Vulnerabilities > CVE-2007-3316 - Format String vulnerability in VLC Media Player 0.8.6A/0.8.6B
Attack vector
NETWORK Attack complexity
MEDIUM Privileges required
NONE Confidentiality impact
COMPLETE Integrity impact
COMPLETE Availability impact
COMPLETE Summary
Multiple format string vulnerabilities in plugins in VideoLAN VLC Media Player before 0.8.6c allow remote attackers to cause a denial of service (crash) or execute arbitrary code via format string specifiers in (1) an Ogg/Vorbis file, (2) an Ogg/Theora file, (3) a CDDB entry for a CD Digital Audio (CDDA) file, or (4) Service Announce Protocol (SAP) multicast packets.
Vulnerable Configurations
Part | Description | Count |
---|---|---|
Application | 2 |
Nessus
NASL family Debian Local Security Checks NASL id DEBIAN_DSA-1332.NASL description Several remote vulnerabilities have been discovered in the VideoLan multimedia player and streamer, which may lead to the execution of arbitrary code. The Common Vulnerabilities and Exposures project identifies the following problems : - CVE-2007-3316 David Thiel discovered that several format string vulnerabilities may lead to the execution of arbitrary code. - CVE-2007-3467 David Thiel discovered an integer overflow in the WAV processing code. This update also fixes several crashes, which can be triggered through malformed media files. last seen 2020-06-01 modified 2020-06-02 plugin id 25695 published 2007-07-11 reporter This script is Copyright (C) 2007-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/25695 title Debian DSA-1332-1 : vlc - several vulnerabilities code #%NASL_MIN_LEVEL 80502 # # (C) Tenable Network Security, Inc. # # The descriptive text and package checks in this plugin were # extracted from Debian Security Advisory DSA-1332. The text # itself is copyright (C) Software in the Public Interest, Inc. # include("compat.inc"); if (description) { script_id(25695); script_version("1.19"); script_cvs_date("Date: 2019/08/02 13:32:20"); script_cve_id("CVE-2007-3316", "CVE-2007-3467", "CVE-2007-3468"); script_xref(name:"DSA", value:"1332"); script_name(english:"Debian DSA-1332-1 : vlc - several vulnerabilities"); script_summary(english:"Checks dpkg output for the updated package"); script_set_attribute( attribute:"synopsis", value:"The remote Debian host is missing a security-related update." ); script_set_attribute( attribute:"description", value: "Several remote vulnerabilities have been discovered in the VideoLan multimedia player and streamer, which may lead to the execution of arbitrary code. The Common Vulnerabilities and Exposures project identifies the following problems : - CVE-2007-3316 David Thiel discovered that several format string vulnerabilities may lead to the execution of arbitrary code. - CVE-2007-3467 David Thiel discovered an integer overflow in the WAV processing code. This update also fixes several crashes, which can be triggered through malformed media files." ); script_set_attribute( attribute:"see_also", value:"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=429726" ); script_set_attribute( attribute:"see_also", value:"https://security-tracker.debian.org/tracker/CVE-2007-3316" ); script_set_attribute( attribute:"see_also", value:"https://security-tracker.debian.org/tracker/CVE-2007-3467" ); script_set_attribute( attribute:"see_also", value:"https://www.debian.org/security/2007/dsa-1332" ); script_set_attribute( attribute:"solution", value: "Upgrade the vlc packages. For the oldstable distribution (sarge) these problems have been fixed in version 0.8.1.svn20050314-1sarge3. Packages for the powerpc architecture are not yet available. They will be provided later. For the stable distribution (etch) these problems have been fixed in version 0.8.6-svn20061012.debian-5etch1." ); script_set_cvss_base_vector("CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C"); script_set_attribute(attribute:"exploitability_ease", value:"Exploits are