Multiple format string vulnerabilities in (1) the cdio_log_handler function in modules/access/cdda/access.c in the CDDA (libcdda_plugin) plugin, and the (2) cdio_log_handler and (3) vcd_log_handler functions in modules/access/vcdx/access.c in the VCDX (libvcdx_plugin) plugin, in VideoLAN VLC 0.7.0 through 0.8.6 allow user-assisted remote attackers to execute arbitrary code via format string specifiers in an invalid URI, as demonstrated by a udp://– URI in an M3U file.
The product uses a function that accepts a format string as an argument, but the format string originates from an external source.
| Name | Vendor | Start Version | End Version |
|---|---|---|---|
| Vlc_media_player | Videolan | 0.7.0 (including) | 0.7.0 (including) |
| Vlc_media_player | Videolan | 0.7.1 (including) | 0.7.1 (including) |
| Vlc_media_player | Videolan | 0.7.2 (including) | 0.7.2 (including) |
| Vlc_media_player | Videolan | 0.8.0 (including) | 0.8.0 (including) |
| Vlc_media_player | Videolan | 0.8.1 (including) | 0.8.1 (including) |
| Vlc_media_player | Videolan | 0.8.2 (including) | 0.8.2 (including) |
| Vlc_media_player | Videolan | 0.8.4 (including) | 0.8.4 (including) |
| Vlc_media_player | Videolan | 0.8.4a (including) | 0.8.4a (including) |
| Vlc_media_player | Videolan | 0.8.5 (including) | 0.8.5 (including) |
| Vlc_media_player | Videolan | 0.8.6 (including) | 0.8.6 (including) |
| Vlc | Ubuntu | dapper | * |
| Vlc | Ubuntu | devel | * |
| Vlc | Ubuntu | edgy | * |
| Vlc | Ubuntu | feisty | * |