ID OPENVAS:702973 Type openvas Reporter Copyright (c) 2014 Greenbone Networks GmbH http://greenbone.net Modified 2017-07-11T00:00:00
Description
Multiple buffer overflows have been found in the VideoLAN media player.
Processing malformed subtitles or movie files could lead to denial of
service and potentially the execution of arbitrary code.
# OpenVAS Vulnerability Test
# $Id: deb_2973.nasl 6663 2017-07-11 09:58:05Z teissa $
# Auto-generated from advisory DSA 2973-1 using nvtgen 1.0
# Script version: 1.0
#
# Author:
# Greenbone Networks
#
# Copyright:
# Copyright (c) 2014 Greenbone Networks GmbH http://greenbone.net
# Text descriptions are largely excerpted from the referenced
# advisory, and are Copyright (c) the respective author(s)
#
# This program is free software; you can redistribute it and/or
# modify it under the terms of the GNU General Public License
# as published by the Free Software Foundation; either version 2
# of the License, or (at your option) any later version.
#
# This program is distributed in the hope that it will be useful,
# but WITHOUT ANY WARRANTY; without even the implied warranty of
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
# GNU General Public License for more details.
#
# You should have received a copy of the GNU General Public License
# along with this program; if not, write to the Free Software
# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
#
tag_affected = "vlc on Debian Linux";
tag_insight = "VLC is the VideoLAN project's media player. It plays MPEG, MPEG-2, MPEG-4,
DivX, MOV, WMV, QuickTime, WebM, FLAC, MP3, Ogg/Vorbis files, DVDs, VCDs,
podcasts, and multimedia streams from various network sources.";
tag_solution = "For the stable distribution (wheezy), these problems have been fixed in
version 2.0.3-5+deb7u1.
For the testing distribution (jessie), these problems have been fixed in
version 2.1.0-1.
For the unstable distribution (sid), these problems have been fixed in
version 2.1.0-1.
We recommend that you upgrade your vlc packages.";
tag_summary = "Multiple buffer overflows have been found in the VideoLAN media player.
Processing malformed subtitles or movie files could lead to denial of
service and potentially the execution of arbitrary code.";
tag_vuldetect = "This check tests the installed software version using the apt package manager.";
if(description)
{
script_id(702973);
script_version("$Revision: 6663 $");
script_cve_id("CVE-2013-1868", "CVE-2013-1954", "CVE-2013-4388");
script_name("Debian Security Advisory DSA 2973-1 (vlc - security update)");
script_tag(name: "last_modification", value:"$Date: 2017-07-11 11:58:05 +0200 (Tue, 11 Jul 2017) $");
script_tag(name: "creation_date", value:"2014-07-07 00:00:00 +0200 (Mon, 07 Jul 2014)");
script_tag(name:"cvss_base", value:"9.3");
script_tag(name:"cvss_base_vector", value:"AV:N/AC:M/Au:N/C:C/I:C/A:C");
script_xref(name: "URL", value: "http://www.debian.org/security/2014/dsa-2973.html");
script_category(ACT_GATHER_INFO);
script_copyright("Copyright (c) 2014 Greenbone Networks GmbH http://greenbone.net");
script_family("Debian Local Security Checks");
script_dependencies("gather-package-list.nasl");
script_mandatory_keys("ssh/login/debian_linux", "ssh/login/packages");
script_tag(name: "affected", value: tag_affected);
script_tag(name: "insight", value: tag_insight);
# script_tag(name: "impact", value: tag_impact);
script_tag(name: "solution", value: tag_solution);
script_tag(name: "summary", value: tag_summary);
script_tag(name: "vuldetect", value: tag_vuldetect);
script_tag(name:"qod_type", value:"package");
script_tag(name:"solution_type", value:"VendorFix");
exit(0);
}
include("revisions-lib.inc");
include("pkg-lib-deb.inc");
res = "";
report = "";
if ((res = isdpkgvuln(pkg:"libvlc-dev", ver:"2.0.3-5+deb7u1", rls:"DEB7.0")) != NULL) {
report += res;
}
if ((res = isdpkgvuln(pkg:"libvlc5", ver:"2.0.3-5+deb7u1", rls:"DEB7.0")) != NULL) {
report += res;
}
if ((res = isdpkgvuln(pkg:"libvlccore-dev", ver:"2.0.3-5+deb7u1", rls:"DEB7.0")) != NULL) {
report += res;
}
if ((res = isdpkgvuln(pkg:"libvlccore5", ver:"2.0.3-5+deb7u1", rls:"DEB7.0")) != NULL) {
report += res;
}
if ((res = isdpkgvuln(pkg:"vlc", ver:"2.0.3-5+deb7u1", rls:"DEB7.0")) != NULL) {
report += res;
}
if ((res = isdpkgvuln(pkg:"vlc-data", ver:"2.0.3-5+deb7u1", rls:"DEB7.0")) != NULL) {
report += res;
}
if ((res = isdpkgvuln(pkg:"vlc-dbg", ver:"2.0.3-5+deb7u1", rls:"DEB7.0")) != NULL) {
report += res;
}
if ((res = isdpkgvuln(pkg:"vlc-nox", ver:"2.0.3-5+deb7u1", rls:"DEB7.0")) != NULL) {
report += res;
}
if ((res = isdpkgvuln(pkg:"vlc-plugin-fluidsynth", ver:"2.0.3-5+deb7u1", rls:"DEB7.0")) != NULL) {
report += res;
}
if ((res = isdpkgvuln(pkg:"vlc-plugin-jack", ver:"2.0.3-5+deb7u1", rls:"DEB7.0")) != NULL) {
report += res;
}
if ((res = isdpkgvuln(pkg:"vlc-plugin-notify", ver:"2.0.3-5+deb7u1", rls:"DEB7.0")) != NULL) {
report += res;
}
if ((res = isdpkgvuln(pkg:"vlc-plugin-pulse", ver:"2.0.3-5+deb7u1", rls:"DEB7.0")) != NULL) {
report += res;
}
if ((res = isdpkgvuln(pkg:"vlc-plugin-sdl", ver:"2.0.3-5+deb7u1", rls:"DEB7.0")) != NULL) {
report += res;
}
if ((res = isdpkgvuln(pkg:"vlc-plugin-svg", ver:"2.0.3-5+deb7u1", rls:"DEB7.0")) != NULL) {
report += res;
}
if ((res = isdpkgvuln(pkg:"vlc-plugin-zvbi", ver:"2.0.3-5+deb7u1", rls:"DEB7.0")) != NULL) {
report += res;
}
if ((res = isdpkgvuln(pkg:"libvlc-dev", ver:"2.0.3-5+deb7u1", rls:"DEB7.1")) != NULL) {
report += res;
}
if ((res = isdpkgvuln(pkg:"libvlc5", ver:"2.0.3-5+deb7u1", rls:"DEB7.1")) != NULL) {
report += res;
}
if ((res = isdpkgvuln(pkg:"libvlccore-dev", ver:"2.0.3-5+deb7u1", rls:"DEB7.1")) != NULL) {
report += res;
}
if ((res = isdpkgvuln(pkg:"libvlccore5", ver:"2.0.3-5+deb7u1", rls:"DEB7.1")) != NULL) {
report += res;
}
if ((res = isdpkgvuln(pkg:"vlc", ver:"2.0.3-5+deb7u1", rls:"DEB7.1")) != NULL) {
report += res;
}
if ((res = isdpkgvuln(pkg:"vlc-data", ver:"2.0.3-5+deb7u1", rls:"DEB7.1")) != NULL) {
report += res;
}
if ((res = isdpkgvuln(pkg:"vlc-dbg", ver:"2.0.3-5+deb7u1", rls:"DEB7.1")) != NULL) {
report += res;
}
if ((res = isdpkgvuln(pkg:"vlc-nox", ver:"2.0.3-5+deb7u1", rls:"DEB7.1")) != NULL) {
report += res;
}
if ((res = isdpkgvuln(pkg:"vlc-plugin-fluidsynth", ver:"2.0.3-5+deb7u1", rls:"DEB7.1")) != NULL) {
report += res;
}
if ((res = isdpkgvuln(pkg:"vlc-plugin-jack", ver:"2.0.3-5+deb7u1", rls:"DEB7.1")) != NULL) {
report += res;
}
if ((res = isdpkgvuln(pkg:"vlc-plugin-notify", ver:"2.0.3-5+deb7u1", rls:"DEB7.1")) != NULL) {
report += res;
}
if ((res = isdpkgvuln(pkg:"vlc-plugin-pulse", ver:"2.0.3-5+deb7u1", rls:"DEB7.1")) != NULL) {
report += res;
}
if ((res = isdpkgvuln(pkg:"vlc-plugin-sdl", ver:"2.0.3-5+deb7u1", rls:"DEB7.1")) != NULL) {
report += res;
}
if ((res = isdpkgvuln(pkg:"vlc-plugin-svg", ver:"2.0.3-5+deb7u1", rls:"DEB7.1")) != NULL) {
report += res;
}
if ((res = isdpkgvuln(pkg:"vlc-plugin-zvbi", ver:"2.0.3-5+deb7u1", rls:"DEB7.1")) != NULL) {
report += res;
}
if ((res = isdpkgvuln(pkg:"libvlc-dev", ver:"2.0.3-5+deb7u1", rls:"DEB7.2")) != NULL) {
report += res;
}
if ((res = isdpkgvuln(pkg:"libvlc5", ver:"2.0.3-5+deb7u1", rls:"DEB7.2")) != NULL) {
report += res;
}
if ((res = isdpkgvuln(pkg:"libvlccore-dev", ver:"2.0.3-5+deb7u1", rls:"DEB7.2")) != NULL) {
report += res;
}
if ((res = isdpkgvuln(pkg:"libvlccore5", ver:"2.0.3-5+deb7u1", rls:"DEB7.2")) != NULL) {
report += res;
}
if ((res = isdpkgvuln(pkg:"vlc", ver:"2.0.3-5+deb7u1", rls:"DEB7.2")) != NULL) {
report += res;
}
if ((res = isdpkgvuln(pkg:"vlc-data", ver:"2.0.3-5+deb7u1", rls:"DEB7.2")) != NULL) {
report += res;
}
if ((res = isdpkgvuln(pkg:"vlc-dbg", ver:"2.0.3-5+deb7u1", rls:"DEB7.2")) != NULL) {
report += res;
}
if ((res = isdpkgvuln(pkg:"vlc-nox", ver:"2.0.3-5+deb7u1", rls:"DEB7.2")) != NULL) {
report += res;
}
if ((res = isdpkgvuln(pkg:"vlc-plugin-fluidsynth", ver:"2.0.3-5+deb7u1", rls:"DEB7.2")) != NULL) {
report += res;
}
if ((res = isdpkgvuln(pkg:"vlc-plugin-jack", ver:"2.0.3-5+deb7u1", rls:"DEB7.2")) != NULL) {
report += res;
}
if ((res = isdpkgvuln(pkg:"vlc-plugin-notify", ver:"2.0.3-5+deb7u1", rls:"DEB7.2")) != NULL) {
report += res;
}
if ((res = isdpkgvuln(pkg:"vlc-plugin-pulse", ver:"2.0.3-5+deb7u1", rls:"DEB7.2")) != NULL) {
report += res;
}
if ((res = isdpkgvuln(pkg:"vlc-plugin-sdl", ver:"2.0.3-5+deb7u1", rls:"DEB7.2")) != NULL) {
report += res;
}
if ((res = isdpkgvuln(pkg:"vlc-plugin-svg", ver:"2.0.3-5+deb7u1", rls:"DEB7.2")) != NULL) {
report += res;
}
if ((res = isdpkgvuln(pkg:"vlc-plugin-zvbi", ver:"2.0.3-5+deb7u1", rls:"DEB7.2")) != NULL) {
report += res;
}
if ((res = isdpkgvuln(pkg:"libvlc-dev", ver:"2.0.3-5+deb7u1", rls:"DEB7.3")) != NULL) {
report += res;
}
if ((res = isdpkgvuln(pkg:"libvlc5", ver:"2.0.3-5+deb7u1", rls:"DEB7.3")) != NULL) {
report += res;
}
if ((res = isdpkgvuln(pkg:"libvlccore-dev", ver:"2.0.3-5+deb7u1", rls:"DEB7.3")) != NULL) {
report += res;
}
if ((res = isdpkgvuln(pkg:"libvlccore5", ver:"2.0.3-5+deb7u1", rls:"DEB7.3")) != NULL) {
report += res;
}
if ((res = isdpkgvuln(pkg:"vlc", ver:"2.0.3-5+deb7u1", rls:"DEB7.3")) != NULL) {
report += res;
}
if ((res = isdpkgvuln(pkg:"vlc-data", ver:"2.0.3-5+deb7u1", rls:"DEB7.3")) != NULL) {
report += res;
}
if ((res = isdpkgvuln(pkg:"vlc-dbg", ver:"2.0.3-5+deb7u1", rls:"DEB7.3")) != NULL) {
report += res;
}
if ((res = isdpkgvuln(pkg:"vlc-nox", ver:"2.0.3-5+deb7u1", rls:"DEB7.3")) != NULL) {
report += res;
}
if ((res = isdpkgvuln(pkg:"vlc-plugin-fluidsynth", ver:"2.0.3-5+deb7u1", rls:"DEB7.3")) != NULL) {
report += res;
}
if ((res = isdpkgvuln(pkg:"vlc-plugin-jack", ver:"2.0.3-5+deb7u1", rls:"DEB7.3")) != NULL) {
report += res;
}
if ((res = isdpkgvuln(pkg:"vlc-plugin-notify", ver:"2.0.3-5+deb7u1", rls:"DEB7.3")) != NULL) {
report += res;
}
if ((res = isdpkgvuln(pkg:"vlc-plugin-pulse", ver:"2.0.3-5+deb7u1", rls:"DEB7.3")) != NULL) {
report += res;
}
if ((res = isdpkgvuln(pkg:"vlc-plugin-sdl", ver:"2.0.3-5+deb7u1", rls:"DEB7.3")) != NULL) {
report += res;
}
if ((res = isdpkgvuln(pkg:"vlc-plugin-svg", ver:"2.0.3-5+deb7u1", rls:"DEB7.3")) != NULL) {
report += res;
}
if ((res = isdpkgvuln(pkg:"vlc-plugin-zvbi", ver:"2.0.3-5+deb7u1", rls:"DEB7.3")) != NULL) {
report += res;
}
if (report != "") {
security_message(data:report);
} else if (__pkg_match) {
exit(99); # Not vulnerable.
