Buffer overflow in Videolan Vlc_media_player

CVE-2013-1868

Multiple buffer overflows in VideoLAN VLC media player 2.0.4 and earlier allow remote attackers to cause a denial of service (crash) and execute arbitrary code via vectors related to the (1) freetype renderer and (2) HTML subtitle parser.

Vulnerability class: Buffer Overflow

EPSS: 0.507 (97.9th percentile) — read the EPSS interpretation.

Affected products

Videolan Vlc_media_player — versions 2.0.0, 2.0.1, 2.0.2
N/a — versions n/a

Weakness classification (CWE)

CWE-119 — Improper Restriction of Operations within the Bounds of a Memory Buffer

References

59793 (x_refsource_SECUNIA, third-party-advisory)
[oss-security] 20130319 Re: CVE Request: VLC Buffer overflows (mailing-list, x_refsource_MLIST)
secalert@redhat.com (x_refsource_CONFIRM)
57079 (vdb-entry, x_refsource_BID)
oval:org.mitre.oval:def:17226 (x_refsource_OVAL, signature, vdb-entry)