Search for vulnerabilities
Vulnerability details: VCID-fvfu-dqez-aaam
Vulnerability ID VCID-fvfu-dqez-aaam
Aliases CVE-2007-0017
Summary Multiple format string vulnerabilities in (1) the cdio_log_handler function in modules/access/cdda/access.c in the CDDA (libcdda_plugin) plugin, and the (2) cdio_log_handler and (3) vcd_log_handler functions in modules/access/vcdx/access.c in the VCDX (libvcdx_plugin) plugin, in VideoLAN VLC 0.7.0 through 0.8.6 allow user-assisted remote attackers to execute arbitrary code via format string specifiers in an invalid URI, as demonstrated by a udp://-- URI in an M3U file.
Status Published
Exploitability 2.0
Weighted Severity 6.1
Risk 10.0
Affected and Fixed Packages Package Details
Weaknesses (1)
CWE-134 Use of Externally-Controlled Format String
System Score Found at
epss 0.46385 https://api.first.org/data/v1/epss?cve=CVE-2007-0017
epss 0.46385 https://api.first.org/data/v1/epss?cve=CVE-2007-0017
epss 0.46385 https://api.first.org/data/v1/epss?cve=CVE-2007-0017
epss 0.46385 https://api.first.org/data/v1/epss?cve=CVE-2007-0017
epss 0.46385 https://api.first.org/data/v1/epss?cve=CVE-2007-0017
epss 0.46385 https://api.first.org/data/v1/epss?cve=CVE-2007-0017
epss 0.46385 https://api.first.org/data/v1/epss?cve=CVE-2007-0017
epss 0.46385 https://api.first.org/data/v1/epss?cve=CVE-2007-0017
epss 0.46385 https://api.first.org/data/v1/epss?cve=CVE-2007-0017
epss 0.46385 https://api.first.org/data/v1/epss?cve=CVE-2007-0017
epss 0.46385 https://api.first.org/data/v1/epss?cve=CVE-2007-0017
epss 0.46385 https://api.first.org/data/v1/epss?cve=CVE-2007-0017
epss 0.46385 https://api.first.org/data/v1/epss?cve=CVE-2007-0017
epss 0.46385 https://api.first.org/data/v1/epss?cve=CVE-2007-0017
epss 0.55133 https://api.first.org/data/v1/epss?cve=CVE-2007-0017
epss 0.55133 https://api.first.org/data/v1/epss?cve=CVE-2007-0017
epss 0.55133 https://api.first.org/data/v1/epss?cve=CVE-2007-0017
epss 0.55133 https://api.first.org/data/v1/epss?cve=CVE-2007-0017
epss 0.55133 https://api.first.org/data/v1/epss?cve=CVE-2007-0017
epss 0.55133 https://api.first.org/data/v1/epss?cve=CVE-2007-0017
epss 0.55133 https://api.first.org/data/v1/epss?cve=CVE-2007-0017
epss 0.55133 https://api.first.org/data/v1/epss?cve=CVE-2007-0017
epss 0.55133 https://api.first.org/data/v1/epss?cve=CVE-2007-0017
epss 0.55133 https://api.first.org/data/v1/epss?cve=CVE-2007-0017
epss 0.55133 https://api.first.org/data/v1/epss?cve=CVE-2007-0017
epss 0.55133 https://api.first.org/data/v1/epss?cve=CVE-2007-0017
epss 0.55133 https://api.first.org/data/v1/epss?cve=CVE-2007-0017
epss 0.55133 https://api.first.org/data/v1/epss?cve=CVE-2007-0017
epss 0.55133 https://api.first.org/data/v1/epss?cve=CVE-2007-0017
epss 0.55133 https://api.first.org/data/v1/epss?cve=CVE-2007-0017
epss 0.55133 https://api.first.org/data/v1/epss?cve=CVE-2007-0017
epss 0.55133 https://api.first.org/data/v1/epss?cve=CVE-2007-0017
epss 0.55133 https://api.first.org/data/v1/epss?cve=CVE-2007-0017
epss 0.55133 https://api.first.org/data/v1/epss?cve=CVE-2007-0017
epss 0.55133 https://api.first.org/data/v1/epss?cve=CVE-2007-0017
epss 0.55133 https://api.first.org/data/v1/epss?cve=CVE-2007-0017
epss 0.55133 https://api.first.org/data/v1/epss?cve=CVE-2007-0017
epss 0.55133 https://api.first.org/data/v1/epss?cve=CVE-2007-0017
epss 0.55133 https://api.first.org/data/v1/epss?cve=CVE-2007-0017
epss 0.55133 https://api.first.org/data/v1/epss?cve=CVE-2007-0017
epss 0.55133 https://api.first.org/data/v1/epss?cve=CVE-2007-0017
epss 0.55133 https://api.first.org/data/v1/epss?cve=CVE-2007-0017
epss 0.57124 https://api.first.org/data/v1/epss?cve=CVE-2007-0017
epss 0.88799 https://api.first.org/data/v1/epss?cve=CVE-2007-0017
epss 0.88799 https://api.first.org/data/v1/epss?cve=CVE-2007-0017
epss 0.88799 https://api.first.org/data/v1/epss?cve=CVE-2007-0017
epss 0.88799 https://api.first.org/data/v1/epss?cve=CVE-2007-0017
epss 0.95095 https://api.first.org/data/v1/epss?cve=CVE-2007-0017
epss 0.95095 https://api.first.org/data/v1/epss?cve=CVE-2007-0017
epss 0.95095 https://api.first.org/data/v1/epss?cve=CVE-2007-0017
epss 0.95095 https://api.first.org/data/v1/epss?cve=CVE-2007-0017
epss 0.95095 https://api.first.org/data/v1/epss?cve=CVE-2007-0017
