Vulnerabilities > CVE-2012-5855 - Numeric Errors vulnerability in Videolan VLC Media Player
Attack vector
NETWORK Attack complexity
MEDIUM Privileges required
NONE Confidentiality impact
NONE Integrity impact
NONE Availability impact
PARTIAL Summary
The SHAddToRecentDocs function in VideoLAN VLC media player 2.0.4 and earlier might allow user-assisted attackers to cause a denial of service (crash) via a crafted file name that triggers an incorrect string-length calculation when the file is added to VLC. NOTE: it is not clear whether this issue crosses privilege boundaries or whether it can be exploited without user interaction.
Vulnerable Configurations
Common Weakness Enumeration (CWE)
Nessus
NASL family | Gentoo Local Security Checks |
NASL id | GENTOO_GLSA-201411-01.NASL |
description | The remote host is affected by the vulnerability described in GLSA-201411-01 (VLC: Multiple vulnerabilities) Multiple vulnerabilities have been discovered in VLC. Please review the CVE identifiers referenced below for details. Impact : A remote attacker could entice a user to open a specially crafted media file using VLC, possibly resulting in execution of arbitrary code with the privileges of the process or a Denial of Service condition. Workaround : There is no known workaround at this time. |
last seen | 2020-06-01 |
modified | 2020-06-02 |
plugin id | 78879 |
published | 2014-11-06 |
reporter | This script is Copyright (C) 2014-2016 Tenable Network Security, Inc. |
source | https://www.tenable.com/plugins/nessus/78879 |
title | GLSA-201411-01 : VLC: Multiple vulnerabilities |
code |
|
Oval
accepted | 2013-08-26T04:00:11.823-04:00 | ||||
class | vulnerability | ||||
contributors |
| ||||
definition_extensions |
| ||||
description | The SHAddToRecentDocs function in VideoLAN VLC media player 2.0.4 and earlier might allow user-assisted attackers to cause a denial of service (crash) via a crafted file name that triggers an incorrect string-length calculation when the file is added to VLC. NOTE: it is not clear whether this issue crosses privilege boundaries or whether it can be exploited without user interaction. | ||||
family | windows | ||||
id | oval:org.mitre.oval:def:16781 | ||||
status | accepted | ||||
submitted | 2013-07-12T12:09:03.685-04:00 | ||||
title | The SHAddToRecentDocs function in VideoLAN VLC media player 2.0.4 and earlier might allow user-assisted attackers to cause a denial of service (crash) via a crafted file name that triggers an incorrect string-length calculation when the file is added to VLC | ||||
version | 5 |