9.3

CVE-2010-3907

Multiple integer overflows in real.c in the Real demuxer plugin in VideoLAN VLC Media Player before 1.1.6 allow remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a zero i_subpackets value in a Real Media file, leading to a heap-based buffer overflow.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
VideolanVlc Media Player Version <= 1.1.5
VideolanVlc Media Player Version0.1.99b
VideolanVlc Media Player Version0.1.99e
VideolanVlc Media Player Version0.1.99f
VideolanVlc Media Player Version0.1.99g
VideolanVlc Media Player Version0.1.99h
VideolanVlc Media Player Version0.1.99i
VideolanVlc Media Player Version0.2.0
VideolanVlc Media Player Version0.2.60
VideolanVlc Media Player Version0.2.61
VideolanVlc Media Player Version0.2.62
VideolanVlc Media Player Version0.2.63
VideolanVlc Media Player Version0.2.70
VideolanVlc Media Player Version0.2.71
VideolanVlc Media Player Version0.2.72
VideolanVlc Media Player Version0.2.73
VideolanVlc Media Player Version0.2.80
VideolanVlc Media Player Version0.2.81
VideolanVlc Media Player Version0.2.82
VideolanVlc Media Player Version0.2.83
VideolanVlc Media Player Version0.2.90
VideolanVlc Media Player Version0.2.91
VideolanVlc Media Player Version0.2.92
VideolanVlc Media Player Version0.3.0
VideolanVlc Media Player Version0.3.1
VideolanVlc Media Player Version0.4.0
VideolanVlc Media Player Version0.4.1
VideolanVlc Media Player Version0.4.2
VideolanVlc Media Player Version0.4.3
VideolanVlc Media Player Version0.4.4
VideolanVlc Media Player Version0.4.5
VideolanVlc Media Player Version0.4.6
VideolanVlc Media Player Version0.5.0
VideolanVlc Media Player Version0.5.1
VideolanVlc Media Player Version0.5.2
VideolanVlc Media Player Version0.5.3
VideolanVlc Media Player Version0.6.0
VideolanVlc Media Player Version0.6.1
VideolanVlc Media Player Version0.6.2
VideolanVlc Media Player Version0.7.0
VideolanVlc Media Player Version0.7.2
VideolanVlc Media Player Version0.8.0
VideolanVlc Media Player Version0.8.1
VideolanVlc Media Player Version0.8.2
VideolanVlc Media Player Version0.8.4
VideolanVlc Media Player Version0.8.5
VideolanVlc Media Player Version0.8.6
VideolanVlc Media Player Version0.9.2
VideolanVlc Media Player Version0.9.3
VideolanVlc Media Player Version0.9.4
VideolanVlc Media Player Version0.9.5
VideolanVlc Media Player Version0.9.6
VideolanVlc Media Player Version0.9.8a
VideolanVlc Media Player Version0.9.9
VideolanVlc Media Player Version0.9.10
VideolanVlc Media Player Version1.0.0
VideolanVlc Media Player Version1.0.1
VideolanVlc Media Player Version1.0.2
VideolanVlc Media Player Version1.0.3
VideolanVlc Media Player Version1.0.4
VideolanVlc Media Player Version1.0.5
VideolanVlc Media Player Version1.0.6
VideolanVlc Media Player Version1.1.0
VideolanVlc Media Player Version1.1.1
VideolanVlc Media Player Version1.1.2
VideolanVlc Media Player Version1.1.3
VideolanVlc Media Player Version1.1.4
Zu dieser CVE wurde keine Warnung gefunden.
EPSS Metriken
Typ Quelle Score Percentile
EPSS FIRST.org 5.77% 0.921
CVSS Metriken
Quelle Base Score Exploit Score Impact Score Vector String
nvd@nist.gov 9.3 8.6 10
AV:N/AC:M/Au:N/C:C/I:C/A:C
Es wurden noch keine Informationen zu CWE veröffentlicht.
http://git.videolan.org/?p=vlc.git%3Ba=commit%3Bh=6568965770f906d34d4aef83237842a5376adb55
http://www.cs.brown.edu/people/drosenbe/research.html
http://www.securityfocus.com/bid/45632
http://www.videolan.org/security/sa1007.html
Patch
Vendor Advisory
http://www.vupen.com/english/advisories/2010/3345
Vendor Advisory
https://exchange.xforce.ibmcloud.com/vulnerabilities/64461
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A13950