Vulnerabilities > CVE-2007-0017 - USE of Externally-Controlled Format String vulnerability in Videolan VLC Media Player
Attack vector
NETWORK Attack complexity
MEDIUM Privileges required
NONE Confidentiality impact
PARTIAL Integrity impact
PARTIAL Availability impact
PARTIAL Summary
Multiple format string vulnerabilities in (1) the cdio_log_handler function in modules/access/cdda/access.c in the CDDA (libcdda_plugin) plugin, and the (2) cdio_log_handler and (3) vcd_log_handler functions in modules/access/vcdx/access.c in the VCDX (libvcdx_plugin) plugin, in VideoLAN VLC 0.7.0 through 0.8.6 allow user-assisted remote attackers to execute arbitrary code via format string specifiers in an invalid URI, as demonstrated by a udp://-- URI in an M3U file.
Vulnerable Configurations
Common Weakness Enumeration (CWE)
Common Attack Pattern Enumeration and Classification (CAPEC)
- Format String Injection An attacker includes formatting characters in a string input field on the target application. Most applications assume that users will provide static text and may respond unpredictably to the presence of formatting character. For example, in certain functions of the C programming languages such as printf, the formatting character %s will print the contents of a memory location expecting this location to identify a string and the formatting character %n prints the number of DWORD written in the memory. An attacker can use this to read or write to memory locations or files, or simply to manipulate the value of the resulting text in unexpected ways. Reading or writing memory may result in program crashes and writing memory could result in the execution of arbitrary code if the attacker can write to the program stack.
- String Format Overflow in syslog() This attack targets the format string vulnerabilities in the syslog() function. An attacker would typically inject malicious input in the format string parameter of the syslog function. This is a common problem, and many public vulnerabilities and associated exploits have been posted.
Nessus
NASL family Gentoo Local Security Checks NASL id GENTOO_GLSA-200701-24.NASL description The remote host is affected by the vulnerability described in GLSA-200701-24 (VLC media player: Format string vulnerability) Kevin Finisterre has discovered that when handling media locations, various functions throughout VLC media player make improper use of format strings. Impact : An attacker could entice a user to open a specially crafted media location or M3U file with VLC media player, and execute arbitrary code on the system with the rights of the user running VLC media player. Workaround : There is no known workaround at this time. last seen 2020-06-01 modified 2020-06-02 plugin id 24309 published 2007-02-09 reporter This script is Copyright (C) 2007-2019 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/24309 title GLSA-200701-24 : VLC media player: Format string vulnerability code #%NASL_MIN_LEVEL 80502 # # (C) Tenable Network Security, Inc. # # The descriptive text and package checks in this plugin were # extracted from Gentoo Linux Security Advisory GLSA 200701-24. # # The advisory text is Copyright (C) 2001-2015 Gentoo Foundation, Inc. # and licensed under the Creative Commons - Attribution / Share Alike # license. See http://creativecommons.org/licenses/by-sa/3.0/ # include("compat.inc"); if (description) { script_id(24309); script_version("1.13"); script_cvs_date("Date: 2019/08/02 13:32:43"); script_cve_id("CVE-2007-0017"); script_xref(name:"GLSA", value:"200701-24"); script_name(english:"GLSA-200701-24 : VLC media player: Format string vulnerability"); script_summary(english:"Checks for updated package(s) in /var/db/pkg"); script_set_attribute( attribute:"synopsis", value: "The remote Gentoo host is missing one or more security-related patches." ); script_set_attribute( attribute:"description", value: "The remote host is affected by the vulnerability described in GLSA-200701-24 (VLC media player: Format string vulnerability) Kevin Finisterre has discovered that when handling media locations, various functions throughout VLC media player make improper use of format strings. Impact : An attacker could entice a user to open a specially