ID CVE-2010-2062
Summary Integer underflow in the real_get_rdt_chunk function in real.c, as used in modules/access/rtsp/real.c in VideoLAN VLC media player before 1.0.1 and stream/realrtsp/real.c in MPlayer before r29447, allows remote attackers to execute arbitrary code via a crafted length value in an RDT chunk header.
References
Vulnerable Configurations
  • VideoLAN VLC Media Player 1.0.0
    cpe:2.3:a:videolan:vlc_media_player:1.0.0
  • VideoLAN VLC Media Player 0.9.9a
    cpe:2.3:a:videolan:vlc_media_player:0.9.9a
  • VideoLAN VLC Media Player 0.9.9
    cpe:2.3:a:videolan:vlc_media_player:0.9.9
  • VideoLAN VLC Media Player 0.9.8a
    cpe:2.3:a:videolan:vlc_media_player:0.9.8a
  • VideoLAN VLC Media Player 0.9.6
    cpe:2.3:a:videolan:vlc_media_player:0.9.6
  • VideoLAN VLC Media Player 0.9.5
    cpe:2.3:a:videolan:vlc_media_player:0.9.5
  • VideoLAN VLC Media Player 0.9.4
    cpe:2.3:a:videolan:vlc_media_player:0.9.4
  • VideoLAN VLC Media Player 0.9.3
    cpe:2.3:a:videolan:vlc_media_player:0.9.3
  • VideoLAN VLC Media Player 0.9.2
    cpe:2.3:a:videolan:vlc_media_player:0.9.2
  • VideoLAN VLC Media Player 0.9.10
    cpe:2.3:a:videolan:vlc_media_player:0.9.10
  • VideoLAN VLC Media Player 0.9.1
    cpe:2.3:a:videolan:vlc_media_player:0.9.1
  • VideoLAN VLC Media Player 0.9.0
    cpe:2.3:a:videolan:vlc_media_player:0.9.0
  • VideoLAN VLC Media Player 0.8.6i
    cpe:2.3:a:videolan:vlc_media_player:0.8.6i
  • VideoLAN VLC Media Player 0.8.6h
    cpe:2.3:a:videolan:vlc_media_player:0.8.6h
  • VideoLAN VLC Media Player 0.8.6g
    cpe:2.3:a:videolan:vlc_media_player:0.8.6g
  • VideoLAN VLC Media Player 0.8.6f
    cpe:2.3:a:videolan:vlc_media_player:0.8.6f
  • VideoLAN VLC Media Player 0.8.6e
    cpe:2.3:a:videolan:vlc_media_player:0.8.6e
  • VideoLAN VLC Media Player 0.8.6d
    cpe:2.3:a:videolan:vlc_media_player:0.8.6d
  • VideoLAN VLC Media Player 0.8.6c
    cpe:2.3:a:videolan:vlc_media_player:0.8.6c
  • VideoLAN VLC Media Player 0.8.6b
    cpe:2.3:a:videolan:vlc_media_player:0.8.6b
  • VideoLAN VLC Media Player 0.8.6a
    cpe:2.3:a:videolan:vlc_media_player:0.8.6a
  • VideoLAN VLC Media Player 0.8.6
    cpe:2.3:a:videolan:vlc_media_player:0.8.6
  • VideoLAN VLC Media Player 0.8.5
    cpe:2.3:a:videolan:vlc_media_player:0.8.5
  • VideoLAN VLC Media Player 0.8.4a
    cpe:2.3:a:videolan:vlc_media_player:0.8.4a
  • VideoLAN VLC Media Player 0.8.4
    cpe:2.3:a:videolan:vlc_media_player:0.8.4
  • VideoLAN VLC Media Player 0.8.2
    cpe:2.3:a:videolan:vlc_media_player:0.8.2
  • VideoLAN VLC Media Player 0.8.1337
    cpe:2.3:a:videolan:vlc_media_player:0.8.1337
  • VideoLAN VLC Media Player 0.8.1
    cpe:2.3:a:videolan:vlc_media_player:0.8.1
  • VideoLAN VLC Media Player 0.8.0
    cpe:2.3:a:videolan:vlc_media_player:0.8.0
  • VideoLAN VLC Media Player 0.7.2
    cpe:2.3:a:videolan:vlc_media_player:0.7.2
  • VideoLAN VLC Media Player 0.7.1
    cpe:2.3:a:videolan:vlc_media_player:0.7.1
  • VideoLAN VLC Media Player 0.7.0
