How to Buy
This script is Copyright (C) 2008-2016 Tenable Network Security, Inc.
The remote Gentoo host is missing one or more security-related
The remote host is affected by the vulnerability described in GLSA-200803-13
(VLC: Multiple vulnerabilities)
Multiple vulnerabilities were found in VLC:
and Luigi Auriemma reported that VLC contains boundary errors when
handling subtitles in the ParseMicroDvd(), ParseSSA(), and
ParseVplayer() functions in the modules/demux/subtitle.c file, allowing
for a stack-based buffer overflow (CVE-2007-6681).
interface listening on port 8080/tcp contains a format string error in
the httpd_FileCallBack() function in the network/httpd.c file
The browser plugin possibly contains an
argument injection vulnerability (CVE-2007-6683).
module triggers a NULL pointer dereference when processing a request
without a 'Transport' parameter (CVE-2007-6684).
Auriemma and Remi Denis-Courmont found a boundary error in the
modules/access/rtsp/real_sdpplin.c file when processing SDP data for
RTSP sessions (CVE-2008-0295) and a vulnerability in the
libaccess_realrtsp plugin (CVE-2008-0296), possibly resulting in a
heap-based buffer overflow.
Felipe Manzano and Anibal Sacco
(Core Security Technologies) discovered an arbitrary memory overwrite
vulnerability in VLC's MPEG-4 file format parser (CVE-2008-0984).
A remote attacker could send a long subtitle in a file that a user is
enticed to open, a specially crafted MP4 input file, long SDP data, or
a specially crafted HTTP request with a 'Connection' header value
containing format specifiers, possibly resulting in the remote
execution of arbitrary code. Also, a Denial of Service could be caused
and arbitrary files could be overwritten via the 'demuxdump-file'
option in a filename in a playlist or via an EXTVLCOPT statement in an
There is no known workaround at this time.
See also :
All VLC users should upgrade to the latest version:
# emerge --sync
# emerge --ask --oneshot --verbose '>=media-video/vlc-0.8.6e'
Risk factor :
Critical / CVSS Base Score : 10.0
Public Exploit Available : true
Family: Gentoo Local Security Checks
Nessus Plugin ID: 31439 (gentoo_GLSA-200803-13.nasl)
CVE ID: CVE-2007-6681CVE-2007-6682CVE-2007-6683CVE-2007-6684CVE-2008-0295CVE-2008-0296CVE-2008-0984
Nessus Professional: Scan unlimited IPs, run compliance checks & moreNessus Cloud: The power of Nessus for teams – from the cloud
The cookie settings on this website are set to 'allow all cookies' to give you the very best website experience. If you continue without changing these settings, you consent to this - but if you want, you can opt out of all cookies by clicking below.