The SHAddToRecentDocs function in VideoLAN VLC media player 2.0.4 and earlier might allow user-assisted attackers to cause a denial of service (crash) via a crafted file name that triggers an incorrect string-length calculation when the file is added to VLC. NOTE: it is not clear whether this issue crosses privilege boundaries or whether it can be exploited without user interaction.
Affected Software
| Name | Vendor | Start Version | End Version |
|---|---|---|---|
| Vlc_media_player | Videolan | * | 2.0.4 (including) |
| Vlc_media_player | Videolan | 2.0.0 (including) | 2.0.0 (including) |
| Vlc_media_player | Videolan | 2.0.1 (including) | 2.0.1 (including) |
| Vlc_media_player | Videolan | 2.0.2 (including) | 2.0.2 (including) |
| Vlc_media_player | Videolan | 2.0.3 (including) | 2.0.3 (including) |
| Vlc | Ubuntu | devel | * |
| Vlc | Ubuntu | hardy | * |
| Vlc | Ubuntu | lucid | * |
| Vlc | Ubuntu | oneiric | * |
| Vlc | Ubuntu | precise | * |
| Vlc | Ubuntu | quantal | * |
| Vlc | Ubuntu | raring | * |
| Vlc | Ubuntu | saucy | * |
| Vlc | Ubuntu | trusty | * |
| Vlc | Ubuntu | trusty/esm | * |
| Vlc | Ubuntu | utopic | * |
References
- http://marc.info/?l=oss-security\u0026m=135274330022215\u0026w=2
- http://www.securityfocus.com/archive/1/524626
- https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A16781
- http://marc.info/?l=oss-security\u0026m=135274330022215\u0026w=2
- http://www.securityfocus.com/archive/1/524626
- https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A16781