Vulnerability Name:

CVE-2010-1443 (CCN-102839)

Assigned:2010-04-28
Published:2010-04-28
Updated:2014-12-29
Summary:The parse_track_node function in modules/demux/playlist/xspf.c in the XSPF playlist parser in VideoLAN VLC media player before 1.0.6 allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) via an empty location element in an XML Shareable Playlist Format (XSPF) document.

CWE-476: NULL Pointer Dereference
CVSS v3 Severity:5.3 Medium (CCN CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L)
Exploitability Metrics:Attack Vector (AV): Network
Attack Complexity (AC): Low
Privileges Required (PR): None
User Interaction (UI): None
Scope:Scope (S): Unchanged
Impact Metrics:Confidentiality (C): None
Integrity (I): None
Availibility (A): Low
CVSS v2 Severity:5.0 Medium (CVSS v2 Vector: AV:N/AC:L/Au:N/C:N/I:N/A:P)
3.7 Low (Temporal CVSS v2 Vector: AV:N/AC:L/Au:N/C:N/I:N/A:P/E:U/RL:OF/RC:C)
Exploitability Metrics:Access Vector (AV): Network
Access Complexity (AC): Low
Authentication (Au): None
Impact Metrics:Confidentiality (C): None
Integrity (I): None
Availibility (A): Partial
4.3 Medium (CCN CVSS v2 Vector: AV:N/AC:M/Au:N/C:N/I:N/A:P)
3.2 Low (CCN Temporal CVSS v2 Vector: AV:N/AC:M/Au:N/C:N/I:N/A:P/E:U/RL:OF/RC:C)
Exploitability Metrics:Access Vector (AV): Network
Access Complexity (AC): Medium
Athentication (Au): None
Impact Metrics:Confidentiality (C): None
Integrity (I): None
Availibility (A): Partial
Vulnerability Type:CWE-Other
Vulnerability Consequences:Denial of Service
References:Source: MITRE
Type: CNA
CVE-2010-1443

Source: CONFIRM
Type: UNKNOWN
http://git.videolan.org/?p=vlc/vlc-1.1.git;a=commit;h=8902488ba529c0cf4c903a8a84ff20b5737cc753

Source: CCN
Type: OSS Security, Wed, 28 Apr 2010 16:28:27 -0400 (EDT)
VLC <1.0.6 Multiple issues

Source: MLIST
Type: UNKNOWN
[oss-security] 20100428 Re: CVE request: VLC <1.0.6 Multiple issues

Source: CCN
Type: VideoLan sa1003
Security Advisory 1003

Source: CONFIRM
Type: Vendor Advisory
http://www.videolan.org/security/sa1003.html

Source: XF
Type: UNKNOWN
vlc-cve20101443-dos(102839)

