Vulnerability Description
Integer underflow in the real_get_rdt_chunk function in real.c, as used in modules/access/rtsp/real.c in VideoLAN VLC media player before 1.0.1 and stream/realrtsp/real.c in MPlayer before r29447, allows remote attackers to execute arbitrary code via a crafted length value in an RDT chunk header.
CVSS Score
HIGH
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Videolan | Vlc Media Player | <= 1.0.0 |
Related Weaknesses (CWE)
References
- http://git.videolan.org/?p=vlc.git%3Ba=commit%3Bh=dc74600c97eb834c08674676e209af
- http://openwall.com/lists/oss-security/2010/06/04/4
- http://seclists.org/fulldisclosure/2009/Jul/418Exploit
- https://dzcore.wordpress.com/2009/07/27/dzc-2009-001-the-movie-player-and-vlc-meExploit
- http://git.videolan.org/?p=vlc.git%3Ba=commit%3Bh=dc74600c97eb834c08674676e209af
- http://openwall.com/lists/oss-security/2010/06/04/4
- http://seclists.org/fulldisclosure/2009/Jul/418Exploit
- https://dzcore.wordpress.com/2009/07/27/dzc-2009-001-the-movie-player-and-vlc-meExploit
FAQ
What is CVE-2010-2062?
CVE-2010-2062 is a vulnerability with a CVSS score of 7.5 (HIGH). Integer underflow in the real_get_rdt_chunk function in real.c, as used in modules/access/rtsp/real.c in VideoLAN VLC media player before 1.0.1 and stream/realrtsp/real.c in MPlayer before r29447, all...
How severe is CVE-2010-2062?
CVE-2010-2062 has been rated HIGH with a CVSS base score of 7.5/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2010-2062?
Check the references section above for vendor advisories and patch information. Affected products include: Videolan Vlc Media Player.