CVE-2010-2062

EPSS 3.0%

vlc - arbitrary code execution

發布日:2014/12/26修改日:2026/4/28

也稱為:DEBIAN-CVE-2010-2062

描述

Integer underflow in the real_get_rdt_chunk function in real.c, as used in modules/access/rtsp/real.c in VideoLAN VLC media player before 1.0.1 and stream/realrtsp/real.c in MPlayer before r29447, allows remote attackers to execute arbitrary code via a crafted length value in an RDT chunk header.

受影響套件(4)

Debian/mplayerfrom 0, < 2:1.0~rc3+svn20100502-3
Debian/mplayerfrom 0, < 1.0~rc2-17+lenny3.2
Debian/vlcfrom 0, < 1.0.1-1
Debian/vlcfrom 0, < 0.8.6.h-4+lenny2.3

參考連結(1)

ADVISORYhttps://security-tracker.debian.org/tracker/CVE-2010-2062