CVE-2013-1868

2013-07-1019:55:04

CWE-119

redhat

web.nvd.nist.gov

cve

buffer overflow

videolan

vlc media player

denial of service

arbitrary code

vulnerability

nvd

security

CVSS2

9.3

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:M/Au:N/C:C/I:C/A:C

AI Score

7.5

Confidence

Low

EPSS

0.232

Percentile

96.6%

JSON

Multiple buffer overflows in VideoLAN VLC media player 2.0.4 and earlier allow remote attackers to cause a denial of service (crash) and execute arbitrary code via vectors related to the (1) freetype renderer and (2) HTML subtitle parser.

Affected configurations

Nvd

Node

videolanvlc_media_playerRange≤2.0.4

videolanvlc_media_playerMatch2.0.0

videolanvlc_media_playerMatch2.0.1

videolanvlc_media_playerMatch2.0.2

videolanvlc_media_playerMatch2.0.3

VendorProductVersionCPE
videolanvlc_media_player*cpe:2.3:a:videolan:vlc_media_player:*:*:*:*:*:*:*:*
videolanvlc_media_player2.0.0cpe:2.3:a:videolan:vlc_media_player:2.0.0:*:*:*:*:*:*:*
videolanvlc_media_player2.0.1cpe:2.3:a:videolan:vlc_media_player:2.0.1:*:*:*:*:*:*:*
videolanvlc_media_player2.0.2cpe:2.3:a:videolan:vlc_media_player:2.0.2:*:*:*:*:*:*:*
videolanvlc_media_player2.0.3cpe:2.3:a:videolan:vlc_media_player:2.0.3:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
videolan	vlc_media_player	*	cpe:2.3:a:videolan:vlc_media_player::::::::
videolan	vlc_media_player	2.0.0	cpe:2.3:a:videolan:vlc_media_player:2.0.0:::::::*
videolan	vlc_media_player	2.0.1	cpe:2.3:a:videolan:vlc_media_player:2.0.1:::::::*
videolan	vlc_media_player	2.0.2	cpe:2.3:a:videolan:vlc_media_player:2.0.2:::::::*
videolan	vlc_media_player	2.0.3	cpe:2.3:a:videolan:vlc_media_player:2.0.3:::::::*