9.3

CVE-2012-0023

Double free vulnerability in the get_chunk_header function in modules/demux/ty.c in VideoLAN VLC media player 0.9.0 through 1.1.12 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a crafted TiVo (TY) file.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
VideolanVlc Media Player Version0.9.0
VideolanVlc Media Player Version0.9.1
VideolanVlc Media Player Version0.9.2
VideolanVlc Media Player Version0.9.3
VideolanVlc Media Player Version0.9.4
VideolanVlc Media Player Version0.9.5
VideolanVlc Media Player Version0.9.6
VideolanVlc Media Player Version0.9.8a
VideolanVlc Media Player Version0.9.9
VideolanVlc Media Player Version0.9.9a
VideolanVlc Media Player Version0.9.10
VideolanVlc Media Player Version1.0.0
VideolanVlc Media Player Version1.0.1
VideolanVlc Media Player Version1.0.2
VideolanVlc Media Player Version1.0.3
VideolanVlc Media Player Version1.0.4
VideolanVlc Media Player Version1.0.5
VideolanVlc Media Player Version1.0.6
VideolanVlc Media Player Version1.1.0
VideolanVlc Media Player Version1.1.1
VideolanVlc Media Player Version1.1.2
VideolanVlc Media Player Version1.1.3
VideolanVlc Media Player Version1.1.4
VideolanVlc Media Player Version1.1.4.1
VideolanVlc Media Player Version1.1.5
VideolanVlc Media Player Version1.1.6
VideolanVlc Media Player Version1.1.6.1
VideolanVlc Media Player Version1.1.7
VideolanVlc Media Player Version1.1.8
VideolanVlc Media Player Version1.1.9
VideolanVlc Media Player Version1.1.10
VideolanVlc Media Player Version1.1.10.1
VideolanVlc Media Player Version1.1.11
VideolanVlc Media Player Version1.1.12
Zu dieser CVE wurde keine Warnung gefunden.
EPSS Metriken
Typ Quelle Score Percentile
EPSS FIRST.org 4.92% 0.91
CVSS Metriken
Quelle Base Score Exploit Score Impact Score Vector String
nvd@nist.gov 9.3 8.6 10
AV:N/AC:M/Au:N/C:C/I:C/A:C
Es wurden noch keine Informationen zu CWE veröffentlicht.
http://git.videolan.org/?p=vlc.git%3Ba=commit%3Bh=7d282fac1cc455b5a5eca2bb56375efcbf879b06
http://secunia.com/advisories/47325
Vendor Advisory
http://securitytracker.com/id?1026449
http://www.openwall.com/lists/oss-security/2012/10/29/5
http://www.openwall.com/lists/oss-security/2012/10/30/9
http://www.osvdb.org/77975
http://www.securityfocus.com/bid/51231
http://www.videolan.org/security/sa1108.html
Patch
Vendor Advisory
https://exchange.xforce.ibmcloud.com/vulnerabilities/71916
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A15893