CVE-2012-5855

Published: 10 July 2013

The SHAddToRecentDocs function in VideoLAN VLC media player 2.0.4 and earlier might allow user-assisted attackers to cause a denial of service (crash) via a crafted file name that triggers an incorrect string-length calculation when the file is added to VLC. NOTE: it is not clear whether this issue crosses privilege boundaries or whether it can be exploited without user interaction.

Notes

Author	Note
mdeslaur	not security relevant

Priority

Status

Package	Release	Status
vlc Launchpad, Ubuntu, Debian	hardy	Ignored (end of life)
	lucid	Ignored (end of life)
	oneiric	Ignored (end of life)
	precise	Ignored
	quantal	Ignored (end of life)
	raring	Ignored (end of life)
	saucy	Ignored (end of life)
	trusty	Ignored
	upstream	Needs triage
	utopic	Ignored

References

http://www.openwall.com/lists/oss-security/2012/11/12
https://www.cve.org/CVERecord?id=CVE-2012-5855
NVD
Launchpad
Debian

Join the discussion

Ubuntu security updates mailing list
Security announcements mailing list

Canonical is offering Expanded Security Maintenance

Canonical is offering Ubuntu Expanded Security Maintenance (ESM) for security fixes and essential packages.

Find out more about ESM ›