CVE-2007-0017 - Secunia Advisories - Vulnerability Information

CVE Reference: CVE-2007-0017
NOTE: The text on this page is written by CVE MITRE and reflects neither the opinions of Secunia or the results of our research. All data on this page is written and maintained by CVE MITRE.

Original Page at CVE MITRE: CVE-2007-0017

Description: Multiple format string vulnerabilities in (1) the cdio_log_handler function in modules/access/cdda/access.c in the CDDA (libcdda_plugin) plugin, and the (2) cdio_log_handler and (3) vcd_log_handler functions in modules/access/vcdx/access.c in the VCDX (libvcdx_plugin) plugin, in VideoLAN VLC 0.7.0 through 0.8.6 allow user-assisted remote attackers to execute arbitrary code via format string specifiers in an invalid URI, as demonstrated by a udp://-- URI in an M3U file.

CVE Status: Candidate

References: XF http://xforce.iss.net/xforce/xfdb/31226 SUSE http://www.novell.com/linux/security/advisories/2007_13_xine.html ST 1017464 SAID Secunia Advisory: SA23592 Secunia Advisory: SA23829 Secunia Advisory: SA23910 Secunia Advisory: SA23971 OSVDB 31163 MLIST http://www.via.ecp.fr/via/ml/vlc-devel/2007-01/msg00005.html MISC http://landonf.bikemonkey.org/code/macosx/MOAB_Day_2.20070103045559.6753.timor.html http://applefun.blogspot.com/2007/01/moab-02-01-2007-vlc-media-player-udp.html http://projects.info-pull.com/moab/MOAB-02-01-2007.html GENTOO http://security.gentoo.org/glsa/glsa-200701-24.xml DEBIAN http://www.debian.org/security/2007/dsa-1252 CONFIRM http://www.videolan.org/patches/vlc-0.8.6-MOAB-02-01-2007.patch http://www.videolan.org/sa0701.html http://trac.videolan.org/vlc/changeset/18481 BID 21852

Return to the previous page.