CVE-2012-5855

The SHAddToRecentDocs function in VideoLAN VLC media player 2.0.4 and earlier might allow user-assisted attackers to cause a denial of service (crash) via a crafted file name that triggers an incorrect string-length calculation when the file is added to VLC.  NOTE: it is not clear whether this issue crosses privilege boundaries or whether it can be exploited without user interaction.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTNIST
4.3 UNKNOWN
NETWORK
MEDIUM
AV:N/AC:M/Au:N/C:N/I:N/A:P
mitreCNA
---
---
CVEADP
---
---
Base Score
CVSS 3.x
EPSS Score
Percentile: 56%
VendorProductVersion
videolanvlc_media_player
𝑥
≤ 2.0.4
videolanvlc_media_player
2.0.0
videolanvlc_media_player
2.0.1
videolanvlc_media_player
2.0.2
videolanvlc_media_player
2.0.3
𝑥
= Vulnerable software versions
Debian logo
Debian Releases
Debian Product
Codename
vlc
bullseye (security)
3.0.21-0+deb11u1
fixed
bullseye
3.0.21-0+deb11u1
fixed
bookworm
3.0.21-0+deb12u1
fixed
bookworm (security)
3.0.21-0+deb12u1
fixed
sid
3.0.21-2
fixed
trixie
3.0.21-2
fixed
Ubuntu logo
Ubuntu Releases
Ubuntu Product
Codename
vlc
utopic
ignored
trusty
ignored
saucy
ignored
raring
ignored
quantal
ignored
precise
ignored
oneiric
ignored
lucid
ignored
hardy
ignored
Common Weakness Enumeration
References
http://marc.info/?l=oss-security&m=135274330022215&w=2
http://www.securityfocus.com/archive/1/524626
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A16781
http://marc.info/?l=oss-security&m=135274330022215&w=2
http://www.securityfocus.com/archive/1/524626
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A16781