CVE-2012-5855 - OpenCVE

The SHAddToRecentDocs function in VideoLAN VLC media player 2.0.4 and earlier might allow user-assisted attackers to cause a denial of service (crash) via a crafted file name that triggers an incorrect string-length calculation when the file is added to VLC. NOTE: it is not clear whether this issue crosses privilege boundaries or whether it can be exploited without user interaction.

No CVSS v4.0

No CVSS v3.1

No CVSS v3.0

Access Vector Network

Access Complexity Medium

Authentication None

Confidentiality Impact None

Integrity Impact None

Availability Impact Partial

AV:N/AC:M/Au:N/C:N/I:N/A:P

This CVE is not in the KEV list.

Key SSVC decision points have not yet been added.

Vendors	Products
Videolan	Vlc Media Player

Configuration 1 [-]

OR	cpe:2.3:a:videolan:vlc_media_player::::::::
	cpe:2.3:a:videolan:vlc_media_player:2.0.0:::::::*
	cpe:2.3:a:videolan:vlc_media_player:2.0.1:::::::*
	cpe:2.3:a:videolan:vlc_media_player:2.0.2:::::::*
	cpe:2.3:a:videolan:vlc_media_player:2.0.3:::::::*

No data.

References

Link	Providers
http://marc.info/?l=oss-security&m=135274330022215&w=2
http://www.securityfocus.com/archive/1/524626
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A16781

History

No history.

MITRE

Status: PUBLISHED

Assigner: mitre

Published: 2013-07-10T19:00:00

Updated: 2024-08-06T21:21:27.338Z

Reserved: 2012-11-12T00:00:00

Link: CVE-2012-5855

Vulnrichment

No data.

NVD

Status : Modified

Published: 2013-07-10T19:55:01.347

Modified: 2017-09-19T01:35:32.060

Link: CVE-2012-5855

Redhat

No data.

