Public exploit available
Public proof-of-concept or exploit code exists (ExploitDB / Metasploit / Nuclei).

CVE-2012-5470Improper Restriction of Operations within the Bounds of a Memory Buffer in VLC Media Player

CWE-119Improper Restriction of Operations within the Bounds of a Memory Buffer6 documents6 sources
Severity
4.3MEDIUMNVD
EPSS
17.0%
top 5.01%
CISA KEV
Not in KEV
Exploit
PoC available
Public exploit / PoC exists
Affected products
1
Videolan VLC Media Player
Timeline
PublishedOct 26
Latest updateMay 17

Description

libpng_plugin in VideoLAN VLC media player 2.0.3 allows remote attackers to cause a denial of service (application crash) via a crafted PNG file.

CVSS vector

AV:N/AC:M/C:N/I:N/A:PExploitability: 8.6 | Impact: 2.9

Affected Packages2 packages

Debianvideolan/vlc_media_player< 2.0.4-1+3

🔴Vulnerability Details

3
GHSA
GHSA-qw5j-q494-hwmx: libpng_plugin in VideoLAN VLC media player 22022-05-17
CVEList
CVE-2012-5470: libpng_plugin in VideoLAN VLC media player 22012-10-26
OSV
CVE-2012-5470: libpng_plugin in VideoLAN VLC media player 22012-10-26

💥Exploits & PoCs

1
Exploit-DB
VideoLAN VLC Media Player 2.0.3 - '.png' ReadAV Crash (PoC)2012-10-11

📋Vendor Advisories

1
Debian
CVE-2012-5470: vlc - libpng_plugin in VideoLAN VLC media player 2.0.3 allows remote attackers to caus...2012
CVE-2012-5470 — Videolan VLC Media Player vulnerability | cvebase