CVE-2013-1954 - Vulnerability Details - OpenCVE

The ASF Demuxer (modules/demux/asf/asf.c) in VideoLAN VLC media player 2.0.5 and earlier allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a crafted ASF movie that triggers an out-of-bounds read.

No CVSS v4.0

No CVSS v3.1

No CVSS v3.0

Access Vector Network

Access Complexity Medium

Authentication None

Confidentiality Impact Partial

Integrity Impact Partial

Availability Impact Partial

This CVE is not in the KEV list.

Key SSVC decision points have not yet been added.

Vendors	Products
Videolan	Vlc Media Player

Configuration 1 [-]

OR	cpe:2.3:a:videolan:vlc_media_player::::::::
	cpe:2.3:a:videolan:vlc_media_player:2.0.0:::::::*
	cpe:2.3:a:videolan:vlc_media_player:2.0.1:::::::*
	cpe:2.3:a:videolan:vlc_media_player:2.0.2:::::::*
	cpe:2.3:a:videolan:vlc_media_player:2.0.3:::::::*
	cpe:2.3:a:videolan:vlc_media_player:2.0.4:::::::*

No data.

References

Link	Providers
http://git.videolan.org/?p=vlc.git%3Ba=commitdiff%3Bh=b31ce523331aa3a6e620b68cdfe3f161d519631e
http://marc.info/?l=oss-security&m=136593191416152&w=2
http://marc.info/?l=oss-security&m=136610343501731&w=2
http://secunia.com/advisories/59793
http://trac.videolan.org/vlc/ticket/8024
http://www.osvdb.org/89598
http://www.securityfocus.com/bid/57333
http://www.videolan.org/security/sa1302.html
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A17023

History

No history.

MITRE

Status: PUBLISHED

Assigner: redhat

Published: 2013-07-10T19:00:00

Updated: 2024-08-06T15:20:37.306Z

Reserved: 2013-02-19T00:00:00

Link: CVE-2013-1954

Vulnrichment

No data.

NVD

Status : Deferred

Published: 2013-07-10T19:55:04.650

Modified: 2025-04-11T00:51:21.963

Link: CVE-2013-1954

Redhat

No data.

