CVE-2013-3245

Exploit

EPSS 1.87%
Veröffentlicht 10.07.2013 19:55:04
Zuletzt bearbeitet 11.04.2025 00:51:21
Quelle PSIRT-CNA@flexerasoftware.com
CVE-Watchlists
Login
Unerledigt
Login

plugins/demux/libmkv_plugin.dll in VideoLAN VLC Media Player 2.0.7, and possibly other versions, allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a crafted MKV file, possibly involving an integer overflow and out-of-bounds read or heap-based buffer overflow, or an uncaught exception.  NOTE: the vendor disputes the severity and claimed vulnerability type of this issue, stating "This PoC crashes VLC, indeed, but does nothing more... this is not an integer overflow error, but an uncaught exception and I doubt that it is exploitable. This uncaught exception makes VLC abort, not execute random code, on my Linux 64bits machine." A PoC posted by the original researcher shows signs of an attacker-controlled out-of-bounds read, but the affected instruction does not involve a register that directly influences control flow

Betroffene Produkte Warnungen 0 Metriken 3 CWE 3 Referenzen 10

Daten sind bereitgestellt durch National Vulnerability Database (NVD)

Videolan ≫ Vlc Media Player Version2.0.7

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Typ	Quelle	Score	Percentile
EPSS	FIRST.org	1.87%	0.823

CVSS Metriken
Quelle	Base Score	Exploit Score	Impact Score	Vector String
nvd@nist.gov	6.8	8.6	6.4	AV:N/AC:M/Au:N/C:P/I:P/A:P
134c704f-9b21-4f2e-91b3-4a467353bcc0	6.3	2.8	3.4	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L

CWE-119 Improper Restriction of Operations within the Bounds of a Memory Buffer

The product performs operations on a memory buffer, but it reads from or writes to a memory location outside the buffer's intended boundary. This may result in read or write operations on unexpected memory locations that could be linked to other variables, data structures, or internal program data.

CWE-122 Heap-based Buffer Overflow

A heap overflow condition is a buffer overflow, where the buffer that can be overwritten is allocated in the heap portion of memory, generally meaning that the buffer was allocated using a routine such as malloc().

CWE-125 Out-of-bounds Read

The product reads data past the end, or before the beginning, of the intended buffer.

http://seclists.org/fulldisclosure/2013/Jul/71

Exploit

http://seclists.org/fulldisclosure/2013/Jul/77

http://seclists.org/fulldisclosure/2013/Jul/79

http://secunia.com/advisories/52956

Vendor Advisory

http://secunia.com/blog/372/

Vendor Advisory

http://www.jbkempf.com/blog/post/2013/More-lies-from-Secunia

http://www.securityfocus.com/bid/61032

https://nvd.nist.gov/vuln/detail/CVE-2013-3245

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2013-3245

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2013-3245

EUVD