What is the severity of CVE-2013-3245?

CVE-2013-3245 is classified as a potential denial of service vulnerability which could lead to application crashes.

How do I fix CVE-2013-3245?

Fixing CVE-2013-3245 involves updating VLC Media Player to the latest version released after 2.0.7.

Which versions are affected by CVE-2013-3245?

CVE-2013-3245 specifically affects VideoLAN VLC Media Player version 2.0.7 and possibly other versions.

Can CVE-2013-3245 allow for code execution?

Yes, CVE-2013-3245 could potentially allow remote attackers to execute arbitrary code through crafted MKV files.

How can attackers exploit CVE-2013-3245?

Attackers can exploit CVE-2013-3245 by delivering a specially crafted MKV file to the target user, which may cause a crash or unintended code execution.

Vulnerability/
CVE-2013-3245

medium

6.8

CWE

119 190 122 125

10/7/2013

3/10/2022

6/8/2024

CVE-2013-3245: Buffer Overflow

First published: Wed Jul 10 2013(Updated: )

** DISPUTED ** plugins/demux/libmkv_plugin.dll in VideoLAN VLC Media Player 2.0.7, and possibly other versions, allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a crafted MKV file, possibly involving an integer overflow and out-of-bounds read or heap-based buffer overflow, or an uncaught exception. NOTE: the vendor disputes the severity and claimed vulnerability type of this issue, stating "This PoC crashes VLC, indeed, but does nothing more... this is not an integer overflow error, but an uncaught exception and I doubt that it is exploitable. This uncaught exception makes VLC abort, not execute random code, on my Linux 64bits machine." A PoC posted by the original researcher shows signs of an attacker-controlled out-of-bounds read, but the affected instruction does not involve a register that directly influences control flow.

Credit: PSIRT-CNA@flexerasoftware.com

Affected Software	Affected Version	How to fix
VLC Media Player	=2.0.7

Never miss a vulnerability like this again

Reference Links

Frequently Asked Questions

What is the severity of CVE-2013-3245?
CVE-2013-3245 is classified as a potential denial of service vulnerability which could lead to application crashes.
How do I fix CVE-2013-3245?
Fixing CVE-2013-3245 involves updating VLC Media Player to the latest version released after 2.0.7.
Which versions are affected by CVE-2013-3245?
CVE-2013-3245 specifically affects VideoLAN VLC Media Player version 2.0.7 and possibly other versions.
Can CVE-2013-3245 allow for code execution?
Yes, CVE-2013-3245 could potentially allow remote attackers to execute arbitrary code through crafted MKV files.
How can attackers exploit CVE-2013-3245?
Attackers can exploit CVE-2013-3245 by delivering a specially crafted MKV file to the target user, which may cause a crash or unintended code execution.

agent/type
agent/first-publish-date
agent/references
agent/status
agent/description
collector/mitre-cve
source/MITRE
agent/severity
agent/event
agent/last-modified-date
agent/source
agent/weakness
collector/nvd-index
agent/software-canonical-lookup-request
agent/tags
agent/softwarecombine
collector/nvd-api
source/NVD
agent/software-canonical-lookup
agent/author
status/disputed
vendor/videolan
canonical/videolan vlc media player
version/videolan vlc media player/2.0.7
canonical/vlc media player
version/vlc media player/2.0.7

Company

Resources

Contact

SecAlerts Pty Ltd.
132 Wickham Terrace
Fortitude Valley,
QLD 4006, Australia
info@secalerts.co

By using SecAlerts services, you agree to our services end-user license agreement. This website is safeguarded by reCAPTCHA and governed by the Google Privacy Policy and Terms of Service. All names, logos, and brands of products are owned by their respective owners, and any usage of these names, logos, and brands for identification purposes only does not imply endorsement. If you possess any content that requires removal, please get in touch with us.