Public exploit available

Public proof-of-concept or exploit code exists (ExploitDB / Metasploit / Nuclei).

CVE-2010-3275 — Improper Restriction of Operations within the Bounds of a Memory Buffer in VLC Media Player

CWE-119 — Improper Restriction of Operations within the Bounds of a Memory Buffer7 documents7 sources

Severity

9.3CRITICALNVD

EPSS

86.2%

top 0.59%

CISA KEV

Not in KEV

Exploit

PoC available

Public exploit / PoC exists

Affected products

Videolan VLC Media Player

Timeline

PublishedMar 28

Latest updateMay 14

Description

libdirectx_plugin.dll in VideoLAN VLC Media Player before 1.1.8 allows remote attackers to execute arbitrary code via a crafted width in an AMV file, related to a "dangling pointer vulnerability."

CVSS vector

AV:N/AC:M/C:C/I:C/A:CExploitability: 8.6 | Impact: 10.0

Affected Packages2 packages

▶Debianvideolan/vlc_media_player< 1.1.8-1+3

▶NVDvideolan/vlc_media_player1.1.7+69

Patches

Patch: www.videolan.org ↗Patch: www.videolan.org ↗

🔴Vulnerability Details

GHSA

GHSA-2r97-vr7q-6pw9: libdirectx_plugin↗2022-05-14

▶

CVEList

CVE-2010-3275: libdirectx_plugin↗2011-03-28

▶

OSV

CVE-2010-3275: libdirectx_plugin↗2011-03-28

▶

💥Exploits & PoCs

Exploit-DB

VideoLAN VLC Media Player 1.1.4 - 'AMV' Dangling Pointer (Metasploit)↗2011-03-26

▶

📋Vendor Advisories

Debian

CVE-2010-3275: vlc - libdirectx_plugin.dll in VideoLAN VLC Media Player before 1.1.8 allows remote at...↗2010

▶

💬Community

Bugzilla

CVE-2010-0650 webkit: remote bypass of popup window block settings↗2010-02-24

▶