crafted media location or M3U file with VLC media player, and execute arbitrary code on the system with the rights of the user running VLC media player. Workaround : There is no known workaround at this time." ); script_set_attribute( attribute:"see_also", value:"https://security.gentoo.org/glsa/200701-24" ); script_set_attribute( attribute:"solution", value: "All VLC media player users should upgrade to the latest version: # emerge --sync # emerge --ask --oneshot --verbose '>=media-video/vlc-0.8.6-r1'" ); script_set_cvss_base_vector("CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P"); script_set_attribute(attribute:"plugin_type", value:"local"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:gentoo:linux:vlc"); script_set_attribute(attribute:"cpe", value:"cpe:/o:gentoo:linux"); script_set_attribute(attribute:"patch_publication_date", value:"2007/01/26"); script_set_attribute(attribute:"plugin_publication_date", value:"2007/02/09"); script_set_attribute(attribute:"vuln_publication_date", value:"2007/01/02"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_copyright(english:"This script is Copyright (C) 2007-2019 Tenable Network Security, Inc."); script_family(english:"Gentoo Local Security Checks"); script_dependencies("ssh_get_info.nasl"); script_require_keys("Host/local_checks_enabled", "Host/Gentoo/release", "Host/Gentoo/qpkg-list"); exit(0); } include("audit.inc"); include("global_settings.inc"); include("qpkg.inc"); if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED); if (!get_kb_item("Host/Gentoo/release")) audit(AUDIT_OS_NOT, "Gentoo"); if (!get_kb_item("Host/Gentoo/qpkg-list")) audit(AUDIT_PACKAGE_LIST_MISSING); flag = 0; if (qpkg_check(package:"media-video/vlc", unaffected:make_list("ge 0.8.6-r1"), vulnerable:make_list("lt 0.8.6-r1"))) flag++; if (flag) { if (report_verbosity > 0) security_warning(port:0, extra:qpkg_report_get()); else security_warning(0); exit(0); } else { tested = qpkg_tests_get(); if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested); else audit(AUDIT_PACKAGE_NOT_INSTALLED, "VLC media player"); }NASL family Debian Local Security Checks NASL id DEBIAN_DSA-1252.NASL description Kevin Finisterre discovered several format string problems in vlc, a multimedia player and streamer, that could lead to the execution of arbitrary code. last seen 2020-06-01 modified 2020-06-02 plugin id 24291 published 2007-02-09 reporter This script is Copyright (C) 2007-2019 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/24291 title Debian DSA-1252-1 : vlc - format string code #%NASL_MIN_LEVEL 80502 # # (C) Tenable Network Security, Inc. # # The descriptive text and package checks in this plugin were # extracted from Debian Security Advisory DSA-1252. The text # itself is copyright (C) Software in the Public Interest, Inc. # include("compat.inc"); if (description) { script_id(24291); script_version("1.16"); script_cvs_date("Date: 2019/08/02 13:32:20"); script_cve_id("CVE-2007-0017"); script_bugtraq_id(21852); script_xref(name:"DSA", value:"1252"); script_name(english:"Debian DSA-1252-1 : vlc - format string"); script_summary(english:"Checks dpkg output for the updated package"); script_set_attribute( attribute:"synopsis", value:"The remote Debian host is missing a security-related update." ); script_set_attribute( attribute:"description", value: "Kevin Finisterre discovered several format string problems in vlc, a multimedia player and streamer, that could lead to the execution of arbitrary code." ); script_set_attribute( attribute:"see_also", value:"http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=405425" ); script_set_attribute( attribute:"see_also", value:"http://www.debian.org/security/2007/dsa-1252" ); script_set_attribute( attribute:"solution", value: "Upgrade the vlc packages. For the stable distribution (sarge) this problem has been fixed in version 0.8.1.svn20050314-1sarge2." ); script_set_cvss_base_vector("CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P"); script_set_cvss_temporal_vector("CVSS2#E:POC/RL:OF/RC:C"); script_set_attribute(attribute:"exploitability_ease", value:"Exploits are