
| videolan | vlc_media_player | — | — |
| videolan | vlc_media_player | — | — |
| videolan | vlc_media_player | — | — |
| videolan | vlc_media_player | — | — |
| videolan | vlc_media_player | — | — |
| videolan | vlc_media_player | — | — |
| videolan | vlc_media_player | — | — |
| videolan | vlc_media_player | — | — |
| videolan | vlc_media_player | — | — |
| videolan | vlc_media_player | — | — |
| videolan | vlc_media_player | — | — |
| videolan | vlc_media_player | — | — |
CVSS provenance
nvdv2.07.5HIGHAV:N/AC:L/Au:N/C:P/I:P/A:P
osv7.5HIGH
vendor_redhat9.3CRITICAL
vendor_debian7.5HIGH
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
GHSA
GHSA-6cx8-r89x-xwjj: The ZIP archive decompressor in VideoLAN VLC media player before 1
ghsa_unreviewed·2022-05-02
CVE-2010-1444 [HIGH] CWE-119 GHSA-6cx8-r89x-xwjj: The ZIP archive decompressor in VideoLAN VLC media player before 1
The ZIP archive decompressor in VideoLAN VLC media player before 1.0.6 allows remote attackers to cause a denial of service (invalid memory access and application crash) or possibly execute arbitrary code via a crafted archive.
OSV
CVE-2010-1444: The ZIP archive decompressor in VideoLAN VLC media player before 1
osv·2014-12-26·CVSS 7.5
CVE-2010-1444 [HIGH] CVE-2010-1444: The ZIP archive decompressor in VideoLAN VLC media player before 1
The ZIP archive decompressor in VideoLAN VLC media player before 1.0.6 allows remote attackers to cause a denial of service (invalid memory access and application crash) or possibly execute arbitrary code via a crafted archive.
Red Hat
HelixPlayer multiple flaws (CVE-2010-2997, CVE-2010-4375, CVE-2010-4378, CVE-2010-4379, CVE-2010-4382, CVE-2010-4383, CVE-2010-4385, CVE-2010-4386, CVE-2010-4392, CVE-2010-4376)
vendor_redhat·2010-12-10·CVSS 9.3
CVE-2010-4383 [CRITICAL] HelixPlayer multiple flaws (CVE-2010-2997, CVE-2010-4375, CVE-2010-4378, CVE-2010-4379, CVE-2010-4382, CVE-2010-4383, CVE-2010-4385, CVE-2010-4386, CVE-2010-4392, CVE-2010-4376)
HelixPlayer multiple flaws (CVE-2010-2997, CVE-2010-4375, CVE-2010-4378, CVE-2010-4379, CVE-2010-4382, CVE-2010-4383, CVE-2010-4385, CVE-2010-4386, CVE-2010-4392, CVE-2010-4376)
Heap-based buffer overflow in RealNetworks RealPlayer 11.0 through 11.1, RealPlayer SP 1.0 through 1.1.4, RealPlayer Enterprise 2.1.2, Mac RealPlayer 11.0 through 12.0.0.1444, Linux RealPlayer 11.0.2.1744, and possibly HelixPlayer 1.0.6 and other versions, allows remote attackers to have an unspecified impact via a crafted RA5 file.
Debian
CVE-2010-1444: vlc - The ZIP archive decompressor in VideoLAN VLC media player before 1.0.6 allows re...
vendor_debian·2010·CVSS 7.5
CVE-2010-1444 [HIGH] CVE-2010-1444: vlc - The ZIP archive decompressor in VideoLAN VLC media player before 1.0.6 allows re...
The ZIP archive decompressor in VideoLAN VLC media player before 1.0.6 allows remote attackers to cause a denial of service (invalid memory access and application crash) or possibly execute arbitrary code via a crafted archive.
Scope: local
bookworm: resolved (fixed in 1.0.6-1)
bullseye: resolved (fixed in 1.0.6-1)
forky: resolved (fixed in 1.0.6-1)
sid: resolved (fixed in 1.0.6-1)
trixie: resolved (fixed in 1.0.6-1)
No detection rules found.
No public exploits indexed.
No writeups or analysis indexed.
http://git.videolan.org/?p=vlc/vlc-1.1.git%3Ba=commit%3Bh=08813ee6f8eb0faf83790bd4247c0a97af75a1cfhttp://openwall.com/lists/oss-security/2010/04/28/4http://www.videolan.org/security/sa1003.htmlhttp://git.videolan.org/?p=vlc/vlc-1.1.git%3Ba=commit%3Bh=08813ee6f8eb0faf83790bd4247c0a97af75a1cfhttp://openwall.com/lists/oss-security/2010/04/28/4http://www.videolan.org/security/sa1003.html
2014-12-26
Published