CVE-2010-2937Improper Input Validation in VLC Media Player

CWE-20Improper Input Validation5 documents5 sources
Severity
5.0MEDIUMNVD
EPSS
1.4%
top 19.68%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
1
Videolan VLC Media Player
Timeline
PublishedAug 20
Latest updateMay 17

Description

The ReadMetaFromId3v2 function in taglib.cpp in the TagLib plugin in VideoLAN VLC media player 0.9.0 through 1.1.2 does not properly process ID3v2 tags, which allows remote attackers to cause a denial of service (application crash) via a crafted media file.

CVSS vector

AV:N/AC:L/C:N/I:N/A:PExploitability: 10.0 | Impact: 2.9

Affected Packages2 packages

Debianvideolan/vlc_media_player< 1.1.3-1+3
NVDvideolan/vlc_media_player22 versions+21

🔴Vulnerability Details

3
GHSA
GHSA-h79h-2326-9h3v: The ReadMetaFromId3v2 function in taglib2022-05-17
OSV
CVE-2010-2937: The ReadMetaFromId3v2 function in taglib2010-08-20
CVEList
CVE-2010-2937: The ReadMetaFromId3v2 function in taglib2010-08-20

📋Vendor Advisories

1
Debian
CVE-2010-2937: vlc - The ReadMetaFromId3v2 function in taglib.cpp in the TagLib plugin in VideoLAN VL...2010
CVE-2010-2937 — Improper Input Validation | cvebase