ID CVE-2012-0023
Summary Double free vulnerability in the get_chunk_header function in modules/demux/ty.c in VideoLAN VLC media player 0.9.0 through 1.1.12 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a crafted TiVo (TY) file.
References
Vulnerable Configurations
  • cpe:2.3:a:videolan:vlc_media_player:0.9.0:*:*:*:*:*:*:*
    cpe:2.3:a:videolan:vlc_media_player:0.9.0:*:*:*:*:*:*:*
  • cpe:2.3:a:videolan:vlc_media_player:0.9.1:*:*:*:*:*:*:*
    cpe:2.3:a:videolan:vlc_media_player:0.9.1:*:*:*:*:*:*:*
  • cpe:2.3:a:videolan:vlc_media_player:0.9.2:*:*:*:*:*:*:*
    cpe:2.3:a:videolan:vlc_media_player:0.9.2:*:*:*:*:*:*:*
  • cpe:2.3:a:videolan:vlc_media_player:0.9.3:*:*:*:*:*:*:*
    cpe:2.3:a:videolan:vlc_media_player:0.9.3:*:*:*:*:*:*:*
  • cpe:2.3:a:videolan:vlc_media_player:0.9.4:*:*:*:*:*:*:*
    cpe:2.3:a:videolan:vlc_media_player:0.9.4:*:*:*:*:*:*:*
  • cpe:2.3:a:videolan:vlc_media_player:0.9.5:*:*:*:*:*:*:*
    cpe:2.3:a:videolan:vlc_media_player:0.9.5:*:*:*:*:*:*:*
  • cpe:2.3:a:videolan:vlc_media_player:0.9.6:*:*:*:*:*:*:*
    cpe:2.3:a:videolan:vlc_media_player:0.9.6:*:*:*:*:*:*:*
  • cpe:2.3:a:videolan:vlc_media_player:0.9.8a:*:*:*:*:*:*:*
    cpe:2.3:a:videolan:vlc_media_player:0.9.8a:*:*:*:*:*:*:*
  • cpe:2.3:a:videolan:vlc_media_player:0.9.9:*:*:*:*:*:*:*
    cpe:2.3:a:videolan:vlc_media_player:0.9.9:*:*:*:*:*:*:*
  • cpe:2.3:a:videolan:vlc_media_player:0.9.9a:*:*:*:*:*:*:*
    cpe:2.3:a:videolan:vlc_media_player:0.9.9a:*:*:*:*:*:*:*
  • cpe:2.3:a:videolan:vlc_media_player:0.9.10:*:*:*:*:*:*:*
    cpe:2.3:a:videolan:vlc_media_player:0.9.10:*:*:*:*:*:*:*
  • cpe:2.3:a:videolan:vlc_media_player:1.0.0:*:*:*:*:*:*:*
    cpe:2.3:a:videolan:vlc_media_player:1.0.0:*:*:*:*:*:*:*
  • cpe:2.3:a:videolan:vlc_media_player:1.0.1:*:*:*:*:*:*:*
    cpe:2.3:a:videolan:vlc_media_player:1.0.1:*:*:*:*:*:*:*
  • cpe:2.3:a:videolan:vlc_media_player:1.0.2:*:*:*:*:*:*:*
    cpe:2.3:a:videolan:vlc_media_player:1.0.2:*:*:*:*:*:*:*
  • cpe:2.3:a:videolan:vlc_media_player:1.0.3:*:*:*:*:*:*:*
    cpe:2.3:a:videolan:vlc_media_player:1.0.3:*:*:*:*:*:*:*
  • cpe:2.3:a:videolan:vlc_media_player:1.0.4:*:*:*:*:*:*:*
    cpe:2.3:a:videolan:vlc_media_player:1.0.4:*:*:*:*:*:*:*
  • cpe:2.3:a:videolan:vlc_media_player:1.0.5:*:*:*:*:*:*:*
    cpe:2.3:a:videolan:vlc_media_player:1.0.5:*:*:*:*:*:*:*
  • cpe:2.3:a:videolan:vlc_media_player:1.0.6:*:*:*:*:*:*:*
    cpe:2.3:a:videolan:vlc_media_player:1.0.6:*:*:*:*:*:*:*
  • cpe:2.3:a:videolan:vlc_media_player:1.1.0:*:*:*:*:*:*:*
    cpe:2.3:a:videolan:vlc_media_player:1.1.0:*:*:*:*:*:*:*
  • cpe:2.3:a:videolan:vlc_media_player:1.1.1:*:*:*:*:*:*:*
    cpe:2.3:a:videolan:vlc_media_player:1.1.1:*:*:*:*:*:*:*
  • cpe:2.3:a:videolan:vlc_media_player:1.1.2:*:*:*:*:*:*:*
    cpe:2.3:a:videolan:vlc_media_player:1.1.2:*:*:*:*:*:*:*
  • cpe:2.3:a:videolan:vlc_media_player:1.1.3:*:*:*:*:*:*:*
    cpe:2.3:a:videolan:vlc_media_player:1.1.3:*:*:*:*:*:*:*