available"); script_set_attribute(attribute:"exploit_available", value:"true"); script_set_attribute(attribute:"plugin_type", value:"local"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:vlc"); script_set_attribute(attribute:"cpe", value:"cpe:/o:debian:debian_linux:3.1"); script_set_attribute(attribute:"patch_publication_date", value:"2007/01/27"); script_set_attribute(attribute:"plugin_publication_date", value:"2007/02/09"); script_set_attribute(attribute:"vuln_publication_date", value:"2007/01/02"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_copyright(english:"This script is Copyright (C) 2007-2019 Tenable Network Security, Inc."); script_family(english:"Debian Local Security Checks"); script_dependencies("ssh_get_info.nasl"); script_require_keys("Host/local_checks_enabled", "Host/Debian/release", "Host/Debian/dpkg-l"); exit(0); } include("audit.inc"); include("debian_package.inc"); if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED); if (!get_kb_item("Host/Debian/release")) audit(AUDIT_OS_NOT, "Debian"); if (!get_kb_item("Host/Debian/dpkg-l")) audit(AUDIT_PACKAGE_LIST_MISSING); flag = 0; if (deb_check(release:"3.1", prefix:"gnome-vlc", reference:"0.8.1.svn20050314-1sarge2")) flag++; if (deb_check(release:"3.1", prefix:"gvlc", reference:"0.8.1.svn20050314-1sarge2")) flag++; if (deb_check(release:"3.1", prefix:"kvlc", reference:"0.8.1.svn20050314-1sarge2")) flag++; if (deb_check(release:"3.1", prefix:"libvlc0-dev", reference:"0.8.1.svn20050314-1sarge2")) flag++; if (deb_check(release:"3.1", prefix:"mozilla-plugin-vlc", reference:"0.8.1.svn20050314-1sarge2")) flag++; if (deb_check(release:"3.1", prefix:"qvlc", reference:"0.8.1.svn20050314-1sarge2")) flag++; if (deb_check(release:"3.1", prefix:"vlc", reference:"0.8.1.svn20050314-1sarge2")) flag++; if (deb_check(release:"3.1", prefix:"vlc-alsa", reference:"0.8.1.svn20050314-1sarge2")) flag++; if (deb_check(release:"3.1", prefix:"vlc-esd", reference:"0.8.1.svn20050314-1sarge2")) flag++; if (deb_check(release:"3.1", prefix:"vlc-ggi", reference:"0.8.1.svn20050314-1sarge2")) flag++; if (deb_check(release:"3.1", prefix:"vlc-glide", reference:"0.8.1.svn20050314-1sarge2")) flag++; if (deb_check(release:"3.1", prefix:"vlc-gnome", reference:"0.8.1.svn20050314-1sarge2")) flag++; if (deb_check(release:"3.1", prefix:"vlc-gtk", reference:"0.8.1.svn20050314-1sarge2")) flag++; if (deb_check(release:"3.1", prefix:"vlc-plugin-alsa", reference:"0.8.1.svn20050314-1sarge2")) flag++; if (deb_check(release:"3.1", prefix:"vlc-plugin-arts", reference:"0.8.1.svn20050314-1sarge2")) flag++; if (deb_check(release:"3.1", prefix:"vlc-plugin-esd", reference:"0.8.1.svn20050314-1sarge2")) flag++; if (deb_check(release:"3.1", prefix:"vlc-plugin-ggi", reference:"0.8.1.svn20050314-1sarge2")) flag++; if (deb_check(release:"3.1", prefix:"vlc-plugin-glide", reference:"0.8.1.svn20050314-1sarge2")) flag++; if (deb_check(release:"3.1", prefix:"vlc-plugin-sdl", reference:"0.8.1.svn20050314-1sarge2")) flag++; if (deb_check(release:"3.1", prefix:"vlc-plugin-svgalib", reference:"0.8.1.svn20050314-1sarge2")) flag++; if (deb_check(release:"3.1", prefix:"vlc-qt", reference:"0.8.1.svn20050314-1sarge2")) flag++; if (deb_check(release:"3.1", prefix:"vlc-sdl", reference:"0.8.1.svn20050314-1sarge2")) flag++; if (deb_check(release:"3.1", prefix:"wxvlc", reference:"0.8.1.svn20050314-1sarge2")) flag++; if (flag) { if (report_verbosity > 0) security_warning(port:0, extra:deb_report_get()); else security_warning(0); exit(0); } else audit(AUDIT_HOST_NOT, "affected");NASL family Mandriva Local Security Checks NASL id MANDRAKE_MDKSA-2007-027.NASL description Format string vulnerability in the errors_create_window function in errors.c in xine-ui allows attackers to execute arbitrary code via unknown vectors. (CVE-2007-0254) XINE 0.99.4 allows user-assisted remote attackers to cause a denial of service (application crash) and possibly execute arbitrary code via a certain M3U file that contains a long #EXTINF line and contains format string specifiers in an invalid udp:// URI, possibly a variant of CVE-2007-0017. (CVE-2007-0255) The updated packages have been patched to correct these issues. last seen 2020-06-01 modified 2020-06-02 plugin id 24641 published 2007-02-18 reporter This script is Copyright (C) 2007-2019 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/24641 