Vulnerability Name:

CVE-2010-2062 (CCN-52064)

Assigned:2009-07-27
Published:2009-07-27
Updated:2014-12-29
Summary:Integer underflow in the real_get_rdt_chunk function in real.c, as used in modules/access/rtsp/real.c in VideoLAN VLC media player before 1.0.1 and stream/realrtsp/real.c in MPlayer before r29447, allows remote attackers to execute arbitrary code via a crafted length value in an RDT chunk header.
CVSS v3 Severity:7.3 High (CCN CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L)
Exploitability Metrics:Attack Vector (AV): Network
Attack Complexity (AC): Low
Privileges Required (PR): None
User Interaction (UI): None
Scope:Scope (S): Unchanged
Impact Metrics:Confidentiality (C): Low
Integrity (I): Low
Availibility (A): Low
CVSS v2 Severity:7.5 High (CVSS v2 Vector: AV:N/AC:L/Au:N/C:P/I:P/A:P)
5.7 Medium (Temporal CVSS v2 Vector: AV:N/AC:L/Au:N/C:P/I:P/A:P/E:U/RL:TF/RC:C)
Exploitability Metrics:Access Vector (AV): Network
Access Complexity (AC): Low
Authentication (Au): None
Impact Metrics:Confidentiality (C): Partial
Integrity (I): Partial
Availibility (A): Partial
6.8 Medium (CCN CVSS v2 Vector: AV:N/AC:M/Au:N/C:P/I:P/A:P)
5.2 Medium (CCN Temporal CVSS v2 Vector: AV:N/AC:M/Au:N/C:P/I:P/A:P/E:U/RL:TF/RC:C)
Exploitability Metrics:Access Vector (AV): Network
Access Complexity (AC): Medium
Athentication (Au): None
Impact Metrics:Confidentiality (C): Partial
Integrity (I): Partial
Availibility (A): Partial
Vulnerability Type:CWE-189
Vulnerability Consequences:Gain Access
References:Source: CCN
Type: BugTraq Mailing List, Mon Jul 27 2009 - 11:27:17 CDT
[DZC-2009-001] The Movie Player and VLC Media Player Real Data Transport parsing integer underflow.

Source: MITRE
Type: CNA
CVE-2010-2062

Source: CONFIRM
Type: UNKNOWN
http://git.videolan.org/?p=vlc.git;a=commit;h=dc74600c97eb834c08674676e209afa842053aca

Source: CCN
Type: GIT Repository
Real pseudo-RTSP: prevent integer underflow

Source: MLIST
Type: UNKNOWN
[oss-security] 20100604 Re: CVE requests for mplayer/vlc and abcm2ps

Source: FULLDISC
Type: Exploit
20090727 [DZC-2009-001] The Movie Player and VLC Media Player Real Data Transport parsing integer underflow.

Source: CCN
Type: SA36037
VLC Media Player "real_get_rdt_chunk()" Buffer Overflow

Source: CCN
Type: SA36041
MPlayer "real_get_rdt_chunk()" Buffer Overflow Vulnerability

Source: DEBIAN
Type: DSA-2043
vlc -- integer overflow

Source: DEBIAN
Type: DSA-2044
mplayer -- integer overflow

Source: CCN
Type: MPlayer Web site
Download

Source: CCN
Type: OSVDB ID: 56604
VLC Media Player modules/access/rtsp/real.c real_get_rdt_chunk() Function Overflow

Source: CCN
Type: OSVDB ID: 56605
MPlayer stream/realrtsp/real.c real_get_rdt_chunk() Function Overflow

Source: CCN
Type: BID-35821
MPlayer and VLC Player Real Data Transport Remote Integer Underflow Vulnerability

Source: CCN
Type: VideoLAN Web site
VLC media player - Overview

Source: MISC
Type: Exploit
https://dzcore.wordpress.com/2009/07/27/dzc-2009-001-the-movie-player-and-vlc-media-player-real-data-transport-parsing-integer-underflow/

Source: XF
Type: UNKNOWN
mplayer-vlcmediaplayer-realgetrdtchunk-bo(52064)

