CVE-2007-6681 - Vulnerability Details - OpenCVE

Stack-based buffer overflow in modules/demux/subtitle.c in VideoLAN VLC 0.8.6d allows remote attackers to execute arbitrary code via a long subtitle in a (1) MicroDvd, (2) SSA, and (3) Vplayer file.

No CVSS v4.0

No CVSS v3.1

No CVSS v3.0

Access Vector Network

Access Complexity Low

Authentication None

Confidentiality Impact Partial

Integrity Impact Partial

Availability Impact Partial

This CVE is not in the KEV list.

Key SSVC decision points have not yet been added.

Vendors	Products
Videolan	Vlc

Configuration 1 [-]

cpe:2.3:a:videolan:vlc:*:*:*:*:*:*:*:*

No data.

References

Link	Providers
http://aluigi.altervista.org/adv/vlcboffs-adv.txt
http://mailman.videolan.org/pipermail/vlc-devel/2007-June/032672.html
http://mailman.videolan.org/pipermail/vlc-devel/2007-June/033394.html
http://osvdb.org/42207
http://secunia.com/advisories/28233
http://secunia.com/advisories/29284
http://secunia.com/advisories/29766
http://secunia.com/advisories/29800
http://security.gentoo.org/glsa/glsa-200804-25.xml
http://securityreason.com/securityalert/3550
http://wiki.videolan.org/Changelog/0.8.6f
http://www.debian.org/security/2008/dsa-1543
http://www.gentoo.org/security/en/glsa/glsa-200803-13.xml
http://www.securityfocus.com/archive/1/485488/30/0/threaded
http://www.securityfocus.com/bid/27015
http://www.videolan.org/security/sa0801.php
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A14334
https://www.exploit-db.com/exploits/5667

History

No history.

MITRE

Status: PUBLISHED

Assigner: mitre

Published: 2008-01-17T00:00:00

Updated: 2024-08-07T16:18:20.564Z

Reserved: 2008-01-16T00:00:00

Link: CVE-2007-6681

Vulnrichment

No data.

NVD

Status : Deferred

Published: 2008-01-17T01:00:00.000

Modified: 2025-04-09T00:30:58.490

Link: CVE-2007-6681

Redhat

No data.