}
{"id": "OPENVAS:702973", "type": "openvas", "bulletinFamily": "scanner", "title": "Debian Security Advisory DSA 2973-1 (vlc - security update)", "description": "Multiple buffer overflows have been found in the VideoLAN media player.\nProcessing malformed subtitles or movie files could lead to denial of\nservice and potentially the execution of arbitrary code.", "published": "2014-07-07T00:00:00", "modified": "2017-07-11T00:00:00", "cvss": {"score": 9.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}, "href": "http://plugins.openvas.org/nasl.php?oid=702973", "reporter": "Copyright (c) 2014 Greenbone Networks GmbH http://greenbone.net", "references": ["http://www.debian.org/security/2014/dsa-2973.html"], "cvelist": ["CVE-2013-1954", "CVE-2013-1868", "CVE-2013-4388"], "lastseen": "2017-07-26T08:48:55", "viewCount": 1, "enchantments": {"score": {"value": 8.4, "vector": "NONE", "modified": "2017-07-26T08:48:55", "rev": 2}, "dependencies": {"references": [{"type": "cve", "idList": ["CVE-2013-1954", "CVE-2013-4388", "CVE-2013-1868"]}, {"type": "openvas", "idList": ["OPENVAS:803699", "OPENVAS:803698", "OPENVAS:1361412562310803955", "OPENVAS:1361412562310803699", "OPENVAS:803900", "OPENVAS:1361412562310803901", "OPENVAS:1361412562310803954", "OPENVAS:1361412562310803900", "OPENVAS:1361412562310803698", "OPENVAS:1361412562310702973"]}, {"type": "nessus", "idList": ["DEBIAN_DSA-2973.NASL", "VLC_2_0_5.NASL", "GENTOO_GLSA-201411-01.NASL", "VLC_2_0_9.NASL", "VLC_2_0_6.NASL", "VLC_2_0_8.NASL"]}, {"type": "debian", "idList": ["DEBIAN:DSA-2973-1:4620E"]}, {"type": "securityvulns", "idList": ["SECURITYVULNS:DOC:30954", "SECURITYVULNS:VULN:13889"]}, {"type": "exploitdb", "idList": ["EDB-ID:23201"]}, {"type": "gentoo", "idList": ["GLSA-201411-01"]}], "modified": "2017-07-26T08:48:55", "rev": 2}, "vulnersScore": 8.4}, "pluginID": "702973", "sourceData": "# OpenVAS Vulnerability Test\n# $Id: deb_2973.nasl 6663 2017-07-11 09:58:05Z teissa $\n# Auto-generated from advisory DSA 2973-1 using nvtgen 1.0\n# Script version: 1.0\n#\n# Author:\n# Greenbone Networks\n#\n# Copyright:\n# Copyright (c) 2014 Greenbone Networks GmbH http://greenbone.net\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (c) the respective author(s)\n#\n# This program is free software; you can redistribute it and/or\n# modify it under the terms of the GNU General Public License\n# as published by the Free Software Foundation; either version 2\n# of the License, or (at your option) any later version.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n#\n\ntag_affected = \"vlc on Debian Linux\";\ntag_insight = \"VLC is the VideoLAN project's media player. It plays MPEG, MPEG-2, MPEG-4,\nDivX, MOV, WMV, QuickTime, WebM, FLAC, MP3, Ogg/Vorbis files, DVDs, VCDs,\npodcasts, and multimedia streams from various network sources.\";\ntag_solution = \"For the stable distribution (wheezy), these problems have been fixed in\nversion 2.0.3-5+deb7u1.\n\nFor the testing distribution (jessie), these problems have been fixed in\nversion 2.1.0-1.\n\nFor the unstable distribution (sid), these problems have been fixed in\nversion 2.1.0-1.\n\nWe recommend that you upgrade your vlc packages.\";\ntag_summary = \"Multiple buffer overflows have been found in the VideoLAN media player.\nProcessing malformed subtitles or movie files could lead to denial of\nservice and potentially the execution of arbitrary code.\";\ntag_vuldetect = \"This check tests the installed software version using the apt package manager.\";\n\nif(description)\n{\n script_id(702973);\n script_version(\"$Revision: 6663 $\");\n script_cve_id(\"CVE-2013-1868\", \"CVE-2013-1954\", \"CVE-2013-4388\");\n script_name(\"Debian Security Advisory DSA 2973-1 (vlc - security update)\");\n script_tag(name: \"last_modification\", value:\"$Date: 2017-07-11 11:58:05 +0200 (Tue, 11 Jul 2017) $\");\n script_tag(name: \"creation_date\", value:\"2014-07-07 00:00:00 +0200 (Mon, 07 Jul 2014)\");\n script_tag(name:\"cvss_base\", value:\"9.3\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:C/I:C/A:C\");\n\n script_xref(name: \"URL\", value: \"http://www.debian.org/security/2014/dsa-2973.html\");\n\n\n script_category(ACT_GATHER_INFO);\n\n script_copyright(\"Copyright (c) 2014 Greenbone Networks GmbH http://greenbone.net\");\n script_family(\"Debian Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/debian_linux\", \"ssh/login/packages\");\n script_tag(name: \"affected\", value: tag_affected);\n script_tag(name: \"insight\", value: tag_insight);\n# script_tag(name: \"impact\", value: tag_impact);\n script_tag(name: \"solution\", value: tag_solution);\n script_tag(name: \"summary\", value: tag_summary);\n script_tag(name: \"vuldetect\", value: tag_vuldetect);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-deb.inc\");\n\nres = \"\";\nreport = \"\";\nif ((res = isdpkgvuln(pkg:\"libvlc-dev\", ver:\"2.0.3-5+deb7u1\", rls:\"DEB7.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"libvlc5\", ver:\"2.0.3-5+deb7u1\", rls:\"DEB7.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"libvlccore-dev\", ver:\"2.0.3-5+deb7u1\", rls:\"DEB7.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"libvlccore5\", ver:\"2.0.3-5+deb7u1\", rls:\"DEB7.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"vlc\", ver:\"2.0.3-5+deb7u1\", rls:\"DEB7.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"vlc-data\", ver:\"2.0.3-5+deb7u1\", rls:\"DEB7.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"vlc-dbg\", ver:\"2.0.3-5+deb7u1\", rls:\"DEB7.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"vlc-nox\", ver:\"2.0.3-5+deb7u1\", rls:\"DEB7.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"vlc-plugin-fluidsynth\", ver:\"2.0.3-5+deb7u1\", rls:\"DEB7.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"vlc-plugin-jack\", ver:\"2.0.3-5+deb7u1\", rls:\"DEB7.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"vlc-plugin-notify\", ver:\"2.0.3-5+deb7u1\", rls:\"DEB7.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"vlc-plugin-pulse\", ver:\"2.0.3-5+deb7u1\", rls:\"DEB7.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"vlc-plugin-sdl\", ver:\"2.0.3-5+deb7u1\", rls:\"DEB7.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"vlc-plugin-svg\", ver:\"2.0.3-5+deb7u1\", rls:\"DEB7.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"vlc-plugin-zvbi\", ver:\"2.0.3-5+deb7u1\", rls:\"DEB7.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"libvlc-dev\", ver:\"2.0.3-5+deb7u1\", rls:\"DEB7.1\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"libvlc5\", ver:\"2.0.3-5+deb7u1\", rls:\"DEB7.1\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"libvlccore-dev\", ver:\"2.0.3-5+deb7u1\", rls:\"DEB7.1\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"libvlccore5\", ver:\"2.0.3-5+deb7u1\", rls:\"DEB7.1\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"vlc\", ver:\"2.0.3-5+deb7u1\", rls:\"DEB7.1\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"vlc-data\", ver:\"2.0.3-5+deb7u1\", rls:\"DEB7.1\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"vlc-dbg\", ver:\"2.0.3-5+deb7u1\", rls:\"DEB7.1\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"vlc-nox\", ver:\"2.0.3-5+deb7u1\", rls:\"DEB7.1\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"vlc-plugin-fluidsynth\", ver:\"2.0.3-5+deb7u1\", rls:\"DEB7.1\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"vlc-plugin-jack\", ver:\"2.0.3-5+deb7u1\", rls:\"DEB7.1\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"vlc-plugin-notify\", ver:\"2.0.3-5+deb7u1\", rls:\"DEB7.1\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"vlc-plugin-pulse\", ver:\"2.0.3-5+deb7u1\", rls:\"DEB7.1\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"vlc-plugin-sdl\", ver:\"2.0.3-5+deb7u1\", rls:\"DEB7.1\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"vlc-plugin-svg\", ver:\"2.0.3-5+deb7u1\", rls:\"DEB7.1\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"vlc-plugin-zvbi\", ver:\"2.0.3-5+deb7u1\", rls:\"DEB7.1\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"libvlc-dev\", ver:\"2.0.3-5+deb7u1\", rls:\"DEB7.2\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"libvlc5\", ver:\"2.0.3-5+deb7u1\", rls:\"DEB7.2\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"libvlccore-dev\", ver:\"2.0.3-5+deb7u1\", rls:\"DEB7.2\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"libvlccore5\", ver:\"2.0.3-5+deb7u1\", rls:\"DEB7.2\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"vlc\", ver:\"2.0.3-5+deb7u1\", rls:\"DEB7.2\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"vlc-data\", ver:\"2.0.3-5+deb7u1\", rls:\"DEB7.2\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"vlc-dbg\", ver:\"2.0.3-5+deb7u1\", rls:\"DEB7.2\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"vlc-nox\", ver:\"2.0.3-5+deb7u1\", rls:\"DEB7.2\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"vlc-plugin-fluidsynth\", ver:\"2.0.3-5+deb7u1\", rls:\"DEB7.2\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"vlc-plugin-jack\", ver:\"2.0.3-5+deb7u1\", rls:\"DEB7.2\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"vlc-plugin-notify\", ver:\"2.0.3-5+deb7u1\", rls:\"DEB7.2\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"vlc-plugin-pulse\", ver:\"2.0.3-5+deb7u1\", rls:\"DEB7.2\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"vlc-plugin-sdl\", ver:\"2.0.3-5+deb7u1\", rls:\"DEB7.2\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"vlc-plugin-svg\", ver:\"2.0.3-5+deb7u1\", rls:\"DEB7.2\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"vlc-plugin-zvbi\", ver:\"2.0.3-5+deb7u1\", rls:\"DEB7.2\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"libvlc-dev\", ver:\"2.0.3-5+deb7u1\", rls:\"DEB7.3\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"libvlc5\", ver:\"2.0.3-5+deb7u1\", rls:\"DEB7.3\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"libvlccore-dev\", ver:\"2.0.3-5+deb7u1\", rls:\"DEB7.3\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"libvlccore5\", ver:\"2.0.3-5+deb7u1\", rls:\"DEB7.3\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"vlc\", ver:\"2.0.3-5+deb7u1\", rls:\"DEB7.3\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"vlc-data\", ver:\"2.0.3-5+deb7u1\", rls:\"DEB7.3\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"vlc-dbg\", ver:\"2.0.3-5+deb7u1\", rls:\"DEB7.3\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"vlc-nox\", ver:\"2.0.3-5+deb7u1\", rls:\"DEB7.3\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"vlc-plugin-fluidsynth\", ver:\"2.0.3-5+deb7u1\", rls:\"DEB7.3\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"vlc-plugin-jack\", ver:\"2.0.3-5+deb7u1\", rls:\"DEB7.3\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"vlc-plugin-notify\", ver:\"2.0.3-5+deb7u1\", rls:\"DEB7.3\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"vlc-plugin-pulse\", ver:\"2.0.3-5+deb7u1\", rls:\"DEB7.3\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"vlc-plugin-sdl\", ver:\"2.0.3-5+deb7u1\", rls:\"DEB7.3\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"vlc-plugin-svg\", ver:\"2.0.3-5+deb7u1\", rls:\"DEB7.3\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"vlc-plugin-zvbi\", ver:\"2.0.3-5+deb7u1\", rls:\"DEB7.3\")) != NULL) {\n report += res;\n}\n\nif (report != \"\") {\n security_message(data:report);\n} else if (__pkg_match) {\n exit(99); # Not vulnerable.\n}\n", "naslFamily": "Debian Local Security Checks"}
