cbcvebase.
CVE-2012-5855
published 2013-07-10

CVE-2012-5855: The SHAddToRecentDocs function in VideoLAN VLC media player 2.0.4 and earlier might allow user-assisted attackers to cause a denial of service (crash) via a…

PriorityP414medium4.3CVSS 2.0
AVNACMAuNCNINAP
EPSS
1.21%
64.8th percentile
The SHAddToRecentDocs function in VideoLAN VLC media player 2.0.4 and earlier might allow user-assisted attackers to cause a denial of service (crash) via a crafted file name that triggers an incorrect string-length calculation when the file is added to VLC. NOTE: it is not clear whether this issue crosses privilege boundaries or whether it can be exploited without user interaction.

Affected

6 ranges
VendorProductVersion rangeFixed in
debianvlc
videolanvlc_media_player<= 2.0.4
videolanvlc_media_player
videolanvlc_media_player
videolanvlc_media_player
videolanvlc_media_player

CVSS provenance

nvdv2.04.3MEDIUMAV:N/AC:M/Au:N/C:N/I:N/A:P
osv4.3MEDIUM
vendor_debian4.3LOW
Stop checking back — get the weekly exploitation signal.

Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.