CVE-2007-6683

Publication date 17 January 2008

Last updated 24 July 2024

The browser plugin in VideoLAN VLC 0.8.6d allows remote attackers to overwrite arbitrary files via (1) the :demuxdump-file option in a filename in a playlist, or (2) a EXTVLCOPT statement in an MP3 file, possibly an argument injection vulnerability.

Status

Show unmaintained releases

Package	Ubuntu Release	Status
vlc	9.10 karmic	Fixed 0.8.6e-0ubuntu1
	9.04 jaunty	Fixed 0.8.6e-0ubuntu1
	8.10 intrepid	Fixed 0.8.6e-0ubuntu1
	8.04 LTS hardy	Fixed 0.8.6e-0ubuntu1
	7.10 gutsy	Ignored
	7.04 feisty	Ignored
	6.10 edgy	Ignored
	6.06 LTS dapper	Ignored

How can I get the fixes?
What do statuses mean?

References

MITRE
NVD
Launchpad
Debian

Other references

https://www.cve.org/CVERecord?id=CVE-2007-6683