CVE-2012-2396
published 2012-04-19CVE-2012-2396: VideoLAN VLC media player 2.0.1 allows remote attackers to cause a denial of service (divide-by-zero error and application crash) via a crafted MP4 file.
PriorityP418medium4.3CVSS 2.0
AVNACMAuNCNINAP
EXPLOIT
EPSS
7.29%
93.6th percentile
VideoLAN VLC media player 2.0.1 allows remote attackers to cause a denial of service (divide-by-zero error and application crash) via a crafted MP4 file.
Affected
7 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| debian | taglib | < taglib 1.7.2-1 (bookworm) | taglib 1.7.2-1 (bookworm) |
| debian | vlc | < taglib 1.7.2-1 (bookworm) | taglib 1.7.2-1 (bookworm) |
| taglib | taglib | >= 0 < 1.7.2-1 | 1.7.2-1 |
| taglib | taglib | >= 0 < 1.7.2-1 | 1.7.2-1 |
| taglib | taglib | >= 0 < 1.7.2-1 | 1.7.2-1 |
| taglib | taglib | >= 0 < 1.7.2-1 | 1.7.2-1 |
| videolan | vlc_media_player | — | — |
CVSS provenance
nvdv2.04.3MEDIUMAV:N/AC:M/Au:N/C:N/I:N/A:P
osv4.3MEDIUM
vendor_debian4.3LOW
vendor_redhat4.3MEDIUM
CVEs like this are exactly what “Exploited This Week” covers.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
GHSA
GHSA-w4px-4wpx-8xhm: VideoLAN VLC media player 2
ghsa_unreviewed·2022-05-17
CVE-2012-2396 [MEDIUM] GHSA-w4px-4wpx-8xhm: VideoLAN VLC media player 2
VideoLAN VLC media player 2.0.1 allows remote attackers to cause a denial of service (divide-by-zero error and application crash) via a crafted MP4 file.
OSV
CVE-2012-2396: VideoLAN VLC media player 2
osv·2012-04-19·CVSS 4.3
CVE-2012-2396 [MEDIUM] CVE-2012-2396: VideoLAN VLC media player 2
VideoLAN VLC media player 2.0.1 allows remote attackers to cause a denial of service (divide-by-zero error and application crash) via a crafted MP4 file.
Red Hat
taglib: Division by zero while parsing properties of certain MP4 audio files
vendor_redhat·2012-04-20·CVSS 4.3
CVE-2012-2396 [MEDIUM] taglib: Division by zero while parsing properties of certain MP4 audio files
taglib: Division by zero while parsing properties of certain MP4 audio files
VideoLAN VLC media player 2.0.1 allows remote attackers to cause a denial of service (divide-by-zero error and application crash) via a crafted MP4 file.
Statement: This issue affects the version of the taglib package as shipped with Red Hat Enterprise Linux 6. The taglib library is used in client applications only though. Red Hat Security Response Team does not consider a user-assisted crash of a client application such as k3b or Totem to be a security issue.
Package: taglib (Red Hat Enterprise Linux 6) - Not affected
Debian
CVE-2012-2396: taglib - VideoLAN VLC media player 2.0.1 allows remote attackers to cause a denial of ser...
vendor_debian·2012·CVSS 4.3
CVE-2012-2396 [MEDIUM] CVE-2012-2396: taglib - VideoLAN VLC media player 2.0.1 allows remote attackers to cause a denial of ser...
VideoLAN VLC media player 2.0.1 allows remote attackers to cause a denial of service (divide-by-zero error and application crash) via a crafted MP4 file.
Scope: local
bookworm: resolved (fixed in 1.7.2-1)
bullseye: resolved (fixed in 1.7.2-1)
forky: resolved (fixed in 1.7.2-1)
sid: resolved (fixed in 1.7.2-1)
trixie: resolved (fixed in 1.7.2-1)
No detection rules found.
http://www.exploit-db.com/exploits/18757/https://exchange.xforce.ibmcloud.com/vulnerabilities/75038https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A15615http://www.exploit-db.com/exploits/18757/https://exchange.xforce.ibmcloud.com/vulnerabilities/75038https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A15615
2012-04-19
Published