The SHAddToRecentDocs function in VideoLAN VLC media player 2.0.4 and earlier might allow user-assisted attackers to cause a denial of service (crash) via a crafted file name that triggers an incorrect string-length calculation when the file is added to VLC. NOTE: it is not clear whether this issue crosses privilege boundaries or whether it can be exploited without user interaction.
CPE | Name | Operator | Version |
---|---|---|---|
vlc_media_player | eq | 2.0.2 | |
vlc_media_player | eq | 2.0.1 | |
vlc_media_player | le | 2.0.4 | |
vlc_media_player | eq | 2.0.0 | |
vlc_media_player | eq | 2.0.3 |