Launchpad.net

CVE 2007-6683

The browser plugin in VideoLAN VLC 0.8.6d allows remote attackers to overwrite arbitrary files via (1) the :demuxdump-file option in a filename in a playlist, or (2) a EXTVLCOPT statement in an MP3 file, possibly an argument injection vulnerability.

Related bugs and status

CVE-2007-6683 (Candidate) is related to these bugs:

Bug #214977: [vlc] [DSA-1543-1] several vulnerabilities

Summary				In	Importance	Status
	214977	[vlc] [DSA-1543-1] several vulnerabilities		vlc (Ubuntu)	Undecided	New

Bug #238873: vlc in Hardy needs a security update

		In	Importance	Status
238873	vlc in Hardy needs a security update	vlc (Ubuntu)	High	Fix Released
238873	vlc in Hardy needs a security update	vlc (Ubuntu Dapper)	Undecided	Invalid
238873	vlc in Hardy needs a security update	vlc (Ubuntu Feisty)	Undecided	Won't Fix
238873	vlc in Hardy needs a security update	vlc (Ubuntu Gutsy)	Undecided	Won't Fix
238873	vlc in Hardy needs a security update	vlc (Ubuntu Intrepid)	High	Fix Released
238873	vlc in Hardy needs a security update	vlc (Ubuntu Hardy)	High	Fix Released

See the

CVE page on Mitre.org for more details.

References

MLIST: [vlc-devel] 20071226 R...
CONFIRM: https://trac.videolan....
CONFIRM: https://trac.videolan....
GENTOO: GLSA-200803-13
SECUNIA: 29284
DEBIAN: DSA-1543
SECUNIA: 29766
BID: 28712
OSVDB: 42205
OSVDB: 42206
OVAL: oval:org.mitre.oval:de...