Vulnerability Details : CVE-2012-3377
Potential exploit
Heap-based buffer overflow in the Ogg_DecodePacket function in the OGG demuxer (modules/demux/ogg.c) in VideoLAN VLC media player before 2.0.2 allows remote attackers to cause a denial of service (application crash) and possibly execute arbitrary code via a crafted OGG file.
Vulnerability category: OverflowExecute codeDenial of service
Products affected by CVE-2012-3377
- cpe:2.3:a:videolan:vlc_media_player:*:*:*:*:*:*:*:*
- cpe:2.3:a:videolan:vlc_media_player:0.7.1:*:*:*:*:*:*:*
- cpe:2.3:a:videolan:vlc_media_player:0.7.2:*:*:*:*:*:*:*
- cpe:2.3:a:videolan:vlc_media_player:0.8.4a:*:*:*:*:*:*:*
- cpe:2.3:a:videolan:vlc_media_player:0.8.2:*:*:*:*:*:*:*
- cpe:2.3:a:videolan:vlc_media_player:0.8.4:*:*:*:*:*:*:*
- cpe:2.3:a:videolan:vlc_media_player:0.7.0:*:*:*:*:*:*:*
- cpe:2.3:a:videolan:vlc_media_player:0.8.5:*:*:*:*:*:*:*
- cpe:2.3:a:videolan:vlc_media_player:0.8.6:*:*:*:*:*:*:*
- cpe:2.3:a:videolan:vlc_media_player:0.8.0:*:*:*:*:*:*:*
- cpe:2.3:a:videolan:vlc_media_player:0.8.1:*:*:*:*:*:*:*
- cpe:2.3:a:videolan:vlc_media_player:0.8.6a:*:*:*:*:*:*:*
- cpe:2.3:a:videolan:vlc_media_player:0.8.6b:*:*:*:*:*:*:*
- cpe:2.3:a:videolan:vlc_media_player:0.8.6h:*:*:*:*:*:*:*
- cpe:2.3:a:videolan:vlc_media_player:0.8.6i:*:*:*:*:*:*:*
- cpe:2.3:a:videolan:vlc_media_player:0.9.2:*:*:*:*:*:*:*
- cpe:2.3:a:videolan:vlc_media_player:0.9.3:*:*:*:*:*:*:*
- cpe:2.3:a:videolan:vlc_media_player:0.9.4:*:*:*:*:*:*:*
- cpe:2.3:a:videolan:vlc_media_player:0.9.1:*:*:*:*:*:*:*
- cpe:2.3:a:videolan:vlc_media_player:0.9.0:*:*:*:*:*:*:*
- cpe:2.3:a:videolan:vlc_media_player:0.8.6c:*:*:*:*:*:*:*
- cpe:2.3:a:videolan:vlc_media_player:0.9.5:*:*:*:*:*:*:*
- cpe:2.3:a:videolan:vlc_media_player:0.8.6g:*:*:*:*:*:*:*
- cpe:2.3:a:videolan:vlc_media_player:0.6.0:*:*:*:*:*:*:*
- cpe:2.3:a:videolan:vlc_media_player:0.5.3:*:*:*:*:*:*:*
- cpe:2.3:a:videolan:vlc_media_player:0.8.6e:*:*:*:*:*:*:*
- cpe:2.3:a:videolan:vlc_media_player:0.8.6f:*:*:*:*:*:*:*
- cpe:2.3:a:videolan:vlc_media_player:0.6.2:*:*:*:*:*:*:*
- cpe:2.3:a:videolan:vlc_media_player:0.8.6d:*:*:*:*:*:*:*
- cpe:2.3:a:videolan:vlc_media_player:0.5.0:*:*:*:*:*:*:*
- cpe:2.3:a:videolan:vlc_media_player:0.9.6:*:*:*:*:*:*:*
- cpe:2.3:a:videolan:vlc_media_player:0.9.8a:*:*:*:*:*:*:*
- cpe:2.3:a:videolan:vlc_media_player:0.9.9:*:*:*:*:*:*:*
- cpe:2.3:a:videolan:vlc_media_player:0.9.10:*:*:*:*:*:*:*
- cpe:2.3:a:videolan:vlc_media_player:0.8.1337:*:*:*:*:*:*:*
- cpe:2.3:a:videolan:vlc_media_player:1.0.3:*:*:*:*:*:*:*
- cpe:2.3:a:videolan:vlc_media_player:1.0.1:*:*:*:*:*:*:*
- cpe:2.3:a:videolan:vlc_media_player:1.0.0:*:*:*:*:*:*:*
- cpe:2.3:a:videolan:vlc_media_player:0.9.9a:*:*:*:*:*:*:*
- cpe:2.3:a:videolan:vlc_media_player:0.6.1:*:*:*:*:*:*:*
