CVE-2010-2937
VLC media player 0.9.0-1.1.2 - Denial of Service via ID3v2 Tag Processing
Title source: llmDescription
The ReadMetaFromId3v2 function in taglib.cpp in the TagLib plugin in VideoLAN VLC media player 0.9.0 through 1.1.2 does not properly process ID3v2 tags, which allows remote attackers to cause a denial of service (application crash) via a crafted media file.
References (6)
Core 6
Core References
Patch x_refsource_confirm
http://git.videolan.org/?p=vlc/vlc-1.0.git%3Ba=commit%3Bh=22a22e356c9d93993086810b2e25b59b55925b3a
Patch x_refsource_confirm
http://git.videolan.org/?p=vlc/vlc-1.1.git%3Ba=commit%3Bh=24918843e57c7962e28fcb01845adce82bed6516
Vendor Advisory x_refsource_confirm
http://www.videolan.org/security/sa1004.html
Third Party Advisory, VDB Entry vdb-entry
x_refsource_bid
http://www.securityfocus.com/bid/42386
Third Party Advisory vdb-entry
x_refsource_vupen
http://www.vupen.com/english/advisories/2010/2087
Third Party Advisory, VDB Entry vdb-entry
signature
x_refsource_oval
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A14676
Scores
EPSS
0.0264
EPSS Percentile
83.8%
Details
CWE
CWE-20
Status
published
Products (22)
videolan/vlc_media_player
0.9.0
videolan/vlc_media_player
0.9.1
videolan/vlc_media_player
0.9.2
videolan/vlc_media_player
0.9.3
videolan/vlc_media_player
0.9.4
videolan/vlc_media_player
0.9.5
videolan/vlc_media_player
0.9.6
videolan/vlc_media_player
0.9.7
videolan/vlc_media_player
0.9.8a
videolan/vlc_media_player
0.9.9
... and 12 more
Published
Aug 20, 2010
Tracked Since
Feb 18, 2026