CVE-2013-4388 - OpenCVE

Buffer overflow in the mp4a packetizer (modules/packetizer/mpeg4audio.c) in VideoLAN VLC Media Player before 2.0.8 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via unspecified vectors.

No CVSS v4.0

No CVSS v3.1

No CVSS v3.0

Access Vector Network

Access Complexity Medium

Authentication None

Confidentiality Impact Partial

Integrity Impact Partial

Availability Impact Partial

AV:N/AC:M/Au:N/C:P/I:P/A:P

This CVE is not in the KEV list.

Key SSVC decision points have not yet been added.

Vendors	Products
Videolan	Vlc Media Player

Configuration 1 [-]

OR	cpe:2.3:a:videolan:vlc_media_player::::::::
	cpe:2.3:a:videolan:vlc_media_player:2.0.0:::::::*
	cpe:2.3:a:videolan:vlc_media_player:2.0.1:::::::*
	cpe:2.3:a:videolan:vlc_media_player:2.0.2:::::::*
	cpe:2.3:a:videolan:vlc_media_player:2.0.3:::::::*
	cpe:2.3:a:videolan:vlc_media_player:2.0.4:::::::*
	cpe:2.3:a:videolan:vlc_media_player:2.0.5:::::::*
	cpe:2.3:a:videolan:vlc_media_player:2.0.6:::::::*

No data.

References

Link	Providers
http://git.videolan.org/?p=vlc.git%3Ba=commitdiff%3Bh=9794ec1cd268c04c8bca13a5fae15df6594dff3e
http://secunia.com/advisories/59793
http://www.openwall.com/lists/oss-security/2013/10/01/2
http://www.securityfocus.com/bid/62724
http://www.securitytracker.com/id/1029120
http://www.videolan.org/developers/vlc-branch/NEWS
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A18086

History

No history.

MITRE

Status: PUBLISHED

Assigner: redhat

Published: 2013-10-11T22:00:00

Updated: 2024-08-06T16:45:13.511Z

Reserved: 2013-06-12T00:00:00

Link: CVE-2013-4388

Vulnrichment

No data.

NVD

Status : Modified

Published: 2013-10-11T22:55:40.363

Modified: 2023-11-07T02:16:15.713

Link: CVE-2013-4388

Redhat

No data.