  • cpe:2.3:a:videolan:vlc_media_player:1.1.4:*:*:*:*:*:*:*
    cpe:2.3:a:videolan:vlc_media_player:1.1.4:*:*:*:*:*:*:*
  • cpe:2.3:a:videolan:vlc_media_player:1.1.4.1:*:*:*:*:*:*:*
    cpe:2.3:a:videolan:vlc_media_player:1.1.4.1:*:*:*:*:*:*:*
  • cpe:2.3:a:videolan:vlc_media_player:1.1.5:*:*:*:*:*:*:*
    cpe:2.3:a:videolan:vlc_media_player:1.1.5:*:*:*:*:*:*:*
  • cpe:2.3:a:videolan:vlc_media_player:1.1.6:*:*:*:*:*:*:*
    cpe:2.3:a:videolan:vlc_media_player:1.1.6:*:*:*:*:*:*:*
  • cpe:2.3:a:videolan:vlc_media_player:1.1.6.1:*:*:*:*:*:*:*
    cpe:2.3:a:videolan:vlc_media_player:1.1.6.1:*:*:*:*:*:*:*
  • cpe:2.3:a:videolan:vlc_media_player:1.1.7:*:*:*:*:*:*:*
    cpe:2.3:a:videolan:vlc_media_player:1.1.7:*:*:*:*:*:*:*
  • cpe:2.3:a:videolan:vlc_media_player:1.1.8:*:*:*:*:*:*:*
    cpe:2.3:a:videolan:vlc_media_player:1.1.8:*:*:*:*:*:*:*
  • cpe:2.3:a:videolan:vlc_media_player:1.1.9:*:*:*:*:*:*:*
    cpe:2.3:a:videolan:vlc_media_player:1.1.9:*:*:*:*:*:*:*
  • cpe:2.3:a:videolan:vlc_media_player:1.1.10:*:*:*:*:*:*:*
    cpe:2.3:a:videolan:vlc_media_player:1.1.10:*:*:*:*:*:*:*
  • cpe:2.3:a:videolan:vlc_media_player:1.1.10.1:*:*:*:*:*:*:*
    cpe:2.3:a:videolan:vlc_media_player:1.1.10.1:*:*:*:*:*:*:*
  • cpe:2.3:a:videolan:vlc_media_player:1.1.11:*:*:*:*:*:*:*
    cpe:2.3:a:videolan:vlc_media_player:1.1.11:*:*:*:*:*:*:*
  • cpe:2.3:a:videolan:vlc_media_player:1.1.12:*:*:*:*:*:*:*
    cpe:2.3:a:videolan:vlc_media_player:1.1.12:*:*:*:*:*:*:*
CVSS
Base: 9.3 (as of 30-11-2017 - 02:29)
Impact:
Exploitability:
CWE CWE-399
CAPEC
Access
VectorComplexityAuthentication
NETWORK MEDIUM NONE
Impact
ConfidentialityIntegrityAvailability
COMPLETE COMPLETE COMPLETE
cvss-vector via4 AV:N/AC:M/Au:N/C:C/I:C/A:C
oval via4
accepted 2012-12-10T04:00:20.604-05:00
class vulnerability
contributors
  • name Shane Shaffer
    organization G2, Inc.
  • name Shane Shaffer
    organization G2, Inc.
definition_extensions
comment VLC media player is installed
oval oval:org.mitre.oval:def:11821
description Double free vulnerability in the get_chunk_header function in modules/demux/ty.c in VideoLAN VLC media player 0.9.0 through 1.1.12 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a crafted TiVo (TY) file.
family windows
id oval:org.mitre.oval:def:15893
status accepted
submitted 2012-10-31T13:22:27.825-04:00
title Double free vulnerability in the get_chunk_header function in modules/demux/ty.c in VideoLAN VLC media player 0.9.0 through 1.1.12
version 5
refmap via4
bid 51231
confirm
mlist
  • [oss-security] 20121029 VideoLAN TiVo Demuxer Duplicate CVEs (CVE-2011-5231 and CVE-2012-0023)
  • [oss-security] 20121030 RE: VideoLAN TiVo Demuxer Duplicate CVEs (CVE-2011-5231 and CVE-2012-0023)
osvdb 77975
sectrack 1026449
secunia 47325
xf vlcmediaplayer-getchunkheader-code-exec(71916)
Last major update 30-11-2017 - 02:29
Published 30-10-2012 - 19:55
Last modified 30-11-2017 - 02:29
Back to Top