CVE-2007-3316

Name of the Vulnerable Software and Affected Versions VLC Media Player versions prior to 0.8.6c

Description The issue involves multiple format string vulnerabilities in plugins in VideoLAN VLC Media Player. These vulnerabilities can be exploited by remote attackers to cause a denial of service (crash) or execute arbitrary code via format string specifiers in various file types or network packets, including (1) an Ogg/Vorbis file, (2) an Ogg/Theora file, (3) a CDDB entry for a CD Digital Audio (CDDA) file, or (4) Service Announce Protocol (SAP) multicast packets. The vulnerabilities can lead to a violation of confidentiality, integrity, and availability of protected information and can be exploited remotely.

Recommendations For versions prior to 0.8.6c, update to version 0.8.6c or later to resolve the issue. As a temporary workaround, consider restricting access to the vulnerable plugins or disabling their use until a patch is available. Avoid using the vulnerable plugins to handle Ogg/Vorbis, Ogg/Theora, CDDA, or SAP files until the issue is resolved.