Intrusion PreventionVideoLAN.VLC.Subtitle.Buffer.Overflow
Description
This indicates an attempt to exploit one of multiple buffer-overflow vulnerabilities in VLC Media Player.
There are two vulnerabilities in VLC Media Player.
The first is caused by a buffer-overflow that occurs when handling subtitles.
The second is caused by a format string error in the tiny web interface. Either vulnerability can be exploited by attackers to crash the application or execute arbitrary code.
Affected Products
VLC version 0.8.6d 0.8.6b
Other versions may also be affected.
Impact
System Compromise: Remote attackers can gain control of vulnerable systems.
Recommended Actions
Fixes have been committed to the subversion repository of VLC, but currently we are not aware of a vendor supplied patch for this issue.
Telemetry
Coverage
| IPS (Regular DB) | |
| IPS (Extended DB) |
Version Updates
| Date | Version | Detail |
|---|---|---|
| 2023-08-01 | 25.612 | Name:VideoLan. VLC. Subtitle. Buffer. Overflow:VideoLAN. VLC. Subtitle. Buffer. Overflow |
| ID | 15241 |
| Created | Jan 02, 2008 |
| Updated | Jul 31, 2023 |
| Risk |
|
| CVE ID | CVE-2007-6681 CVE-2007-6682 |
| Exploit Prediction Score | 72.17% |
| Default Action | drop |
| Active | |
| Affected OS | Windows |
| Affected App | Other |