Launchpad.net

CVE 2007-6682

Format string vulnerability in the httpd_FileCallBack function (network/httpd.c) in VideoLAN VLC 0.8.6d allows remote attackers to execute arbitrary code via format string specifiers in the Connection parameter.

Related bugs and status

CVE-2007-6682 (Candidate) is related to these bugs:

Bug #196452: Multiple vulnerabilites in vlc prior to 0.8.6e

		In	Importance	Status
196452	Multiple vulnerabilites in vlc prior to 0.8.6e	vlc (Ubuntu)	Undecided	Fix Released
196452	Multiple vulnerabilites in vlc prior to 0.8.6e	vlc (Debian)	Unknown	Fix Released
196452	Multiple vulnerabilites in vlc prior to 0.8.6e	vlc (Ubuntu Dapper)	Undecided	Won't Fix
196452	Multiple vulnerabilites in vlc prior to 0.8.6e	vlc (Ubuntu Edgy)	Undecided	Won't Fix
196452	Multiple vulnerabilites in vlc prior to 0.8.6e	vlc (Ubuntu Feisty)	Undecided	Won't Fix
196452	Multiple vulnerabilites in vlc prior to 0.8.6e	vlc (Ubuntu Gutsy)	Undecided	Won't Fix
196452	Multiple vulnerabilites in vlc prior to 0.8.6e	vlc (Ubuntu Hardy)	Undecided	Fix Released

Bug #214977: [vlc] [DSA-1543-1] several vulnerabilities

Summary				In	Importance	Status
	214977	[vlc] [DSA-1543-1] several vulnerabilities		vlc (Ubuntu)	Undecided	New

See the

CVE page on Mitre.org for more details.

References

BUGTRAQ: 20071224 Buffer-overfl...
CONFIRM: http://trac.videolan.o...
BID: 27015
GENTOO: GLSA-200803-13
SECUNIA: 29284
DEBIAN: DSA-1543
SECUNIA: 29766
SREASON: 3550
OSVDB: 42208
MISC: http://aluigi.altervis...
SECUNIA: 28233
EXPLOIT-DB: 5519
OVAL: oval:org.mitre.oval:de...