VDB
CVE-2007-6682
CVE-2007-6682
PUBLISHED
CVSS 7.5 HIGH
Format string vulnerability in the httpd_FileCallBack function (network/httpd.c) in VideoLAN VLC 0.8.6d allows remote attackers to execute arbitrary code via format string specifiers in the Connection parameter.
EPSS 34.38% · 97.1th percentile
Risk Scores
CVSS v2.0
7.5
EPSS Score
34.38%
97.1th percentile
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| n/a | n/a | * |
| videolan | vlc | 0 |
Timeline
- Jan 17, 2008 CVE Published
- Apr 27, 2008 PoC Published
- Apr 28, 2008 PoC Published
- Feb 4, 2022 EPSS Score
- Mar 29, 2022 EPSS Score
- Jul 12, 2022 EPSS Score
- Sep 3, 2022 EPSS Score
- Oct 26, 2022 EPSS Score
- Feb 8, 2023 EPSS Score
- Mar 7, 2023 EPSS Score
- Apr 1, 2023 EPSS Score
- Jul 15, 2023 EPSS Score
References
- 29284 third-party-advisory
- DSA-1543 vendor-advisory
- 3550 third-party-advisory
- 28233 third-party-advisory
- oval:org.mitre.oval:def:14790 vdb
- 5519 exploit
- 27015 vdb
- 42208 vdb
- http://trac.videolan.org/vlc/changeset/23839 url
- 20071224 Buffer-overflow and format string in VideoLAN VLC 0.8.6d mailing-list
- 29766 third-party-advisory
- http://aluigi.altervista.org/adv/vlcboffs-adv.txt url
- GLSA-200803-13 vendor-advisory
- https://nvd.nist.gov/vuln/detail/CVE-2007-6682 advisory