CVE-2012-5855 — VLC Media Player vulnerability

CWE-1895 documents5 sources

Severity

4.3MEDIUMNVD

EPSS

0.3%

top 42.95%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Videolan VLC Media Player

Timeline

PublishedJul 10

Latest updateMay 17

Description

The SHAddToRecentDocs function in VideoLAN VLC media player 2.0.4 and earlier might allow user-assisted attackers to cause a denial of service (crash) via a crafted file name that triggers an incorrect string-length calculation when the file is added to VLC. NOTE: it is not clear whether this issue crosses privilege boundaries or whether it can be exploited without user interaction.

CVSS vector

AV:N/AC:M/C:N/I:N/A:PExploitability: 8.6 | Impact: 2.9

Affected Packages1 packages

▶NVDvideolan/vlc_media_player2.0.4+4

🔴Vulnerability Details

GHSA

GHSA-f677-mr7q-hh8x: The SHAddToRecentDocs function in VideoLAN VLC media player 2↗2022-05-17

▶

CVEList

CVE-2012-5855: The SHAddToRecentDocs function in VideoLAN VLC media player 2↗2013-07-10

▶

OSV

CVE-2012-5855: The SHAddToRecentDocs function in VideoLAN VLC media player 2↗2013-07-10

▶

📋Vendor Advisories

Debian

CVE-2012-5855: vlc - The SHAddToRecentDocs function in VideoLAN VLC media player 2.0.4 and earlier mi...↗2012

▶