CVE-2013-3245 — Improper Restriction of Operations within the Bounds of a Memory Buffer in VLC Media Player

CWE-119 — Improper Restriction of Operations within the Bounds of a Memory Buffer CWE-122 — Heap-based Buffer Overflow CWE-125 — Out-of-bounds Read5 documents5 sources

Severity

6.3MEDIUMNVD

EPSS

1.9%

top 16.90%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Videolan VLC Media Player

Timeline

PublishedJul 10

Latest updateMay 17

Description

plugins/demux/libmkv_plugin.dll in VideoLAN VLC Media Player 2.0.7, and possibly other versions, allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a crafted MKV file, possibly involving an integer overflow and out-of-bounds read or heap-based buffer overflow, or an uncaught exception. NOTE: the vendor disputes the severity and claimed vulnerability type of this issue, stating "This PoC crashes VLC, indeed, but does nothing more... this is not an…

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:LExploitability: 2.8 | Impact: 3.4

Affected Packages2 packages

▶Debianvideolan/vlc_media_player< 2.0.7-1+3

▶NVDvideolan/vlc_media_player2.0.7

🔴Vulnerability Details

GHSA

GHSA-h6w8-g5hj-f5pr: ** DISPUTED ** plugins/demux/libmkv_plugin↗2022-05-17

▶

CVEList

CVE-2013-3245: plugins/demux/libmkv_plugin↗2013-07-10

▶

OSV

CVE-2013-3245: plugins/demux/libmkv_plugin↗2013-07-10

▶

📋Vendor Advisories

Debian

CVE-2013-3245: vlc - plugins/demux/libmkv_plugin.dll in VideoLAN VLC Media Player 2.0.7, and possibly...↗2013

▶