{"cve": [{"lastseen": "2020-12-09T19:52:45", "description": "Buffer overflow in the mp4a packetizer (modules/packetizer/mpeg4audio.c) in VideoLAN VLC Media Player before 2.0.8 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via unspecified vectors.", "edition": 5, "cvss3": {}, "published": "2013-10-11T22:55:00", "title": "CVE-2013-4388", "type": "cve", "cwe": ["CWE-119"], "bulletinFamily": "NVD", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 6.8, "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "obtainUserPrivilege": false}, "cvelist": ["CVE-2013-4388"], "modified": "2017-09-19T01:36:00", "cpe": ["cpe:/a:videolan:vlc_media_player:2.0.5", "cpe:/a:videolan:vlc_media_player:2.0.3", "cpe:/a:videolan:vlc_media_player:2.0.1", "cpe:/a:videolan:vlc_media_player:2.0.2", "cpe:/a:videolan:vlc_media_player:2.0.4", "cpe:/a:videolan:vlc_media_player:2.0.7", "cpe:/a:videolan:vlc_media_player:2.0.0", "cpe:/a:videolan:vlc_media_player:2.0.6"], "id": "CVE-2013-4388", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2013-4388", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}, "cpe23": ["cpe:2.3:a:videolan:vlc_media_player:2.0.1:*:*:*:*:*:*:*", "cpe:2.3:a:videolan:vlc_media_player:2.0.5:*:*:*:*:*:*:*", "cpe:2.3:a:videolan:vlc_media_player:2.0.7:*:*:*:*:*:*:*", "cpe:2.3:a:videolan:vlc_media_player:2.0.3:*:*:*:*:*:*:*", "cpe:2.3:a:videolan:vlc_media_player:2.0.0:*:*:*:*:*:*:*", "cpe:2.3:a:videolan:vlc_media_player:2.0.4:*:*:*:*:*:*:*", "cpe:2.3:a:videolan:vlc_media_player:2.0.2:*:*:*:*:*:*:*", "cpe:2.3:a:videolan:vlc_media_player:2.0.6:*:*:*:*:*:*:*"]}, {"lastseen": "2020-12-09T19:52:40", "description": "Multiple buffer overflows in VideoLAN VLC media player 2.0.4 and earlier allow remote attackers to cause a denial of service (crash) and execute arbitrary code via vectors related to the (1) freetype renderer and (2) HTML subtitle parser.", "edition": 5, "cvss3": {}, "published": "2013-07-10T19:55:00", "title": "CVE-2013-1868", "type": "cve", "cwe": ["CWE-119"], "bulletinFamily": "NVD", "cvss2": {"severity": "HIGH", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 9.3, "vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 10.0, "obtainUserPrivilege": false}, "cvelist": ["CVE-2013-1868"], "modified": "2017-09-19T01:36:00", "cpe": ["cpe:/a:videolan:vlc_media_player:2.0.3", "cpe:/a:videolan:vlc_media_player:2.0.1", "cpe:/a:videolan:vlc_media_player:2.0.2", "cpe:/a:videolan:vlc_media_player:2.0.4", "cpe:/a:videolan:vlc_media_player:2.0.0"], "id": "CVE-2013-1868", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2013-1868", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}, "cpe23": ["cpe:2.3:a:videolan:vlc_media_player:2.0.1:*:*:*:*:*:*:*", "cpe:2.3:a:videolan:vlc_media_player:2.0.3:*:*:*:*:*:*:*", "cpe:2.3:a:videolan:vlc_media_player:2.0.0:*:*:*:*:*:*:*", "cpe:2.3:a:videolan:vlc_media_player:2.0.4:*:*:*:*:*:*:*", "cpe:2.3:a:videolan:vlc_media_player:2.0.2:*:*:*:*:*:*:*"]}, {"lastseen": "2020-12-09T19:52:40", "description": "The ASF Demuxer (modules/demux/asf/asf.c) in VideoLAN VLC media player 2.0.5 and earlier allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a crafted ASF movie that triggers an out-of-bounds read.", "edition": 5, "cvss3": {}, "published": "2013-07-10T19:55:00", "title": "CVE-2013-1954", "type": "cve", "cwe": ["CWE-119"], "bulletinFamily": "NVD", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 6.8, "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "obtainUserPrivilege": false}, "cvelist": ["CVE-2013-1954"], "modified": "2017-09-19T01:36:00", "cpe": ["cpe:/a:videolan:vlc_media_player:2.0.5", "cpe:/a:videolan:vlc_media_player:2.0.3", "cpe:/a:videolan:vlc_media_player:2.0.1", "cpe:/a:videolan:vlc_media_player:2.0.2", "cpe:/a:videolan:vlc_media_player:2.0.4", "cpe:/a:videolan:vlc_media_player:2.0.0"], "id": "CVE-2013-1954", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2013-1954", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}, "cpe23": ["cpe:2.3:a:videolan:vlc_media_player:2.0.1:*:*:*:*:*:*:*", "cpe:2.3:a:videolan:vlc_media_player:2.0.5:*:*:*:*:*:*:*", "cpe:2.3:a:videolan:vlc_media_player:2.0.3:*:*:*:*:*:*:*", "cpe:2.3:a:videolan:vlc_media_player:2.0.0:*:*:*:*:*:*:*", "cpe:2.3:a:videolan:vlc_media_player:2.0.4:*:*:*:*:*:*:*", "cpe:2.3:a:videolan:vlc_media_player:2.0.2:*:*:*:*:*:*:*"]}], "nessus": [{"lastseen": "2021-01-12T09:48:39", "description": "Multiple buffer overflows have been found in the VideoLAN media\nplayer. Processing malformed subtitles or movie files could lead to\ndenial of service and potentially the execution of arbitrary code.", "edition": 14, "published": "2014-07-09T00:00:00", "title": "Debian DSA-2973-1 : vlc - security update", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2013-1954", "CVE-2013-1868", "CVE-2013-4388"], "modified": "2014-07-09T00:00:00", "cpe": ["p-cpe:/a:debian:debian_linux:vlc", "cpe:/o:debian:debian_linux:7.0"], "id": "DEBIAN_DSA-2973.NASL", "href": "https://www.tenable.com/plugins/nessus/76417", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Debian Security Advisory DSA-2973. The text \n# itself is copyright (C) Software in the Public Interest, Inc.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(76417);\n script_version(\"1.5\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/11\");\n\n script_cve_id(\"CVE-2013-1868\", \"CVE-2013-1954\", \"CVE-2013-4388\");\n script_bugtraq_id(57079, 57333, 62724);\n script_xref(name:\"DSA\", value:\"2973\");\n\n script_name(english:\"Debian DSA-2973-1 : vlc - security update\");\n script_summary(english:\"Checks dpkg output for the updated package\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Debian host is missing a security-related update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Multiple buffer overflows have been found in the VideoLAN media\nplayer. Processing malformed subtitles or movie files could lead to\ndenial of service and potentially the execution of arbitrary code.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://packages.debian.org/source/wheezy/vlc\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.debian.org/security/2014/dsa-2973\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\n\"Upgrade the vlc packages.\n\nFor the stable distribution (wheezy), these problems have been fixed\nin version 2.0.3-5+deb7u1.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:ND/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:vlc\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:debian:debian_linux:7.0\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2014/07/07\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2014/07/09\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2014-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Debian Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/Debian/release\", \"Host/Debian/dpkg-l\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"debian_package.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/Debian/release\")) audit(AUDIT_OS_NOT, \"Debian\");\nif (!get_kb_item(\"Host/Debian/dpkg-l\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\nflag = 0;\nif (deb_check(release:\"7.0\", prefix:\"libvlc-dev\", reference:\"2.0.3-5+deb7u1\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"libvlc5\", reference:\"2.0.3-5+deb7u1\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"libvlccore-dev\", reference:\"2.0.3-5+deb7u1\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"libvlccore5\", reference:\"2.0.3-5+deb7u1\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"vlc\", reference:\"2.0.3-5+deb7u1\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"vlc-data\", reference:\"2.0.3-5+deb7u1\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"vlc-dbg\", reference:\"2.0.3-5+deb7u1\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"vlc-nox\", reference:\"2.0.3-5+deb7u1\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"vlc-plugin-fluidsynth\", reference:\"2.0.3-5+deb7u1\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"vlc-plugin-jack\", reference:\"2.0.3-5+deb7u1\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"vlc-plugin-notify\", reference:\"2.0.3-5+deb7u1\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"vlc-plugin-pulse\", reference:\"2.0.3-5+deb7u1\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"vlc-plugin-sdl\", reference:\"2.0.3-5+deb7u1\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"vlc-plugin-svg\", reference:\"2.0.3-5+deb7u1\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"vlc-plugin-zvbi\", reference:\"2.0.3-5+deb7u1\")) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:deb_report_get());\n else security_hole(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2021-01-01T06:58:01", "description": "The version of VLC media player installed on the remote host is earlier\nthan 2.0.6. It is, therefore, reportedly affected by a buffer overflow\nvulnerability related to the ASF demuxer plugin.", "edition": 23, "published": "2013-04-25T00:00:00", "title": "VLC < 2.0.6 ASF Demuxer Buffer Overflow", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2013-1954"], "modified": "2021-01-02T00:00:00", "cpe": ["cpe:/a:videolan:vlc_media_player"], "id": "VLC_2_0_6.NASL", "href": "https://www.tenable.com/plugins/nessus/66216", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n\n\n\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(66216);\n script_version(\"1.3\");\n script_cvs_date(\"Date: 2019/11/27\");\n\n script_cve_id(\"CVE-2013-1954\");\n script_bugtraq_id(57333);\n\n script_name(english:\"VLC < 2.0.6 ASF Demuxer Buffer Overflow\");\n script_summary(english:\"Checks version of VLC\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote Windows host contains a media player that is affected by a\nbuffer overflow vulnerability.\");\n script_set_attribute(attribute:\"description\", value:\n\"The version of VLC media player installed on the remote host is earlier\nthan 2.0.6. It is, therefore, reportedly affected by a buffer overflow\nvulnerability related to the ASF demuxer plugin.\");\n script_set_attribute(attribute:\"see_also\", value:\"http://www.videolan.org/security/sa1302.html\");\n # http://git.videolan.org/?p=vlc.git;a=commit;h=b31ce523331aa3a6e620b68cdfe3f161d519631e\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?b8052708\");\n script_set_attribute(attribute:\"see_also\", value:\"http://trac.videolan.org/vlc/ticket/8024\");\n script_set_attribute(attribute:\"see_also\", value:\"http://www.videolan.org/vlc/releases/2.0.6.html\");\n script_set_attribute(attribute:\"solution\", value:\n\"Upgrade to VLC version 2.0.6 or later. Alternatively, remove the\naffected plugin file from VLC's plugins directory.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2013-1954\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2013/01/11\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2013/01/17\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2013/04/25\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:videolan:vlc_media_player\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Windows\");\n\n script_copyright(english:\"This script is Copyright (C) 2013-2019 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"vlc_installed.nasl\");\n script_require_keys(\"SMB/VLC/Version\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"misc_func.inc\");\n\nvuln_plugins_installed = make_list();\nversion = get_kb_item_or_exit(\"SMB/VLC/Version\");\n\npath = get_kb_item_or_exit(\"SMB/VLC/File\");\npath = ereg_replace(pattern:\"^(.+)\\\\[^\\\\]+$\", replace:\"\\1\", string:path);\n\n# nb: 'version' may look like '0.9.8a'!\nif (\n version =~ \"^[01]\\.\" ||\n version =~ \"^2\\.0\\.[0-5]($|[^0-9])\"\n) version_is_vulnerable = TRUE;\nelse audit(AUDIT_INST_PATH_NOT_VULN, \"VLC\", version, path);\n\ninstalled_plugins = get_kb_list(\"SMB/VLC/plugin*\");\nif (isnull(installed_plugins)) audit(AUDIT_KB_MISSING, \"SMB/VLC/plugin\");\n\nforeach plugin (installed_plugins)\n if (\"\\libasf_plugin.dll\" >< plugin)\n vuln_plugins_installed = make_list(vuln_plugins_installed, plugin);\n\nif (\n # Paranoid scan\n report_paranoia > 1\n ||\n # plugin file check\n max_index(vuln_plugins_installed) > 0\n)\n{\n port = get_kb_item(\"SMB/transport\");\n if (!port) port = 445;\n\n if (report_verbosity > 0)\n {\n report =\n '\\n Path : ' + path +\n '\\n Installed version : ' + version +\n '\\n Fixed version : 2.0.6\\n';\n\n # Add plugin paths if available\n if (max_index(vuln_plugins_installed) > 0)\n {\n report +=\n '\\n - Vulnerable Plugin(s) ';\n\n if (max_index(vuln_plugins_installed) > 1)\n report += 'Paths : ';\n else\n report += 'Path : ';\n\n foreach plugin_path (vuln_plugins_installed)\n report += '\\n ' + plugin_path;\n\n report += '\\n';\n }\n security_warning(port:port, extra:report);\n }\n else security_warning(port);\n exit(0);\n}\nelse exit(0, \"The VLC \"+version+\" install under \"+path+\" does not have the affected plugin.