title Mandrake Linux Security Advisory : xine-ui (MDKSA-2007:027) code #%NASL_MIN_LEVEL 80502 # # (C) Tenable Network Security, Inc. # # The descriptive text and package checks in this plugin were # extracted from Mandrake Linux Security Advisory MDKSA-2007:027. # The text itself is copyright (C) Mandriva S.A. # include("compat.inc"); if (description) { script_id(24641); script_version ("1.16"); script_cvs_date("Date: 2019/08/02 13:32:48"); script_cve_id("CVE-2007-0254", "CVE-2007-0255"); script_bugtraq_id(22002); script_xref(name:"MDKSA", value:"2007:027"); script_name(english:"Mandrake Linux Security Advisory : xine-ui (MDKSA-2007:027)"); script_summary(english:"Checks rpm output for the updated packages"); script_set_attribute( attribute:"synopsis", value: "The remote Mandrake Linux host is missing one or more security updates." ); script_set_attribute( attribute:"description", value: "Format string vulnerability in the errors_create_window function in errors.c in xine-ui allows attackers to execute arbitrary code via unknown vectors. (CVE-2007-0254) XINE 0.99.4 allows user-assisted remote attackers to cause a denial of service (application crash) and possibly execute arbitrary code via a certain M3U file that contains a long #EXTINF line and contains format string specifiers in an invalid udp:// URI, possibly a variant of CVE-2007-0017. (CVE-2007-0255) The updated packages have been patched to correct these issues." ); script_set_attribute( attribute:"solution", value:"Update the affected xine-ui, xine-ui-aa and / or xine-ui-fb packages." ); script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C"); script_set_cvss_temporal_vector("CVSS2#E:ND/RL:OF/RC:ND"); script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available"); script_set_attribute(attribute:"exploit_available", value:"false"); script_set_attribute(attribute:"plugin_type", value:"local"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:xine-ui"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:xine-ui-aa"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:xine-ui-fb"); script_set_attribute(attribute:"cpe", value:"cpe:/o:mandriva:linux:2007"); script_set_attribute(attribute:"patch_publication_date", value:"2007/01/26"); script_set_attribute(attribute:"plugin_publication_date", value:"2007/02/18"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_copyright(english:"This script is Copyright (C) 2007-2019 Tenable Network Security, Inc."); script_family(english:"Mandriva Local Security Checks"); script_dependencies("ssh_get_info.nasl"); script_require_keys("Host/local_checks_enabled", "Host/cpu", "Host/Mandrake/release", "Host/Mandrake/rpm-list"); exit(0); } include("audit.inc"); include("global_settings.inc"); include("rpm.inc"); if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED); if (!get_kb_item("Host/Mandrake/release")) audit(AUDIT_OS_NOT, "Mandriva / Mandake Linux"); if (!get_kb_item("Host/Mandrake/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING); cpu = get_kb_item("Host/cpu"); if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH); if (cpu !~ "^(amd64|i[3-6]86|x86_64)$") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "Mandriva / Mandrake Linux", cpu); flag = 0; if (rpm_check(release:"MDK2007.0", reference:"xine-ui-0.99.4-7.1mdv2007.0", yank:"mdv")) flag++; if (rpm_check(release:"MDK2007.0", reference:"xine-ui-aa-0.99.4-7.1mdv2007.0", yank:"mdv")) flag++; if (rpm_check(release:"MDK2007.0", reference:"xine-ui-fb-0.99.4-7.1mdv2007.0", yank:"mdv")) flag++; if (flag) { if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get()); else security_hole(0); exit(0); } else audit(AUDIT_HOST_NOT, "affected");NASL family SuSE Local Security Checks NASL id SUSE_XINE-LIB-2487.NASL description This update fixes several format string bugs that can be exploited remotely with user-assistance to execute arbitrary code. (CVE-2007-0017) last seen 2020-06-01 modified 2020-06-02 plugin id 27487 published 2007-10-17 reporter This script is Copyright (C) 2007-2019 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/27487 title openSUSE 10 Security Update : xine-lib (xine-lib-2487) code #%NASL_MIN_LEVEL 80502 # # (C) Tenable Network Security, Inc. # # The