CVE-2007-6682

Description

Format string vulnerability in the httpd_FileCallBack function (network/httpd.c) in VideoLAN VLC 0.8.6d allows remote attackers to execute arbitrary code via format string specifiers in the Connection parameter.

How to fix CVE-2007-6682

To remediate CVE-2007-6682, upgrade the affected package to a fixed version below.

• Debian/vlc—upgrade to 0.8.6.c-4.1 or later

Is CVE-2007-6682 being exploited?

Moderate — EPSS is 34.4%. Track this CVE but it's not at the top of the prioritisation list.

Affected packages (1)

• from 0, < 0.8.6.c-4.1

References (1)

• ADVISORYsecurity-tracker.debian.org/tracker/CVE-2007-6682