Source: CCN
Type: WhiteSource Vulnerability Database
CVE-2010-1443

Vulnerable Configuration:Configuration 1:
  • cpe:/a:videolan:vlc_media_player:0.5.0:*:*:*:*:*:*:*
  • OR cpe:/a:videolan:vlc_media_player:0.5.1:*:*:*:*:*:*:*
  • OR cpe:/a:videolan:vlc_media_player:0.5.2:*:*:*:*:*:*:*
  • OR cpe:/a:videolan:vlc_media_player:0.5.3:*:*:*:*:*:*:*
  • OR cpe:/a:videolan:vlc_media_player:0.6.0:*:*:*:*:*:*:*
  • OR cpe:/a:videolan:vlc_media_player:0.6.1:*:*:*:*:*:*:*
  • OR cpe:/a:videolan:vlc_media_player:0.6.2:*:*:*:*:*:*:*
  • OR cpe:/a:videolan:vlc_media_player:0.7.0:*:*:*:*:*:*:*
  • OR cpe:/a:videolan:vlc_media_player:0.7.1:*:*:*:*:*:*:*
  • OR cpe:/a:videolan:vlc_media_player:0.7.2:*:*:*:*:*:*:*
  • OR cpe:/a:videolan:vlc_media_player:0.8.0:*:*:*:*:*:*:*
  • OR cpe:/a:videolan:vlc_media_player:0.8.1:*:*:*:*:*:*:*
  • OR cpe:/a:videolan:vlc_media_player:0.8.2:*:*:*:*:*:*:*
  • OR cpe:/a:videolan:vlc_media_player:0.8.4:*:*:*:*:*:*:*
  • OR cpe:/a:videolan:vlc_media_player:0.8.4a:*:*:*:*:*:*:*
  • OR cpe:/a:videolan:vlc_media_player:0.8.5:*:*:*:*:*:*:*
  • OR cpe:/a:videolan:vlc_media_player:0.8.6:*:*:*:*:*:*:*
  • OR cpe:/a:videolan:vlc_media_player:0.8.6a:*:*:*:*:*:*:*
  • OR cpe:/a:videolan:vlc_media_player:0.8.6b:*:*:*:*:*:*:*
  • OR cpe:/a:videolan:vlc_media_player:0.8.6c:*:*:*:*:*:*:*
  • OR cpe:/a:videolan:vlc_media_player:0.8.6d:*:*:*:*:*:*:*
  • OR cpe:/a:videolan:vlc_media_player:0.8.6e:*:*:*:*:*:*:*
  • OR cpe:/a:videolan:vlc_media_player:0.8.6f:*:*:*:*:*:*:*
  • OR cpe:/a:videolan:vlc_media_player:0.8.6g:*:*:*:*:*:*:*
  • OR cpe:/a:videolan:vlc_media_player:0.8.6h:*:*:*:*:*:*:*
  • OR cpe:/a:videolan:vlc_media_player:0.8.6i:*:*:*:*:*:*:*
  • OR cpe:/a:videolan:vlc_media_player:0.8.1337:*:*:*:*:*:*:*
  • OR cpe:/a:videolan:vlc_media_player:0.9.0:*:*:*:*:*:*:*
  • OR cpe:/a:videolan:vlc_media_player:0.9.1:*:*:*:*:*:*:*
  • OR cpe:/a:videolan:vlc_media_player:0.9.2:*:*:*:*:*:*:*
  • OR cpe:/a:videolan:vlc_media_player:0.9.3:*:*:*:*:*:*:*
  • OR cpe:/a:videolan:vlc_media_player:0.9.4:*:*:*:*:*:*:*
  • OR cpe:/a:videolan:vlc_media_player:0.9.5:*:*:*:*:*:*:*
  • OR cpe:/a:videolan:vlc_media_player:0.9.6:*:*:*:*:*:*:*
  • OR cpe:/a:videolan:vlc_media_player:0.9.8a:*:*:*:*:*:*:*
  • OR cpe:/a:videolan:vlc_media_player:0.9.9:*:*:*:*:*:*:*
  • OR cpe:/a:videolan:vlc_media_player:0.9.9a:*:*:*:*:*:*:*
  • OR cpe:/a:videolan:vlc_media_player:0.9.10:*:*:*:*:*:*:*
  • OR cpe:/a:videolan:vlc_media_player:1.0.0:*:*:*:*:*:*:*
  • OR cpe:/a:videolan:vlc_media_player:1.0.1:*:*:*:*:*:*:*
  • OR cpe:/a:videolan:vlc_media_player:1.0.2:*:*:*:*:*:*:*
  • OR cpe:/a:videolan:vlc_media_player:1.0.3:*:*:*:*:*:*:*
  • OR cpe:/a:videolan:vlc_media_player:1.0.4:*:*:*:*:*:*:*
  • OR cpe:/a:videolan:vlc_media_player:*:*:*:*:*:*:*:* (Version <= 1.0.5)

    • Configuration CCN 1:
  • cpe:/a:videolan:vlc_media_player:0.5.0:*:*:*:*:*:*:*
  • OR cpe:/a:videolan:vlc_media_player:1.0.5:*:*:*:*:*:*:*

    • * Denotes that component is vulnerable
    BACK
    videolan vlc media player 0.5.0
    videolan vlc media player 0.5.1
    videolan vlc media player 0.5.2
    videolan vlc media player 0.5.3
    videolan vlc media player 0.6.0
    videolan vlc media player 0.6.1
    videolan vlc media player 0.6.2
    videolan vlc media player 0.7.0
    videolan vlc media player 0.7.1
    videolan vlc media player 0.7.2
    videolan vlc media player 0.8.0
    videolan vlc media player 0.8.1
    videolan vlc media player 0.8.2
    videolan vlc media player 0.8.4
    videolan vlc media player 0.8.4a
    videolan vlc media player 0.8.5
    videolan vlc media player 0.8.6
    videolan vlc media player 0.8.6a
    videolan vlc media player 0.8.6b
    videolan vlc media player 0.8.6c
    videolan vlc media player 0.8.6d
    videolan vlc media player 0.8.6e
    videolan vlc media player 0.8.6f
    videolan vlc media player 0.8.6g
    videolan vlc media player 0.8.6h
    videolan vlc media player 0.8.6i
    videolan vlc media player 0.8.1337
    videolan vlc media player 0.9.0
    videolan vlc media player 0.9.1
    videolan vlc media player 0.9.2
    videolan vlc media player 0.9.3
    videolan vlc media player 0.9.4
    videolan vlc media player 0.9.5
    videolan vlc media player 0.9.6
    videolan vlc media player 0.9.8a
    videolan vlc media player 0.9.9
    videolan vlc media player 0.9.9a
    videolan vlc media player 0.9.10
    videolan vlc media player 1.0.0
    videolan vlc media player 1.0.1
    videolan vlc media player 1.0.2
    videolan vlc media player 1.0.3
    videolan vlc media player 1.0.4
    videolan vlc media player *
    videolan vlc media player 0.5.0
    videolan vlc media player 1.0.5