The SHAddToRecentDocs function in VideoLAN VLC media player 2.0.4 and earlier might allow user-assisted attackers to cause a denial of service (crash) via a crafted file name that triggers an incorrect string-length calculation when the file is added to VLC. NOTE: it is not clear whether this issue crosses privilege boundaries or whether it can be exploited without user interaction.
Name | Vendor | Start Version | End Version |
---|---|---|---|
Vlc_media_player | Videolan | * | 2.0.4 (including) |
Vlc_media_player | Videolan | 2.0.0 (including) | 2.0.0 (including) |
Vlc_media_player | Videolan | 2.0.1 (including) | 2.0.1 (including) |
Vlc_media_player | Videolan | 2.0.2 (including) | 2.0.2 (including) |
Vlc_media_player | Videolan | 2.0.3 (including) | 2.0.3 (including) |