{"containers": {"cna": {"affected": [{"product": "n/a", "vendor": "n/a", "versions": [{"status": "affected", "version": "n/a"}]}], "datePublic": "2013-04-14T00:00:00", "descriptions": [{"lang": "en", "value": "The ASF Demuxer (modules/demux/asf/asf.c) in VideoLAN VLC media player 2.0.5 and earlier allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a crafted ASF movie that triggers an out-of-bounds read."}], "problemTypes": [{"descriptions": [{"description": "n/a", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2017-09-18T12:57:01", "orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749", "shortName": "redhat"}, "references": [{"name": "[oss-security] 20130414 CVE Request: VLC Buffer Overflow in ASF Demuxer", "tags": ["mailing-list", "x_refsource_MLIST"], "url": "http://marc.info/?l=oss-security&m=136593191416152&w=2"}, {"name": "59793", "tags": ["third-party-advisory", "x_refsource_SECUNIA"], "url": "http://secunia.com/advisories/59793"}, {"name": "[oss-security] 20130416 Re: CVE Request: VLC Buffer Overflow in ASF Demuxer", "tags": ["mailing-list", "x_refsource_MLIST"], "url": "http://marc.info/?l=oss-security&m=136610343501731&w=2"}, {"tags": ["x_refsource_CONFIRM"], "url": "http://trac.videolan.org/vlc/ticket/8024"}, {"name": "57333", "tags": ["vdb-entry", "x_refsource_BID"], "url": "http://www.securityfocus.com/bid/57333"}, {"tags": ["x_refsource_CONFIRM"], "url": "http://git.videolan.org/?p=vlc.git%3Ba=commitdiff%3Bh=b31ce523331aa3a6e620b68cdfe3f161d519631e"}, {"name": "89598", "tags": ["vdb-entry", "x_refsource_OSVDB"], "url": "http://www.osvdb.org/89598"}, {"name": "oval:org.mitre.oval:def:17023", "tags": ["vdb-entry", "signature", "x_refsource_OVAL"], "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A17023"}, {"tags": ["x_refsource_CONFIRM"], "url": "http://www.videolan.org/security/sa1302.html"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "secalert@redhat.com", "ID": "CVE-2013-1954", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "n/a", "version": {"version_data": [{"version_value": "n/a"}]}}]}, "vendor_name": "n/a"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "The ASF Demuxer (modules/demux/asf/asf.c) in VideoLAN VLC media player 2.0.5 and earlier allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a crafted ASF movie that triggers an out-of-bounds read."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "n/a"}]}]}, "references": {"reference_data": [{"name": "[oss-security] 20130414 CVE Request: VLC Buffer Overflow in ASF Demuxer", "refsource": "MLIST", "url": "http://marc.info/?l=oss-security&m=136593191416152&w=2"}, {"name": "59793", "refsource": "SECUNIA", "url": "http://secunia.com/advisories/59793"}, {"name": "[oss-security] 20130416 Re: CVE Request: VLC Buffer Overflow in ASF Demuxer", "refsource": "MLIST", "url": "http://marc.info/?l=oss-security&m=136610343501731&w=2"}, {"name": "http://trac.videolan.org/vlc/ticket/8024", "refsource": "CONFIRM", "url": "http://trac.videolan.org/vlc/ticket/8024"}, {"name": "57333", "refsource": "BID", "url": "http://www.securityfocus.com/bid/57333"}, {"name": "http://git.videolan.org/?p=vlc.git;a=commitdiff;h=b31ce523331aa3a6e620b68cdfe3f161d519631e", "refsource": "CONFIRM", "url": "http://git.videolan.org/?p=vlc.git;a=commitdiff;h=b31ce523331aa3a6e620b68cdfe3f161d519631e"}, {"name": "89598", "refsource": "OSVDB", "url": "http://www.osvdb.org/89598"}, {"name": "oval:org.mitre.oval:def:17023", "refsource": "OVAL", "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A17023"}, {"name": "http://www.videolan.org/security/sa1302.html", "refsource": "CONFIRM", "url": "http://www.videolan.org/security/sa1302.html"}]}}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-06T15:20:37.306Z"}, "title": "CVE Program Container", "references": [{"name": "[oss-security] 20130414 CVE Request: VLC Buffer Overflow in ASF Demuxer", "tags": ["mailing-list", "x_refsource_MLIST", "x_transferred"], "url": "http://marc.info/?l=oss-security&m=136593191416152&w=2"}, {"name": "59793", "tags": ["third-party-advisory", "x_refsource_SECUNIA", "x_transferred"], "url": "http://secunia.com/advisories/59793"}, {"name": "[oss-security] 20130416 Re: CVE Request: VLC Buffer Overflow in ASF