CVE-2010-2937

VLC media player 0.9.0-1.1.2 - Denial of Service via ID3v2 Tag Processing

Title source: llm
STIX 2.1

Description

The ReadMetaFromId3v2 function in taglib.cpp in the TagLib plugin in VideoLAN VLC media player 0.9.0 through 1.1.2 does not properly process ID3v2 tags, which allows remote attackers to cause a denial of service (application crash) via a crafted media file.

References (6)

Core 6
Core References
Vendor Advisory x_refsource_confirm
http://www.videolan.org/security/sa1004.html
Third Party Advisory, VDB Entry vdb-entry x_refsource_bid
http://www.securityfocus.com/bid/42386
Third Party Advisory vdb-entry x_refsource_vupen
http://www.vupen.com/english/advisories/2010/2087
Third Party Advisory, VDB Entry vdb-entry signature x_refsource_oval
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A14676

Scores

EPSS 0.0264
EPSS Percentile 83.8%

Details

CWE
CWE-20
Status published
Products (22)
videolan/vlc_media_player 0.9.0
videolan/vlc_media_player 0.9.1
videolan/vlc_media_player 0.9.2
videolan/vlc_media_player 0.9.3
videolan/vlc_media_player 0.9.4
videolan/vlc_media_player 0.9.5
videolan/vlc_media_player 0.9.6
videolan/vlc_media_player 0.9.7
videolan/vlc_media_player 0.9.8a
videolan/vlc_media_player 0.9.9
... and 12 more
Published Aug 20, 2010
Tracked Since Feb 18, 2026