Public exploit available

Public proof-of-concept or exploit code exists (ExploitDB / Metasploit / Nuclei).

CVE-2013-6283 — Improper Input Validation in VLC Media Player

CWE-20 — Improper Input Validation6 documents6 sources

Severity

7.5HIGHNVD

EPSS

9.8%

top 7.02%

CISA KEV

Not in KEV

Exploit

PoC available

Public exploit / PoC exists

Affected products

Videolan VLC Media Player

Timeline

PublishedOct 25

Latest updateMay 17

Description

VideoLAN VLC Media Player 2.0.8 and earlier allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a long string in a URL in a m3u file.

CVSS vector

AV:N/AC:L/C:P/I:P/A:PExploitability: 10.0 | Impact: 6.4

Affected Packages2 packages

▶Debianvideolan/vlc_media_player< 2.1.0-2+3

▶NVDvideolan/vlc_media_player2.0.8+32

🔴Vulnerability Details

GHSA

GHSA-p44r-rrvj-56v9: VideoLAN VLC Media Player 2↗2022-05-17

▶

OSV

CVE-2013-6283: VideoLAN VLC Media Player 2↗2013-10-25

▶

CVEList

CVE-2013-6283: VideoLAN VLC Media Player 2↗2013-10-25

▶

💥Exploits & PoCs

Exploit-DB

VideoLAN VLC Media Player 2.0.8 - '.m3u' Local Crash (PoC)↗2013-08-19

▶

📋Vendor Advisories

Debian

CVE-2013-6283: vlc - VideoLAN VLC Media Player 2.0.8 and earlier allows remote attackers to cause a d...↗2013

▶