VLC Media Player < 0.8.6i WAV File Handling Remote Integer Overflow (deprecated)

medium Nessus Network Monitor Plugin ID 4569

Synopsis

The remote Windows host contains an application that is affected by an integer overflow vulnerability.

Description

The installed version of VLC Media Player is affected by an integer overflow vulnerability. By tricking a user into opening a malicious .WAV file, it may be possible to cause a denial of service condition or execute arbitrary code within the context of the affected application.

Solution

Upgrade to version 0.8.6i or higher.

See Also

http://www.securityfocus.com/archive/1/493849

http://wiki.videolan.org/Changelog/0.8.6i

http://www.securityfocus.com/archive/1/[email protected]

Plugin Details

Severity: Medium

ID: 4569

Family: Web Clients

Published: 8/18/2004

Updated: 3/6/2019

Nessus ID: 33485

Risk Information

VPR

Risk Factor: Medium

Score: 5.9

CVSS v2

Risk Factor: Medium

Base Score: 6.8

Temporal Score: 5

Vector: CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P

CVSS v3

Risk Factor: Medium

Base Score: 5.6

Temporal Score: 4.9

Vector: CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L

Temporal Vector: CVSS:3.0/E:U/RL:O/RC:C

Reference Information

CVE: CVE-2008-2430

BID: 30058