Detections
Analytics
Debian DSA-1332-1 : vlc - several vulnerabilities
high Nessus Plugin ID 25695
Synopsis
The remote Debian host is missing a security-related update.Description
Several remote vulnerabilities have been discovered in the VideoLan multimedia player and streamer, which may lead to the execution of arbitrary code. The Common Vulnerabilities and Exposures project identifies the following problems :- CVE-2007-3316 David Thiel discovered that several format string vulnerabilities may lead to the execution of arbitrary code.
- CVE-2007-3467 David Thiel discovered an integer overflow in the WAV processing code.
This update also fixes several crashes, which can be triggered through malformed media files.
Solution
Upgrade the vlc packages.For the oldstable distribution (sarge) these problems have been fixed in version 0.8.1.svn20050314-1sarge3. Packages for the powerpc architecture are not yet available. They will be provided later.
For the stable distribution (etch) these problems have been fixed in version 0.8.6-svn20061012.debian-5etch1.
See Also
https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=429726
https://security-tracker.debian.org/tracker/CVE-2007-3316
Plugin Details
Severity: High
ID: 25695
File Name: debian_DSA-1332.nasl
Version: 1.20
Type: local
Agent: unix
Family: Debian Local Security Checks
Published: 7/11/2007
Updated: 1/4/2021
Supported Sensors: Agentless Assessment, Frictionless Assessment Agent, Nessus Agent, Nessus
Risk Information
VPR
Risk Factor: High
Score: 7.4
CVSS v2
Risk Factor: High
Base Score: 9.3
Vector: CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C
Vulnerability Information
CPE: p-cpe:/a:debian:debian_linux:vlc, cpe:/o:debian:debian_linux:3.1, cpe:/o:debian:debian_linux:4.0
Required KB Items: Host/local_checks_enabled, Host/Debian/release, Host/Debian/dpkg-l
Exploit Available: true
Exploit Ease: Exploits are available
Patch Publication Date: 7/9/2007
Exploitable With
Core Impact
Reference Information
CVE: CVE-2007-3316, CVE-2007-3467, CVE-2007-3468
DSA: 1332