Search for vulnerabilities
Vulnerability details: VCID-fj93-wnwg-1kde
Vulnerability ID VCID-fj93-wnwg-1kde
Aliases CVE-2013-3245
Summary plugins/demux/libmkv_plugin.dll in VideoLAN VLC Media Player 2.0.7, and possibly other versions, allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a crafted MKV file, possibly involving an integer overflow and out-of-bounds read or heap-based buffer overflow, or an uncaught exception. NOTE: the vendor disputes the severity and claimed vulnerability type of this issue, stating "This PoC crashes VLC, indeed, but does nothing more... this is not an integer overflow error, but an uncaught exception and I doubt that it is exploitable. This uncaught exception makes VLC abort, not execute random code, on my Linux 64bits machine." A PoC posted by the original researcher shows signs of an attacker-controlled out-of-bounds read, but the affected instruction does not involve a register that directly influences control flow
Status Published
Exploitability 0.5
Weighted Severity 5.7
Risk 2.9
Affected and Fixed Packages Package Details
Weaknesses (0)
There are no known CWE.
System Score Found at
epss 0.01865 https://api.first.org/data/v1/epss?cve=CVE-2013-3245
epss 0.01865 https://api.first.org/data/v1/epss?cve=CVE-2013-3245
epss 0.01865 https://api.first.org/data/v1/epss?cve=CVE-2013-3245
epss 0.01865 https://api.first.org/data/v1/epss?cve=CVE-2013-3245
epss 0.01865 https://api.first.org/data/v1/epss?cve=CVE-2013-3245
epss 0.01865 https://api.first.org/data/v1/epss?cve=CVE-2013-3245
epss 0.01865 https://api.first.org/data/v1/epss?cve=CVE-2013-3245
epss 0.01865 https://api.first.org/data/v1/epss?cve=CVE-2013-3245
epss 0.01865 https://api.first.org/data/v1/epss?cve=CVE-2013-3245
epss 0.01865 https://api.first.org/data/v1/epss?cve=CVE-2013-3245
epss 0.01865 https://api.first.org/data/v1/epss?cve=CVE-2013-3245
epss 0.01865 https://api.first.org/data/v1/epss?cve=CVE-2013-3245
epss 0.01865 https://api.first.org/data/v1/epss?cve=CVE-2013-3245
epss 0.01865 https://api.first.org/data/v1/epss?cve=CVE-2013-3245
epss 0.01865 https://api.first.org/data/v1/epss?cve=CVE-2013-3245
epss 0.01865 https://api.first.org/data/v1/epss?cve=CVE-2013-3245
epss 0.01865 https://api.first.org/data/v1/epss?cve=CVE-2013-3245
epss 0.01865 https://api.first.org/data/v1/epss?cve=CVE-2013-3245
cvssv3.1 6.3 http://seclists.org/fulldisclosure/2013/Jul/71
ssvc Track http://seclists.org/fulldisclosure/2013/Jul/71
cvssv3.1 6.3 http://seclists.org/fulldisclosure/2013/Jul/77
ssvc Track http://seclists.org/fulldisclosure/2013/Jul/77
cvssv3.1 6.3 http://seclists.org/fulldisclosure/2013/Jul/79
ssvc Track http://seclists.org/fulldisclosure/2013/Jul/79
cvssv3.1 6.3 http://secunia.com/advisories/52956
ssvc Track http://secunia.com/advisories/52956
cvssv3.1 6.3 http://secunia.com/blog/372/
ssvc Track http://secunia.com/blog/372/
cvssv3.1 6.3 http://www.jbkempf.com/blog/post/2013/More-lies-from-Secunia
ssvc Track http://www.jbkempf.com/blog/post/2013/More-lies-from-Secunia
cvssv3.1 6.3 http://www.securityfocus.com/bid/61032
ssvc Track http://www.securityfocus.com/bid/61032
Reference id Reference type URL
https://api.first.org/data/v1/epss?cve=CVE-2013-3245
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-3245
372 http://secunia.com/blog/372/
52956 http://secunia.com/advisories/52956
61032 http://www.securityfocus.com/bid/61032
71 http://seclists.org/fulldisclosure/2013/Jul/71
77 http://seclists.org/fulldisclosure/2013/Jul/77
79 http://seclists.org/fulldisclosure/2013/Jul/79
More-lies-from-Secunia http://www.jbkempf.com/blog/post/2013/More-lies-from-Secunia
No exploits are available.
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L Found at http://seclists.org/fulldisclosure/2013/Jul/71
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2024-04-22T20:20:26Z/ Found at http://seclists.org/fulldisclosure/2013/Jul/71
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L Found at http://seclists.org/fulldisclosure/2013/Jul/77
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2024-04-22T20:20:26Z/ Found at http://seclists.org/fulldisclosure/2013/Jul/77
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L Found at http://seclists.org/fulldisclosure/2013/Jul/79
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2024-04-22T20:20:26Z/ Found at http://seclists.org/fulldisclosure/2013/Jul/79
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L Found at http://secunia.com/advisories/52956
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2024-04-22T20:20:26Z/ Found at http://secunia.com/advisories/52956
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L Found at http://secunia.com/blog/372/
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2024-04-22T20:20:26Z/ Found at http://secunia.com/blog/372/
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L Found at http://www.jbkempf.com/blog/post/2013/More-lies-from-Secunia
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2024-04-22T20:20:26Z/ Found at http://www.jbkempf.com/blog/post/2013/More-lies-from-Secunia
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L Found at http://www.securityfocus.com/bid/61032
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2024-04-22T20:20:26Z/ Found at http://www.securityfocus.com/bid/61032
Exploit Prediction Scoring System (EPSS)
Percentile 0.82297
EPSS Score 0.01865
Published At July 30, 2025, 12:55 p.m.
Date Actor Action Source VulnerableCode Version
2025-07-31T09:17:46.116033+00:00 Vulnrichment Import https://github.com/cisagov/vulnrichment/blob/develop/2013/3xxx/CVE-2013-3245.json 37.0.0