CVE-2013-6283

Videolan Vlc Media Player < 2.0.8 - Improper Input Validation

Title source: rule

Description

VideoLAN VLC Media Player 2.0.8 and earlier allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a long string in a URL in a m3u file.

Exploits (1)

exploitdb WORKING POC VERIFIED

by Asesino04 · pythondoswindows

https://www.exploit-db.com/exploits/27700

View Code ZIP pw:eip

References (3)

Core 3

Core References

Third Party Advisory, VDB Entry vdb-entry signature x_refsource_oval

https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A19318

Exploit exploit x_refsource_exploit-db

http://www.exploit-db.com/exploits/27700

Third Party Advisory, VDB Entry vdb-entry x_refsource_osvdb

http://www.osvdb.org/96603

Scores

EPSS 0.0981

EPSS Percentile 93.0%

Details

CWE

CWE-20

Status published

Products (33)

videolan/vlc_media_player 1.0.0

videolan/vlc_media_player 1.0.1

videolan/vlc_media_player 1.0.2

videolan/vlc_media_player 1.0.3

videolan/vlc_media_player 1.0.4

videolan/vlc_media_player 1.0.5

videolan/vlc_media_player 1.0.6

videolan/vlc_media_player 1.1.0

videolan/vlc_media_player 1.1.1

videolan/vlc_media_player 1.1.2

... and 23 more

Published Oct 25, 2013

Tracked Since Feb 18, 2026