PT-2013-5987 · Videolan · Vlc Media Player

Published

2013-10-25

Updated

2017-09-19

CVE-2013-6283

CVSS v2.0

7.5

High

Vector

AV:N/AC:L/Au:N/C:P/I:P/A:P

Name of the Vulnerable Software and Affected Versions VideoLAN VLC Media Player versions 2.0.8 and earlier

Description The issue allows remote attackers to cause a denial of service, potentially leading to a crash, and may also enable the execution of arbitrary code. This can be achieved by including a long string in a URL within a m3u file.

Recommendations For versions 2.0.8 and earlier, consider updating to a newer version to mitigate the risk, or as a temporary workaround, restrict the handling of long strings in URLs within m3u files to minimize the risk of exploitation.

Exploit

Fix

DoS

RCE

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-20

Related Identifiers

CVE-2013-6283

Affected Products

Vlc Media Player

PT-2013-5987 · Videolan · Vlc Media Player

CVE-2013-6283

Weakness Enumeration

Related Identifiers

Affected Products

References · 9