CVE-2010-2062

EPSS 3.0%

vlc - arbitrary code execution

Published: 12/26/2014Modified: 4/28/2026

Also known as:DEBIAN-CVE-2010-2062

Description

Integer underflow in the real_get_rdt_chunk function in real.c, as used in modules/access/rtsp/real.c in VideoLAN VLC media player before 1.0.1 and stream/realrtsp/real.c in MPlayer before r29447, allows remote attackers to execute arbitrary code via a crafted length value in an RDT chunk header.

Affected packages (4)

Debian/mplayerfrom 0, < 2:1.0~rc3+svn20100502-3
Debian/mplayerfrom 0, < 1.0~rc2-17+lenny3.2
Debian/vlcfrom 0, < 1.0.1-1
Debian/vlcfrom 0, < 0.8.6.h-4+lenny2.3

References (1)

ADVISORYhttps://security-tracker.debian.org/tracker/CVE-2010-2062