Unrated severityNVD Advisory· Published Jan 3, 2007· Updated Apr 23, 2026
CVE-2007-0017
CVE-2007-0017
Description
Multiple format string vulnerabilities in (1) the cdio_log_handler function in modules/access/cdda/access.c in the CDDA (libcdda_plugin) plugin, and the (2) cdio_log_handler and (3) vcd_log_handler functions in modules/access/vcdx/access.c in the VCDX (libvcdx_plugin) plugin, in VideoLAN VLC 0.7.0 through 0.8.6 allow user-assisted remote attackers to execute arbitrary code via format string specifiers in an invalid URI, as demonstrated by a udp://-- URI in an M3U file.
Affected products
10cpe:2.3:a:videolan:vlc_media_player:0.7.0:*:*:*:*:*:*:*+ 9 more
- cpe:2.3:a:videolan:vlc_media_player:0.7.0:*:*:*:*:*:*:*
- cpe:2.3:a:videolan:vlc_media_player:0.7.1:*:*:*:*:*:*:*
- cpe:2.3:a:videolan:vlc_media_player:0.7.2:*:*:*:*:*:*:*
- cpe:2.3:a:videolan:vlc_media_player:0.8.0:*:*:*:*:*:*:*
- cpe:2.3:a:videolan:vlc_media_player:0.8.1:*:*:*:*:*:*:*
- cpe:2.3:a:videolan:vlc_media_player:0.8.2:*:*:*:*:*:*:*
- cpe:2.3:a:videolan:vlc_media_player:0.8.4:*:*:*:*:*:*:*
- cpe:2.3:a:videolan:vlc_media_player:0.8.4a:*:*:*:*:*:*:*
- cpe:2.3:a:videolan:vlc_media_player:0.8.5:*:*:*:*:*:*:*
- cpe:2.3:a:videolan:vlc_media_player:0.8.6:*:*:*:*:*:*:*
Patches
0No patches discovered yet.
Vulnerability mechanics
AI mechanics synthesis has not run for this CVE yet.
References
20- www.videolan.org/patches/vlc-0.8.6-MOAB-02-01-2007.patchnvdPatch
- projects.info-pull.com/moab/MOAB-02-01-2007.htmlnvdExploitVendor Advisory
- secunia.com/advisories/23592nvdVendor Advisory
- secunia.com/advisories/23829nvdVendor Advisory
- secunia.com/advisories/23910nvdVendor Advisory
- secunia.com/advisories/23971nvdVendor Advisory
- www.videolan.org/sa0701.htmlnvdVendor Advisory
- www.vupen.com/english/advisories/2007/0026nvdVendor Advisory
- applefun.blogspot.com/2007/01/moab-02-01-2007-vlc-media-player-udp.htmlnvd
- landonf.bikemonkey.org/code/macosx/MOAB_Day_2.20070103045559.6753.timor.htmlnvd
- osvdb.org/31163nvd
- security.gentoo.org/glsa/glsa-200701-24.xmlnvd
- securitytracker.com/idnvd
- trac.videolan.org/vlc/changeset/18481nvd
- www.debian.org/security/2007/dsa-1252nvd
- www.novell.com/linux/security/advisories/2007_13_xine.htmlnvd
- www.securityfocus.com/bid/21852nvd
- www.via.ecp.fr/via/ml/vlc-devel/2007-01/msg00005.htmlnvd
- exchange.xforce.ibmcloud.com/vulnerabilities/31226nvd
- oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A14313nvd
News mentions
0No linked articles in our index yet.