\");\n", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2020-12-30T16:10:37", "description": "An exploitable denial of service vulnerability exists in VideoLAN VLC Media Player 2.0.8 and earlier. Allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a long string in a URL in a m3u file.", "edition": 21, "cvss3": {}, "published": "2020-06-03T00:00:00", "title": "VLC < 2.0.9 DoS", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2013-6283", "CVE-2013-4388"], "modified": "2020-06-03T00:00:00", "cpe": ["cpe:/a:videolan:vlc_media_player"], "id": "VLC_2_0_9.NASL", "href": "https://www.tenable.com/plugins/nessus/70560", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n\ninclude('compat.inc');\n\nif (description)\n{\n script_id(70560);\n script_version(\"1.6\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2020/12/29\");\n\n script_cve_id(\"CVE-2013-4388\", \"CVE-2013-6283\");\n script_bugtraq_id(61844, 62724);\n\n script_name(english:\"VLC < 2.0.9 DoS\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote Windows host contains a media player that is affected by denial of service vulnerability.\");\n script_set_attribute(attribute:\"description\", value:\n\"An exploitable denial of service vulnerability exists in VideoLAN VLC Media Player 2.0.8 and earlier. Allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a long string in a URL in a m3u file.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.exploit-db.com/exploits/27700\");\n script_set_attribute(attribute:\"solution\", value:\n\"Upgrade to VLC version 2.0.9 or later.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:POC/RL:OF/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2013-6283\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2013/08/19\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2014/10/25\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2020/06/03\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:videolan:vlc_media_player\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Windows\");\n\n script_copyright(english:\"This script is Copyright (C) 2013-2020 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"vlc_installed.nasl\", \"macosx_vlc_installed.nbin\");\n\n exit(0);\n}\n\ninclude('vcf.inc');\n\nos = get_kb_item('Host/MacOSX/Version');\n\nif (!isnull(os))\n app = 'VLC';\nelse\n app = 'VLC media player';\n\napp_info = vcf::get_app_info(app:app);\nconstraints = [{'fixed_version':'2.0.9'}];\nvcf::check_version_and_report(app_info:app_info, constraints:constraints, severity:SECURITY_HOLE);\n \n", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2020-09-14T19:31:19", "description": "The version of VLC media player installed on the remote Windows host is prior to 2.0.8. It is, therefore, affected by \nmultiple vulnerabilities:\n\n - An exploitable denial of service vulnerability exists in plugins/demux/libmkv_plugin.dll in VideoLAN VLC \n Media Player 2.0.7 and possibly other versions. Allows remote attackers to cause a denial of service \n (crash) and possibly execute arbitrary code via a crafted MKV file, possibly involving an integer \n overflow and out-of-bounds read or heap-based buffer overflow, or an uncaught exception. (CVE-2013-3245).\n\n - An exploitable denial of service vulnerability exists in the mp4a packetizer \n (modules/packetizer/mpeg4audio.c) in VideoLAN VLC Media Player before 2.0.8. Allows remote attackers to \n cause a denial of service (crash) and possibly execute arbitrary code via unspecified vectors. \n (CVE-2013-4388).\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported \nversion number.", "edition": 3, "cvss3": {"score": 8.8, "vector": "AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"}, "published": "2020-07-24T00:00:00", "title": "VLC < 2.0.8 Multiple Vulnerabilities", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2013-4388", "CVE-2013-3245"], "modified": "2020-07-24T00:00:00", "cpe": ["cpe:/a:videolan:vlc_media_player"], "id": "VLC_2_0_8.NASL", "href": "https://www.tenable.com/plugins/nessus/138900", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n\ninclude('compat.inc');\n\nif (description)\n{\n script_id(138900);\n script_version(\"1.2\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2020/07/27\");\n\n script_cve_id(\"CVE-2013-3245\", \"CVE-2013-4388\");\n script_bugtraq_id(61032, 62724);\n\n script_name(english:\"VLC < 2.0.8 Multiple Vulnerabilities\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote Windows host contains a media player that is affected by multiple vulnerabilities.\");\n script_set_attribute(attribute:\"description\", value:\n\"The version of VLC media player installed on the remote Windows host is prior to 2.0.8. It is, therefore, affected by \nmultiple vulnerabilities:\n\n - An exploitable denial of service vulnerability exists in plugins/demux/libmkv_plugin.dll in VideoLAN VLC \n Media Player 2.0.7 and possibly other versions. Allows remote attackers to cause a denial of service \n (crash) and possibly execute arbitrary code via a crafted MKV file, possibly involving an integer \n overflow and out-of-bounds read or heap-based buffer overflow, or an uncaught exception. (CVE-2013-3245).\n\n - An exploitable denial of service vulnerability exists in the mp4a packetizer \n (modules/packetizer/mpeg4audio.c) in VideoLAN VLC Media Player before 2.0.8. Allows remote attackers to \n cause a denial of service (crash) and possibly execute arbitrary code via unspecified vectors. \n (CVE-2013-4388).\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported \nversion number.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://seclists.org/fulldisclosure/2013/Jul/71\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.videolan.org/developers/vlc-branch/NEWS\");\n script_set_attribute(attribute:\"solution\", value:\n\"Upgrade to VLC version 2.0.8 or later.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2013-3245\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2013/07/10\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2013/07/10\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2020/07/24\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:videolan:vlc_media_player\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Misc.\");\n\n script_copyright(english:\"This script is Copyright (C) 2020 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"vlc_installed.nasl\", \"macosx_vlc_installed.nbin\");\n\n exit(0);\n}\n\ninclude('vcf.inc');\n\nos = get_kb_item('Host/MacOSX/Version');\n\nif (!isnull(os))\n app = 'VLC';\nelse\n app = 'VLC media player';\n\napp_info = vcf::get_app_info(app:app);\nconstraints = [{'fixed_version':'2.0.8'}];\nvcf::check_version_and_report(app_info:app_info, constraints:constraints, severity:SECURITY_WARNING);\n ", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2020-09-14T19:31:19", "description": "The version of VLC media player installed on the remote Windows host is prior to 2.0.5. It is, therefore, \naffected by multiple vulnerabilities:\n\n - An exploitable denial of service vulnerability exists in the SHAddToRecentDocs function in VideoLAN VLC \n media player before 2.0.5. Allow user-assisted attackers to cause a denial of service (crash) via a \n crafted file name that triggers an incorrect string-length calculation when the file is added to VLC. \n (CVE-2012-5855).\n\n - Multiple buffer overflows in VideoLAN VLC media player before 2.0.5. Allow remote attackers to cause a \n denial of service (crash) and execute arbitrary code via vectors related to the (1) freetype renderer \n and (2) HTML subtitle parser. (CVE-2013-1868).\n \nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported \nversion number.", "edition": 20, "cvss3": {"score": 10.0, "vector": "AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H"}, "published": "2013-01-04T00:00:00", "title": "VLC < 2.0.5 Multiple Vulnerabilities", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2013-1868", "CVE-2012-5855"], "modified": "2013-01-04T00:00:00", "cpe": ["cpe:/a:videolan:vlc_media_player"], "id": "VLC_2_0_5.NASL", "href": "https://www.tenable.com/plugins/nessus/63381", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(63381);\n script_version(\"1.8\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2020/07/24\");\n\n script_cve_id(\"CVE-2012-5855\", \"CVE-2013-1868\");\n script_bugtraq_id(57079, 56405);\n\n script_name(english:\"VLC < 2.0.5 Multiple Vulnerabilities\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote Windows host contains a media player that is affected by multiple vulnerabilities.\");\n script_set_attribute(attribute:\"description\", value:\n\"The version of VLC media player installed on the remote Windows host is prior to 2.0.5. It is, therefore, \naffected by multiple vulnerabilities:\n\n - An exploitable denial of service vulnerability exists in the SHAddToRecentDocs function in VideoLAN VLC \n media player before 2.0.5. Allow user-assisted attackers to cause a denial of service (crash) via a \n crafted file name that triggers an incorrect string-length calculation when the file is added to VLC. \n (CVE-2012-5855).\n\n - Multiple buffer overflows in VideoLAN VLC media player before 2.0.5. Allow remote attackers to cause a \n denial of service (crash) and execute arbitrary code via vectors related to the (1) freetype renderer \n and (2) HTML subtitle parser. (CVE-2013-1868).\n \nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported \nversion number.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://securitytracker.com/id/1027929\");\n script_set_attribute(attribute:\"see_also\", value:\"http://www.videolan.org/security/sa1301.html\");\n # http://git.videolan.org/?p=vlc/vlc-2.0.git;a=commitdiff;h=8e8b02ff1720eb46dabe2864e79d47b40a2792d5\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?4cd2e15e\");\n script_set_attribute(attribute:\"see_also\", value:\"http://www.videolan.org/vlc/releases/2.0.5.html\");\n # https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A16781\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?6d7f40a0\");\n script_set_attribute(attribute:\"solution\", value:\n\"Upgrade to VLC version 2.0.5 or later.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:POC/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2013-1868\");\n \n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2012/12/07\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2012/12/15\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2013/01/04\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:videolan:vlc_media_player\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Windows\");\n\n script_copyright(english:\"This script is Copyright (C) 2013-2020 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_dependencies(\"vlc_installed.nasl\", \"macosx_vlc_installed.nbin\");\n\n exit(0);\n}\n\ninclude('vcf.inc');\n\nos = get_kb_item('Host/MacOSX/Version');\n\nif (!isnull(os))\n app = 'VLC';\nelse\n app = 'VLC media player';\n\napp_info = vcf::get_app_info(app:app);\nconstraints = [{'fixed_version':'2.0.5'}];\nvcf::check_version_and_report(app_info:app_info, constraints:constraints, severity:SECURITY_HOLE);\n ", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2021-01-07T10:56:25", "description": "The remote host is affected by the vulnerability described in GLSA-201411-01\n(VLC: Multiple vulnerabilities)\n\n Multiple vulnerabilities have been discovered in VLC. Please review the\n CVE identifiers referenced below for details.\n \nImpact :\n\n A remote attacker could entice a user to open a specially crafted media\n file using VLC, possibly resulting in execution of arbitrary code with\n the privileges of the process or a Denial of Service condition.\n \nWorkaround :\n\n There is no known workaround at this time.", "edition": 20, "published": "2014-11-06T00:00:00", "title": "GLSA-201411-01 : VLC: Multiple vulnerabilities", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2011-1684", "CVE-2011-0522", "CVE-2012-3377", "CVE-2011-2194", "CVE-2013-1954", "CVE-2010-3124", "CVE-2011-0531", "CVE-2010-1441", "CVE-2012-1775", "CVE-2011-2588", "CVE-2013-1868", "CVE-2010-3275", "CVE-2010-1442", "CVE-2013-6283", "CVE-2011-3623", "CVE-2010-3907", "CVE-2010-2937", "CVE-2011-0021", "CVE-2012-2396", "CVE-2011-1087", "CVE-2013-6934", "CVE-2012-0023", "CVE-2012-5855", "CVE-2012-5470", "CVE-2010-1443", "CVE-2013-4388", "CVE-2012-1776", "CVE-2010-3276", "CVE-2010-1445", "CVE-2013-3245", "CVE-2011-2587", "CVE-2010-1444", "CVE-2010-2062"], "modified": "2014-11-06T00:00:00", "cpe": ["cpe:/o:gentoo:linux", "p-cpe:/a:gentoo:linux:vlc"], "id": "GENTOO_GLSA-201411-01.NASL", "href": "https://www.tenable.com/plugins/nessus/78879", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Gentoo Linux Security Advisory GLSA 201411-01.