Launchpad.net

CVE 2007-0017

Multiple format string vulnerabilities in (1) the cdio_log_handler function in modules/access/cdda/access.c in the CDDA (libcdda_plugin) plugin, and the (2) cdio_log_handler and (3) vcd_log_handler functions in modules/access/vcdx/access.c in the VCDX (libvcdx_plugin) plugin, in VideoLAN VLC 0.7.0 through 0.8.6 allow user-assisted remote attackers to execute arbitrary code via format string specifiers in an invalid URI, as demonstrated by a udp://-- URI in an M3U file.

Related bugs and status

CVE-2007-0017 (Candidate) is related to these bugs:

Bug #78610: URL format string injection in CDDA and VCDX plugins

		In	Importance	Status
78610	URL format string injection in CDDA and VCDX plugins	vlc (Ubuntu)	High	Fix Released
78610	URL format string injection in CDDA and VCDX plugins	vlc (Debian)	Unknown	Fix Released
78610	URL format string injection in CDDA and VCDX plugins	vlc (Ubuntu Feisty)	High	Fix Released
78610	URL format string injection in CDDA and VCDX plugins	vlc (Ubuntu Edgy)	Undecided	Fix Released
78610	URL format string injection in CDDA and VCDX plugins	vlc (Ubuntu Dapper)	Undecided	Fix Released
78610	URL format string injection in CDDA and VCDX plugins	vlc (Ubuntu Breezy)	Undecided	Invalid

Bug #121511: [VLC] Format string injection in Vorbis, Theora, SAP and CDDA plugins

Summary				In	Importance	Status
	121511	[VLC] Format string injection in Vorbis, Theora, SAP and CDDA plugins		vlc (Ubuntu)	Medium	Fix Released

See the

CVE page on Mitre.org for more details.

Launchpad.net

CVE 2007-0017

Related bugs and status

Related bugs

References