Vulnerabilities > CVE-2007-3467 - Denial-Of-Service vulnerability in VLC media player

047910
CVSS 7.8 - HIGH
Attack vector
NETWORK
Attack complexity
LOW
Privileges required
NONE
Confidentiality impact
NONE
Integrity impact
NONE
Availability impact
COMPLETE
network
low complexity
videolan
nessus

Summary

Integer overflow in the __status_Update function in stats.c VideoLAN VLC Media Player before 0.8.6c allows remote attackers to cause a denial of service (crash) via a WAV file with a large sample rate.

Vulnerable Configurations

Part Description Count
Application
Videolan
57

Nessus

  • NASL familyDebian Local Security Checks
    NASL idDEBIAN_DSA-1332.NASL
    descriptionSeveral remote vulnerabilities have been discovered in the VideoLan multimedia player and streamer, which may lead to the execution of arbitrary code. The Common Vulnerabilities and Exposures project identifies the following problems : - CVE-2007-3316 David Thiel discovered that several format string vulnerabilities may lead to the execution of arbitrary code. - CVE-2007-3467 David Thiel discovered an integer overflow in the WAV processing code. This update also fixes several crashes, which can be triggered through malformed media files.
    last seen2020-06-01
    modified2020-06-02
    plugin id25695
    published2007-07-11
    reporterThis script is Copyright (C) 2007-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/25695
    titleDebian DSA-1332-1 : vlc - several vulnerabilities
    code
    #%NASL_MIN_LEVEL 80502
    #
    # (C) Tenable Network Security, Inc.
    #
    # The descriptive text and package checks in this plugin were  
    # extracted from Debian Security Advisory DSA-1332. The text 
    # itself is copyright (C) Software in the Public Interest, Inc.
    #
    
    include("compat.inc");
    
    if (description)
    {
      script_id(25695);
      script_version("1.19");
      script_cvs_date("Date: 2019/08/02 13:32:20");
    
      script_cve_id("CVE-2007-3316", "CVE-2007-3467", "CVE-2007-3468");
      script_xref(name:"DSA", value:"1332");
    
      script_name(english:"Debian DSA-1332-1 : vlc - several vulnerabilities");
      script_summary(english:"Checks dpkg output for the updated package");
    
      script_set_attribute(
        attribute:"synopsis", 
        value:"The remote Debian host is missing a security-related update."
      );
      script_set_attribute(
        attribute:"description", 
        value:
    "Several remote vulnerabilities have been discovered in the VideoLan
    multimedia player and streamer, which may lead to the execution of
    arbitrary code. The Common Vulnerabilities and Exposures project
    identifies the following problems :
    
      - CVE-2007-3316
        David Thiel discovered that several format string
        vulnerabilities may lead to the execution of arbitrary
        code.
    
      - CVE-2007-3467
        David Thiel discovered an integer overflow in the WAV
        processing code.
    
    This update also fixes several crashes, which can be triggered through
    malformed media files."
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=429726"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://security-tracker.debian.org/tracker/CVE-2007-3316"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://security-tracker.debian.org/tracker/CVE-2007-3467"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://www.debian.org/security/2007/dsa-1332"
      );
      script_set_attribute(
        attribute:"solution", 
        value:
    "Upgrade the vlc packages.
    
    For the oldstable distribution (sarge) these problems have been fixed
    in version 0.8.1.svn20050314-1sarge3. Packages for the powerpc
    architecture are not yet available. They will be provided later.
    
