Recent Vulnerabilities Research Posts Trends Blog About Contact

Published: 10/07/2013 Updated: 17/05/2024

CVSS v2 Base Score: 6.8 | Impact Score: 6.4 | Exploitability Score: 8.6

VMScore: 605

Vector: AV:N/AC:M/Au:N/C:P/I:P/A:P

plugins/demux/libmkv_plugin.dll in VideoLAN VLC Media Player 2.0.7, and possibly other versions, allows remote malicious users to cause a denial of service (crash) and possibly execute arbitrary code via a crafted MKV file, possibly involving an integer overflow and out-of-bounds read or heap-based buffer overflow, or an uncaught exception. NOTE: the vendor disputes the severity and claimed vulnerability type of this issue, stating "This PoC crashes VLC, indeed, but does nothing more... this is not an integer overflow error, but an uncaught exception and I doubt that it is exploitable. This uncaught exception makes VLC abort, not execute random code, on my Linux 64bits machine." A PoC posted by the original researcher shows signs of an attacker-controlled out-of-bounds read, but the affected instruction does not involve a register that directly influences control flow

Vulnerable Product	Search on Vulmon	Subscribe to Product
videolan vlc media player 2.0.7

CWE-119 http://seclists.org/fulldisclosure/2013/Jul/71 http://secunia.com/blog/372/http://www.securityfocus.com/bid/61032 http://www.jbkempf.com/blog/post/2013/More-lies-from-Secunia http://seclists.org/fulldisclosure/2013/Jul/77 http://seclists.org/fulldisclosure/2013/Jul/79 http://secunia.com/advisories/52956 https://nvd.nist.gov

Get Started

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Twitter Reddit Linkedin Facebook

CVE-2013-3245

Vulnerability Summary

References

Vulmon Search

About

Products

Connect