CVE-2007-0017

Multiple format string vulnerabilities in (1) the cdio_log_handler function in modules/access/cdda/access.c in the CDDA (libcdda_plugin) plugin, and the (2) cdio_log_handler and (3) vcd_log_handler functions in modules/access/vcdx/access.c in the VCDX (libvcdx_plugin) plugin, in VideoLAN VLC 0.7.0 through 0.8.6 allow user-assisted remote attackers to execute arbitrary code via format string specifiers in an invalid URI, as demonstrated by a udp://-- URI in an M3U file.

Published: Jan 3, 2007
Updated: Apr 13, 2023
CVE: CVE-2007-0017
Severity: Medium
Exploit:

CVSS v2:

Severity: Medium
Score: 6.8
AV:N/AC:M/Au:N/C:P/I:P/A:P

CWEs:

CWE-134

Affected Software
References

Software	From	Fixed in
videolan / vlc_media_player	0.7.2	0.7.2.x
videolan / vlc_media_player	0.8.4a	0.8.4a.x
videolan / vlc_media_player	0.8.0	0.8.0.x
videolan / vlc_media_player	0.8.5	0.8.5.x
videolan / vlc_media_player	0.8.4	0.8.4.x
videolan / vlc_media_player	0.8.6	0.8.6.x
videolan / vlc_media_player	0.7.0	0.7.0.x
videolan / vlc_media_player	0.8.1	0.8.1.x
videolan / vlc_media_player	0.7.1	0.7.1.x
videolan / vlc_media_player	0.8.2	0.8.2.x

Vulnerability Database

289,697

CVE-2007-0017