|
|
CVE Reference: CVE-2007-0017 |
|
| NOTE: The text on this page is written by CVE MITRE and reflects neither the opinions of Secunia or the results of our research. All data on this page is written and maintained by CVE MITRE. | |
|
Original Page at CVE MITRE: CVE-2007-0017 |
|
|
Description: Multiple format string vulnerabilities in (1) the cdio_log_handler function in modules/access/cdda/access.c in the CDDA (libcdda_plugin) plugin, and the (2) cdio_log_handler and (3) vcd_log_handler functions in modules/access/vcdx/access.c in the VCDX (libvcdx_plugin) plugin, in VideoLAN VLC 0.7.0 through 0.8.6 allow user-assisted remote attackers to execute arbitrary code via format string specifiers in an invalid URI, as demonstrated by a udp://-- URI in an M3U file. |
|
|
CVE Status: Candidate |
|
|
References: XF http://xforce.iss.net/xforce/xfdb/31226 SUSE http://www.novell.com/linux/security/advisories/2007_13_xine.html ST 1017464 SAID Secunia Advisory: SA23592 Secunia Advisory: SA23829 Secunia Advisory: SA23910 Secunia Advisory: SA23971 OVAL http://oval.mitre.org/repository/data/getDef?id=oval:org.mitre.oval:def:14313 OSVDB 31163 MLIST http://www.via.ecp.fr/via/ml/vlc-devel/2007-01/msg00005.html MISC http://landonf.bikemonkey.org/code/macosx/MOAB_Day_2.20070103045559.6753.timor.html http://applefun.blogspot.com/2007/01/moab-02-01-2007-vlc-media-player-udp.html http://projects.info-pull.com/moab/MOAB-02-01-2007.html GENTOO http://security.gentoo.org/glsa/glsa-200701-24.xml DEBIAN http://www.debian.org/security/2007/dsa-1252 CONFIRM http://www.videolan.org/sa0701.html http://www.videolan.org/patches/vlc-0.8.6-MOAB-02-01-2007.patch http://trac.videolan.org/vlc/changeset/18481 BID 21852 |
|
| Return to the previous page. |
