VLC Media Player < 0.8.6i WAV File Handling Remote Integer Overflow (deprecated)

Medium Nessus Network Monitor Plugin ID 4569

Synopsis

The remote Windows host contains an application that is affected by an integer overflow vulnerability.

Description

The installed version of VLC Media Player is affected by an integer overflow vulnerability. By tricking a user into opening a malicious .WAV file, it may be possible to cause a denial of service condition or execute arbitrary code within the context of the affected application.

Solution

Upgrade to version 0.8.6i or higher.

See Also

http://www.securityfocus.com/archive/1/493849

http://wiki.videolan.org/Changelog/0.8.6i

http://www.securityfocus.com/archive/1/[email protected]

Plugin Details

Severity: Medium

ID: 4569

Family: Web Clients

Published: 2004/08/18

Modified: 2016/01/19

Dependencies: 1735, 8314

Nessus ID: 33485

Risk Information

Risk Factor: Medium

CVSSv2

Base Score: 6.8

Temporal Score: 5

Vector: CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P

Temporal Vector: CVSS2#E:U/RL:OF/RC:C

CVSSv3

Base Score: 5.6

Temporal Score: 4.9

Vector: CVSS3#AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L

Temporal Vector: CVSS3#E:U/RL:O/RC:C

Reference Information

CVE: CVE-2008-2430

BID: 30058