CVE-2010-2062
First published: Fri Dec 26 2014(Updated: )
Integer underflow in the real_get_rdt_chunk function in real.c, as used in modules/access/rtsp/real.c in VideoLAN VLC media player before 1.0.1 and stream/realrtsp/real.c in MPlayer before r29447, allows remote attackers to execute arbitrary code via a crafted length value in an RDT chunk header.
Credit: secalert@redhat.com
| Affected Software | Affected Version | How to fix |
|---|---|---|
| VLC Media Player | <=1.0.0 | |
| VLC Media Player | =0.5.0 | |
| VLC Media Player | =0.5.1 | |
| VLC Media Player | =0.5.2 | |
| VLC Media Player | =0.5.3 | |
| VLC Media Player | =0.6.0 | |
| VLC Media Player | =0.6.1 | |
| VLC Media Player | =0.6.2 | |
| VLC Media Player | =0.7.0 | |
| VLC Media Player | =0.7.1 | |
| VLC Media Player | =0.7.2 | |
| VLC Media Player | =0.8.0 | |
| VLC Media Player | =0.8.1 | |
| VLC Media Player | =0.8.2 | |
| VLC Media Player | =0.8.4 | |
| VLC Media Player | =0.8.4a | |
| VLC Media Player | =0.8.5 | |
| VLC Media Player | =0.8.6 | |
| VLC Media Player | =0.8.6a | |
| VLC Media Player | =0.8.6b | |
| VLC Media Player | =0.8.6c | |
| VLC Media Player | =0.8.6d | |
| VLC Media Player | =0.8.6e | |
| VLC Media Player | =0.8.6f | |
| VLC Media Player | =0.8.6g | |
| VLC Media Player | =0.8.6h | |
| VLC Media Player | =0.8.6i | |
| VLC Media Player | =0.8.1337 | |
| VLC Media Player | =0.9.0 | |
| VLC Media Player | =0.9.1 | |
| VLC Media Player | =0.9.2 | |
| VLC Media Player | =0.9.3 | |
| VLC Media Player | =0.9.4 | |
| VLC Media Player | =0.9.5 | |
| VLC Media Player | =0.9.6 | |
| VLC Media Player | =0.9.8a | |
| VLC Media Player | =0.9.9 | |
| VLC Media Player | =0.9.9a | |
| VLC Media Player | =0.9.10 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
- http://git.videolan.org/?p=vlc.git;a=commit;h=dc74600c97eb834c08674676e209afa842053aca
- http://openwall.com/lists/oss-security/2010/06/04/4
- http://seclists.org/fulldisclosure/2009/Jul/418
- https://dzcore.wordpress.com/2009/07/27/dzc-2009-001-the-movie-player-and-vlc-media-player-real-data-transport-parsing-integer-underflow/
- http://git.videolan.org/?p=vlc.git%3Ba=commit%3Bh=dc74600c97eb834c08674676e209afa842053aca
Frequently Asked Questions
What is the severity of CVE-2010-2062?
CVE-2010-2062 is considered a critical vulnerability due to its ability to allow remote code execution.
How do I fix CVE-2010-2062?
To fix CVE-2010-2062, upgrade to VLC media player version 1.0.1 or higher.
What versions of VLC are affected by CVE-2010-2062?
VLC media player versions before 1.0.1, including all versions from 0.5.0 to 1.0.0, are affected by CVE-2010-2062.
Can CVE-2010-2062 be exploited remotely?
Yes, CVE-2010-2062 can be exploited remotely by attackers through crafted RDT chunk headers.
What type of vulnerability is CVE-2010-2062?
CVE-2010-2062 is an integer underflow vulnerability that can lead to arbitrary code execution.
- agent/type
- collector/mitre-cve
- source/MITRE
- agent/author
- agent/severity
- agent/weakness
- agent/references
- agent/last-modified-date
- agent/description
- agent/first-publish-date
- agent/event
- agent/source
- agent/softwarecombine
- agent/tags
- collector/nvd-index
- agent/software-canonical-lookup-request
- collector/nvd-historical
- vendor/videolan
- canonical/videolan vlc media player
- version/videolan vlc media player/1.0.0
- version/videolan vlc media player/0.5.0
- version/videolan vlc media player/0.5.1
- version/videolan vlc media player/0.5.2
- version/videolan vlc media player/0.5.3
- version/videolan vlc media player/0.6.0
- version/videolan vlc media player/0.6.1
- version/videolan vlc media player/0.6.2
- version/videolan vlc media player/0.7.0
- version/videolan vlc media player/0.7.1
- version/videolan vlc media player/0.7.2
- version/videolan vlc media player/0.8.0
- version/videolan vlc media player/0.8.1
- version/videolan vlc media player/0.8.2
- version/videolan vlc media player/0.8.4
- version/videolan vlc media player/0.8.4a
- version/videolan vlc media player/0.8.5
- version/videolan vlc media player/0.8.6
- version/videolan vlc media player/0.8.6a
- version/videolan vlc media player/0.8.6b
- version/videolan vlc media player/0.8.6c
- version/videolan vlc media player/0.8.6d
- version/videolan vlc media player/0.8.6e
- version/videolan vlc media player/0.8.6f
- version/videolan vlc media player/0.8.6g
- version/videolan vlc media player/0.8.6h
- version/videolan vlc media player/0.8.6i
- version/videolan vlc media player/0.8.1337
- version/videolan vlc media player/0.9.0
- version/videolan vlc media player/0.9.1
- version/videolan vlc media player/0.9.2
- version/videolan vlc media player/0.9.3
- version/videolan vlc media player/0.9.4
- version/videolan vlc media player/0.9.5
- version/videolan vlc media player/0.9.6
- version/videolan vlc media player/0.9.8a
- version/videolan vlc media player/0.9.9
- version/videolan vlc media player/0.9.9a
- version/videolan vlc media player/0.9.10