CVE-2007-6683 — vlc - multiple vulnerabilities

Description

The browser plugin in VideoLAN VLC 0.8.6d allows remote attackers to overwrite arbitrary files via (1) the :demuxdump-file option in a filename in a playlist, or (2) a EXTVLCOPT statement in an MP3 file, possibly an argument injection vulnerability.

How to fix CVE-2007-6683

To remediate CVE-2007-6683, upgrade the affected package to a fixed version below.

Debian/vlc—upgrade to 0.8.6.c-4.1 or later
Debian/vlc—upgrade to 0.8.6.c-6+lenny5 or later

Is CVE-2007-6683 being exploited?

Low — EPSS is 0.9%, meaning exploitation activity has not been observed at scale.

Affected packages (2)

from 0, < 0.8.6.c-4.1
from 0, < 0.8.6.c-6+lenny5

References (1)

ADVISORYsecurity-tracker.debian.org/tracker/CVE-2007-6683