{"containers": {"cna": {"affected": [{"product": "n/a", "vendor": "n/a", "versions": [{"status": "affected", "version": "n/a"}]}], "datePublic": "2012-11-05T00:00:00", "descriptions": [{"lang": "en", "value": "The SHAddToRecentDocs function in VideoLAN VLC media player 2.0.4 and earlier might allow user-assisted attackers to cause a denial of service (crash) via a crafted file name that triggers an incorrect string-length calculation when the file is added to VLC. NOTE: it is not clear whether this issue crosses privilege boundaries or whether it can be exploited without user interaction."}], "problemTypes": [{"descriptions": [{"description": "n/a", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2017-09-18T12:57:01", "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre"}, "references": [{"name": "20121105 VideoLAN VLC Media Player <= 2.0.4 Crash Bug", "tags": ["mailing-list", "x_refsource_BUGTRAQ"], "url": "http://www.securityfocus.com/archive/1/524626"}, {"name": "oval:org.mitre.oval:def:16781", "tags": ["vdb-entry", "signature", "x_refsource_OVAL"], "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A16781"}, {"name": "[oss-security] 20121112 VLC 2.0.4 SHAddToRecentDocs CVE-2012-5855", "tags": ["mailing-list", "x_refsource_MLIST"], "url": "http://marc.info/?l=oss-security&m=135274330022215&w=2"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "cve@mitre.org", "ID": "CVE-2012-5855", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "n/a", "version": {"version_data": [{"version_value": "n/a"}]}}]}, "vendor_name": "n/a"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "The SHAddToRecentDocs function in VideoLAN VLC media player 2.0.4 and earlier might allow user-assisted attackers to cause a denial of service (crash) via a crafted file name that triggers an incorrect string-length calculation when the file is added to VLC. NOTE: it is not clear whether this issue crosses privilege boundaries or whether it can be exploited without user interaction."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "n/a"}]}]}, "references": {"reference_data": [{"name": "20121105 VideoLAN VLC Media Player <= 2.0.4 Crash Bug", "refsource": "BUGTRAQ", "url": "http://www.securityfocus.com/archive/1/524626"}, {"name": "oval:org.mitre.oval:def:16781", "refsource": "OVAL", "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A16781"}, {"name": "[oss-security] 20121112 VLC 2.0.4 SHAddToRecentDocs CVE-2012-5855", "refsource": "MLIST", "url": "http://marc.info/?l=oss-security&m=135274330022215&w=2"}]}}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-06T21:21:27.338Z"}, "title": "CVE Program Container", "references": [{"name": "20121105 VideoLAN VLC Media Player <= 2.0.4 Crash Bug", "tags": ["mailing-list", "x_refsource_BUGTRAQ", "x_transferred"], "url": "http://www.securityfocus.com/archive/1/524626"}, {"name": "oval:org.mitre.oval:def:16781", "tags": ["vdb-entry", "signature", "x_refsource_OVAL", "x_transferred"], "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A16781"}, {"name": "[oss-security] 20121112 VLC 2.0.4 SHAddToRecentDocs CVE-2012-5855", "tags": ["mailing-list", "x_refsource_MLIST", "x_transferred"], "url": "http://marc.info/?l=oss-security&m=135274330022215&w=2"}]}]}, "cveMetadata": {"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "assignerShortName": "mitre", "cveId": "CVE-2012-5855", "datePublished": "2013-07-10T19:00:00", "dateReserved": "2012-11-12T00:00:00", "dateUpdated": "2024-08-06T21:21:27.338Z", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.1"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:videolan:vlc_media_player:*:*:*:*:*:*:*:*", "matchCriteriaId": "E5C76C9C-1161-49AA-8108-167DC868473D", "versionEndIncluding": "2.0.4", "vulnerable": true}, {"criteria": "cpe:2.3:a:videolan:vlc_media_player:2.0.0:*:*:*:*:*:*:*", "matchCriteriaId": "1928547F-4689-43CD-9C66-7097AE360669", "vulnerable": true}, {"criteria": "cpe:2.3:a:videolan:vlc_media_player:2.0.1:*:*:*:*:*:*:*", "matchCriteriaId": "A3FD4FB1-A4E7-4712-B864-0F85D957E81D", "vulnerable": true}, {"criteria": "cpe:2.3:a:videolan:vlc_media_player:2.0.2:*:*:*:*:*:*:*", "matchCriteriaId": "2A6AE8D3-46C9-441B-886C-63D9A28DB918", "vulnerable": true}, {"criteria": "cpe:2.3:a:videolan:vlc_media_player:2.0.3:*:*:*:*:*:*:*", "matchCriteriaId": "99D5CFF3-0643-4AFD-B5D9-7C7C3B18C29B", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "The SHAddToRecentDocs function in VideoLAN VLC media player 2.0.4 and earlier might allow user-assisted attackers to cause a denial of service (crash) via a crafted file name that triggers an incorrect string-length calculation when the file is added to VLC. NOTE: it is not clear whether this issue crosses privilege boundaries or whether it can be exploited without user interaction."}, {"lang": "es", "value": "La funci\u00f3n SHAddToRecentDocs en VideoLAN VLC media player v2.0.4 y versiones anteriores podr\u00eda permitir a los atacantes asistidos por el usuario provocar una denegaci\u00f3n de servicio (ca\u00edda) a trav\u00e9s de un nombre de archivo especialmente dise\u00f1ado que genera una calculo de longitud de cadena incorrecto cuando se agrega el archivo a VLC. NOTA: no est\u00e1 claro si este problema puede saltarse los l\u00edmites de privilegio o si puede ser explotado sin la interacci\u00f3n del usuario."}], "id": "CVE-2012-5855", "lastModified": "2017-09-19T01:35:32.060", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "MEDIUM", "cvssData": {"accessComplexity": "MEDIUM", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "PARTIAL", "baseScore": 4.3, "confidentialityImpact": "NONE", "integrityImpact": "NONE", "vectorString": "AV:N/AC:M/Au:N/C:N/I:N/A:P", "version": "2.0"}, "exploitabilityScore": 8.6, "impactScore": 2.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": true}]}, "published": "2013-07-10T19:55:01.347", "references": [{"source": "cve@mitre.org", "url": "http://marc.info/?l=oss-security&m=135274330022215&w=2"}, {"source": "cve@mitre.org", "tags": ["Exploit"], "url": "http://www.securityfocus.com/archive/1/524626"}, {"source": "cve@mitre.org", "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A16781"}], "sourceIdentifier": "cve@mitre.org", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-189"}], "source": "nvd@nist.gov", "type": "Primary"}]}