PT-2010-1154 · Videolan+1 · Vlc Media Player+1
Publicado
2010-06-29
·
Atualizado
2024-06-15
·
CVE-2010-2937
CVSS v2.0
5.0
Média
| Vetor | AV:N/AC:L/Au:N/C:N/I:N/A:P |
Name of the Vulnerable Software and Affected Versions
VLC media player versions 0.9.0 through 1.1.2
Description
The issue is related to the improper processing of ID3v2 tags by the ReadMetaFromId3v2 function in the TagLib plugin. This can be exploited by remote attackers to cause a denial of service, resulting in an application crash, via a crafted media file. The vulnerability exists due to insufficient input validation.
Recommendations
For versions 0.9.0 through 1.1.2, consider disabling the ReadMetaFromId3v2 function in the TagLib plugin as a temporary workaround to minimize the risk of exploitation. Restrict the use of crafted media files to prevent potential crashes. At the moment, there is no information about a newer version that contains a fix for this vulnerability.
DoS
RCE
Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾
Enumeração de Fraquezas
Identificadores relacionados
Produtos afetados
Taglib
Vlc Media Player