- cpe:2.3:a:videolan:vlc_media_player:0.5.2:*:*:*:*:*:*:*
- cpe:2.3:a:videolan:vlc_media_player:1.0.4:*:*:*:*:*:*:*
- cpe:2.3:a:videolan:vlc_media_player:1.0.2:*:*:*:*:*:*:*
- cpe:2.3:a:videolan:vlc_media_player:0.5.1:*:*:*:*:*:*:*
- cpe:2.3:a:videolan:vlc_media_player:1.0.5:*:*:*:*:*:*:*
- cpe:2.3:a:videolan:vlc_media_player:1.0.6:*:*:*:*:*:*:*
- cpe:2.3:a:videolan:vlc_media_player:1.1.2:*:*:*:*:*:*:*
- cpe:2.3:a:videolan:vlc_media_player:1.1.0:*:*:*:*:*:*:*
- cpe:2.3:a:videolan:vlc_media_player:1.1.1:*:*:*:*:*:*:*
- cpe:2.3:a:videolan:vlc_media_player:0.3.0:*:*:*:*:*:*:*
- cpe:2.3:a:videolan:vlc_media_player:0.2.91:*:*:*:*:*:*:*
- cpe:2.3:a:videolan:vlc_media_player:0.2.92:*:*:*:*:*:*:*
- cpe:2.3:a:videolan:vlc_media_player:0.2.70:*:*:*:*:*:*:*
- cpe:2.3:a:videolan:vlc_media_player:0.4.6:*:*:*:*:*:*:*
- cpe:2.3:a:videolan:vlc_media_player:0.1.99g:*:*:*:*:*:*:*
- cpe:2.3:a:videolan:vlc_media_player:0.1.99f:*:*:*:*:*:*:*
- cpe:2.3:a:videolan:vlc_media_player:0.2.83:*:*:*:*:*:*:*
- cpe:2.3:a:videolan:vlc_media_player:0.2.90:*:*:*:*:*:*:*
- cpe:2.3:a:videolan:vlc_media_player:0.2.63:*:*:*:*:*:*:*
- cpe:2.3:a:videolan:vlc_media_player:0.4.5:*:*:*:*:*:*:*
- cpe:2.3:a:videolan:vlc_media_player:0.4.4:*:*:*:*:*:*:*
- cpe:2.3:a:videolan:vlc_media_player:0.1.99i:*:*:*:*:*:*:*
- cpe:2.3:a:videolan:vlc_media_player:0.1.99h:*:*:*:*:*:*:*
- cpe:2.3:a:videolan:vlc_media_player:0.1.99e:*:*:*:*:*:*:*
- cpe:2.3:a:videolan:vlc_media_player:0.1.99b:*:*:*:*:*:*:*
- cpe:2.3:a:videolan:vlc_media_player:0.3.1:*:*:*:*:*:*:*
- cpe:2.3:a:videolan:vlc_media_player:0.2.73:*:*:*:*:*:*:*
- cpe:2.3:a:videolan:vlc_media_player:0.2.80:*:*:*:*:*:*:*
- cpe:2.3:a:videolan:vlc_media_player:0.2.71:*:*:*:*:*:*:*
- cpe:2.3:a:videolan:vlc_media_player:0.2.62:*:*:*:*:*:*:*
- cpe:2.3:a:videolan:vlc_media_player:0.2.61:*:*:*:*:*:*:*
- cpe:2.3:a:videolan:vlc_media_player:0.4.0:*:*:*:*:*:*:*
- cpe:2.3:a:videolan:vlc_media_player:0.4.1:*:*:*:*:*:*:*
- cpe:2.3:a:videolan:vlc_media_player:0.2.81:*:*:*:*:*:*:*
- cpe:2.3:a:videolan:vlc_media_player:0.2.82:*:*:*:*:*:*:*
- cpe:2.3:a:videolan:vlc_media_player:0.2.72:*:*:*:*:*:*:*
- cpe:2.3:a:videolan:vlc_media_player:0.4.3:*:*:*:*:*:*:*
- cpe:2.3:a:videolan:vlc_media_player:0.4.2:*:*:*:*:*:*:*
- cpe:2.3:a:videolan:vlc_media_player:0.2.0:*:*:*:*:*:*:*
- cpe:2.3:a:videolan:vlc_media_player:0.2.60:*:*:*:*:*:*:*
- cpe:2.3:a:videolan:vlc_media_player:1.1.3:*:*:*:*:*:*:*
- cpe:2.3:a:videolan:vlc_media_player:1.1.5:*:*:*:*:*:*:*
- cpe:2.3:a:videolan:vlc_media_player:1.1.6:*:*:*:*:*:*:*
- cpe:2.3:a:videolan:vlc_media_player:1.1.4:*:*:*:*:*:*:*
- cpe:2.3:a:videolan:vlc_media_player:1.1.6.1:*:*:*:*:*:*:*
- cpe:2.3:a:videolan:vlc_media_player:1.1.7:*:*:*:*:*:*:*