Vulnerable Configuration:Configuration 1:
  • cpe:/a:videolan:vlc_media_player:0.5.0:*:*:*:*:*:*:*
  • OR cpe:/a:videolan:vlc_media_player:0.5.1:*:*:*:*:*:*:*
  • OR cpe:/a:videolan:vlc_media_player:0.5.2:*:*:*:*:*:*:*
  • OR cpe:/a:videolan:vlc_media_player:0.5.3:*:*:*:*:*:*:*
  • OR cpe:/a:videolan:vlc_media_player:0.6.0:*:*:*:*:*:*:*
  • OR cpe:/a:videolan:vlc_media_player:0.6.1:*:*:*:*:*:*:*
  • OR cpe:/a:videolan:vlc_media_player:0.6.2:*:*:*:*:*:*:*
  • OR cpe:/a:videolan:vlc_media_player:0.7.0:*:*:*:*:*:*:*
  • OR cpe:/a:videolan:vlc_media_player:0.7.1:*:*:*:*:*:*:*
  • OR cpe:/a:videolan:vlc_media_player:0.7.2:*:*:*:*:*:*:*
  • OR cpe:/a:videolan:vlc_media_player:0.8.0:*:*:*:*:*:*:*
  • OR cpe:/a:videolan:vlc_media_player:0.8.1:*:*:*:*:*:*:*
  • OR cpe:/a:videolan:vlc_media_player:0.8.2:*:*:*:*:*:*:*
  • OR cpe:/a:videolan:vlc_media_player:0.8.4:*:*:*:*:*:*:*
  • OR cpe:/a:videolan:vlc_media_player:0.8.4a:*:*:*:*:*:*:*
  • OR cpe:/a:videolan:vlc_media_player:0.8.5:*:*:*:*:*:*:*
  • OR cpe:/a:videolan:vlc_media_player:0.8.6:*:*:*:*:*:*:*
  • OR cpe:/a:videolan:vlc_media_player:0.8.6a:*:*:*:*:*:*:*
  • OR cpe:/a:videolan:vlc_media_player:0.8.6b:*:*:*:*:*:*:*
  • OR cpe:/a:videolan:vlc_media_player:0.8.6c:*:*:*:*:*:*:*
  • OR cpe:/a:videolan:vlc_media_player:0.8.6d:*:*:*:*:*:*:*
  • OR cpe:/a:videolan:vlc_media_player:0.8.6e:*:*:*:*:*:*:*
  • OR cpe:/a:videolan:vlc_media_player:0.8.6f:*:*:*:*:*:*:*
  • OR cpe:/a:videolan:vlc_media_player:0.8.6g:*:*:*:*:*:*:*
  • OR cpe:/a:videolan:vlc_media_player:0.8.6h:*:*:*:*:*:*:*
  • OR cpe:/a:videolan:vlc_media_player:0.8.6i:*:*:*:*:*:*:*
  • OR cpe:/a:videolan:vlc_media_player:0.8.1337:*:*:*:*:*:*:*
  • OR cpe:/a:videolan:vlc_media_player:0.9.0:*:*:*:*:*:*:*
  • OR cpe:/a:videolan:vlc_media_player:0.9.1:*:*:*:*:*:*:*
  • OR cpe:/a:videolan:vlc_media_player:0.9.2:*:*:*:*:*:*:*
  • OR cpe:/a:videolan:vlc_media_player:0.9.3:*:*:*:*:*:*:*
  • OR cpe:/a:videolan:vlc_media_player:0.9.4:*:*:*:*:*:*:*
  • OR cpe:/a:videolan:vlc_media_player:0.9.5:*:*:*:*:*:*:*
  • OR cpe:/a:videolan:vlc_media_player:0.9.6:*:*:*:*:*:*:*
  • OR cpe:/a:videolan:vlc_media_player:0.9.8a:*:*:*:*:*:*:*
  • OR cpe:/a:videolan:vlc_media_player:0.9.9:*:*:*:*:*:*:*
  • OR cpe:/a:videolan:vlc_media_player:0.9.9a:*:*:*:*:*:*:*
  • OR cpe:/a:videolan:vlc_media_player:0.9.10:*:*:*:*:*:*:*
  • OR cpe:/a:videolan:vlc_media_player:*:*:*:*:*:*:*:* (Version <= 1.0.0)

    • Configuration CCN 1:
  • cpe:/a:mplayer:mplayer:1.0_rc2:*:*:*:*:*:*:*
  • OR cpe:/a:videolan:vlc_media_player:1.0.0:*:*:*:*:*:*:*
  • AND
  • cpe:/o:debian:debian_linux:5.0:*:*:*:*:*:*:*

    • * Denotes that component is vulnerable
    BACK
    videolan vlc media player 0.5.0
    videolan vlc media player 0.5.1
    videolan vlc media player 0.5.2
    videolan vlc media player 0.5.3
    videolan vlc media player 0.6.0
    videolan vlc media player 0.6.1
    videolan vlc media player 0.6.2
    videolan vlc media player 0.7.0
    videolan vlc media player 0.7.1
    videolan vlc media player 0.7.2
    videolan vlc media player 0.8.0
    videolan vlc media player 0.8.1
    videolan vlc media player 0.8.2
    videolan vlc media player 0.8.4
    videolan vlc media player 0.8.4a
    videolan vlc media player 0.8.5
    videolan vlc media player 0.8.6
    videolan vlc media player 0.8.6a
    videolan vlc media player 0.8.6b
    videolan vlc media player 0.8.6c
    videolan vlc media player 0.8.6d
    videolan vlc media player 0.8.6e
    videolan vlc media player 0.8.6f
    videolan vlc media player 0.8.6g
    videolan vlc media player 0.8.6h
    videolan vlc media player 0.8.6i
    videolan vlc media player 0.8.1337
    videolan vlc media player 0.9.0
    videolan vlc media player 0.9.1
    videolan vlc media player 0.9.2
    videolan vlc media player 0.9.3
    videolan vlc media player 0.9.4
    videolan vlc media player 0.9.5
    videolan vlc media player 0.9.6
    videolan vlc media player 0.9.8a
    videolan vlc media player 0.9.9
    videolan vlc media player 0.9.9a
    videolan vlc media player 0.9.10
    videolan vlc media player *
    mplayer mplayer 1.0_rc2
    videolan vlc media player 1.0.0
    debian debian linux 5.0