    For the stable distribution (etch) these problems have been fixed in
    version 0.8.6-svn20061012.debian-5etch1."
      );
      script_set_cvss_base_vector("CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C");
      script_set_attribute(attribute:"exploitability_ease", value:"Exploits are available");
      script_set_attribute(attribute:"exploit_available", value:"true");
      script_set_attribute(attribute:"exploit_framework_core", value:"true");
    
      script_set_attribute(attribute:"plugin_type", value:"local");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:vlc");
      script_set_attribute(attribute:"cpe", value:"cpe:/o:debian:debian_linux:3.1");
      script_set_attribute(attribute:"cpe", value:"cpe:/o:debian:debian_linux:4.0");
    
      script_set_attribute(attribute:"patch_publication_date", value:"2007/07/09");
      script_set_attribute(attribute:"plugin_publication_date", value:"2007/07/11");
      script_end_attributes();
    
      script_category(ACT_GATHER_INFO);
      script_copyright(english:"This script is Copyright (C) 2007-2019 and is owned by Tenable, Inc. or an Affiliate thereof.");
      script_family(english:"Debian Local Security Checks");
    
      script_dependencies("ssh_get_info.nasl");
      script_require_keys("Host/local_checks_enabled", "Host/Debian/release", "Host/Debian/dpkg-l");
    
      exit(0);
    }
    
    
    include("audit.inc");
    include("debian_package.inc");
    
    
    if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
    if (!get_kb_item("Host/Debian/release")) audit(AUDIT_OS_NOT, "Debian");
    if (!get_kb_item("Host/Debian/dpkg-l")) audit(AUDIT_PACKAGE_LIST_MISSING);
    
    
    flag = 0;
    if (deb_check(release:"3.1", prefix:"gnome-vlc", reference:"0.8.1.svn20050314-1sarge3")) flag++;
    if (deb_check(release:"3.1", prefix:"gvlc", reference:"0.8.1.svn20050314-1sarge3")) flag++;
    if (deb_check(release:"3.1", prefix:"kvlc", reference:"0.8.1.svn20050314-1sarge3")) flag++;
    if (deb_check(release:"3.1", prefix:"libvlc0-dev", reference:"0.8.1.svn20050314-1sarge3")) flag++;
    if (deb_check(release:"3.1", prefix:"mozilla-plugin-vlc", reference:"0.8.1.svn20050314-1sarge3")) flag++;
    if (deb_check(release:"3.1", prefix:"qvlc", reference:"0.8.1.svn20050314-1sarge3")) flag++;
    if (deb_check(release:"3.1", prefix:"vlc", reference:"0.8.1.svn20050314-1sarge3")) flag++;
    if (deb_check(release:"3.1", prefix:"vlc-alsa", reference:"0.8.1.svn20050314-1sarge3")) flag++;
    if (deb_check(release:"3.1", prefix:"vlc-esd", reference:"0.8.1.svn20050314-1sarge3")) flag++;
    if (deb_check(release:"3.1", prefix:"vlc-ggi", reference:"0.8.1.svn20050314-1sarge3")) flag++;
    if (deb_check(release:"3.1", prefix:"vlc-glide", reference:"0.8.1.svn20050314-1sarge3")) flag++;
    if (deb_check(release:"3.1", prefix:"vlc-gnome", reference:"0.8.1.svn20050314-1sarge3")) flag++;
    if (deb_check(release:"3.1", prefix:"vlc-gtk", reference:"0.8.1.svn20050314-1sarge3")) flag++;
    if (deb_check(release:"3.1", prefix:"vlc-plugin-alsa", reference:"0.8.1.svn20050314-1sarge3")) flag++;
    if (deb_check(release:"3.1", prefix:"vlc-plugin-arts", reference:"0.8.1.svn20050314-1sarge3")) flag++;
    if (deb_check(release:"3.1", prefix:"vlc-plugin-esd", reference:"0.8.1.svn20050314-1sarge3")) flag++;
    if (deb_check(release:"3.1", prefix:"vlc-plugin-ggi", reference:"0.8.1.svn20050314-1sarge3")) flag++;
    if (deb_check(release:"3.1", prefix:"vlc-plugin-glide", reference:"0.8.1.svn20050314-1sarge3")) flag++;
    if (deb_check(release:"3.1", prefix:"vlc-plugin-sdl", reference:"0.8.1.svn20050314-1sarge3")) flag++;
    if (deb_check(release:"3.1", prefix:"vlc-plugin-svgalib", reference:"0.8.1.svn20050314-1sarge3")) flag++;
    if (deb_check(release:"3.1", prefix:"vlc-qt", reference:"0.8.1.svn20050314-1sarge3")) flag++;
    if (deb_check(release:"3.1", prefix:"vlc-sdl", reference:"0.8.1.svn20050314-1sarge3")) flag++;
    if (deb_check(release:"3.1", prefix:"wxvlc", reference:"0.8.1.svn20050314-1sarge3")) flag++;
    if (deb_check(release:"4.0", prefix:"libvlc0", reference:"0.8.6-svn20061012.debian-5etch1")) flag++;
    if (deb_check(release:"4.0", prefix:"libvlc0-dev", reference:"0.8.6-svn20061012.debian-5etch1")) flag++;
    if (deb_check(release:"4.0", prefix:"mozilla-plugin-vlc", reference:"0.8.6-svn20061012.debian-5etch1")) flag++;
    if (deb_check(release:"4.0", prefix:"vlc", reference:"0.8.6-svn20061012.debian-5etch1")) flag++;
    if (deb_check(release:"4.0", prefix:"vlc-nox", reference:"0.8.6-svn20061012.debian-5etch1")) flag++;
    if (deb_check(release:"4.0", prefix:"vlc-plugin-alsa", reference:"0.8.6-svn20061012.debian-5etch1")) flag++;
    if (deb_check(release:"4.0", prefix:"vlc-plugin-arts", reference:"0.8.6-svn20061012.debian-5etch1")) flag++;
    if (deb_check(release:"4.0", prefix:"vlc-plugin-esd", reference:"0.8.6-svn20061012.debian-5etch1")) flag++;
    if (deb_check(release:"4.0", prefix:"vlc-plugin-ggi", reference:"0.8.6-svn20061012.debian-5etch1")) flag++;
    if (deb_check(release:"4.0", prefix:"vlc-plugin-glide", reference:"0.8.6-svn20061012.debian-5etch1")) flag++;
    if (deb_check(release:"4.0", prefix:"vlc-plugin-sdl", reference:"0.8.6-svn20061012.debian-5etch1")) flag++;
    if (deb_check(release:"4.0", prefix:"vlc-plugin-svgalib", reference:"0.8.6-svn20061012.debian-5etch1")) flag++;
    if (deb_check(release:"4.0", prefix:"wxvlc", reference:"0.8.6-svn20061012.debian-5etch1")) flag++;
    
