CVE-2012-5855 - Vulnerability Details - OpenCVE

The SHAddToRecentDocs function in VideoLAN VLC media player 2.0.4 and earlier might allow user-assisted attackers to cause a denial of service (crash) via a crafted file name that triggers an incorrect string-length calculation when the file is added to VLC. NOTE: it is not clear whether this issue crosses privilege boundaries or whether it can be exploited without user interaction.

No CVSS v4.0

No CVSS v3.1

No CVSS v3.0

Access Vector Network

Access Complexity Medium

Authentication None

Confidentiality Impact None

Integrity Impact None

Availability Impact Partial

This CVE is not in the KEV list.

The EPSS score is 0.00344.

Key SSVC decision points have not yet been added.

Vendors	Products
Videolan	Vlc Media Player

Configuration 1 [-]

OR	cpe:2.3:a:videolan:vlc_media_player::::::::
	cpe:2.3:a:videolan:vlc_media_player:2.0.0:::::::*
	cpe:2.3:a:videolan:vlc_media_player:2.0.1:::::::*
	cpe:2.3:a:videolan:vlc_media_player:2.0.2:::::::*
	cpe:2.3:a:videolan:vlc_media_player:2.0.3:::::::*

No data.

No data.

Advisories

Source	ID	Title
EUVD	EUVD-2012-5733	The SHAddToRecentDocs function in VideoLAN VLC media player 2.0.4 and earlier might allow user-assisted attackers to cause a denial of service (crash) via a crafted file name that triggers an incorrect string-length calculation when the file is added to VLC. NOTE: it is not clear whether this issue crosses privilege boundaries or whether it can be exploited without user interaction.

Fixes

Solution

No solution given by the vendor.

Workaround

No workaround given by the vendor.

References

Link	Providers
http://marc.info/?l=oss-security&m=135274330022215&w=2
http://www.securityfocus.com/archive/1/524626
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A16781

History

No history.

MITRE

Status: PUBLISHED

Assigner: mitre

Published: 2013-07-10T19:00:00

Updated: 2024-08-06T21:21:27.338Z

Reserved: 2012-11-12T00:00:00

Link: CVE-2012-5855

Vulnrichment

No data.

NVD

Status : Deferred

Published: 2013-07-10T19:55:01.347

Modified: 2025-04-11T00:51:21.963

Link: CVE-2012-5855

Redhat

No data.

OpenCVE Enrichment

No data.