available"); script_set_attribute(attribute:"exploit_available", value:"true"); script_set_attribute(attribute:"exploit_framework_core", value:"true"); script_set_attribute(attribute:"plugin_type", value:"local"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:vlc"); script_set_attribute(attribute:"cpe", value:"cpe:/o:debian:debian_linux:3.1"); script_set_attribute(attribute:"cpe", value:"cpe:/o:debian:debian_linux:4.0"); script_set_attribute(attribute:"patch_publication_date", value:"2007/07/09"); script_set_attribute(attribute:"plugin_publication_date", value:"2007/07/11"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_copyright(english:"This script is Copyright (C) 2007-2019 and is owned by Tenable, Inc. or an Affiliate thereof."); script_family(english:"Debian Local Security Checks"); script_dependencies("ssh_get_info.nasl"); script_require_keys("Host/local_checks_enabled", "Host/Debian/release", "Host/Debian/dpkg-l"); exit(0); } include("audit.inc"); include("debian_package.inc"); if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED); if (!get_kb_item("Host/Debian/release")) audit(AUDIT_OS_NOT, "Debian"); if (!get_kb_item("Host/Debian/dpkg-l")) audit(AUDIT_PACKAGE_LIST_MISSING); flag = 0; if (deb_check(release:"3.1", prefix:"gnome-vlc", reference:"0.8.1.svn20050314-1sarge3")) flag++; if (deb_check(release:"3.1", prefix:"gvlc", reference:"0.8.1.svn20050314-1sarge3")) flag++; if (deb_check(release:"3.1", prefix:"kvlc", reference:"0.8.1.svn20050314-1sarge3")) flag++; if (deb_check(release:"3.1", prefix:"libvlc0-dev", reference:"0.8.1.svn20050314-1sarge3")) flag++; if (deb_check(release:"3.1", prefix:"mozilla-plugin-vlc", reference:"0.8.1.svn20050314-1sarge3")) flag++; if (deb_check(release:"3.1", prefix:"qvlc", reference:"0.8.1.svn20050314-1sarge3")) flag++; if (deb_check(release:"3.1", prefix:"vlc", reference:"0.8.1.svn20050314-1sarge3")) flag++; if (deb_check(release:"3.1", prefix:"vlc-alsa", reference:"0.8.1.svn20050314-1sarge3")) flag++; if (deb_check(release:"3.1", prefix:"vlc-esd", reference:"0.8.1.svn20050314-1sarge3")) flag++; if (deb_check(release:"3.1", prefix:"vlc-ggi", reference:"0.8.1.svn20050314-1sarge3")) flag++; if (deb_check(release:"3.1", prefix:"vlc-glide", reference:"0.8.1.svn20050314-1sarge3")) flag++; if (deb_check(release:"3.1", prefix:"vlc-gnome", reference:"0.8.1.svn20050314-1sarge3")) flag++; if (deb_check(release:"3.1", prefix:"vlc-gtk", reference:"0.8.1.svn20050314-1sarge3")) flag++; if (deb_check(release:"3.1", prefix:"vlc-plugin-alsa", reference:"0.8.1.svn20050314-1sarge3")) flag++; if (deb_check(release:"3.1", prefix:"vlc-plugin-arts", reference:"0.8.1.svn20050314-1sarge3")) flag++; if (deb_check(release:"3.1", prefix:"vlc-plugin-esd", reference:"0.8.1.svn20050314-1sarge3")) flag++; if (deb_check(release:"3.1", prefix:"vlc-plugin-ggi", reference:"0.8.1.svn20050314-1sarge3")) flag++; if (deb_check(release:"3.1", prefix:"vlc-plugin-glide", reference:"0.8.1.svn20050314-1sarge3")) flag++; if (deb_check(release:"3.1", prefix:"vlc-plugin-sdl", reference:"0.8.1.svn20050314-1sarge3")) flag++; if (deb_check(release:"3.1", prefix:"vlc-plugin-svgalib", reference:"0.8.1.svn20050314-1sarge3")) flag++; if (deb_check(release:"3.1", prefix:"vlc-qt", reference:"0.8.1.svn20050314-1sarge3")) flag++; if (deb_check(release:"3.1", prefix:"vlc-sdl", reference:"0.8.1.svn20050314-1sarge3")) flag++; if (deb_check(release:"3.1", prefix:"wxvlc", reference:"0.8.1.svn20050314-1sarge3")) flag++; if (deb_check(release:"4.0", prefix:"libvlc0", reference:"0.8.6-svn20061012.debian-5etch1")) flag++; if (deb_check(release:"4.0", prefix:"libvlc0-dev", reference:"0.8.6-svn20061012.debian-5etch1")) flag++; if (deb_check(release:"4.0", prefix:"mozilla-plugin-vlc", reference:"0.8.6-svn20061012.debian-5etch1")) flag++; if (deb_check(release:"4.0", prefix:"vlc", reference:"0.8.6-svn20061012.debian-5etch1")) flag++; if (deb_check(release:"4.0", prefix:"vlc-nox", reference:"0.8.6-svn20061012.debian-5etch1")) flag++; if (deb_check(release:"4.0", prefix:"vlc-plugin-alsa", reference:"0.8.6-svn20061012.debian-5etch1")) flag++; if (deb_check(release:"4.0", prefix:"vlc-plugin-arts", reference:"0.8.6-svn20061012.debian-5etch1")) flag++; if (deb_check(release:"4.0", prefix:"vlc-plugin-esd", reference:"0.8.6-svn20061012.debian-5etch1")) flag++; if (deb_check(release:"4.0", prefix:"vlc-plugin-ggi", reference:"0.8.6-svn20061012.debian-5etch1")) flag++; if (deb_check(release:"4.0", prefix:"vlc-plugin-glide", reference:"0.8.6-svn20061012.debian-5etch1")) flag++; if (deb_check(release:"4.0", prefix:"vlc-plugin-sdl", reference:"0.8.6-svn20061012.debian-5etch1")) flag++; if (deb_check(release:"4.0", prefix:"vlc-plugin-svgalib", reference:"0.8.6-svn20061012.debian-5etch1")) flag++; if (deb_check(release:"4.0", prefix:"wxvlc", reference:"0.8.6-svn20061012.debian-5etch1")) flag++; if (flag) { if (report_verbosity > 0) security_hole(port:0, extra:deb_report_get()); else security_hole(0); exit(0); } else audit(AUDIT_HOST_NOT, "affected");
NASL family FreeBSD Local Security Checks NASL id FREEBSD_PKG_7128FB45263311DC94DA0016179B2DD5.NASL description isecpartners reports : VLC is vulnerable to a format string attack in the parsing of Vorbis comments in Ogg Vorbis and Ogg Theora files, CDDA data or SAP/SDP service discovery messages. Additionally, there are two errors in the handling of wav files, one a denial of service due to an uninitialized variable, and one integer overflow in sampling frequency calculations. last seen 2020-06-01 modified 2020-06-02 plugin id 25634 published 2007-07-01 reporter This script is Copyright (C) 2007-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/25634 title FreeBSD : vlc -- format string vulnerability and integer overflow (7128fb45-2633-11dc-94da-0016179b2dd5) NASL family Gentoo Local Security Checks NASL id GENTOO_GLSA-200707-12.NASL description The remote host is affected by the vulnerability described in GLSA-200707-12 (VLC media player: Format string vulnerabilities) David Thiel from iSEC Partners Inc. discovered format string errors in various plugins when parsing data. The affected plugins include Vorbis, Theora, CDDA and SAP. Impact : A remote attacker could entice a user to open a specially crafted media file, possibly resulting in the execution of arbitrary code with the privileges of the user running VLC media player. Workaround : There is no known workaround at this time. last seen 2020-06-01 modified 2020-06-02 plugin id 25808 published 2007-07-30 reporter This script is Copyright (C) 2007-2019 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/25808 title GLSA-200707-12 : VLC media player: Format string vulnerabilities
Oval
accepted | 2012-11-19T04:00:14.513-05:00 | ||||||||||||
class | vulnerability | ||||||||||||
contributors |
| ||||||||||||
definition_extensions |
| ||||||||||||
description | Multiple format string vulnerabilities in plugins in VideoLAN VLC Media Player before 0.8.6c allow remote attackers to cause a denial of service (crash) or execute arbitrary code via format string specifiers in (1) an Ogg/Vorbis file, (2) an Ogg/Theora file, (3) a CDDB entry for a CD Digital Audio (CDDA) file, or (4) Service Announce Protocol (SAP) multicast packets. | ||||||||||||
family | windows | ||||||||||||
id | oval:org.mitre.oval:def:14600 | ||||||||||||
status | accepted | ||||||||||||
submitted | 2012-01-24T15:20:33.178-04:00 | ||||||||||||
title | Multiple format string vulnerabilities in plugins in VideoLAN VLC Media Player before 0.8.6c | ||||||||||||
version | 7 |
References
- http://osvdb.org/37379
- http://osvdb.org/37380
- http://osvdb.org/37381
- http://osvdb.org/37382
- http://secunia.com/advisories/25753
- http://secunia.com/advisories/25980
- http://secunia.com/advisories/26269
- http://security.gentoo.org/glsa/glsa-200707-12.xml
- http://www.debian.org/security/2007/dsa-1332
- http://www.isecpartners.com/advisories/2007-001-vlc.txt
- http://www.kb.cert.org/vuls/id/200928
- http://www.securityfocus.com/archive/1/471933/100/0/threaded
- http://www.securityfocus.com/bid/24555
- http://www.videolan.org/sa0702.html
- http://www.vupen.com/english/advisories/2007/2262
- https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A14600