\n#\n# The advisory text is Copyright (C) 2001-2016 Gentoo Foundation, Inc.\n# and licensed under the Creative Commons - Attribution / Share Alike \n# license. See http://creativecommons.org/licenses/by-sa/3.0/\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(78879);\n script_version(\"1.6\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/06\");\n\n script_cve_id(\"CVE-2010-1441\", \"CVE-2010-1442\", \"CVE-2010-1443\", \"CVE-2010-1444\", \"CVE-2010-1445\", \"CVE-2010-2062\", \"CVE-2010-2937\", \"CVE-2010-3124\", \"CVE-2010-3275\", \"CVE-2010-3276\", \"CVE-2010-3907\", \"CVE-2011-0021\", \"CVE-2011-0522\", \"CVE-2011-0531\", \"CVE-2011-1087\", \"CVE-2011-1684\", \"CVE-2011-2194\", \"CVE-2011-2587\", \"CVE-2011-2588\", \"CVE-2011-3623\", \"CVE-2012-0023\", \"CVE-2012-1775\", \"CVE-2012-1776\", \"CVE-2012-2396\", \"CVE-2012-3377\", \"CVE-2012-5470\", \"CVE-2012-5855\", \"CVE-2013-1868\", \"CVE-2013-1954\", \"CVE-2013-3245\", \"CVE-2013-4388\", \"CVE-2013-6283\", \"CVE-2013-6934\");\n script_bugtraq_id(42386, 45632, 45927, 46008, 46060, 47012, 47293, 48171, 48664, 51231, 52550, 53391, 53535, 54345, 55850, 57079, 57333, 61032, 61844, 62724, 65139);\n script_xref(name:\"GLSA\", value:\"201411-01\");\n\n script_name(english:\"GLSA-201411-01 : VLC: Multiple vulnerabilities\");\n script_summary(english:\"Checks for updated package(s) in /var/db/pkg\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\n\"The remote Gentoo host is missing one or more security-related\npatches.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"The remote host is affected by the vulnerability described in GLSA-201411-01\n(VLC: Multiple vulnerabilities)\n\n Multiple vulnerabilities have been discovered in VLC. Please review the\n CVE identifiers referenced below for details.\n \nImpact :\n\n A remote attacker could entice a user to open a specially crafted media\n file using VLC, possibly resulting in execution of arbitrary code with\n the privileges of the process or a Denial of Service condition.\n \nWorkaround :\n\n There is no known workaround at this time.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security.gentoo.org/glsa/201411-01\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\n\"All VLC users should upgrade to the latest version:\n # emerge --sync\n # emerge --ask --oneshot --verbose '>=media-video/vlc-2.1.2'\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:POC/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"exploit_framework_core\", value:\"true\");\n script_set_attribute(attribute:\"metasploit_name\", value:'VLC MMS Stream Handling Buffer Overflow');\n script_set_attribute(attribute:\"exploit_framework_metasploit\", value:\"true\");\n script_set_attribute(attribute:\"exploit_framework_canvas\", value:\"true\");\n script_set_attribute(attribute:\"canvas_package\", value:'White_Phosphorus');\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:gentoo:linux:vlc\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:gentoo:linux\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2014/11/05\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2014/11/06\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2014-2021 Tenable Network Security, Inc.\");\n script_family(english:\"Gentoo Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/Gentoo/release\", \"Host/Gentoo/qpkg-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"qpkg.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/Gentoo/release\")) audit(AUDIT_OS_NOT, \"Gentoo\");\nif (!get_kb_item(\"Host/Gentoo/qpkg-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\nflag = 0;\n\nif (qpkg_check(package:\"media-video/vlc\", unaffected:make_list(\"ge 2.1.2\"), vulnerable:make_list(\"lt 2.1.2\"))) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:qpkg_report_get());\n else security_hole(0);\n exit(0);\n}\nelse\n{\n tested = qpkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"VLC\");\n}\n", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}], "debian": [{"lastseen": "2020-08-12T01:06:50", "bulletinFamily": "unix", "cvelist": ["CVE-2013-1954", "CVE-2013-1868", "CVE-2013-4388"], "description": "- -------------------------------------------------------------------------\nDebian Security Advisory DSA-2973-1 security@debian.org\nhttp://www.debian.org/security/ Moritz Muehlenhoff\nJuly 07, 2014 http://www.debian.org/security/faq\n- -------------------------------------------------------------------------\n\nPackage : vlc\nCVE ID : CVE-2013-1868 CVE-2013-1954 CVE-2013-4388\n\nMultiple buffer overflows have been found in the VideoLAN media player.\nProcessing malformed subtitles or movie files could lead to denial of\nservice and potentially the execution of arbitrary code.\n\nFor the stable distribution (wheezy), these problems have been fixed in\nversion 2.0.3-5+deb7u1.\n\nFor the testing distribution (jessie), these problems have been fixed in\nversion 2.1.0-1.\n\nFor the unstable distribution (sid), these problems have been fixed in\nversion 2.1.0-1.\n\nWe recommend that you upgrade your vlc packages.\n\nFurther information about Debian Security Advisories, how to apply\nthese updates to your system and frequently asked questions can be\nfound at: http://www.debian.org/security/\n\nMailing list: debian-security-announce@lists.debian.org\n", "edition": 9, "modified": "2014-07-07T21:38:33", "published": "2014-07-07T21:38:33", "id": "DEBIAN:DSA-2973-1:4620E", "href": "https://lists.debian.org/debian-security-announce/debian-security-announce-2014/msg00154.html", "title": "[SECURITY] [DSA 2973-1] vlc security update", "type": "debian", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}], "openvas": [{"lastseen": "2019-05-29T18:37:40", "bulletinFamily": "scanner", "cvelist": ["CVE-2013-1954", "CVE-2013-1868", "CVE-2013-4388"], "description": "Multiple buffer overflows have been found in the VideoLAN media player.\nProcessing malformed subtitles or movie files could lead to denial of\nservice and potentially the execution of arbitrary code.", "modified": "2019-03-19T00:00:00", "published": "2014-07-07T00:00:00", "id": "OPENVAS:1361412562310702973", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310702973", "type": "openvas", "title": "Debian Security Advisory DSA 2973-1 (vlc - security update)", "sourceData": "# OpenVAS Vulnerability Test\n# $Id: deb_2973.nasl 14302 2019-03-19 08:28:48Z cfischer $\n# Auto-generated from advisory DSA 2973-1 using nvtgen 1.0\n# Script version: 1.0\n#\n# Author:\n# Greenbone Networks\n#\n# Copyright:\n# Copyright (c) 2014 Greenbone Networks GmbH http://greenbone.net\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (c) the respective author(s)\n#\n# This program is free software; you can redistribute it and/or\n# modify it under the terms of the GNU General Public License\n# as published by the Free Software Foundation; either version 2\n# of the License, or (at your option) any later version.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n#\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.702973\");\n script_version(\"$Revision: 14302 $\");\n script_cve_id(\"CVE-2013-1868\", \"CVE-2013-1954\", \"CVE-2013-4388\");\n script_name(\"Debian Security Advisory DSA 2973-1 (vlc - security update)\");\n script_tag(name:\"last_modification\", value:\"$Date: 2019-03-19 09:28:48 +0100 (Tue, 19 Mar 2019) $\");\n script_tag(name:\"creation_date\", value:\"2014-07-07 00:00:00 +0200 (Mon, 07 Jul 2014)\");\n script_tag(name:\"cvss_base\", value:\"9.3\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:C/I:C/A:C\");\n\n script_xref(name:\"URL\", value:\"http://www.debian.org/security/2014/dsa-2973.html\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (c) 2014 Greenbone Networks GmbH http://greenbone.net\");\n script_family(\"Debian Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/debian_linux\", \"ssh/login/packages\", re:\"ssh/login/release=DEB7\");\n script_tag(name:\"affected\", value:\"vlc on Debian Linux\");\n script_tag(name:\"solution\", value:\"For the stable distribution (wheezy), these problems have been fixed in\nversion 2.0.3-5+deb7u1.\n\nFor the testing distribution (jessie), these problems have been fixed in\nversion 2.1.0-1.\n\nFor the unstable distribution (sid), these problems have been fixed in\nversion 2.1.0-1.\n\nWe recommend that you upgrade your vlc packages.\");\n script_tag(name:\"summary\", value:\"Multiple buffer overflows have been found in the VideoLAN media player.\nProcessing malformed subtitles or movie files could lead to denial of\nservice and potentially the execution of arbitrary code.\");\n script_tag(name:\"vuldetect\", value:\"This check tests the installed software version using the apt package manager.\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-deb.inc\");\n\nres = \"\";\nreport = \"\";\nif((res = isdpkgvuln(pkg:\"libvlc-dev\", ver:\"2.0.3-5+deb7u1\", rls:\"DEB7\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"libvlc5\", ver:\"2.0.3-5+deb7u1\", rls:\"DEB7\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"libvlccore-dev\", ver:\"2.0.3-5+deb7u1\", rls:\"DEB7\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"libvlccore5\", ver:\"2.0.3-5+deb7u1\", rls:\"DEB7\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"vlc\", ver:\"2.0.3-5+deb7u1\", rls:\"DEB7\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"vlc-data\", ver:\"2.0.3-5+deb7u1\", rls:\"DEB7\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"vlc-dbg\", ver:\"2.0.3-5+deb7u1\", rls:\"DEB7\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"vlc-nox\", ver:\"2.0.3-5+deb7u1\", rls:\"DEB7\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"vlc-plugin-fluidsynth\", ver:\"2.0.3-5+deb7u1\", rls:\"DEB7\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"vlc-plugin-jack\", ver:\"2.0.3-5+deb7u1\", rls:\"DEB7\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"vlc-plugin-notify\", ver:\"2.0.3-5+deb7u1\", rls:\"DEB7\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"vlc-plugin-pulse\", ver:\"2.0.3-5+deb7u1\", rls:\"DEB7\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"vlc-plugin-sdl\", ver:\"2.0.3-5+deb7u1\", rls:\"DEB7\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"vlc-plugin-svg\", ver:\"2.0.3-5+deb7u1\", rls:\"DEB7\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"vlc-plugin-zvbi\", ver:\"2.0.3-5+deb7u1\", rls:\"DEB7\")) != NULL) {\n report += res;\n}\n\nif(report != \"\") {\n security_message(data:report);\n} else if(__pkg_match) {\n exit(99);\n}", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2020-04-23T19:05:50", "bulletinFamily": "scanner", "cvelist": ["CVE-2013-4388"], "description": "This host is installed with VLC Media Player and is prone to denial of service\n vulnerability.", "modified": "2020-04-21T00:00:00", "published": "2013-10-22T00:00:00", "id": "OPENVAS:1361412562310803955", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310803955", "type": "openvas", "title": "VLC Media Player mp4a Denial of Service Vulnerability (MAC OS X)", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# VLC Media Player mp4a Denial of Service Vulnerability (MAC OS X)\n#\n# Authors:\n# Shashi Kiran N <nskiran@secpod.com>\n#\n# Copyright:\n# Copyright (C) 2013 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nCPE = \"cpe:/a:videolan:vlc_media_player\";\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.803955\");\n script_version(\"2020-04-21T11:03:03+0000\");\n script_cve_id(\"CVE-2013-4388\");\n script_bugtraq_id(62724);\n script_tag(name:\"cvss_base\", value:\"6.8\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:P/I:P/A:P\");\n script_tag(name:\"last_modification\", value:\"2020-04-21 11:03:03 +0000 (Tue, 21 Apr 2020)\");\n script_tag(name:\"creation_date\", value:\"2013-10-22 19:02:32 +0530 (Tue, 22 Oct 2013)\");\n script_name(\"VLC Media Player mp4a Denial of Service Vulnerability (MAC OS X)\");\n\n script_tag(name:\"impact\", value:\"Successful exploitation will allow attackers to overflow buffer, cause denial\n of service.\");\n\n script_tag(name:\"affected\", value:\"VLC media player version 2.0.7 and prior on MAC OS X\");\n\n script_tag(name:\"insight\", value:\"A flaw exist in mpeg4audio.c file, which to perform adequate boundary checks\n on user-supplied input.