VLC Media Player < 0.8.6h Multiple Vulnerabilities (deprecated)

High Nessus Network Monitor Plugin ID 4562

Synopsis

The remote Windows host contains a media player that is affected by several vulnerabilities.

Description

The version of VLC Media Player installed on the remote host reportedly includes versions of GnuTLS, libgcrypt and libxml2 that are affected by various denial of service and buffer overflow vulnerabilities.

Solution

Upgrade to version 0.8.6h or higher.

See Also

http://www.videolan.org/developers/vlc/NEWS

Plugin Details

Severity: High

ID: 4562

File Name: 4562.prm

Family: Web Clients

Published: 2004/08/18

Modified: 2016/01/15

Dependencies: 1735, 8314

Nessus ID: 33278

Risk Information

Risk Factor: High

CVSSv2

Base Score: 7.5

Temporal Score: 5.5

Vector: CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P

Temporal Vector: CVSS2#E:U/RL:OF/RC:C

CVSSv3

Base Score: 7.3

Temporal Score: 6.4

Vector: CVSS3#AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L

Temporal Vector: CVSS3#E:U/RL:O/RC:C

Reference Information

CVE: CVE-2008-1948, CVE-2008-1949, CVE-2008-1950, CVE-2007-6284

BID: 27248, 29292

OSVDB: 40194, 45382, 45383, 45384