epss 0.95095 https://api.first.org/data/v1/epss?cve=CVE-2007-0017
epss 0.95095 https://api.first.org/data/v1/epss?cve=CVE-2007-0017
epss 0.95095 https://api.first.org/data/v1/epss?cve=CVE-2007-0017
epss 0.95095 https://api.first.org/data/v1/epss?cve=CVE-2007-0017
epss 0.95095 https://api.first.org/data/v1/epss?cve=CVE-2007-0017
cvssv2 6.8 https://nvd.nist.gov/vuln/detail/CVE-2007-0017
Reference id Reference type URL
http://applefun.blogspot.com/2007/01/moab-02-01-2007-vlc-media-player-udp.html
http://landonf.bikemonkey.org/code/macosx/MOAB_Day_2.20070103045559.6753.timor.html
http://osvdb.org/31163
http://projects.info-pull.com/moab/MOAB-02-01-2007.html
https://api.first.org/data/v1/epss?cve=CVE-2007-0017
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-0017
http://secunia.com/advisories/23592
http://secunia.com/advisories/23829
http://secunia.com/advisories/23910
http://secunia.com/advisories/23971
http://security.gentoo.org/glsa/glsa-200701-24.xml
http://securitytracker.com/id?1017464
https://exchange.xforce.ibmcloud.com/vulnerabilities/31226
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A14313
http://trac.videolan.org/vlc/changeset/18481
http://www.debian.org/security/2007/dsa-1252
http://www.novell.com/linux/security/advisories/2007_13_xine.html
http://www.securityfocus.com/bid/21852
http://www.via.ecp.fr/via/ml/vlc-devel/2007-01/msg00005.html
http://www.videolan.org/patches/vlc-0.8.6-MOAB-02-01-2007.patch
http://www.videolan.org/sa0701.html
http://www.vupen.com/english/advisories/2007/0026
405425 https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=405425
cpe:2.3:a:videolan:vlc_media_player:0.7.0:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:videolan:vlc_media_player:0.7.0:*:*:*:*:*:*:*
cpe:2.3:a:videolan:vlc_media_player:0.7.1:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:videolan:vlc_media_player:0.7.1:*:*:*:*:*:*:*
cpe:2.3:a:videolan:vlc_media_player:0.7.2:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:videolan:vlc_media_player:0.7.2:*:*:*:*:*:*:*
cpe:2.3:a:videolan:vlc_media_player:0.8.0:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:videolan:vlc_media_player:0.8.0:*:*:*:*:*:*:*
cpe:2.3:a:videolan:vlc_media_player:0.8.1:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:videolan:vlc_media_player:0.8.1:*:*:*:*:*:*:*
cpe:2.3:a:videolan:vlc_media_player:0.8.2:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:videolan:vlc_media_player:0.8.2:*:*:*:*:*:*:*
cpe:2.3:a:videolan:vlc_media_player:0.8.4:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:videolan:vlc_media_player:0.8.4:*:*:*:*:*:*:*
cpe:2.3:a:videolan:vlc_media_player:0.8.4a:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:videolan:vlc_media_player:0.8.4a:*:*:*:*:*:*:*
cpe:2.3:a:videolan:vlc_media_player:0.8.5:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:videolan:vlc_media_player:0.8.5:*:*:*:*:*:*:*
cpe:2.3:a:videolan:vlc_media_player:0.8.6:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:videolan:vlc_media_player:0.8.6:*:*:*:*:*:*:*
CVE-2007-0017 Exploit https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/osx/dos/3069.pl
CVE-2007-0017 Exploit https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/osx/local/3070.pl
CVE-2007-0017 https://nvd.nist.gov/vuln/detail/CVE-2007-0017
GLSA-200701-24 https://security.gentoo.org/glsa/200701-24
Data source Exploit-DB
Date added Jan. 1, 2007
Description VideoLAN VLC Media Player 0.8.6 (x86) - 'udp://' Format String
Ransomware campaign use Known
Source publication date Jan. 2, 2007
Exploit type local
Platform osx
Source update date Sept. 26, 2016
Vector: AV:N/AC:M/Au:N/C:P/I:P/A:P Found at https://nvd.nist.gov/vuln/detail/CVE-2007-0017
Exploitability (E) Access Vector (AV) Access Complexity (AC) Authentication (Au) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

high

functional

unproven

proof_of_concept

not_defined

local

adjacent_network

network

high

medium

low

multiple

single

none

none

partial

complete

none

partial

complete

none

partial

complete
Exploit Prediction Scoring System (EPSS)
Percentile 0.97484
EPSS Score 0.46385
Published At May 18, 2025, 12:55 p.m.
Date Actor Action Source VulnerableCode Version
There are no relevant records.