{"containers": {"cna": {"affected": [{"product": "n/a", "vendor": "n/a", "versions": [{"status": "affected", "version": "n/a"}]}], "datePublic": "2006-06-26T00:00:00", "descriptions": [{"lang": "en", "value": "Stack-based buffer overflow in modules/demux/subtitle.c in VideoLAN VLC 0.8.6d allows remote attackers to execute arbitrary code via a long subtitle in a (1) MicroDvd, (2) SSA, and (3) Vplayer file."}], "problemTypes": [{"descriptions": [{"description": "n/a", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2017-09-28T12:57:01", "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre"}, "references": [{"name": "29284", "tags": ["third-party-advisory", "x_refsource_SECUNIA"], "url": "http://secunia.com/advisories/29284"}, {"name": "DSA-1543", "tags": ["vendor-advisory", "x_refsource_DEBIAN"], "url": "http://www.debian.org/security/2008/dsa-1543"}, {"name": "3550", "tags": ["third-party-advisory", "x_refsource_SREASON"], "url": "http://securityreason.com/securityalert/3550"}, {"name": "5667", "tags": ["exploit", "x_refsource_EXPLOIT-DB"], "url": "https://www.exploit-db.com/exploits/5667"}, {"name": "oval:org.mitre.oval:def:14334", "tags": ["vdb-entry", "signature", "x_refsource_OVAL"], "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A14334"}, {"tags": ["x_refsource_CONFIRM"], "url": "http://www.videolan.org/security/sa0801.php"}, {"name": "28233", "tags": ["third-party-advisory", "x_refsource_SECUNIA"], "url": "http://secunia.com/advisories/28233"}, {"name": "GLSA-200804-25", "tags": ["vendor-advisory", "x_refsource_GENTOO"], "url": "http://security.gentoo.org/glsa/glsa-200804-25.xml"}, {"name": "27015", "tags": ["vdb-entry", "x_refsource_BID"], "url": "http://www.securityfocus.com/bid/27015"}, {"name": "[vlc-devel] 20070630 vlc: svn commit r20715 (fenrir)", "tags": ["mailing-list", "x_refsource_MLIST"], "url": "http://mailman.videolan.org/pipermail/vlc-devel/2007-June/033394.html"}, {"tags": ["x_refsource_CONFIRM"], "url": "http://wiki.videolan.org/Changelog/0.8.6f"}, {"name": "29800", "tags": ["third-party-advisory", "x_refsource_SECUNIA"], "url": "http://secunia.com/advisories/29800"}, {"name": "[vlc-devel] 20070626 subtitle processing overflows", "tags": ["mailing-list", "x_refsource_MLIST"], "url": "http://mailman.videolan.org/pipermail/vlc-devel/2007-June/032672.html"}, {"name": "20071224 Buffer-overflow and format string in VideoLAN VLC 0.8.6d", "tags": ["mailing-list", "x_refsource_BUGTRAQ"], "url": "http://www.securityfocus.com/archive/1/485488/30/0/threaded"}, {"name": "29766", "tags": ["third-party-advisory", "x_refsource_SECUNIA"], "url": "http://secunia.com/advisories/29766"}, {"name": "42207", "tags": ["vdb-entry", "x_refsource_OSVDB"], "url": "http://osvdb.org/42207"}, {"tags": ["x_refsource_MISC"], "url": "http://aluigi.altervista.org/adv/vlcboffs-adv.txt"}, {"name": "GLSA-200803-13", "tags": ["vendor-advisory", "x_refsource_GENTOO"], "url": "http://www.gentoo.org/security/en/glsa/glsa-200803-13.xml"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "cve@mitre.org", "ID": "CVE-2007-6681", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "n/a", "version": {"version_data": [{"version_value": "n/a"}]}}]}, "vendor_name": "n/a"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "Stack-based buffer overflow in modules/demux/subtitle.c in VideoLAN VLC 0.8.6d allows remote attackers to execute arbitrary code via a long subtitle in a (1) MicroDvd, (2) SSA, and (3) Vplayer file."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "n/a"}]}]}, "references": {"reference_data": [{"name": "29284", "refsource": "SECUNIA", "url": "http://secunia.com/advisories/29284"}, {"name": "DSA-1543", "refsource": "DEBIAN", "url": "http://www.debian.org/security/2008/dsa-1543"}, {"name": "3550", "refsource": "SREASON", "url": "http://securityreason.com/securityalert/3550"}, {"name": "5667", "refsource": "EXPLOIT-DB", "url": "https://www.exploit-db.com/exploits/5667"}, {"name": "oval:org.mitre.oval:def:14334", "refsource": "OVAL", "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A14334"}, {"name": "http://www.videolan.org/security/sa0801.php", "refsource": "CONFIRM", "url": "http://www.videolan.org/security/sa0801.php"}, {"name": "28233", "refsource": "SECUNIA", "url": "http://secunia.com/advisories/28233"}, {"name": "GLSA-200804-25", "refsource": "GENTOO", "url": "http://security.gentoo.org/glsa/glsa-200804-25.xml"}, {"name": "27015", "refsource": "BID", "url": "http://www.securityfocus.com/bid/27015"}, {"name": "[vlc-devel] 