- cpe:2.3:a:videolan:vlc_media_player:1.1.8:*:*:*:*:*:*:*
- cpe:2.3:a:videolan:vlc_media_player:1.1.4.1:*:*:*:*:*:*:*
- cpe:2.3:a:videolan:vlc_media_player:1.1.9:*:*:*:*:*:*:*
- cpe:2.3:a:videolan:vlc_media_player:1.1.10:*:*:*:*:*:*:*
- cpe:2.3:a:videolan:vlc_media_player:1.1.10.1:*:*:*:*:*:*:*
- cpe:2.3:a:videolan:vlc_media_player:1.1.11:*:*:*:*:*:*:*
- cpe:2.3:a:videolan:vlc_media_player:0.4.3-ac3:*:*:*:*:*:*:*
- cpe:2.3:a:videolan:vlc_media_player:1.1.13:*:*:*:*:*:*:*
- cpe:2.3:a:videolan:vlc_media_player:0.1.99d:*:*:*:*:*:*:*
- cpe:2.3:a:videolan:vlc_media_player:0.2.50:*:*:*:*:*:*:*
- cpe:2.3:a:videolan:vlc_media_player:0.1.99a:*:*:*:*:*:*:*
- cpe:2.3:a:videolan:vlc_media_player:0.1.99c:*:*:*:*:*:*:*
- cpe:2.3:a:videolan:vlc_media_player:2.0.0:*:*:*:*:*:*:*
Threat overview for CVE-2012-3377
Top countries where our scanners detected CVE-2012-3377
Top open port discovered on systems with this issue
80
IPs affected by CVE-2012-3377 162
Threat actors abusing to this issue?
Yes
Find out if you* are
affected by CVE-2012-3377!
*Directly or indirectly through your vendors, service providers and 3rd parties.
Powered by
attack surface intelligence
from SecurityScorecard.
Exploit prediction scoring system (EPSS) score for CVE-2012-3377
5.24%
Probability of exploitation activity in the next 30 days
EPSS Score History
~ 93 %
Percentile, the proportion of vulnerabilities that are scored at or less
CVSS scores for CVE-2012-3377
Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Score Source | First Seen |
---|---|---|---|---|---|---|
6.8
|
MEDIUM | AV:N/AC:M/Au:N/C:P/I:P/A:P |
8.6
|
6.4
|
NIST |
CWE ids for CVE-2012-3377
-
The product performs operations on a memory buffer, but it reads from or writes to a memory location outside the buffer's intended boundary. This may result in read or write operations on unexpected memory locations that could be linked to other variables, data structures, or internal program data.Assigned by: nvd@nist.gov (Primary)
References for CVE-2012-3377
-
http://www.openwall.com/lists/oss-security/2012/07/06/1
oss-security - CVE request: VLC / Asterisk
-
http://www.securityfocus.com/bid/54345
VLC Media Player 'OGG' File Remote Heap-Based Buffer Overflow Vulnerability
-
http://www.openwall.com/lists/oss-security/2012/07/06/2
oss-security - Re: CVE request: VLC / Asterisk
-
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A15299
Repository / Oval Repository
-
http://git.videolan.org/?p=vlc/vlc-2.0.git;a=commitdiff;h=16e9e126333fb7acb47d363366fee3deadc8331e
git.videolan.org Git - vlc/vlc-2.0.git/commitdiffExploit;Patch
-
http://www.securitytracker.com/id?1027224
VLC Player Buffer Overflow in Ogg_DecodePacket() Lets Remote Users Execute Arbitrary Code - SecurityTracker
Jump to