Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
N/A
Vulnerability Description
Multiple format string vulnerabilities in (1) the cdio_log_handler function in modules/access/cdda/access.c in the CDDA (libcdda_plugin) plugin, and the (2) cdio_log_handler and (3) vcd_log_handler functions in modules/access/vcdx/access.c in the VCDX (libvcdx_plugin) plugin, in VideoLAN VLC 0.7.0 through 0.8.6 allow user-assisted remote attackers to execute arbitrary code via format string specifiers in an invalid URI, as demonstrated by a udp://-- URI in an M3U file.
CVSS Information
N/A
Vulnerability Type
N/A
Vulnerability Title
VLC Media Player畸形"udp://"URI格式串处理漏洞
Vulnerability Description
VideoLAN VLC media player是法国VideoLAN组织开发的一款免费、开源的跨平台多媒体播放器(也是一个多媒体框架)。该产品支持播放多种介质(文件、光盘等)、多种音视频格式(WMV, MP3等)等。 VLC Media Player在处理畸形的URI串时存在漏洞,远程攻击者可能利用此漏洞在用户机器上执行任意指令。VLC Media Player在处理"udp://"开头的URI串时存在格式串处理漏洞,远程攻击者可能利用此漏洞通过诱使用户访问恶意网页或打开恶意M3U文件控制用户机器。
CVSS Information
N/A
Vulnerability Type
N/A