    if (flag)
    {
      if (report_verbosity > 0) security_hole(port:0, extra:deb_report_get());
      else security_hole(0);
      exit(0);
    }
    else audit(AUDIT_HOST_NOT, "affected");
    
  • NASL familyFreeBSD Local Security Checks
    NASL idFREEBSD_PKG_7128FB45263311DC94DA0016179B2DD5.NASL
    descriptionisecpartners reports : VLC is vulnerable to a format string attack in the parsing of Vorbis comments in Ogg Vorbis and Ogg Theora files, CDDA data or SAP/SDP service discovery messages. Additionally, there are two errors in the handling of wav files, one a denial of service due to an uninitialized variable, and one integer overflow in sampling frequency calculations.
    last seen2020-06-01
    modified2020-06-02
    plugin id25634
    published2007-07-01
    reporterThis script is Copyright (C) 2007-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/25634
    titleFreeBSD : vlc -- format string vulnerability and integer overflow (7128fb45-2633-11dc-94da-0016179b2dd5)

Oval

accepted2012-11-19T04:00:23.273-05:00
classvulnerability
contributors
  • nameShane Shaffer
    organizationG2, Inc.
  • nameShane Shaffer
    organizationG2, Inc.
definition_extensions
commentVLC media player is installed
ovaloval:org.mitre.oval:def:11821
descriptionInteger overflow in the __status_Update function in stats.c VideoLAN VLC Media Player before 0.8.6c allows remote attackers to cause a denial of service (crash) via a WAV file with a large sample rate.
familywindows
idoval:org.mitre.oval:def:14863
statusaccepted
submitted2012-01-24T15:20:33.178-04:00
titleInteger overflow in the __status_Update function in stats.c VideoLAN VLC Media Player before 0.8.6c
version6