7.5

CVE-2010-2062

Exploit
Integer underflow in the real_get_rdt_chunk function in real.c, as used in modules/access/rtsp/real.c in VideoLAN VLC media player before 1.0.1 and stream/realrtsp/real.c in MPlayer before r29447, allows remote attackers to execute arbitrary code via a crafted length value in an RDT chunk header.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
VideolanVlc Media Player Version <= 1.0.0
VideolanVlc Media Player Version0.5.0
VideolanVlc Media Player Version0.5.1
VideolanVlc Media Player Version0.5.2
VideolanVlc Media Player Version0.5.3
VideolanVlc Media Player Version0.6.0
VideolanVlc Media Player Version0.6.1
VideolanVlc Media Player Version0.6.2
VideolanVlc Media Player Version0.7.0
VideolanVlc Media Player Version0.7.1
VideolanVlc Media Player Version0.7.2
VideolanVlc Media Player Version0.8.0
VideolanVlc Media Player Version0.8.1
VideolanVlc Media Player Version0.8.2
VideolanVlc Media Player Version0.8.4
VideolanVlc Media Player Version0.8.4a
VideolanVlc Media Player Version0.8.5
VideolanVlc Media Player Version0.8.6
VideolanVlc Media Player Version0.8.6a
VideolanVlc Media Player Version0.8.6b
VideolanVlc Media Player Version0.8.6c
VideolanVlc Media Player Version0.8.6d
VideolanVlc Media Player Version0.8.6e
VideolanVlc Media Player Version0.8.6f
VideolanVlc Media Player Version0.8.6g
VideolanVlc Media Player Version0.8.6h
VideolanVlc Media Player Version0.8.6i
VideolanVlc Media Player Version0.8.1337
VideolanVlc Media Player Version0.9.0
VideolanVlc Media Player Version0.9.1
VideolanVlc Media Player Version0.9.2
VideolanVlc Media Player Version0.9.3
VideolanVlc Media Player Version0.9.4
VideolanVlc Media Player Version0.9.5
VideolanVlc Media Player Version0.9.6
VideolanVlc Media Player Version0.9.8a
VideolanVlc Media Player Version0.9.9
VideolanVlc Media Player Version0.9.9a
VideolanVlc Media Player Version0.9.10
Zu dieser CVE wurde keine Warnung gefunden.
EPSS Metriken
Typ Quelle Score Percentile
EPSS FIRST.org 4.4% 0.901
CVSS Metriken
Quelle Base Score Exploit Score Impact Score Vector String
nvd@nist.gov 7.5 10 6.4
AV:N/AC:L/Au:N/C:P/I:P/A:P
Es wurden noch keine Informationen zu CWE veröffentlicht.
http://git.videolan.org/?p=vlc.git%3Ba=commit%3Bh=dc74600c97eb834c08674676e209afa842053aca
http://openwall.com/lists/oss-security/2010/06/04/4
http://seclists.org/fulldisclosure/2009/Jul/418
Exploit
https://dzcore.wordpress.com/2009/07/27/dzc-2009-001-the-movie-player-and-vlc-media-player-real-data-transport-parsing-integer-underflow/
Exploit