CVE-2007-3316
vlc
EPSS 30.3%
Description
Multiple format string vulnerabilities in plugins in VideoLAN VLC Media Player before 0.8.6c allow remote attackers to cause a denial of service (crash) or execute arbitrary code via format string specifiers in (1) an Ogg/Vorbis file, (2) an Ogg/Theora file, (3) a CDDB entry for a CD Digital Audio (CDDA) file, or (4) Service Announce Protocol (SAP) multicast packets.
How to fix CVE-2007-3316
To remediate CVE-2007-3316, upgrade the affected package to a fixed version below.
- Debian/vlc—upgrade to 0.8.6.c-1 or later
- Debian/vlc—upgrade to 0.8.1.svn20050314-1sarge3 or later
Is CVE-2007-3316 being exploited?
Moderate — EPSS is 30.3%. Track this CVE but it's not at the top of the prioritisation list.
Affected packages (2)
- from 0, < 0.8.6.c-1
- from 0, < 0.8.1.svn20050314-1sarge3