\");\n\n script_tag(name:\"solution\", value:\"Upgrade to VLC media player version 2.0.8 or later.\");\n\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable version is present on the target host.\");\n\n script_tag(name:\"summary\", value:\"This host is installed with VLC Media Player and is prone to denial of service\n vulnerability.\");\n\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n\n script_xref(name:\"URL\", value:\"http://www.videolan.org/news.html\");\n script_xref(name:\"URL\", value:\"http://www.securitytracker.com/id/1029120\");\n script_xref(name:\"URL\", value:\"http://www.openwall.com/lists/oss-security/2013/10/01/2\");\n script_copyright(\"Copyright (C) 2013 Greenbone Networks GmbH\");\n script_category(ACT_GATHER_INFO);\n script_family(\"General\");\n script_dependencies(\"gb_vlc_media_player_detect_macosx.nasl\");\n script_mandatory_keys(\"VLC/Media/Player/MacOSX/Version\");\n\n exit(0);\n}\n\ninclude(\"version_func.inc\");\ninclude(\"host_details.inc\");\n\nvlcVer = get_app_version(cpe:CPE);\nif(!vlcVer){\n exit(0);\n}\n\nif(version_is_less_equal(version:vlcVer, test_version:\"2.0.7\"))\n{\n report = report_fixed_ver(installed_version:vlcVer, vulnerable_range:\"Less than or equal to 2.0.7\");\n security_message(port: 0, data: report);\n exit(0);\n}\n", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2020-04-23T19:05:50", "bulletinFamily": "scanner", "cvelist": ["CVE-2013-4388"], "description": "This host is installed with VLC Media Player and is prone to denial of service\n vulnerability.", "modified": "2020-04-21T00:00:00", "published": "2013-10-22T00:00:00", "id": "OPENVAS:1361412562310803954", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310803954", "type": "openvas", "title": "VLC Media Player mp4a Denial of Service Vulnerability (Windows)", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# VLC Media Player mp4a Denial of Service Vulnerability (Windows)\n#\n# Authors:\n# Shashi Kiran N <nskiran@secpod.com>\n#\n# Copyright:\n# Copyright (C) 2013 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nCPE = \"cpe:/a:videolan:vlc_media_player\";\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.803954\");\n script_version(\"2020-04-21T11:03:03+0000\");\n script_cve_id(\"CVE-2013-4388\");\n script_bugtraq_id(62724);\n script_tag(name:\"cvss_base\", value:\"6.8\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:P/I:P/A:P\");\n script_tag(name:\"last_modification\", value:\"2020-04-21 11:03:03 +0000 (Tue, 21 Apr 2020)\");\n script_tag(name:\"creation_date\", value:\"2013-10-22 19:22:32 +0530 (Tue, 22 Oct 2013)\");\n script_name(\"VLC Media Player mp4a Denial of Service Vulnerability (Windows)\");\n\n script_tag(name:\"impact\", value:\"Successful exploitation will allow attackers to overflow buffer, cause denial\n of service.\");\n\n script_tag(name:\"affected\", value:\"VLC media player version 2.0.7 and prior on Windows\");\n\n script_tag(name:\"insight\", value:\"A flaw exist in mpeg4audio.c file, which to perform adequate boundary checks\n on user-supplied input.\");\n\n script_tag(name:\"solution\", value:\"Upgrade to VLC media player version 2.0.8 or later.\");\n\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable version is present on the target host.\");\n\n script_tag(name:\"summary\", value:\"This host is installed with VLC Media Player and is prone to denial of service\n vulnerability.\");\n\n script_tag(name:\"qod_type\", value:\"registry\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n\n script_xref(name:\"URL\", value:\"http://www.videolan.org/news.html\");\n script_xref(name:\"URL\", value:\"http://www.securitytracker.com/id/1029120\");\n script_xref(name:\"URL\", value:\"http://www.openwall.com/lists/oss-security/2013/10/01/2\");\n script_copyright(\"Copyright (C) 2013 Greenbone Networks GmbH\");\n script_category(ACT_GATHER_INFO);\n script_family(\"General\");\n script_dependencies(\"secpod_vlc_media_player_detect_win.nasl\");\n script_mandatory_keys(\"VLCPlayer/Win/Installed\");\n\n exit(0);\n}\n\ninclude(\"version_func.inc\");\ninclude(\"host_details.inc\");\n\nvlcVer = get_app_version(cpe:CPE);\nif(!vlcVer){\n exit(0);\n}\n\nif(version_is_less_equal(version:vlcVer, test_version:\"2.0.7\"))\n{\n report = report_fixed_ver(installed_version:vlcVer, vulnerable_range:\"Less than or equal to 2.0.7\");\n security_message(port: 0, data: report);\n exit(0);\n}\n", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2017-07-02T21:11:18", "bulletinFamily": "scanner", "cvelist": ["CVE-2013-1954"], "description": "This host is installed with VLC Media Player and is prone to\nbuffer overflow vulnerability.", "modified": "2017-05-08T00:00:00", "published": "2013-07-16T00:00:00", "id": "OPENVAS:803699", "href": "http://plugins.openvas.org/nasl.php?oid=803699", "type": "openvas", "title": "VLC Media Player Buffer Overflow Vulnerability - July 13 (MAC OS X)", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n# $Id: gb_vlc_media_player_bof_vuln_jul13_macosx.nasl 6079 2017-05-08 09:03:33Z teissa $\n#\n# VLC Media Player Buffer Overflow Vulnerability - July 13 (MAC OS X)\n#\n# Authors:\n# Arun Kallavi <karun@secpod.com>\n#\n# Copyright:\n# Copyright (c) 2013 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\ntag_impact = \"\n Impact Level: System/Application\";\n\nif(description)\n{\n script_id(803699);\n script_version(\"$Revision: 6079 $\");\n script_cve_id(\"CVE-2013-1954\");\n script_bugtraq_id(57333);\n script_tag(name:\"cvss_base\", value:\"6.8\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:P/I:P/A:P\");\n script_tag(name:\"last_modification\", value:\"$Date: 2017-05-08 11:03:33 +0200 (Mon, 08 May 2017) $\");\n script_tag(name:\"creation_date\", value:\"2013-07-16 13:56:02 +0530 (Tue, 16 Jul 2013)\");\n script_name(\"VLC Media Player Buffer Overflow Vulnerability - July 13 (MAC OS X)\");\n\n tag_summary =\n\"This host is installed with VLC Media Player and is prone to\nbuffer overflow vulnerability.\";\n\n tag_insight =\n\"Flaw due to error in 'DemuxPacket()' function in the ASF Demuxer component\n(modules/demux/asf/asf.c) when parsing ASF files.\";\n\n tag_vuldetect =\n\"Get the installed version with the help of detect NVT and check the version\nis vulnerable or not.\";\n\n tag_impact =\n\"Successful exploitation could allow attackers to execute arbitrary code or\ncause denial of service condition in the context of affected application via\ncrafted ASF file.\";\n\n tag_affected =\n\"VLC media player version 2.0.5 and prior on MAC OS X\";\n\n tag_solution =\n\"Upgrade to VLC media player version 2.0.6 or later,\nFor updates refer to http://www.videolan.org/vlc\";\n\n\n script_tag(name : \"impact\" , value : tag_impact);\n script_tag(name : \"affected\" , value : tag_affected);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"vuldetect\" , value : tag_vuldetect);\n script_tag(name : \"summary\" , value : tag_summary);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n\n script_xref(name : \"URL\" , value : \"http://secunia.com/advisories/51995\");\n script_xref(name : \"URL\" , value : \"http://www.videolan.org/security/sa1302.html\");\n script_copyright(\"Copyright (c) 2013 Greenbone Networks GmbH\");\n script_category(ACT_GATHER_INFO);\n script_family(\"General\");\n script_dependencies(\"gb_vlc_media_player_detect_macosx.nasl\");\n script_mandatory_keys(\"VLC/Media/Player/MacOSX/Version\");\n exit(0);\n}\n\n\ninclude(\"version_func.inc\");\n\n## Variable Initialization\nvlcVer = \"\";\n\n## Get the version from KB\nvlcVer = get_kb_item(\"VLC/Media/Player/MacOSX/Version\");\nif(!vlcVer){\n exit(0);\n}\n\n## Check for VLC Media Player Version <= 2.0.5\nif(version_is_less_equal(version:vlcVer, test_version:\"2.0.5\"))\n{\n security_message(0);\n exit(0);\n}\n", "cvss": {"score": 6.8, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}, {"lastseen": "2017-12-20T13:23:07", "bulletinFamily": "scanner", "cvelist": ["CVE-2013-1954"], "description": "This host is installed with VLC Media Player and is prone to\nbuffer overflow vulnerability.", "modified": "2017-12-19T00:00:00", "published": "2013-07-16T00:00:00", "id": "OPENVAS:803698", "href": "http://plugins.openvas.org/nasl.php?oid=803698", "type": "openvas", "title": "VLC Media Player Buffer Overflow Vulnerability - July 13 (Windows)", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n# $Id: gb_vlc_media_player_bof_vuln_jul13_win.nasl 8174 2017-12-19 12:23:25Z cfischer $\n#\n# VLC Media Player Buffer Overflow Vulnerability - July 13 (Windows)\n#\n# Authors:\n# Arun Kallavi <karun@secpod.com>\n#\n# Copyright:\n# Copyright (c) 2013 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nCPE = \"cpe:/a:videolan:vlc_media_player\";\n\nif(description)\n{\n script_id(803698);\n script_version(\"$Revision: 8174 $\");\n script_cve_id(\"CVE-2013-1954\");\n script_bugtraq_id(57333);\n script_tag(name:\"cvss_base\", value:\"6.8\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:P/I:P/A:P\");\n script_tag(name:\"last_modification\", value:\"$Date: 2017-12-19 13:23:25 +0100 (Tue, 19 Dec 2017) $\");\n script_tag(name:\"creation_date\", value:\"2013-07-16 13:35:48 +0530 (Tue, 16 Jul 2013)\");\n script_name(\"VLC Media Player Buffer Overflow Vulnerability - July 13 (Windows)\");\n\n tag_summary = \"This host is installed with VLC Media Player and is prone to\nbuffer overflow vulnerability.\";\n\n tag_insight = \"Flaw due to error in 'DemuxPacket()' function in the ASF Demuxer component\n(modules/demux/asf/asf.c) when parsing ASF files.\";\n\n tag_vuldetect = \"Get the installed version with the help of detect NVT and check the version\nis vulnerable or not.\";\n\n tag_impact = \"Successful exploitation could allow attackers to execute arbitrary code or\ncause denial of service condition in the context of affected application via\ncrafted ASF file.\n\n Impact Level: System/Application\";\n\n tag_affected = \"VLC media player version 2.0.5 and prior on Windows\";\n\n tag_solution = \"Upgrade to VLC media player version 2.0.6 or later,\nFor updates refer to http://www.videolan.org/vlc\";\n\n script_tag(name : \"impact\" , value : tag_impact);\n script_tag(name : \"affected\" , value : tag_affected);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"vuldetect\" , value : tag_vuldetect);\n script_tag(name : \"summary\" , value : tag_summary);\n script_tag(name:\"qod_type\", value:\"registry\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n\n script_xref(name : \"URL\" , value : \"http://secunia.com/advisories/51995\");\n script_xref(name : \"URL\" , value : \"http://www.videolan.org/security/sa1302.html\");\n script_copyright(\"Copyright (c) 2013 Greenbone Networks GmbH\");\n script_category(ACT_GATHER_INFO);\n script_family(\"General\");\n script_dependencies(\"secpod_vlc_media_player_detect_win.nasl\");\n script_mandatory_keys(\"VLCPlayer/Win/Installed\");\n exit(0);\n}\n\ninclude(\"host_details.inc\");\ninclude(\"version_func.inc\");\n\ninfos = get_app_version_and_location( cpe:CPE, exit_no_version:TRUE );\nvers = infos['version'];\npath = infos['location'];\n\n## Check for VLC Media Player Version <= 2.0.5\nif( version_is_less_equal( version:vers, test_version:\"2.0.5\" ) ) {\n report = report_fixed_ver( installed_version:vers, fixed_version:\"2.0.6\", install_path:path );\n security_message( port:0, data:report );\n exit( 0 );\n}\n\nexit( 99 );", "cvss": {"score": 6.8, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}, {"lastseen": "2020-04-23T19:05:57", "bulletinFamily": "scanner", "cvelist": ["CVE-2013-1954"], "description": "This host is installed with VLC Media Player and is prone to\nbuffer overflow vulnerability.", "modified": "2020-04-21T00:00:00", "published": "2013-07-16T00:00:00", "id": "OPENVAS:1361412562310803699", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310803699", "type": "openvas", "title": "VLC Media Player Buffer Overflow Vulnerability - July 13 (MAC OS X)", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# VLC Media Player Buffer Overflow Vulnerability - July 13 (MAC OS X)\n#\n# Authors:\n# Arun Kallavi <karun@secpod.com>\n#\n# Copyright:\n# Copyright (C) 2013 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.803699\");\n script_version(\"2020-04-21T11:03:03+0000\");\n script_cve_id(\"CVE-2013-1954\");\n script_bugtraq_id(57333);\n script_tag(name:\"cvss_base\", value:\"6.8\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:P/I:P/A:P\");\n script_tag(name:\"last_modification\", value:\"2020-04-21 11:03:03 +0000 (Tue, 21 Apr 2020)\");\n script_tag(name:\"creation_date\", value:\"2013-07-16 13:56:02 +0530 (Tue, 16 Jul 2013)\");\n script_name(\"VLC Media Player Buffer Overflow Vulnerability - July 13 (MAC OS X)\");\n\n script_tag(name:\"impact\", value:\"Successful exploitation could allow attackers to execute arbitrary code or cause denial of service condition in the context of affected application via crafted ASF file.