Demuxer", "tags": ["mailing-list", "x_refsource_MLIST", "x_transferred"], "url": "http://marc.info/?l=oss-security&m=136610343501731&w=2"}, {"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "http://trac.videolan.org/vlc/ticket/8024"}, {"name": "57333", "tags": ["vdb-entry", "x_refsource_BID", "x_transferred"], "url": "http://www.securityfocus.com/bid/57333"}, {"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "http://git.videolan.org/?p=vlc.git%3Ba=commitdiff%3Bh=b31ce523331aa3a6e620b68cdfe3f161d519631e"}, {"name": "89598", "tags": ["vdb-entry", "x_refsource_OSVDB", "x_transferred"], "url": "http://www.osvdb.org/89598"}, {"name": "oval:org.mitre.oval:def:17023", "tags": ["vdb-entry", "signature", "x_refsource_OVAL", "x_transferred"], "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A17023"}, {"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "http://www.videolan.org/security/sa1302.html"}]}]}, "cveMetadata": {"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749", "assignerShortName": "redhat", "cveId": "CVE-2013-1954", "datePublished": "2013-07-10T19:00:00", "dateReserved": "2013-02-19T00:00:00", "dateUpdated": "2024-08-06T15:20:37.306Z", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.1"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:videolan:vlc_media_player:*:*:*:*:*:*:*:*", "matchCriteriaId": "1C07CB4E-6D28-47EE-A9D8-A220B5F8D678", "versionEndIncluding": "2.0.5", "vulnerable": true}, {"criteria": "cpe:2.3:a:videolan:vlc_media_player:2.0.0:*:*:*:*:*:*:*", "matchCriteriaId": "1928547F-4689-43CD-9C66-7097AE360669", "vulnerable": true}, {"criteria": "cpe:2.3:a:videolan:vlc_media_player:2.0.1:*:*:*:*:*:*:*", "matchCriteriaId": "A3FD4FB1-A4E7-4712-B864-0F85D957E81D", "vulnerable": true}, {"criteria": "cpe:2.3:a:videolan:vlc_media_player:2.0.2:*:*:*:*:*:*:*", "matchCriteriaId": "2A6AE8D3-46C9-441B-886C-63D9A28DB918", "vulnerable": true}, {"criteria": "cpe:2.3:a:videolan:vlc_media_player:2.0.3:*:*:*:*:*:*:*", "matchCriteriaId": "99D5CFF3-0643-4AFD-B5D9-7C7C3B18C29B", "vulnerable": true}, {"criteria": "cpe:2.3:a:videolan:vlc_media_player:2.0.4:*:*:*:*:*:*:*", "matchCriteriaId": "8F2132F9-D49A-468F-94F0-BBEC3C4D4E24", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "The ASF Demuxer (modules/demux/asf/asf.c) in VideoLAN VLC media player 2.0.5 and earlier allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a crafted ASF movie that triggers an out-of-bounds read."}, {"lang": "es", "value": "El ASF Demuxer (modules/demux/asf/asf.c) en VideoLAN VLC media player v2.0.5 y anteriores permite a atacantes remotos provocar una denegaci\u00f3n de servicio (ca\u00edda) y posiblemente ejecutar c\u00f3digo arbitrario a trav\u00e9s de un fichero ASF especialmente dise\u00f1ado que genera una lectura fuera de los l\u00edmites."}], "id": "CVE-2013-1954", "lastModified": "2025-04-11T00:51:21.963", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "MEDIUM", "cvssData": {"accessComplexity": "MEDIUM", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "PARTIAL", "baseScore": 6.8, "confidentialityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0"}, "exploitabilityScore": 8.6, "impactScore": 6.4, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": true}]}, "published": "2013-07-10T19:55:04.650", "references": [{"source": "secalert@redhat.com", "url": "http://git.videolan.org/?p=vlc.git%3Ba=commitdiff%3Bh=b31ce523331aa3a6e620b68cdfe3f161d519631e"}, {"source": "secalert@redhat.com", "url": "http://marc.info/?l=oss-security&m=136593191416152&w=2"}, {"source": "secalert@redhat.com", "url": "http://marc.info/?l=oss-security&m=136610343501731&w=2"}, {"source": "secalert@redhat.com", "url": "http://secunia.com/advisories/59793"}, {"source": "secalert@redhat.com", "tags": ["Exploit"], "url": "http://trac.videolan.org/vlc/ticket/8024"}, {"source": "secalert@redhat.com", "url": "http://www.osvdb.org/89598"}, {"source": "secalert@redhat.com", "url": "http://www.securityfocus.com/bid/57333"}, {"source": "secalert@redhat.com", "tags": ["Vendor Advisory"], "url": "http://www.videolan.org/security/sa1302.html"}, {"source": "secalert@redhat.com", "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A17023"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://git.videolan.org/?p=vlc.git%3Ba=commitdiff%3Bh=b31ce523331aa3a6e620b68cdfe3f161d519631e"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://marc.info/?l=oss-security&m=136593191416152&w=2"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://marc.info/?l=oss-security&m=136610343501731&w=2"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://secunia.com/advisories/59793"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Exploit"], "url": "http://trac.videolan.org/vlc/ticket/8024"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.osvdb.org/89598"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.securityfocus.com/bid/57333"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Vendor Advisory"], "url": "http://www.videolan.org/security/sa1302.html"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A17023"}], "sourceIdentifier": "secalert@redhat.com", "vulnStatus": "Deferred", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-119"}], "source": "nvd@nist.gov", "type": "Primary"}]}