Published: 10/07/2013 Updated: 07/11/2023

CVSS v2 Base Score: 6.8 | Impact Score: 6.4 | Exploitability Score: 8.6

VMScore: 605

Vector: AV:N/AC:M/Au:N/C:P/I:P/A:P

The ASF Demuxer (modules/demux/asf/asf.c) in VideoLAN VLC media player 2.0.5 and previous versions allows remote malicious users to cause a denial of service (crash) and possibly execute arbitrary code via a crafted ASF movie that triggers an out-of-bounds read.

Vulnerable Product	Search on Vulmon	Subscribe to Product
videolan vlc media player
videolan vlc media player 2.0.2
videolan vlc media player 2.0.1
videolan vlc media player 2.0.0
videolan vlc media player 2.0.3
videolan vlc media player 2.0.4

Debian Bug report logs - #705136 vlc: CVE-2013-1954: Buffer Overflow in ASF Demuxer Package: vlc; Maintainer for vlc is Debian Multimedia Maintainers <debian-multimedia@listsdebianorg>; Source for vlc is src:vlc (PTS, buildd, popcon) Reported by: Lars Cebulla <larscebu@gmailcom> Date: Wed, 10 Apr 2013 14:21:02 UT ...

Multiple buffer overflows have been found in the VideoLAN media player Processing malformed subtitles or movie files could lead to denial of service and potentially the execution of arbitrary code For the stable distribution (wheezy), these problems have been fixed in version 203-5+deb7u1 For the testing distribution (jessie), these problems h ...

CWE-119 http://www.osvdb.org/89598 http://trac.videolan.org/vlc/ticket/8024 http://www.securityfocus.com/bid/57333 http://marc.info/?l=oss-security&m=136593191416152&w=2 http://www.videolan.org/security/sa1302.html http://marc.info/?l=oss-security&m=136610343501731&w=2 http://secunia.com/advisories/59793 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A17023 http://git.videolan.org/?p=vlc.git%3Ba=commitdiff%3Bh=b31ce523331aa3a6e620b68cdfe3f161d519631e https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=705136 https://nvd.nist.gov https://www.debian.org/security/./dsa-2973

Get Started

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Twitter Reddit Linkedin Facebook

CVE-2013-1954

Vulnerability Summary

Vendor Advisories

References

Vulmon Search

About

Products

Connect