\");\n script_tag(name:\"affected\", value:\"VLC media player version 2.0.5 and prior on MAC OS X\");\n script_tag(name:\"insight\", value:\"Flaw due to error in 'DemuxPacket()' function in the ASF Demuxer component\n(modules/demux/asf/asf.c) when parsing ASF files.\");\n script_tag(name:\"solution\", value:\"Upgrade to VLC media player version 2.0.6 or later.\");\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable version is present on the target host.\");\n script_tag(name:\"summary\", value:\"This host is installed with VLC Media Player and is prone to\nbuffer overflow vulnerability.\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n\n script_xref(name:\"URL\", value:\"http://secunia.com/advisories/51995\");\n script_xref(name:\"URL\", value:\"http://www.videolan.org/security/sa1302.html\");\n script_copyright(\"Copyright (C) 2013 Greenbone Networks GmbH\");\n script_category(ACT_GATHER_INFO);\n script_family(\"General\");\n script_dependencies(\"gb_vlc_media_player_detect_macosx.nasl\");\n script_mandatory_keys(\"VLC/Media/Player/MacOSX/Version\");\n script_xref(name:\"URL\", value:\"http://www.videolan.org/vlc\");\n exit(0);\n}\n\n\ninclude(\"version_func.inc\");\n\nvlcVer = get_kb_item(\"VLC/Media/Player/MacOSX/Version\");\nif(!vlcVer){\n exit(0);\n}\n\nif(version_is_less_equal(version:vlcVer, test_version:\"2.0.5\"))\n{\n report = report_fixed_ver(installed_version:vlcVer, vulnerable_range:\"Less than or equal to 2.0.5\");\n security_message(port: 0, data: report);\n exit(0);\n}\n", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2019-05-29T18:38:17", "bulletinFamily": "scanner", "cvelist": ["CVE-2013-1954"], "description": "This host is installed with VLC Media Player and is prone to\nbuffer overflow vulnerability.", "modified": "2019-05-17T00:00:00", "published": "2013-07-16T00:00:00", "id": "OPENVAS:1361412562310803698", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310803698", "type": "openvas", "title": "VLC Media Player Buffer Overflow Vulnerability - July 13 (Windows)", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# VLC Media Player Buffer Overflow Vulnerability - July 13 (Windows)\n#\n# Authors:\n# Arun Kallavi <karun@secpod.com>\n#\n# Copyright:\n# Copyright (c) 2013 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nCPE = \"cpe:/a:videolan:vlc_media_player\";\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.803698\");\n script_version(\"2019-05-17T10:45:27+0000\");\n script_cve_id(\"CVE-2013-1954\");\n script_bugtraq_id(57333);\n script_tag(name:\"cvss_base\", value:\"6.8\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:P/I:P/A:P\");\n script_tag(name:\"last_modification\", value:\"2019-05-17 10:45:27 +0000 (Fri, 17 May 2019)\");\n script_tag(name:\"creation_date\", value:\"2013-07-16 13:35:48 +0530 (Tue, 16 Jul 2013)\");\n script_name(\"VLC Media Player Buffer Overflow Vulnerability - July 13 (Windows)\");\n\n script_tag(name:\"impact\", value:\"Successful exploitation could allow attackers to execute arbitrary code or\ncause denial of service condition in the context of affected application via\ncrafted ASF file.\");\n script_tag(name:\"affected\", value:\"VLC media player version 2.0.5 and prior on Windows\");\n script_tag(name:\"insight\", value:\"Flaw due to error in 'DemuxPacket()' function in the ASF Demuxer component\n(modules/demux/asf/asf.c) when parsing ASF files.\");\n script_tag(name:\"solution\", value:\"Upgrade to VLC media player version 2.0.6 or later.\");\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable version is present on the target host.\");\n script_tag(name:\"summary\", value:\"This host is installed with VLC Media Player and is prone to\nbuffer overflow vulnerability.\");\n script_tag(name:\"qod_type\", value:\"registry\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n\n script_xref(name:\"URL\", value:\"http://secunia.com/advisories/51995\");\n script_xref(name:\"URL\", value:\"http://www.videolan.org/security/sa1302.html\");\n script_copyright(\"Copyright (c) 2013 Greenbone Networks GmbH\");\n script_category(ACT_GATHER_INFO);\n script_family(\"General\");\n script_dependencies(\"secpod_vlc_media_player_detect_win.nasl\");\n script_mandatory_keys(\"VLCPlayer/Win/Installed\");\n script_xref(name:\"URL\", value:\"http://www.videolan.org/vlc\");\n exit(0);\n}\n\ninclude(\"host_details.inc\");\ninclude(\"version_func.inc\");\n\nif(!infos = get_app_version_and_location( cpe:CPE, exit_no_version:TRUE )) exit(0);\nvers = infos['version'];\npath = infos['location'];\n\nif( version_is_less_equal( version:vers, test_version:\"2.0.5\" ) ) {\n report = report_fixed_ver( installed_version:vers, fixed_version:\"2.0.6\", install_path:path );\n security_message( port:0, data:report );\n exit( 0 );\n}\n\nexit( 99 );", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2020-04-23T19:05:35", "bulletinFamily": "scanner", "cvelist": ["CVE-2013-1868", "CVE-2012-5855"], "description": "This host is installed with VLC Media Player and is prone to multiple\nvulnerabilities.", "modified": "2020-04-21T00:00:00", "published": "2013-07-16T00:00:00", "id": "OPENVAS:1361412562310803901", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310803901", "type": "openvas", "title": "VLC Media Player Multiple Vulnerabilities - July 13 (MAC OS X)", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# VLC Media Player Multiple Vulnerabilities - July 13 (MAC OS X)\n#\n# Authors:\n# Arun Kallavi <karun@secpod.com>\n#\n# Copyright:\n# Copyright (C) 2013 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.803901\");\n script_version(\"2020-04-21T11:03:03+0000\");\n script_cve_id(\"CVE-2013-1868\", \"CVE-2012-5855\");\n script_bugtraq_id(57079, 56405);\n script_tag(name:\"cvss_base\", value:\"9.3\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:C/I:C/A:C\");\n script_tag(name:\"last_modification\", value:\"2020-04-21 11:03:03 +0000 (Tue, 21 Apr 2020)\");\n script_tag(name:\"creation_date\", value:\"2013-07-16 14:45:11 +0530 (Tue, 16 Jul 2013)\");\n script_name(\"VLC Media Player Multiple Vulnerabilities - July 13 (MAC OS X)\");\n script_tag(name:\"impact\", value:\"Successful exploitation will allow attackers to overflow buffer, cause denial\nof service or potentially execution of arbitrary code.\");\n script_tag(name:\"affected\", value:\"VLC media player version 2.0.4 and prior on MAC OS X\");\n script_tag(name:\"insight\", value:\"Multiple flaws due to,\n\n - Error in 'SHAddToRecentDocs()' function.\n\n - Error due to improper validation of user supplied inputs when handling\n HTML subtitle files.\");\n script_tag(name:\"solution\", value:\"Upgrade to VLC media player version 2.0.5 or later.\");\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable version is present on the target host.\");\n script_tag(name:\"summary\", value:\"This host is installed with VLC Media Player and is prone to multiple\nvulnerabilities.\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n\n script_xref(name:\"URL\", value:\"http://www.videolan.org/news.html\");\n script_xref(name:\"URL\", value:\"http://xforce.iss.net/xforce/xfdb/79823\");\n script_copyright(\"Copyright (C) 2013 Greenbone Networks GmbH\");\n script_category(ACT_GATHER_INFO);\n script_family(\"General\");\n script_dependencies(\"gb_vlc_media_player_detect_macosx.nasl\");\n script_mandatory_keys(\"VLC/Media/Player/MacOSX/Version\");\n script_xref(name:\"URL\", value:\"http://www.videolan.org/vlc\");\n exit(0);\n}\n\n\ninclude(\"version_func.inc\");\n\nvlcVer = get_kb_item(\"VLC/Media/Player/MacOSX/Version\");\nif(!vlcVer){\n exit(0);\n}\n\nif(version_is_less_equal(version:vlcVer, test_version:\"2.0.4\"))\n{\n report = report_fixed_ver(installed_version:vlcVer, vulnerable_range:\"Less than or equal to 2.0.4\");\n security_message(port: 0, data: report);\n exit(0);\n}\n", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2017-12-20T13:23:22", "bulletinFamily": "scanner", "cvelist": ["CVE-2013-1868", "CVE-2012-5855"], "description": "This host is installed with VLC Media Player and is prone to multiple\nvulnerabilities.", "modified": "2017-12-19T00:00:00", "published": "2013-07-16T00:00:00", "id": "OPENVAS:803900", "href": "http://plugins.openvas.org/nasl.php?oid=803900", "type": "openvas", "title": "VLC Media Player Multiple Vulnerabilities - July 13 (Windows)", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n# $Id: gb_vlc_media_player_mult_vuln_jul13_win.nasl 8174 2017-12-19 12:23:25Z cfischer $\n#\n# VLC Media Player Multiple Vulnerabilities - July 13 (Windows)\n#\n# Authors:\n# Arun Kallavi <karun@secpod.com>\n#\n# Copyright:\n# Copyright (c) 2013 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nCPE = \"cpe:/a:videolan:vlc_media_player\";\n\nif(description)\n{\n script_id(803900);\n script_version(\"$Revision: 8174 $\");\n script_cve_id(\"CVE-2013-1868\", \"CVE-2012-5855\");\n script_bugtraq_id(57079,56405);\n script_tag(name:\"cvss_base\", value:\"9.3\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:C/I:C/A:C\");\n script_tag(name:\"last_modification\", value:\"$Date: 2017-12-19 13:23:25 +0100 (Tue, 19 Dec 2017) $\");\n script_tag(name:\"creation_date\", value:\"2013-07-16 14:24:20 +0530 (Tue, 16 Jul 2013)\");\n script_name(\"VLC Media Player Multiple Vulnerabilities - July 13 (Windows)\");\n\n tag_summary = \"This host is installed with VLC Media Player and is prone to multiple\nvulnerabilities.\";\n\n tag_insight = \"Multiple flaws due to,\n\n - Error in 'SHAddToRecentDocs()' function.\n\n - Error due to improper validation of user supplied inputs when handling\n HTML subtitle files.\";\n\n tag_vuldetect = \"Get the installed version with the help of detect NVT and check the version\nis vulnerable or not.\";\n\n tag_impact = \"Successful exploitation will allow attackers to overflow buffer, cause denial\nof service or potentially execution of arbitrary code.\n\n Impact Level: System/Application\";\n\n tag_affected = \"VLC media player version 2.0.4 and prior on Windows\";\n\n tag_solution = \"Upgrade to VLC media player version 2.0.5 or later,\nFor updates refer to http://www.videolan.org/vlc\";\n\n script_tag(name : \"impact\" , value : tag_impact);\n script_tag(name : \"affected\" , value : tag_affected);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"vuldetect\" , value : tag_vuldetect);\n script_tag(name : \"summary\" , value : tag_summary);\n script_tag(name:\"qod_type\", value:\"registry\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n\n script_xref(name : \"URL\" , value : \"http://www.videolan.org/news.html\");\n script_xref(name : \"URL\" , value : \"http://xforce.iss.net/xforce/xfdb/79823\");\n script_copyright(\"Copyright (c) 2013 Greenbone Networks GmbH\");\n script_category(ACT_GATHER_INFO);\n script_family(\"General\");\n script_dependencies(\"secpod_vlc_media_player_detect_win.nasl\");\n script_mandatory_keys(\"VLCPlayer/Win/Installed\");\n exit(0);\n}\n\ninclude(\"host_details.inc\");\ninclude(\"version_func.inc\");\n\ninfos = get_app_version_and_location( cpe:CPE, exit_no_version:TRUE );\nvers = infos['version'];\npath = infos['location'];\n\n## Check for VLC Media Player Version <= 2.0.4\nif( version_is_less_equal( version:vers, test_version:\"2.0.4\" ) ) {\n report = report_fixed_ver( installed_version:vers, fixed_version:\"2.0.5\", install_path:path );\n security_message( port:0, data:report );\n exit( 0 );\n}\n\nexit( 99 );", "cvss": {"score": 9.