Vulnerability CVE-2010-2937: Information

Description

The ReadMetaFromId3v2 function in taglib.cpp in the TagLib plugin in VideoLAN VLC media player 0.9.0 through 1.1.2 does not properly process ID3v2 tags, which allows remote attackers to cause a denial of service (application crash) via a crafted media file.

Severity: MEDIUM (5.0)

URL: https://nvd.nist.gov/vuln/detail/CVE-2010-2937
Published: Aug. 20, 2010
Modified: Nov. 7, 2023
Error type identifier: CWE-20

References to Advisories, Solutions, and Tools

Hyperlink
Resource
42386
    http://www.videolan.org/security/sa1004.html
    • Vendor Advisory
    ADV-2010-2087
      oval:org.mitre.oval:def:14676
        http://git.videolan.org/?p=vlc/vlc-1.0.git%3Ba=commit%3Bh=22a22e356c9d93993086810b2e25b59b55925b3a
          http://git.videolan.org/?p=vlc/vlc-1.1.git%3Ba=commit%3Bh=24918843e57c7962e28fcb01845adce82bed6516

              1. Configuration 1

                cpe:2.3:a:videolan:vlc_media_player:1.0.3:*:*:*:*:*:*:*
                cpe:2.3:a:videolan:vlc_media_player:0.9.0:*:*:*:*:*:*:*
                cpe:2.3:a:videolan:vlc_media_player:0.9.4:*:*:*:*:*:*:*
                cpe:2.3:a:videolan:vlc_media_player:0.9.9a:*:*:*:*:*:*:*
                cpe:2.3:a:videolan:vlc_media_player:0.9.10:*:*:*:*:*:*:*
                cpe:2.3:a:videolan:vlc_media_player:0.9.7:*:*:*:*:*:*:*
                cpe:2.3:a:videolan:vlc_media_player:0.9.1:*:*:*:*:*:*:*
                cpe:2.3:a:videolan:vlc_media_player:0.9.8a:*:*:*:*:*:*:*
                cpe:2.3:a:videolan:vlc_media_player:1.0.1:*:*:*:*:*:*:*
                cpe:2.3:a:videolan:vlc_media_player:1.1.2:*:*:*:*:*:*:*
                cpe:2.3:a:videolan:vlc_media_player:1.0.0:*:*:*:*:*:*:*
                cpe:2.3:a:videolan:vlc_media_player:0.9.5:*:*:*:*:*:*:*
                cpe:2.3:a:videolan:vlc_media_player:1.0.4:*:*:*:*:*:*:*
                cpe:2.3:a:videolan:vlc_media_player:1.1.0:*:*:*:*:*:*:*
                cpe:2.3:a:videolan:vlc_media_player:1.0.2:*:*:*:*:*:*:*
                cpe:2.3:a:videolan:vlc_media_player:0.9.2:*:*:*:*:*:*:*
                cpe:2.3:a:videolan:vlc_media_player:0.9.9:*:*:*:*:*:*:*
                cpe:2.3:a:videolan:vlc_media_player:1.1.1:*:*:*:*:*:*:*
                cpe:2.3:a:videolan:vlc_media_player:1.0.6:*:*:*:*:*:*:*
                cpe:2.3:a:videolan:vlc_media_player:1.0.5:*:*:*:*:*:*:*
                cpe:2.3:a:videolan:vlc_media_player:0.9.3:*:*:*:*:*:*:*
                cpe:2.3:a:videolan:vlc_media_player:0.9.6:*:*:*:*:*:*:*
            VKontakte|Telegram|YouTube|Forum|GitHub|Bugzilla
            Version: v24.4.2
            Back to top