    cpe:2.3:a:videolan:vlc_media_player:0.7.0
  • VideoLAN VLC Media Player 0.6.2
    cpe:2.3:a:videolan:vlc_media_player:0.6.2
  • VideoLAN VLC Media Player 0.6.1
    cpe:2.3:a:videolan:vlc_media_player:0.6.1
  • VideoLAN VLC Media Player 0.6.0
    cpe:2.3:a:videolan:vlc_media_player:0.6.0
  • VideoLAN VLC Media Player 0.5.3
    cpe:2.3:a:videolan:vlc_media_player:0.5.3
  • VideoLAN VLC Media Player 0.5.2
    cpe:2.3:a:videolan:vlc_media_player:0.5.2
  • VideoLAN VLC Media Player 0.5.1
    cpe:2.3:a:videolan:vlc_media_player:0.5.1
  • VideoLAN VLC Media Player 0.5.0
    cpe:2.3:a:videolan:vlc_media_player:0.5.0
CVSS
Base: 7.5 (as of 29-12-2014 - 15:36)
Impact:
Exploitability:
CWE CWE-189
CAPEC
Access
VectorComplexityAuthentication
NETWORK LOW NONE
Impact
ConfidentialityIntegrityAvailability
PARTIAL PARTIAL PARTIAL
nessus via4
  • NASL family Gentoo Local Security Checks
    NASL id GENTOO_GLSA-201411-01.NASL
    description The remote host is affected by the vulnerability described in GLSA-201411-01 (VLC: Multiple vulnerabilities) Multiple vulnerabilities have been discovered in VLC. Please review the CVE identifiers referenced below for details. Impact : A remote attacker could entice a user to open a specially crafted media file using VLC, possibly resulting in execution of arbitrary code with the privileges of the process or a Denial of Service condition. Workaround : There is no known workaround at this time.
    last seen 2019-02-21
    modified 2016-05-20
    plugin id 78879
    published 2014-11-06
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=78879
    title GLSA-201411-01 : VLC: Multiple vulnerabilities
  • NASL family Gentoo Local Security Checks
    NASL id GENTOO_GLSA-201310-13.NASL
    description The remote host is affected by the vulnerability described in GLSA-201310-13 (MPlayer: Multiple vulnerabilities) Multiple vulnerabilities have been discovered in MPlayer and the bundled FFmpeg. Please review the CVE identifiers and FFmpeg GLSA referenced below for details. Impact : A remote attacker could entice a user to open a crafted media file to execute arbitrary code or cause a Denial of Service. Workaround : There is no known workaround at this time.
    last seen 2019-02-21
    modified 2018-12-18
    plugin id 70648
    published 2013-10-27
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=70648
    title GLSA-201310-13 : MPlayer: Multiple vulnerabilities
refmap via4
confirm http://git.videolan.org/?p=vlc.git;a=commit;h=dc74600c97eb834c08674676e209afa842053aca
fulldisc 20090727 [DZC-2009-001] The Movie Player and VLC Media Player Real Data Transport parsing integer underflow.
misc https://dzcore.wordpress.com/2009/07/27/dzc-2009-001-the-movie-player-and-vlc-media-player-real-data-transport-parsing-integer-underflow/
mlist [oss-security] 20100604 Re: CVE requests for mplayer/vlc and abcm2ps
Last major update 29-12-2014 - 16:03
Published 26-12-2014 - 15:59
Back to Top