{"containers": {"cna": {"affected": [{"product": "n/a", "vendor": "n/a", "versions": [{"status": "affected", "version": "n/a"}]}], "datePublic": "2012-11-05T00:00:00", "descriptions": [{"lang": "en", "value": "The SHAddToRecentDocs function in VideoLAN VLC media player 2.0.4 and earlier might allow user-assisted attackers to cause a denial of service (crash) via a crafted file name that triggers an incorrect string-length calculation when the file is added to VLC. NOTE: it is not clear whether this issue crosses privilege boundaries or whether it can be exploited without user interaction."}], "problemTypes": [{"descriptions": [{"description": "n/a", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2017-09-18T12:57:01", "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre"}, "references": [{"name": "20121105 VideoLAN VLC Media Player <= 2.0.4 Crash Bug", "tags": ["mailing-list", "x_refsource_BUGTRAQ"], "url": "http://www.securityfocus.com/archive/1/524626"}, {"name": "oval:org.mitre.oval:def:16781", "tags": ["vdb-entry", "signature", "x_refsource_OVAL"], "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A16781"}, {"name": "[oss-security] 20121112 VLC 2.0.4 SHAddToRecentDocs CVE-2012-5855", "tags": ["mailing-list", "x_refsource_MLIST"], "url": "http://marc.info/?l=oss-security&m=135274330022215&w=2"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "cve@mitre.org", "ID": "CVE-2012-5855", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "n/a", "version": {"version_data": [{"version_value": "n/a"}]}}]}, "vendor_name": "n/a"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "The SHAddToRecentDocs function in VideoLAN VLC media player 2.0.4 and earlier might allow user-assisted attackers to cause a denial of service (crash) via a crafted file name that triggers an incorrect string-length calculation when the file is added to VLC. NOTE: it is not clear whether this issue crosses privilege boundaries or whether it can be exploited without user interaction."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "n/a"}]}]}, "references": {"reference_data": [{"name": "20121105 VideoLAN VLC Media Player <= 2.0.4 Crash Bug", "refsource": "BUGTRAQ", "url": "http://www.securityfocus.com/archive/1/524626"}, {"name": "oval:org.mitre.oval:def:16781", "refsource": "OVAL", "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A16781"}, {"name": "[oss-security] 20121112 VLC 2.0.4 SHAddToRecentDocs CVE-2012-5855", "refsource": "MLIST", "url": "http://marc.info/?l=oss-security&m=135274330022215&w=2"}]}}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-06T21:21:27.338Z"}, "title": "CVE Program Container", "references": [{"name": "20121105 VideoLAN VLC Media Player <= 2.0.4 Crash Bug", "tags": ["mailing-list", "x_refsource_BUGTRAQ", "x_transferred"], "url": "http://www.securityfocus.com/archive/1/524626"}, {"name": "oval:org.mitre.oval:def:16781", "tags": ["vdb-entry", "signature", "x_refsource_OVAL", "x_transferred"], "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A16781"}, {"name": "[oss-security] 20121112 VLC 2.0.4 SHAddToRecentDocs CVE-2012-5855", "tags": ["mailing-list", "x_refsource_MLIST", "x_transferred"], "url": "http://marc.info/?l=oss-security&m=135274330022215&w=2"}]}]}, "cveMetadata": {"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "assignerShortName": "mitre", "cveId": "CVE-2012-5855", "datePublished": "2013-07-10T19:00:00", "dateReserved": "2012-11-12T00:00:00", "dateUpdated": "2024-08-06T21:21:27.338Z", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.1"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:videolan:vlc_media_player:*:*:*:*:*:*:*:*", "matchCriteriaId": "E5C76C9C-1161-49AA-8108-167DC868473D", "versionEndIncluding": "2.0.4", "vulnerable": true}, {"criteria": "cpe:2.3:a:videolan:vlc_media_player:2.0.0:*:*:*:*:*:*:*", "matchCriteriaId": "1928547F-4689-43CD-9C66-7097AE360669", "vulnerable": true}, {"criteria": "cpe:2.3:a:videolan:vlc_media_player:2.0.1:*:*:*:*:*:*:*", "matchCriteriaId": "A3FD4FB1-A4E7-4712-B864-0F85D957E81D", "vulnerable": true}, {"criteria": "cpe:2.3:a:videolan:vlc_media_player:2.0.2:*:*:*:*:*:*:*", "matchCriteriaId": "2A6AE8D3-46C9-441B-886C-63D9A28DB918", "vulnerable": true}, {"criteria": "cpe:2.3:a:videolan:vlc_media_player:2.0.3:*:*:*:*:*:*:*", "matchCriteriaId": "99D5CFF3-0643-4AFD-B5D9-7C7C3B18C29B", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "The SHAddToRecentDocs function in VideoLAN VLC media player 2.0.4 and earlier might allow user-assisted attackers to cause a denial of service (crash) via a crafted file name that triggers an incorrect string-length calculation when the file is added to VLC. NOTE: it is not clear whether this issue crosses privilege boundaries or whether it can be exploited without user interaction."}, {"lang": "es", "value": "La funci\u00f3n SHAddToRecentDocs en VideoLAN VLC media player v2.0.4 y versiones anteriores podr\u00eda permitir a los atacantes asistidos por el usuario provocar una denegaci\u00f3n de servicio (ca\u00edda) a trav\u00e9s de un nombre de archivo especialmente dise\u00f1ado que genera una calculo de longitud de cadena incorrecto cuando se agrega el archivo a VLC. NOTA: no est\u00e1 claro si este problema puede saltarse los l\u00edmites de privilegio o si puede ser explotado sin la interacci\u00f3n del usuario."}], "id": "CVE-2012-5855", "lastModified": "2025-04-11T00:51:21.963", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "MEDIUM", "cvssData": {"accessComplexity": "MEDIUM", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "PARTIAL", "baseScore": 4.3, "confidentialityImpact": "NONE", "integrityImpact": "NONE", "vectorString": "AV:N/AC:M/Au:N/C:N/I:N/A:P", "version": "2.0"}, "exploitabilityScore": 8.6, "impactScore": 2.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": true}]}, "published": "2013-07-10T19:55:01.347", "references": [{"source": "cve@mitre.org", "url": "http://marc.info/?l=oss-security&m=135274330022215&w=2"}, {"source": "cve@mitre.org", "tags": ["Exploit"], "url": "http://www.securityfocus.com/archive/1/524626"}, {"source": "cve@mitre.org", "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A16781"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://marc.info/?l=oss-security&m=135274330022215&w=2"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Exploit"], "url": "http://www.securityfocus.com/archive/1/524626"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A16781"}], "sourceIdentifier": "cve@mitre.org", "vulnStatus": "Deferred", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-189"}], "source": "nvd@nist.gov", "type": "Primary"}]}