20070630 vlc: svn commit r20715 (fenrir)", "refsource": "MLIST", "url": "http://mailman.videolan.org/pipermail/vlc-devel/2007-June/033394.html"}, {"name": "http://wiki.videolan.org/Changelog/0.8.6f", "refsource": "CONFIRM", "url": "http://wiki.videolan.org/Changelog/0.8.6f"}, {"name": "29800", "refsource": "SECUNIA", "url": "http://secunia.com/advisories/29800"}, {"name": "[vlc-devel] 20070626 subtitle processing overflows", "refsource": "MLIST", "url": "http://mailman.videolan.org/pipermail/vlc-devel/2007-June/032672.html"}, {"name": "20071224 Buffer-overflow and format string in VideoLAN VLC 0.8.6d", "refsource": "BUGTRAQ", "url": "http://www.securityfocus.com/archive/1/485488/30/0/threaded"}, {"name": "29766", "refsource": "SECUNIA", "url": "http://secunia.com/advisories/29766"}, {"name": "42207", "refsource": "OSVDB", "url": "http://osvdb.org/42207"}, {"name": "http://aluigi.altervista.org/adv/vlcboffs-adv.txt", "refsource": "MISC", "url": "http://aluigi.altervista.org/adv/vlcboffs-adv.txt"}, {"name": "GLSA-200803-13", "refsource": "GENTOO", "url": "http://www.gentoo.org/security/en/glsa/glsa-200803-13.xml"}]}}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-07T16:18:20.564Z"}, "title": "CVE Program Container", "references": [{"name": "29284", "tags": ["third-party-advisory", "x_refsource_SECUNIA", "x_transferred"], "url": "http://secunia.com/advisories/29284"}, {"name": "DSA-1543", "tags": ["vendor-advisory", "x_refsource_DEBIAN", "x_transferred"], "url": "http://www.debian.org/security/2008/dsa-1543"}, {"name": "3550", "tags": ["third-party-advisory", "x_refsource_SREASON", "x_transferred"], "url": "http://securityreason.com/securityalert/3550"}, {"name": "5667", "tags": ["exploit", "x_refsource_EXPLOIT-DB", "x_transferred"], "url": "https://www.exploit-db.com/exploits/5667"}, {"name": "oval:org.mitre.oval:def:14334", "tags": ["vdb-entry", "signature", "x_refsource_OVAL", "x_transferred"], "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A14334"}, {"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "http://www.videolan.org/security/sa0801.php"}, {"name": "28233", "tags": ["third-party-advisory", "x_refsource_SECUNIA", "x_transferred"], "url": "http://secunia.com/advisories/28233"}, {"name": "GLSA-200804-25", "tags": ["vendor-advisory", "x_refsource_GENTOO", "x_transferred"], "url": "http://security.gentoo.org/glsa/glsa-200804-25.xml"}, {"name": "27015", "tags": ["vdb-entry", "x_refsource_BID", "x_transferred"], "url": "http://www.securityfocus.com/bid/27015"}, {"name": "[vlc-devel] 20070630 vlc: svn commit r20715 (fenrir)", "tags": ["mailing-list", "x_refsource_MLIST", "x_transferred"], "url": "http://mailman.videolan.org/pipermail/vlc-devel/2007-June/033394.html"}, {"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "http://wiki.videolan.org/Changelog/0.8.6f"}, {"name": "29800", "tags": ["third-party-advisory", "x_refsource_SECUNIA", "x_transferred"], "url": "http://secunia.com/advisories/29800"}, {"name": "[vlc-devel] 20070626 subtitle processing overflows", "tags": ["mailing-list", "x_refsource_MLIST", "x_transferred"], "url": "http://mailman.videolan.org/pipermail/vlc-devel/2007-June/032672.html"}, {"name": "20071224 Buffer-overflow and format string in VideoLAN VLC 0.8.6d", "tags": ["mailing-list", "x_refsource_BUGTRAQ", "x_transferred"], "url": "http://www.securityfocus.com/archive/1/485488/30/0/threaded"}, {"name": "29766", "tags": ["third-party-advisory", "x_refsource_SECUNIA", "x_transferred"], "url": "http://secunia.com/advisories/29766"}, {"name": "42207", "tags": ["vdb-entry", "x_refsource_OSVDB", "x_transferred"], "url": "http://osvdb.org/42207"}, {"tags": ["x_refsource_MISC", "x_transferred"], "url": "http://aluigi.altervista.org/adv/vlcboffs-adv.txt"}, {"name": "GLSA-200803-13", "tags": ["vendor-advisory", "x_refsource_GENTOO", "x_transferred"], "url": "http://www.gentoo.org/security/en/glsa/glsa-200803-13.xml"}]}]}, "cveMetadata": {"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "assignerShortName": "mitre", "cveId": "CVE-2007-6681", "datePublished": "2008-01-17T00:00:00", "dateReserved": "2008-01-16T00:00:00", "dateUpdated": "2024-08-07T16:18:20.564Z", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.1"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:videolan:vlc:*:*:*:*:*:*:*:*", "matchCriteriaId": "51E219A8-7A7C-49A5-9978-A1470CEF3702", "versionEndIncluding": "0.8.6d", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "Stack-based buffer overflow in modules/demux/subtitle.c in VideoLAN VLC 0.8.6d allows remote attackers to execute arbitrary code via a long subtitle in a (1) MicroDvd, (2) SSA, and (3) Vplayer file."