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2019-05-29T18:38:03", "bulletinFamily": "scanner", "cvelist": ["CVE-2013-1868", "CVE-2012-5855"], "description": "This host is installed with VLC Media Player and is prone to multiple\nvulnerabilities.", "modified": "2019-05-17T00:00:00", "published": "2013-07-16T00:00:00", "id": "OPENVAS:1361412562310803900", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310803900", "type": "openvas", "title": "VLC Media Player Multiple Vulnerabilities - July 13 (Windows)", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# VLC Media Player Multiple Vulnerabilities - July 13 (Windows)\n#\n# Authors:\n# Arun Kallavi <karun@secpod.com>\n#\n# Copyright:\n# Copyright (c) 2013 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nCPE = \"cpe:/a:videolan:vlc_media_player\";\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.803900\");\n script_version(\"2019-05-17T10:45:27+0000\");\n script_cve_id(\"CVE-2013-1868\", \"CVE-2012-5855\");\n script_bugtraq_id(57079, 56405);\n script_tag(name:\"cvss_base\", value:\"9.3\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:C/I:C/A:C\");\n script_tag(name:\"last_modification\", value:\"2019-05-17 10:45:27 +0000 (Fri, 17 May 2019)\");\n script_tag(name:\"creation_date\", value:\"2013-07-16 14:24:20 +0530 (Tue, 16 Jul 2013)\");\n script_name(\"VLC Media Player Multiple Vulnerabilities - July 13 (Windows)\");\n\n script_tag(name:\"impact\", value:\"Successful exploitation will allow attackers to overflow buffer, cause denial\nof service or potentially execution of arbitrary code.\");\n script_tag(name:\"affected\", value:\"VLC media player version 2.0.4 and prior on Windows\");\n script_tag(name:\"insight\", value:\"Multiple flaws due to,\n\n - Error in 'SHAddToRecentDocs()' function.\n\n - Error due to improper validation of user supplied inputs when handling\n HTML subtitle files.\");\n script_tag(name:\"solution\", value:\"Upgrade to VLC media player version 2.0.5 or later.\");\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable version is present on the target host.\");\n script_tag(name:\"summary\", value:\"This host is installed with VLC Media Player and is prone to multiple\nvulnerabilities.\");\n script_tag(name:\"qod_type\", value:\"registry\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n\n script_xref(name:\"URL\", value:\"http://www.videolan.org/news.html\");\n script_xref(name:\"URL\", value:\"http://xforce.iss.net/xforce/xfdb/79823\");\n script_copyright(\"Copyright (c) 2013 Greenbone Networks GmbH\");\n script_category(ACT_GATHER_INFO);\n script_family(\"General\");\n script_dependencies(\"secpod_vlc_media_player_detect_win.nasl\");\n script_mandatory_keys(\"VLCPlayer/Win/Installed\");\n script_xref(name:\"URL\", value:\"http://www.videolan.org/vlc\");\n exit(0);\n}\n\ninclude(\"host_details.inc\");\ninclude(\"version_func.inc\");\n\nif(!infos = get_app_version_and_location( cpe:CPE, exit_no_version:TRUE )) exit(0);\nvers = infos['version'];\npath = infos['location'];\n\nif( version_is_less_equal( version:vers, test_version:\"2.0.4\" ) ) {\n report = report_fixed_ver( installed_version:vers, fixed_version:\"2.0.5\", install_path:path );\n security_message( port:0, data:report );\n exit( 0 );\n}\n\nexit( 99 );", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}], "securityvulns": [{"lastseen": "2018-08-31T11:10:52", "bulletinFamily": "software", "cvelist": ["CVE-2013-1954", "CVE-2013-1868", "CVE-2013-4388"], "description": "\r\n\r\n-----BEGIN PGP SIGNED MESSAGE-----\r\nHash: SHA1\r\n\r\n- -------------------------------------------------------------------------\r\nDebian Security Advisory DSA-2973-1 security@debian.org\r\nhttp://www.debian.org/security/ Moritz Muehlenhoff\r\nJuly 07, 2014 http://www.debian.org/security/faq\r\n- -------------------------------------------------------------------------\r\n\r\nPackage : vlc\r\nCVE ID : CVE-2013-1868 CVE-2013-1954 CVE-2013-4388\r\n\r\nMultiple buffer overflows have been found in the VideoLAN media player.\r\nProcessing malformed subtitles or movie files could lead to denial of\r\nservice and potentially the execution of arbitrary code.\r\n\r\nFor the stable distribution (wheezy), these problems have been fixed in\r\nversion 2.0.3-5+deb7u1.\r\n\r\nFor the testing distribution (jessie), these problems have been fixed in\r\nversion 2.1.0-1.\r\n\r\nFor the unstable distribution (sid), these problems have been fixed in\r\nversion 2.1.0-1.\r\n\r\nWe recommend that you upgrade your vlc packages.\r\n\r\nFurther information about Debian Security Advisories, how to apply\r\nthese updates to your system and frequently asked questions can be\r\nfound at: http://www.debian.org/security/\r\n\r\nMailing list: debian-security-announce@lists.debian.org\r\n-----BEGIN PGP SIGNATURE-----\r\nVersion: GnuPG v1\r\n\r\niQIcBAEBAgAGBQJTuxLyAAoJEBDCk7bDfE422awP/A6q2UrLQI47VDpmNhym/iq8\r\nxTaHDKVOg9liWJ/tcM5Pkm76lCkHabMhCbnajLmGHWDbJUarjgHoDdhJdeW6GtT9\r\n2HOd9uWx0s64X5hy8jfS++2t8zEb3ZIQ+OpZC0vTj/6nbMYuO6+OR67ONLUIzRFa\r\ntFRaitIT6C10hUUkI9ybY5oin9ixDYs/T4UFVJ+iq7SoREJsngg3U4cmJPIueYQ8\r\n5xYaSDWUXzW2+/VlNTyOkYRQ02by2Q4YPMy/Y8ON/Xfey6Awy59mag2TFfpUBUFk\r\nlJGYxR8gtwGx4KFMJiNde3HvVzpiT6W2X5S02URMYmV5APkgkF9UvAaQLk/YnnR4\r\nrKKtEmV21ec1wVrTYXAPA/R4/TrMb2/tJ5/yYxywTmNl74NoqRPHOpgyzp6wCMmO\r\n9hdFWR7CZrVe2X1TL48W5S/carvkfra3ZW66hbFao7h4lmQ/9SoZGb8dps6qxONt\r\nomcuPDoSuVljtbr/t+na82v1BXX/k4o/7uWQ94KbTqaMjVEf4yC37yokb7a2ngXP\r\nr7AJ/BHJGvsIo4y1Ccv4BxWqQ3ii5EogTyR8/S4v2O7lhvn2JOMWzGcCvf/d8qgM\r\nlGajkIWSpGlH+FrcaZXojzbwAFTJjZwewH7uxBLIAewz654GzXqStYO8uQ220vjA\r\nvTesFwVSjcZR8Gvmz7Jb\r\n=K5Fy\r\n-----END PGP SIGNATURE-----\r\n\r\n", "edition": 1, "modified": "2014-07-28T00:00:00", "published": "2014-07-28T00:00:00", "id": "SECURITYVULNS:DOC:30954", "href": "https://vulners.com/securityvulns/SECURITYVULNS:DOC:30954", "title": "[SECURITY] [DSA 2973-1] vlc security update", "type": "securityvulns", "cvss": {"score": 9.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2018-08-31T11:09:56", "bulletinFamily": "software", "cvelist": ["CVE-2013-1954", "CVE-2013-1868", "CVE-2013-4388"], "description": "Buffer overflows on different video formats parsing.", "edition": 1, "modified": "2014-07-28T00:00:00", "published": "2014-07-28T00:00:00", "id": "SECURITYVULNS:VULN:13889", "href": "https://vulners.com/securityvulns/SECURITYVULNS:VULN:13889", "title": "Videolan vlc multiple security vulnerabilities", "type": "securityvulns", "cvss": {"score": 9.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}], "exploitdb": [{"lastseen": "2016-02-02T20:29:19", "description": "VLC Media Player 2.0.4 - (.swf) Crash PoC. CVE-2013-1868. Dos exploit for windows platform", "published": "2012-12-07T00:00:00", "type": "exploitdb", "title": "VLC Media Player 2.0.4 - .swf Crash PoC", "bulletinFamily": "exploit", "cvelist": ["CVE-2013-1868"], "modified": "2012-12-07T00:00:00", "id": "EDB-ID:23201", "href": "https://www.exploit-db.com/exploits/23201/", "sourceData": "Title : VLC media player 2.0.4 buffer overflow POC\r\nVersion : 2.0.4 Twoflower\r\nDate : 2012-12-06\r\nVendor : www.videolan.org/vlc/\r\nImpact : Med/High\r\nContact : coolkaveh [at] rocketmail.com\r\nTwitter : @coolkaveh\r\ntested : windows XP SP3\r\nAuthor : coolkaveh\r\n#####################################################################################################################\r\nVLC media player (also known as VLC) is a highly portable free and open-source media player and streaming \r\nmedia server written by the VideoLAN project. It is a cross-platform media player, with versions for \r\nMicrosoft Windows, OS X, GNU/Linux, Android, BSD, Solaris, iOS, Syllable, BeOS, MorphOS, QNX and eComStation\r\n#####################################################################################################################\r\nBug :\r\n----\r\nbuffer overflow during the handling of the swf file\r\ncontext-dependent\r\nSuccessful exploits can allow attackers to execute arbitrary code\r\n----\r\n######################################################################################################################\r\n(7b4.a14): Access violation - code c0000005 (first chance)\r\nFirst chance exceptions are reported before any exception handling.\r\nThis exception may be expected and handled.\r\neax=75737574 ebx=00e44c20 ecx=7ffd5000 edx=00e44e84 esi=038488c8 edi=000007c0\r\neip=75737574 esp=0196fb5c ebp=00000002 iopl=0 nv up ei pl nz na pe nc\r\ncs=001b ss=0023 ds=0023 es=0023 fs=003b gs=0000 efl=00210206\r\nMissing image name, possible paged-out or corrupt data.\r\n75737574 ?? ???\r\n0:009>!exploitable -v\r\neax=75737574 ebx=00e44c20 ecx=7ffd5000 edx=00e44e84 esi=038488c8 edi=000007c0\r\neip=75737574 esp=0196fb5c ebp=00000002 iopl=0 nv up ei pl nz na pe nc\r\ncs=001b ss=0023 ds=0023 es=0023 fs=003b gs=0000 efl=00210206\r\n75737574 ?? ???\r\nHostMachine\\HostUser\r\nExecuting Processor Architecture is x86\r\nDebuggee is in User Mode\r\nDebuggee is a live user mode debugging session on the local machine\r\nEvent Type: Exception\r\n*** ERROR: Symbol file could not be found. Defaulted to export symbols for ntdll.dll - \r\n*** ERROR: Symbol file could not be found. Defaulted to export symbols for C:\\Program Files\\VideoLAN\\VLC\\libvlccore.dll - \r\n*** ERROR: Symbol file could not be found. Defaulted to export symbols for C:\\Program Files\\VideoLAN\\VLC\\plugins\\codec\\libavcodec_plugin.dll - \r\nException Faulting Address: 0x75737574\r\nFirst Chance Exception Type: STATUS_ACCESS_VIOLATION (0xC0000005)\r\nException Sub-Type: Data Execution Protection (DEP) Violation\r\n\r\nException Hash (Major/Minor): 0x307d391a.0x6f0f1537\r\n\r\nStack Trace:\r\nUnknown\r\nlibvlccore!vout_ReleasePicture+0x32\r\nlibavcodec_plugin!vlc_entry_license__1_2_0l+0xe09\r\nlibavcodec_plugin!vlc_entry_license__1_2_0l+0xdf26b\r\nlibavcodec_plugin!vlc_entry_license__1_2_0l+0xdee0e\r\nlibavcodec_plugin!vlc_entry_license__1_2_0l+0xdf37b\r\nntdll!RtlFreeHeap+0x18b\r\nInstruction Address: 0x0000000075737574\r\n\r\nDescription: Data Execution Prevention Violation\r\nShort Description: DEPViolation\r\nExploitability Classification: EXPLOITABLE\r\nRecommended Bug Title: Exploitable - Data Execution Prevention Violation starting at Unknown Symbol @ 0x0000000075737574 called from libvlccore!vout_ReleasePicture+0x0000000000000032 (Hash=0x307d391a.0x6f0f1537)\r\n\r\nUser mode DEP access violations are exploitable.\r\n################################################################################\r\nProof of concept included.\r\n\r\nExploit-DB mirror: http://www39.zippyshare.com/v/91522221/file.html\r\nExploit-DB mirror: https://github.com/offensive-security/exploit-database-bin-sploits/raw/master/sploits/23201.rar\r\n\r\n", "cvss": {"score": 9.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}, "sourceHref": "https://www.exploit-db.com/download/23201/"}], "gentoo": [{"lastseen": "2016-09-06T19:46:06", "bulletinFamily": "unix", "cvelist": ["CVE-2011-1684", "CVE-2011-0522", "CVE-2012-3377", "CVE-2011-2194", "CVE-2013-1954", "CVE-2010-3124", "CVE-2011-0531", "CVE-2010-1441", "CVE-2012-1775", "CVE-2011-2588", "CVE-2013-1868", "CVE-2010-3275", "CVE-2010-1442", "CVE-2013-6283", "CVE-2011-3623", "CVE-2010-3907", "CVE-2010-2937", "CVE-2011-0021", "CVE-2012-2396", "CVE-2011-1087", "CVE-2013-6934", "CVE-2012-0023", "CVE-2012-5855", "CVE-2012-5470", "CVE-2010-1443", "CVE-2013-4388", "CVE-2012-1776", "CVE-2010-3276", "CVE-2010-1445", "CVE-2013-3245", "CVE-2011-2587", "CVE-2010-1444", "CVE-2010-2062"], "description": "### Background\n\nVLC is a cross-platform media player and streaming server.\n\n### Description\n\nMultiple vulnerabilities have been discovered in VLC. Please review the CVE identifiers referenced below for details. \n\n### Impact\n\nA remote attacker could entice a user to open a specially crafted media file using VLC, possibly resulting in execution of arbitrary code with the privileges of the process or a Denial of Service condition. \n\n### Workaround\n\nThere is no known workaround at this time.\n\n### Resolution\n\nAll VLC users should upgrade to the latest version:\n \n \n # emerge --sync\n # emerge --ask --oneshot --verbose \">=media-video/vlc-2.1.2\"", "edition": 1, "modified": "2014-11-05T00:00:00", "published": "2014-11-05T00:00:00", "id": "GLSA-201411-01", "href": "https://security.gentoo.org/glsa/201411-01", "type": "gentoo", "title": "VLC: Multiple vulnerabilities", "cvss": {"score": 9.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}]}