{"containers": {"cna": {"affected": [{"product": "n/a", "vendor": "n/a", "versions": [{"status": "affected", "version": "n/a"}]}], "datePublic": "2013-08-24T00:00:00", "descriptions": [{"lang": "en", "value": "Buffer overflow in the mp4a packetizer (modules/packetizer/mpeg4audio.c) in VideoLAN VLC Media Player before 2.0.8 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via unspecified vectors."}], "problemTypes": [{"descriptions": [{"description": "n/a", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2017-09-18T12:57:01", "orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749", "shortName": "redhat"}, "references": [{"name": "oval:org.mitre.oval:def:18086", "tags": ["vdb-entry", "signature", "x_refsource_OVAL"], "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A18086"}, {"name": "59793", "tags": ["third-party-advisory", "x_refsource_SECUNIA"], "url": "http://secunia.com/advisories/59793"}, {"tags": ["x_refsource_CONFIRM"], "url": "http://www.videolan.org/developers/vlc-branch/NEWS"}, {"name": "62724", "tags": ["vdb-entry", "x_refsource_BID"], "url": "http://www.securityfocus.com/bid/62724"}, {"name": "[oss-security] 20130930 Re: CVE request: VLC", "tags": ["mailing-list", "x_refsource_MLIST"], "url": "http://www.openwall.com/lists/oss-security/2013/10/01/2"}, {"name": "1029120", "tags": ["vdb-entry", "x_refsource_SECTRACK"], "url": "http://www.securitytracker.com/id/1029120"}, {"tags": ["x_refsource_CONFIRM"], "url": "http://git.videolan.org/?p=vlc.git%3Ba=commitdiff%3Bh=9794ec1cd268c04c8bca13a5fae15df6594dff3e"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "secalert@redhat.com", "ID": "CVE-2013-4388", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "n/a", "version": {"version_data": [{"version_value": "n/a"}]}}]}, "vendor_name": "n/a"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "Buffer overflow in the mp4a packetizer (modules/packetizer/mpeg4audio.c) in VideoLAN VLC Media Player before 2.0.8 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via unspecified vectors."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "n/a"}]}]}, "references": {"reference_data": [{"name": "oval:org.mitre.oval:def:18086", "refsource": "OVAL", "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A18086"}, {"name": "59793", "refsource": "SECUNIA", "url": "http://secunia.com/advisories/59793"}, {"name": "http://www.videolan.org/developers/vlc-branch/NEWS", "refsource": "CONFIRM", "url": "http://www.videolan.org/developers/vlc-branch/NEWS"}, {"name": "62724", "refsource": "BID", "url": "http://www.securityfocus.com/bid/62724"}, {"name": "[oss-security] 20130930 Re: CVE request: VLC", "refsource": "MLIST", "url": "http://www.openwall.com/lists/oss-security/2013/10/01/2"}, {"name": "1029120", "refsource": "SECTRACK", "url": "http://www.securitytracker.com/id/1029120"}, {"name": "http://git.videolan.org/?p=vlc.git;a=commitdiff;h=9794ec1cd268c04c8bca13a5fae15df6594dff3e", "refsource": "CONFIRM", "url": "http://git.videolan.org/?p=vlc.git;a=commitdiff;h=9794ec1cd268c04c8bca13a5fae15df6594dff3e"}]}}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-06T16:45:13.511Z"}, "title": "CVE Program Container", "references": [{"name": "oval:org.mitre.oval:def:18086", "tags": ["vdb-entry", "signature", "x_refsource_OVAL", "x_transferred"], "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A18086"}, {"name": "59793", "tags": ["third-party-advisory", "x_refsource_SECUNIA", "x_transferred"], "url": "http://secunia.com/advisories/59793"}, {"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "http://www.videolan.org/developers/vlc-branch/NEWS"}, {"name": "62724", "tags": ["vdb-entry", "x_refsource_BID", "x_transferred"], "url": "http://www.securityfocus.com/bid/62724"}, {"name": "[oss-security] 20130930 Re: CVE request: VLC", "tags": ["mailing-list", "x_refsource_MLIST", "x_transferred"], "url": "http://www.openwall.com/lists/oss-security/2013/10/01/2"}, {"name": "1029120", "tags": ["vdb-entry", "x_refsource_SECTRACK", "x_transferred"], "url": "http://www.securitytracker.com/id/1029120"}, {"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "http://git.videolan.org/?p=vlc.git%3Ba=commitdiff%3Bh=9794ec1cd268c04c8bca13a5fae15df6594dff3e"}]}]}, "cveMetadata": {"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749", "assignerShortName": "redhat", "cveId": "CVE-2013-4388", "datePublished": "2013-10-11T22:00:00", "dateReserved": "2013-06-12T00:00:00", "dateUpdated": "2024-08-06T16:45:13.511Z", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.1"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:videolan:vlc_media_player:*:*:*:*:*:*:*:*", "matchCriteriaId": "53C10490-69EB-4117-B7E6-17A6032250AB", "versionEndIncluding": "2.0.7", "vulnerable": true}, {"criteria": "cpe:2.3:a:videolan:vlc_media_player:2.0.0:*:*:*:*:*:*:*", "matchCriteriaId": "1928547F-4689-43CD-9C66-7097AE360669", "vulnerable": true}, {"criteria": "cpe:2.3:a:videolan:vlc_media_player:2.0.1:*:*:*:*:*:*:*", "matchCriteriaId": "A3FD4FB1-A4E7-4712-B864-0F85D957E81D", "vulnerable": true}, {"criteria": "cpe:2.3:a:videolan:vlc_media_player:2.0.2:*:*:*:*:*:*:*", "matchCriteriaId": "2A6AE8D3-46C9-441B-886C-63D9A28DB918", "vulnerable": true}, {"criteria": "cpe:2.3:a:videolan:vlc_media_player:2.0.3:*:*:*:*:*:*:*", "matchCriteriaId": "99D5CFF3-0643-4AFD-B5D9-7C7C3B18C29B", "vulnerable": true}, {"criteria": "cpe:2.3:a:videolan:vlc_media_player:2.0.4:*:*:*:*:*:*:*", "matchCriteriaId": "8F2132F9-D49A-468F-94F0-BBEC3C4D4E24", "vulnerable": true}, {"criteria": "cpe:2.3:a:videolan:vlc_media_player:2.0.5:*:*:*:*:*:*:*", "matchCriteriaId": "E695AC57-C61E-4EE7-A5F1-94B086C03130", "vulnerable": true}, {"criteria": "cpe:2.3:a:videolan:vlc_media_player:2.0.6:*:*:*:*:*:*:*", "matchCriteriaId": "3FB8545D-A954-4366-B807-6521356AAC18", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "Buffer overflow in the mp4a packetizer (modules/packetizer/mpeg4audio.c) in VideoLAN VLC Media Player before 2.0.8 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via unspecified vectors."}, {"lang": "es", "value": "Desbordamiento de buffer en el empaquetador mp4a (modules/packetizer/mpeg4audio.c) en VideoLAN VLC Media Player anterior a la versi\u00f3n 2.0.8 permite a atacantes remotos provocar una denegaci\u00f3n de servicio (cuelgue) y posiblemente ejecutar c\u00f3digo arbitrario a trav\u00e9s de vectores sin especificar."}], "id": "CVE-2013-4388", "lastModified": "2023-11-07T02:16:15.713", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "MEDIUM", "cvssData": {"accessComplexity": "MEDIUM", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "PARTIAL", "baseScore": 6.8, "confidentialityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0"}, "exploitabilityScore": 8.6, "impactScore": 6.4, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": true}]}, "published": "2013-10-11T22:55:40.363", "references": [{"source": "secalert@redhat.com", "url": "http://git.videolan.org/?p=vlc.git%3Ba=commitdiff%3Bh=9794ec1cd268c04c8bca13a5fae15df6594dff3e"}, {"source": "secalert@redhat.com", "url": "http://secunia.com/advisories/59793"}, {"source": "secalert@redhat.com", "url": "http://www.openwall.com/lists/oss-security/2013/10/01/2"}, {"source": "secalert@redhat.com", "url": "http://www.securityfocus.com/bid/62724"}, {"source": "secalert@redhat.com", "url": "http://www.securitytracker.com/id/1029120"}, {"source": "secalert@redhat.com", "url": "http://www.videolan.org/developers/vlc-branch/NEWS"}, {"source": "secalert@redhat.com", "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A18086"}], "sourceIdentifier": "secalert@redhat.com", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-119"}], "source": "nvd@nist.gov", "type": "Primary"}]}