}, {"lang": "es", "value": "Desbordamiento de b\u00fafer basado en pila en modules/demux/subtitle.c de VideoLAN VLC 0.8.6d permite a atacantes remotos ejecutar c\u00f3digo de su elecci\u00f3n mediante un subt\u00edtulo largo en un fichero (1) MicroDvd, (2) SSA, y (3) Vplayer."}], "id": "CVE-2007-6681", "lastModified": "2025-04-09T00:30:58.490", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "HIGH", "cvssData": {"accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "PARTIAL", "baseScore": 7.5, "confidentialityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0"}, "exploitabilityScore": 10.0, "impactScore": 6.4, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}]}, "published": "2008-01-17T01:00:00.000", "references": [{"source": "cve@mitre.org", "url": "http://aluigi.altervista.org/adv/vlcboffs-adv.txt"}, {"source": "cve@mitre.org", "url": "http://mailman.videolan.org/pipermail/vlc-devel/2007-June/032672.html"}, {"source": "cve@mitre.org", "url": "http://mailman.videolan.org/pipermail/vlc-devel/2007-June/033394.html"}, {"source": "cve@mitre.org", "url": "http://osvdb.org/42207"}, {"source": "cve@mitre.org", "url": "http://secunia.com/advisories/28233"}, {"source": "cve@mitre.org", "url": "http://secunia.com/advisories/29284"}, {"source": "cve@mitre.org", "url": "http://secunia.com/advisories/29766"}, {"source": "cve@mitre.org", "url": "http://secunia.com/advisories/29800"}, {"source": "cve@mitre.org", "url": "http://security.gentoo.org/glsa/glsa-200804-25.xml"}, {"source": "cve@mitre.org", "url": "http://securityreason.com/securityalert/3550"}, {"source": "cve@mitre.org", "url": "http://wiki.videolan.org/Changelog/0.8.6f"}, {"source": "cve@mitre.org", "url": "http://www.debian.org/security/2008/dsa-1543"}, {"source": "cve@mitre.org", "url": "http://www.gentoo.org/security/en/glsa/glsa-200803-13.xml"}, {"source": "cve@mitre.org", "url": "http://www.securityfocus.com/archive/1/485488/30/0/threaded"}, {"source": "cve@mitre.org", "url": "http://www.securityfocus.com/bid/27015"}, {"source": "cve@mitre.org", "url": "http://www.videolan.org/security/sa0801.php"}, {"source": "cve@mitre.org", "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A14334"}, {"source": "cve@mitre.org", "url": "https://www.exploit-db.com/exploits/5667"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://aluigi.altervista.org/adv/vlcboffs-adv.txt"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://mailman.videolan.org/pipermail/vlc-devel/2007-June/032672.html"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://mailman.videolan.org/pipermail/vlc-devel/2007-June/033394.html"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://osvdb.org/42207"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://secunia.com/advisories/28233"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://secunia.com/advisories/29284"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://secunia.com/advisories/29766"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://secunia.com/advisories/29800"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://security.gentoo.org/glsa/glsa-200804-25.xml"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://securityreason.com/securityalert/3550"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://wiki.videolan.org/Changelog/0.8.6f"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.debian.org/security/2008/dsa-1543"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.gentoo.org/security/en/glsa/glsa-200803-13.xml"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.securityfocus.com/archive/1/485488/30/0/threaded"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.securityfocus.com/bid/27015"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.videolan.org/security/sa0801.php"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A14334"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://www.exploit-db.com/exploits/5667"}], "sourceIdentifier": "cve@mitre.org", "vulnStatus": "Deferred", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-119"}], "source": "nvd@nist.gov", "type": "Primary"}]}