9.3 High
CVSS2
Access Vector
NETWORK
Access Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
COMPLETE
Integrity Impact
COMPLETE
Availability Impact
COMPLETE
AV:N/AC:M/Au:N/C:C/I:C/A:C
0.085 Low
EPSS
Percentile
94.4%
Debian Security Advisory DSA-2211-1 [email protected]
http://www.debian.org/security/ Moritz Muehlenhoff
April 06, 2011 http://www.debian.org/security/faq
Package : vlc
Vulnerability : missing input sanitising
Problem type : remote
Debian-specific: no
CVE ID : CVE-2010-3275 CVE-2010-3276
Ricardo Narvaja discovered that missing input sanitising in VLC, a
multimedia player and streamer, could lead to the execution of arbitrary
code if a user is tricked into opening a malformed media file.
This update also provides updated packages for oldstable (lenny) for
vulnerabilities, which have already been addressed in Debian stable
(squeeze), either during the freeze or in DSA-2159.
(CVE-2010-0522, CVE-2010-1441, CVE-2010-1442, CVE-2011-0531)
For the oldstable distribution (lenny), this problem has been fixed in
version 0.8.6.h-4+lenny3.
For the stable distribution (squeeze), this problem has been fixed in
version 1.1.3-1squeeze4.
For the unstable distribution (sid), this problem has been fixed in
version 1.1.8-1.
We recommend that you upgrade your vlc packages.
Further information about Debian Security Advisories, how to apply
these updates to your system and frequently asked questions can be
found at: http://www.debian.org/security/
Mailing list: [email protected]
OS | Version | Architecture | Package | Version | Filename |
---|---|---|---|---|---|
Debian | 5 | all | vlc | <Β 0.8.6.h-4+lenny3 | vlc_0.8.6.h-4+lenny3_all.deb |
Debian | 6 | all | vlc-plugin-zvbi | <Β 1.1.3-1squeeze4 | vlc-plugin-zvbi_1.1.3-1squeeze4_all.deb |
Debian | 6 | all | vlc-plugin-svgalib | <Β 1.1.3-1squeeze4 | vlc-plugin-svgalib_1.1.3-1squeeze4_all.deb |
Debian | 5 | all | vlc-plugin-ggi | <Β 0.8.6.h-4+lenny3 | vlc-plugin-ggi_0.8.6.h-4+lenny3_all.deb |
Debian | 6 | all | libvlccore-dev | <Β 1.1.3-1squeeze4 | libvlccore-dev_1.1.3-1squeeze4_all.deb |
Debian | 6 | all | vlc-plugin-ggi | <Β 1.1.3-1squeeze4 | vlc-plugin-ggi_1.1.3-1squeeze4_all.deb |
Debian | 5 | all | vlc-plugin-arts | <Β 0.8.6.h-4+lenny3 | vlc-plugin-arts_0.8.6.h-4+lenny3_all.deb |
Debian | 6 | all | vlc-plugin-pulse | <Β 1.1.3-1squeeze4 | vlc-plugin-pulse_1.1.3-1squeeze4_all.deb |
Debian | 6 | all | vlc-plugin-fluidsynth | <Β 1.1.3-1squeeze4 | vlc-plugin-fluidsynth_1.1.3-1squeeze4_all.deb |
Debian | 5 | all | vlc-plugin-glide | <Β 0.8.6.h-4+lenny3 | vlc-plugin-glide_0.8.6.h-4+lenny3_all.deb |