Staging Environment: Content and features may be unstable or change without notice.
Search for vulnerabilities
Vulnerability details: VCID-ra3c-5cmg-3kbc
Vulnerability ID VCID-ra3c-5cmg-3kbc
Aliases CVE-2007-0017
Summary Multiple format string vulnerabilities in (1) the cdio_log_handler function in modules/access/cdda/access.c in the CDDA (libcdda_plugin) plugin, and the (2) cdio_log_handler and (3) vcd_log_handler functions in modules/access/vcdx/access.c in the VCDX (libvcdx_plugin) plugin, in VideoLAN VLC 0.7.0 through 0.8.6 allow user-assisted remote attackers to execute arbitrary code via format string specifiers in an invalid URI, as demonstrated by a udp://-- URI in an M3U file.
Status Published
Exploitability None
Weighted Severity None
Risk None
Affected and Fixed Packages Package Details
Weaknesses (0)
There are no known CWE.
System Score Found at
epss 0.51215 https://api.first.org/data/v1/epss?cve=CVE-2007-0017
Reference id Reference type URL
https://api.first.org/data/v1/epss?cve=CVE-2007-0017
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-0017
405425 https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=405425
CVE-2007-0017 Exploit https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/osx/dos/3069.pl
CVE-2007-0017 Exploit https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/osx/local/3070.pl
GLSA-200701-24 https://security.gentoo.org/glsa/200701-24
Data source Exploit-DB
Date added Jan. 1, 2007
Description VideoLAN VLC Media Player 0.8.6 (x86) - 'udp://' Format String
Ransomware campaign use Known
Source publication date Jan. 2, 2007
Exploit type local
Platform osx
Source update date Sept. 26, 2016
There are no known vectors.
Exploit Prediction Scoring System (EPSS)
Percentile 0.97924
EPSS Score 0.51215
Published At May 29, 2026, 12:55 p.m.
Date Actor Action Source VulnerableCode Version
2026-05-29T13:40:46.045944+00:00 Debian Oval Importer Import https://www.debian.org/security/oval/oval-definitions-bullseye.xml.bz2 38.6.0