CVE-2008-2147
Severity CVSS v4.0:
Pending analysis
Type:
CWE-264
Permissions, Privileges, and Access Control
Publication date:
12/05/2008
Last modified:
09/04/2025
Description
Untrusted search path vulnerability in VideoLAN VLC before 0.9.0 allows local users to execute arbitrary code via a malicious library under the modules/ or plugins/ subdirectories of the current working directory.
Impact
Base Score 2.0
4.60
Severity 2.0
MEDIUM
Vulnerable products and versions
| CPE | From | Up to |
|---|---|---|
| cpe:2.3:a:videolan:vlc:*:*:*:*:*:*:*:* | 0.8.6 (including) | |
| cpe:2.3:a:videolan:vlc:0.4.6:*:*:*:*:*:*:* | ||
| cpe:2.3:a:videolan:vlc:0.5.0:*:*:*:*:*:*:* | ||
| cpe:2.3:a:videolan:vlc:0.5.1:*:*:*:*:*:*:* | ||
| cpe:2.3:a:videolan:vlc:0.5.1a:*:*:*:*:*:*:* | ||
| cpe:2.3:a:videolan:vlc:0.5.2:*:*:*:*:*:*:* | ||
| cpe:2.3:a:videolan:vlc:0.5.3:*:*:*:*:*:*:* | ||
| cpe:2.3:a:videolan:vlc:0.6.0:*:*:*:*:*:*:* | ||
| cpe:2.3:a:videolan:vlc:0.6.1:*:*:*:*:*:*:* | ||
| cpe:2.3:a:videolan:vlc:0.6.2:*:*:*:*:*:*:* | ||
| cpe:2.3:a:videolan:vlc:0.7.0:*:*:*:*:*:*:* | ||
| cpe:2.3:a:videolan:vlc:0.7.1:*:*:*:*:*:*:* | ||
| cpe:2.3:a:videolan:vlc:0.7.2:*:*:*:*:*:*:* | ||
| cpe:2.3:a:videolan:vlc:0.8.0:*:*:*:*:*:*:* | ||
| cpe:2.3:a:videolan:vlc:0.8.1:*:*:*:*:*:*:* |
To consult the complete list of CPE names with products and versions, see this page
References to Advisories, Solutions, and Tools
- http://git.videolan.org/?p=vlc.git%3Ba%3Dcommit%3Bh%3Dc7cef4fdd8dd72ce0a45be3cda8ba98df5e83181
- http://secunia.com/advisories/31317
- http://security.gentoo.org/glsa/glsa-200807-13.xml
- http://trac.videolan.org/vlc/ticket/1578
- https://exchange.xforce.ibmcloud.com/vulnerabilities/42377
- http://git.videolan.org/?p=vlc.git%3Ba%3Dcommit%3Bh%3Dc7cef4fdd8dd72ce0a45be3cda8ba98df5e83181
- http://secunia.com/advisories/31317
- http://security.gentoo.org/glsa/glsa-200807-13.xml
- http://trac.videolan.org/vlc/ticket/1578
- https://exchange.xforce.ibmcloud.com/vulnerabilities/42377