CVE-2010-3275
vlc - missing input sanitising
EPSS 86.2%
Description
libdirectx_plugin.dll in VideoLAN VLC Media Player before 1.1.8 allows remote attackers to execute arbitrary code via a crafted width in an AMV file, related to a "dangling pointer vulnerability."
How to fix CVE-2010-3275
To remediate CVE-2010-3275, upgrade the affected package to a fixed version below.
- Debian/vlc—upgrade to 1.1.8-1 or later
- Debian/vlc—upgrade to 1.1.3-1squeeze4 or later
Is CVE-2010-3275 being exploited?
Likely — EPSS is 86.2%, placing CVE-2010-3275 in the top tier of vulnerabilities by exploitation probability. Prioritise patching.
Affected packages (2)
- from 0, < 1.1.8-1
- from 0, < 1.1.3-1squeeze4