CVE-2009-1045

Published: Mar 23, 2009Modified: Apr 23, 2026

5.0

Vector

AV:N/AC:L/Au:N/C:N/I:N/A:P

Exploitability: 10.0 / Impact: 2.9

Source: NVD

Description

requests/status.xml in VLC 0.9.8a allows remote attackers to cause a denial of service (stack consumption and crash) via a long input argument in an in_play action.

Affected (1)

Products: Videolan: Vlc Media Player

Videolan

1 product

Vlc Media Player

Configuration A

1 vulnerable

Vulnerable Software	Affected Versions
Videolan Vlc Media Player	Version 0.9.8a

Related CWEs

CWE-20

Improper Input Validation

The product receives input or data, but it does not validate or incorrectly validates that the input has the properties that are required to process the data safely and correctly.

References (12)

http://bugs.gentoo.org/show_bug.cgi?id=262708

Source: cve@mitre.org

http://www.openwall.com/lists/oss-security/2009/03/17/4

Source: cve@mitre.org

http://www.securityfocus.com/bid/34126

Source: cve@mitre.org

Exploit

https://exchange.xforce.ibmcloud.com/vulnerabilities/49249

Source: cve@mitre.org

https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A14357

Source: cve@mitre.org

https://www.exploit-db.com/exploits/8213

Source: cve@mitre.org

http://bugs.gentoo.org/show_bug.cgi?id=262708