CVE-2007-0017

Published: Jan 3, 2007Modified: Apr 23, 2026

6.8

Vector

AV:N/AC:M/Au:N/C:P/I:P/A:P

Exploitability: 8.6 / Impact: 6.4

Source: NVD

Description

Multiple format string vulnerabilities in (1) the cdio_log_handler function in modules/access/cdda/access.c in the CDDA (libcdda_plugin) plugin, and the (2) cdio_log_handler and (3) vcd_log_handler functions in modules/access/vcdx/access.c in the VCDX (libvcdx_plugin) plugin, in VideoLAN VLC 0.7.0 through 0.8.6 allow user-assisted remote attackers to execute arbitrary code via format string specifiers in an invalid URI, as demonstrated by a udp://-- URI in an M3U file.

Affected (10)

Products: Videolan: Vlc Media Player

1 product

Vlc Media Player

Configuration A

10 vulnerable

Vulnerable Software	Affected Versions
Videolan Vlc Media Player	Version 0.7.0
Videolan Vlc Media Player	Version 0.7.1
Videolan Vlc Media Player	Version 0.7.2
Videolan Vlc Media Player	Version 0.8.0
Videolan Vlc Media Player	Version 0.8.1
Videolan Vlc Media Player	Version 0.8.2
Videolan Vlc Media Player	Version 0.8.4
Videolan Vlc Media Player	Version 0.8.4a
Videolan Vlc Media Player	Version 0.8.5
Videolan Vlc Media Player	Version 0.8.6

Related CWEs

Use of Externally-Controlled Format String

The product uses a function that accepts a format string as an argument, but the format string originates from an external source.

References (40)

http://applefun.blogspot.com/2007/01/moab-02-01-2007-vlc-media-player-udp.html

Source: cve@mitre.org

http://landonf.bikemonkey.org/code/macosx/MOAB_Day_2.20070103045559.6753.timor.html

Source: cve@mitre.org

http://osvdb.org/31163

Source: cve@mitre.org

http://projects.info-pull.com/moab/MOAB-02-01-2007.html

Source: cve@mitre.org

ExploitVendor Advisory

http://secunia.com/advisories/23592

Source: cve@mitre.org

Vendor Advisory

http://secunia.com/advisories/23829

Source: cve@mitre.org

Vendor Advisory

http://secunia.com/advisories/23910

Source: cve@mitre.org

Vendor Advisory

http://secunia.com/advisories/23971

Source: cve@mitre.org

Vendor Advisory

http://security.gentoo.org/glsa/glsa-200701-24.xml

Source: cve@mitre.org

http://securitytracker.com/id?1017464

Source: cve@mitre.org

http://trac.videolan.org/vlc/changeset/18481

Source: cve@mitre.org

http://www.debian.org/security/2007/dsa-1252

Source: cve@mitre.org

http://www.novell.com/linux/security/advisories/2007_13_xine.html

Source: cve@mitre.org

http://www.securityfocus.com/bid/21852

Source: cve@mitre.org

http://www.via.ecp.fr/via/ml/vlc-devel/2007-01/msg00005.html

Source: cve@mitre.org

http://www.videolan.org/patches/vlc-0.8.6-MOAB-02-01-2007.patch

Source: cve@mitre.org

Patch

http://www.videolan.org/sa0701.html

Source: cve@mitre.org

Vendor Advisory

http://www.vupen.com/english/advisories/2007/0026

Source: cve@mitre.org

Vendor Advisory

https://exchange.xforce.ibmcloud.com/vulnerabilities/31226

Source: cve@mitre.org

https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A14313

Source: cve@mitre.org

http://applefun.blogspot.com/2007/01/moab-02-01-2007-vlc-media-player-udp.html

Source: af854a3a-2127-422b-91ae-364da2661108

http://landonf.bikemonkey.org/code/macosx/MOAB_Day_2.20070103045559.6753.timor.html

Source: af854a3a-2127-422b-91ae-364da2661108

http://osvdb.org/31163

Source: af854a3a-2127-422b-91ae-364da2661108

http://projects.info-pull.com/moab/MOAB-02-01-2007.html

Source: af854a3a-2127-422b-91ae-364da2661108

ExploitVendor Advisory

http://secunia.com/advisories/23592

Source: af854a3a-2127-422b-91ae-364da2661108

Vendor Advisory

http://secunia.com/advisories/23829

Source: af854a3a-2127-422b-91ae-364da2661108

Vendor Advisory

http://secunia.com/advisories/23910

Source: af854a3a-2127-422b-91ae-364da2661108

Vendor Advisory

http://secunia.com/advisories/23971

Source: af854a3a-2127-422b-91ae-364da2661108

Vendor Advisory

http://security.gentoo.org/glsa/glsa-200701-24.xml

Source: af854a3a-2127-422b-91ae-364da2661108

http://securitytracker.com/id?1017464

Source: af854a3a-2127-422b-91ae-364da2661108

http://trac.videolan.org/vlc/changeset/18481

Source: af854a3a-2127-422b-91ae-364da2661108

http://www.debian.org/security/2007/dsa-1252

Source: af854a3a-2127-422b-91ae-364da2661108

http://www.novell.com/linux/security/advisories/2007_13_xine.html

Source: af854a3a-2127-422b-91ae-364da2661108

http://www.securityfocus.com/bid/21852

Source: af854a3a-2127-422b-91ae-364da2661108

http://www.via.ecp.fr/via/ml/vlc-devel/2007-01/msg00005.html

Source: af854a3a-2127-422b-91ae-364da2661108

http://www.videolan.org/patches/vlc-0.8.6-MOAB-02-01-2007.patch

Source: af854a3a-2127-422b-91ae-364da2661108

Patch

http://www.videolan.org/sa0701.html

Source: af854a3a-2127-422b-91ae-364da2661108

Vendor Advisory

http://www.vupen.com/english/advisories/2007/0026

Source: af854a3a-2127-422b-91ae-364da2661108

Vendor Advisory

https://exchange.xforce.ibmcloud.com/vulnerabilities/31226

Source: af854a3a-2127-422b-91ae-364da2661108

https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A14313

Source: af854a3a-2127-422b-91ae-364da2661108

Timeline

No history available yet.