CVE-2012-5855

Name of the Vulnerable Software and Affected Versions VLC media player versions 2.0.4 and earlier

Description The issue might allow user-assisted attackers to cause a denial of service (crash) via a crafted file name that triggers an incorrect string-length calculation when the file is added to VLC. It is not clear whether this issue crosses privilege boundaries or whether it can be exploited without user interaction.

Recommendations For versions 2.0.4 and earlier, consider avoiding the use of the SHAddToRecentDocs function until a patch is available. As a temporary workaround, restrict the addition of files to VLC to minimize the risk of exploitation.