VDB
CVE-2007-6681
CVE-2007-6681
PUBLISHED
CVSS 7.5 HIGH
Stack-based buffer overflow in modules/demux/subtitle.c in VideoLAN VLC 0.8.6d allows remote attackers to execute arbitrary code via a long subtitle in a (1) MicroDvd, (2) SSA, and (3) Vplayer file.
EPSS 39.04% · 97.3th percentile
Risk Scores
CVSS v2.0
7.5
EPSS Score
39.04%
97.3th percentile
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| n/a | n/a | n/a |
| videolan | vlc | 0 |
Timeline
- Jan 17, 2008 CVE Published
- Apr 25, 2008 PoC Published
- May 22, 2008 PoC Published
- Feb 4, 2022 EPSS Score
- Mar 29, 2022 EPSS Score
- Jul 12, 2022 EPSS Score
- Sep 3, 2022 EPSS Score
- Oct 26, 2022 EPSS Score
- Dec 17, 2022 EPSS Score
- Mar 7, 2023 EPSS Score
- Apr 1, 2023 EPSS Score
- May 24, 2023 EPSS Score
References
- 29284 third-party-advisory
- DSA-1543 vendor-advisory
- 3550 third-party-advisory
- 5667 exploit
- oval:org.mitre.oval:def:14334 vdb
- http://www.videolan.org/security/sa0801.php url
- 28233 third-party-advisory
- GLSA-200804-25 vendor-advisory
- 27015 vdb
- [vlc-devel] 20070630 vlc: svn commit r20715 (fenrir) mailing-list
- http://wiki.videolan.org/Changelog/0.8.6f url
- 29800 third-party-advisory
- [vlc-devel] 20070626 subtitle processing overflows mailing-list
- 20071224 Buffer-overflow and format string in VideoLAN VLC 0.8.6d mailing-list
- 29766 third-party-advisory
- 42207 vdb
- http://aluigi.altervista.org/adv/vlcboffs-adv.txt url
- GLSA-200803-13 vendor-advisory
- https://nvd.nist.gov/vuln/detail/CVE-2007-6681 advisory