descriptive text and package checks in this plugin were # extracted from openSUSE Security Update xine-lib-2487. # # The text description of this plugin is (C) SUSE LLC. # include("compat.inc"); if (description) { script_id(27487); script_version ("1.12"); script_cvs_date("Date: 2019/10/25 13:36:31"); script_cve_id("CVE-2007-0017"); script_name(english:"openSUSE 10 Security Update : xine-lib (xine-lib-2487)"); script_summary(english:"Check for the xine-lib-2487 patch"); script_set_attribute( attribute:"synopsis", value:"The remote openSUSE host is missing a security update." ); script_set_attribute( attribute:"description", value: "This update fixes several format string bugs that can be exploited remotely with user-assistance to execute arbitrary code. (CVE-2007-0017)" ); script_set_attribute( attribute:"solution", value:"Update the affected xine-lib packages." ); script_set_cvss_base_vector("CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P"); script_set_attribute(attribute:"plugin_type", value:"local"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:xine-devel"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:xine-extra"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:xine-lib"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:xine-lib-32bit"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:xine-ui"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:xine-ui-32bit"); script_set_attribute(attribute:"cpe", value:"cpe:/o:novell:opensuse:10.2"); script_set_attribute(attribute:"patch_publication_date", value:"2007/01/16"); script_set_attribute(attribute:"plugin_publication_date", value:"2007/10/17"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_copyright(english:"This script is Copyright (C) 2007-2019 Tenable Network Security, Inc."); script_family(english:"SuSE Local Security Checks"); script_dependencies("ssh_get_info.nasl"); script_require_keys("Host/local_checks_enabled", "Host/SuSE/release", "Host/SuSE/rpm-list", "Host/cpu"); exit(0); } include("audit.inc"); include("global_settings.inc"); include("rpm.inc"); if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED); release = get_kb_item("Host/SuSE/release"); if (isnull(release) || release =~ "^(SLED|SLES)") audit(AUDIT_OS_NOT, "openSUSE"); if (release !~ "^(SUSE10\.2)$") audit(AUDIT_OS_RELEASE_NOT, "openSUSE", "10.2", release); if (!get_kb_item("Host/SuSE/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING); ourarch = get_kb_item("Host/cpu"); if (!ourarch) audit(AUDIT_UNKNOWN_ARCH); if (ourarch !~ "^(i586|i686|x86_64)$") audit(AUDIT_ARCH_NOT, "i586 / i686 / x86_64", ourarch); flag = 0; if ( rpm_check(release:"SUSE10.2", reference:"xine-devel-1.1.2-40.1") ) flag++; if ( rpm_check(release:"SUSE10.2", reference:"xine-extra-1.1.2-40.1") ) flag++; if ( rpm_check(release:"SUSE10.2", reference:"xine-lib-1.1.2-40.1") ) flag++; if ( rpm_check(release:"SUSE10.2", reference:"xine-ui-0.99.4-84.1") ) flag++; if ( rpm_check(release:"SUSE10.2", cpu:"x86_64", reference:"xine-lib-32bit-1.1.2-40.1") ) flag++; if ( rpm_check(release:"SUSE10.2", cpu:"x86_64", reference:"xine-ui-32bit-0.99.4-84.1") ) flag++; if (flag) { if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get()); else security_warning(0); exit(0); } else { tested = pkg_tests_get(); if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested); else audit(AUDIT_PACKAGE_NOT_INSTALLED, "xine"); }NASL family SuSE Local Security Checks NASL id SUSE_XINE-LIB-2505.NASL description This update fixes several format string bugs that can be exploited remotely with user-assistance to execute arbitrary code. (CVE-2007-0017) last seen 2020-06-01 modified 2020-06-02 plugin id 29600 published 2007-12-13 reporter This script is Copyright (C) 2007-2019 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/29600 title SuSE 10 Security Update : xine (ZYPP Patch Number 2505) NASL family SuSE Local Security Checks NASL id SUSE_SA_2007_013.NASL description The remote host is missing the patch for the advisory SUSE-SA:2007:013 (xine-ui,xine-lib,xine-extra,xine-devel). This update fixes several format string bugs that can be exploited remotely with user-assistance to execute arbitrary code. Since SUSE Linux version 10.1 format string bugs