Launchpad CVE tracker

CVE 2007-3316

Multiple format string vulnerabilities in plugins in VideoLAN VLC Media Player before 0.8.6c allow remote attackers to cause a denial of service (crash) or execute arbitrary code via format string specifiers in (1) an Ogg/Vorbis file, (2) an Ogg/Theora file, (3) a CDDB entry for a CD Digital Audio (CDDA) file, or (4) Service Announce Protocol (SAP) multicast packets.

Related bugs and status

CVE-2007-3316 (Candidate) is related to these bugs:

Bug #121511: [VLC] Format string injection in Vorbis, Theora, SAP and CDDA plugins

Summary				In	Importance	Status
	121511	[VLC] Format string injection in Vorbis, Theora, SAP and CDDA plugins		vlc (Ubuntu)	Medium	Fix Released

Bug #122207: vlc before 0.8.6c allows arbitrary code execution via a multitude of vectors

		In	Importance	Status
122207	vlc before 0.8.6c allows arbitrary code execution via a multitude of vectors	vlc (Ubuntu)	High	Fix Released
122207	vlc before 0.8.6c allows arbitrary code execution via a multitude of vectors	vlc (Ubuntu Dapper)	High	Invalid
122207	vlc before 0.8.6c allows arbitrary code execution via a multitude of vectors	vlc (Ubuntu Edgy)	High	Won't Fix
122207	vlc before 0.8.6c allows arbitrary code execution via a multitude of vectors	vlc (Ubuntu Feisty)	High	Won't Fix
122207	vlc before 0.8.6c allows arbitrary code execution via a multitude of vectors	vlc (Ubuntu Gutsy)	High	Fix Released
122207	vlc before 0.8.6c allows arbitrary code execution via a multitude of vectors	VLC media player	Undecided	Fix Released
122207	vlc before 0.8.6c allows arbitrary code execution via a multitude of vectors	vlc (Debian)	Unknown	Fix Released

See the

CVE page on Mitre.org for more details.

Launchpad.net

CVE 2007-3316

References