The SHAddToRecentDocs function in VideoLAN VLC media player 2.0.4 and earlier might allow user-assisted attackers to cause a denial of service (crash) via a crafted file name that triggers an incorrect string-length calculation when the file is added to VLC. NOTE: it is not clear whether this issue crosses privilege boundaries or whether it can be exploited without user interaction.
| Name | Vendor | Start Version | End Version |
|---|---|---|---|
| Vlc_media_player | Videolan | * | 2.0.4 (including) |
| Vlc_media_player | Videolan | 2.0.0 (including) | 2.0.0 (including) |
| Vlc_media_player | Videolan | 2.0.1 (including) | 2.0.1 (including) |
| Vlc_media_player | Videolan | 2.0.2 (including) | 2.0.2 (including) |
| Vlc_media_player | Videolan | 2.0.3 (including) | 2.0.3 (including) |
| Vlc | Ubuntu | devel | * |
| Vlc | Ubuntu | hardy | * |
| Vlc | Ubuntu | lucid | * |
| Vlc | Ubuntu | oneiric | * |
| Vlc | Ubuntu | precise | * |
| Vlc | Ubuntu | quantal | * |
| Vlc | Ubuntu | raring | * |
| Vlc | Ubuntu | saucy | * |
| Vlc | Ubuntu | trusty | * |
| Vlc | Ubuntu | trusty/esm | * |
| Vlc | Ubuntu | utopic | * |