are not exploitable anymore. (CVE-2007-0017) last seen 2019-10-28 modified 2007-02-18 plugin id 24466 published 2007-02-18 reporter This script is Copyright (C) 2007-2019 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/24466 title SUSE-SA:2007:013: xine-ui,xine-lib,xine-extra,xine-devel NASL family SuSE Local Security Checks NASL id SUSE_XINE-LIB-2488.NASL description This update fixes several format string bugs that can be exploited remotely with user-assistance to execute arbitrary code. (CVE-2007-0017) last seen 2020-06-01 modified 2020-06-02 plugin id 27488 published 2007-10-17 reporter This script is Copyright (C) 2007-2019 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/27488 title openSUSE 10 Security Update : xine-lib (xine-lib-2488) NASL family Mandriva Local Security Checks NASL id MANDRAKE_MDKSA-2007-154.NASL description Format string vulnerability in the errors_create_window function in errors.c in xine-ui allows attackers to execute arbitrary code via unknown vectors. (CVE-2007-0254) XINE 0.99.4 allows user-assisted remote attackers to cause a denial of service (application crash) and possibly execute arbitrary code via a certain M3U file that contains a long #EXTINF line and contains format string specifiers in an invalid udp:// URI, possibly a variant of CVE-2007-0017. (CVE-2007-0255) Updated packages have been patched to prevent these issues. last seen 2020-06-01 modified 2020-06-02 plugin id 37370 published 2009-04-23 reporter This script is Copyright (C) 2009-2019 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/37370 title Mandrake Linux Security Advisory : xine-ui (MDKSA-2007:154)
Oval
| accepted | 2012-11-19T04:00:08.931-05:00 | ||||||||
| class | vulnerability | ||||||||
| contributors |
| ||||||||
| definition_extensions |
| ||||||||
| description | Multiple format string vulnerabilities in (1) the cdio_log_handler function in modules/access/cdda/access.c in the CDDA (libcdda_plugin) plugin, and the (2) cdio_log_handler and (3) vcd_log_handler functions in modules/access/vcdx/access.c in the VCDX (libvcdx_plugin) plugin, in VideoLAN VLC 0.7.0 through 0.8.6 allow user-assisted remote attackers to execute arbitrary code via format string specifiers in an invalid URI, as demonstrated by a udp://-- URI in an M3U file. | ||||||||
| family | windows | ||||||||
| id | oval:org.mitre.oval:def:14313 | ||||||||
| status | accepted | ||||||||
| submitted | 2012-01-24T15:20:33.178-04:00 | ||||||||
| title | Multiple format string vulnerabilities in VideoLAN VLC 0.7.0 through 0.8.6 | ||||||||
| version | 6 |
Packetstorm
data source https://packetstormsecurity.com/files/download/53414/VLCMediaSlayer-ppc.pl.txt id PACKETSTORM:53414 last seen 2016-12-05 published 2007-01-04 reporter Kevin Finisterre source https://packetstormsecurity.com/files/53414/VLCMediaSlayer-ppc.pl.txt.html title VLCMediaSlayer-ppc.pl.txt data source https://packetstormsecurity.com/files/download/53413/VLCMediaSlayer-x86.pl.txt id PACKETSTORM:53413 last seen 2016-12-05 published 2007-01-04 reporter Kevin Finisterre source https://packetstormsecurity.com/files/53413/VLCMediaSlayer-x86.pl.txt.html title VLCMediaSlayer-x86.pl.txt
References
- http://applefun.blogspot.com/2007/01/moab-02-01-2007-vlc-media-player-udp.html
- http://landonf.bikemonkey.org/code/macosx/MOAB_Day_2.20070103045559.6753.timor.html
- http://osvdb.org/31163
- http://projects.info-pull.com/moab/MOAB-02-01-2007.html
- http://secunia.com/advisories/23592
- http://secunia.com/advisories/23829
- http://secunia.com/advisories/23910
- http://secunia.com/advisories/23971
- http://security.gentoo.org/glsa/glsa-200701-24.xml
- http://securitytracker.com/id?1017464
- http://trac.videolan.org/vlc/changeset/18481
- http://www.debian.org/security/2007/dsa-1252
- http://www.novell.com/linux/security/advisories/2007_13_xine.html
- http://www.securityfocus.com/bid/21852
- http://www.via.ecp.fr/via/ml/vlc-devel/2007-01/msg00005.html
- http://www.videolan.org/patches/vlc-0.8.6-MOAB-02-01-2007.patch
- http://www.videolan.org/sa0701.html
- http://www.vupen.com/english/advisories/2007/0026
- https://exchange.xforce.ibmcloud.com/vulnerabilities/31226
- https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A14313