CVSS: 8.0EPSS: 0%CPEs: 1EXPL: 0CVE-2024-46461 – Ubuntu Security Notice USN-7243-1
https://notcve.org/view.php?id=CVE-2024-46461
25 Sep 2024 — VLC media player 3.0.20 and earlier is vulnerable to denial of service through an integer overflow which could be triggered with a maliciously crafted mms stream (heap based overflow). If successful, a malicious third party could trigger either a crash of VLC or an arbitrary code execution with the target user's privileges. It was discovered that VLC incorrectly handled memory when reading a MMS stream. An attacker could possibly use this issue to cause a denial of service or execute arbitrary code. • https://www.videolan.org/security/sb-vlc3021.html • CWE-122: Heap-based Buffer Overflow •
CVSS: 7.5EPSS: 2%CPEs: 1EXPL: 2CVE-2024-1580 – Integer overflow in VideoLAN dav1d
https://notcve.org/view.php?id=CVE-2024-1580
19 Feb 2024 — An integer overflow in dav1d AV1 decoder that can occur when decoding videos with large frame size. This can lead to memory corruption within the AV1 decoder. We recommend upgrading past version 1.4.0 of dav1d. Un desbordamiento de enteros en el decodificador dav1d AV1 que puede ocurrir al decodificar videos con un tamaño de cuadro grande. Esto puede provocar daños en la memoria del decodificador AV1. • https://packetstorm.news/files/id/177632 • CWE-190: Integer Overflow or Wraparound •
CVSS: 7.8EPSS: 0%CPEs: 2EXPL: 0CVE-2023-46814
https://notcve.org/view.php?id=CVE-2023-46814
22 Nov 2023 — A binary hijacking vulnerability exists within the VideoLAN VLC media player before 3.0.19 on Windows. The uninstaller attempts to execute code with elevated privileges out of a standard user writable location. Standard users may use this to gain arbitrary code execution as SYSTEM. Existe una vulnerabilidad de secuestro binario en el reproductor multimedia VideoLAN VLC anterior a 3.0.19 en Windows. El desinstalador intenta ejecutar código con privilegios elevados desde una ubicación de escritura estándar po... • https://www.videolan.org/security/sb-vlc3019.html • CWE-427: Uncontrolled Search Path Element •
CVSS: 10.0EPSS: 0%CPEs: 1EXPL: 1CVE-2023-47359 – Ubuntu Security Notice USN-6783-1
https://notcve.org/view.php?id=CVE-2023-47359
07 Nov 2023 — Videolan VLC prior to version 3.0.20 contains an incorrect offset read that leads to a Heap-Based Buffer Overflow in function GetPacket() and results in a memory corruption. Videolan VLC anterior a la versión 3.0.20 contiene una lectura de desplazamiento incorrecta que provoca un desbordamiento del búfer en la función GetPacket() y provoca daños en la memoria. It was discovered that VLC incorrectly handled certain media files. A remote attacker could possibly use this issue to cause VLC to crash, resulting ... • https://0xariana.github.io/blog/real_bugs/vlc/mms • CWE-787: Out-of-bounds Write •
CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 1CVE-2023-47360
https://notcve.org/view.php?id=CVE-2023-47360
07 Nov 2023 — Videolan VLC prior to version 3.0.20 contains an Integer underflow that leads to an incorrect packet length. Videolan VLC anterior a la versión 3.0.20 contiene un desbordamiento insuficiente de enteros que conduce a una longitud de paquete incorrecta. • https://0xariana.github.io/blog/real_bugs/vlc/mms • CWE-191: Integer Underflow (Wrap or Wraparound) •
CVSS: 5.9EPSS: 0%CPEs: 3EXPL: 0CVE-2023-32570 – Gentoo Linux Security Advisory 202310-05
https://notcve.org/view.php?id=CVE-2023-32570
10 May 2023 — VideoLAN dav1d before 1.2.0 has a thread_task.c race condition that can lead to an application crash, related to dav1d_decode_frame_exit. VideoLAN dav1d anterior a 1.2.0 tiene una condición de ejecución thread_task.c que puede provocar un bloqueo de la aplicación, relacionado con dav1d_decode_frame_exit. A vulnerability has been found in dav1d which could result in denial of service. Versions greater than or equal to 1.2.0 are affected. • https://code.videolan.org/videolan/dav1d/-/commit/cf617fdae0b9bfabd27282854c8e81450d955efa • CWE-362: Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition') •
CVSS: 7.8EPSS: 0%CPEs: 2EXPL: 1CVE-2022-41325 – Debian Security Advisory 5297-1
https://notcve.org/view.php?id=CVE-2022-41325
06 Dec 2022 — An integer overflow in the VNC module in VideoLAN VLC Media Player through 3.0.17.4 allows attackers, by tricking a user into opening a crafted playlist or connecting to a rogue VNC server, to crash VLC or execute code under some conditions. Un desbordamiento de enteros en el módulo VNC en VideoLAN VLC Media Player hasta la versión 3.0.17.4 permite a los atacantes, al engañar a un usuario para que abra una lista de reproducción manipulada se conecte a un servidor VNC fraudulento, bloquear VLC o ejecutar cód... • https://twitter.com/0xMitsurugi • CWE-190: Integer Overflow or Wraparound •
CVSS: 7.5EPSS: 1%CPEs: 1EXPL: 1CVE-2021-25804
https://notcve.org/view.php?id=CVE-2021-25804
26 Jul 2021 — A NULL-pointer dereference in "Open" in avi.c of VideoLAN VLC Media Player 3.0.11 can a denial of service (DOS) in the application. Una desreferencia de puntero NULL en "Open" en el archivo avi.c de VideoLAN VLC Media Player versión 3.0.11, puede causar una denegación de servicio (DOS) en la aplicación • https://github.com/DShankle/VLC_CVE-2021-25804_Analysis • CWE-476: NULL Pointer Dereference •
CVSS: 7.1EPSS: 0%CPEs: 1EXPL: 0CVE-2021-25803 – Ubuntu Security Notice USN-6180-1
https://notcve.org/view.php?id=CVE-2021-25803
26 Jul 2021 — A buffer overflow vulnerability in the vlc_input_attachment_New component of VideoLAN VLC Media Player 3.0.11 allows attackers to cause an out-of-bounds read via a crafted .avi file. Una vulnerabilidad de desbordamiento de búfer en el componente vlc_input_attachment_New de VideoLAN VLC Media Player versión 3.0.11, permite a atacantes causar una lectura fuera de límites por medio de un archivo .avi diseñado It was discovered that VLC could be made to read out of bounds when decoding image files. If a user we... • https://code.videolan.org/videolan/vlc-3.0/-/commit/56cbe9c4b59edbdc5e1bb2687992f3bbf492eccb • CWE-190: Integer Overflow or Wraparound •
CVSS: 7.1EPSS: 0%CPEs: 1EXPL: 0CVE-2021-25802 – Ubuntu Security Notice USN-6180-1
https://notcve.org/view.php?id=CVE-2021-25802
26 Jul 2021 — A buffer overflow vulnerability in the AVI_ExtractSubtitle component of VideoLAN VLC Media Player 3.0.11 allows attackers to cause an out-of-bounds read via a crafted .avi file. Una vulnerabilidad de desbordamiento de búfer en el componente AVI_ExtractSubtitle de VideoLAN VLC Media Player versión 3.0.11 permite a atacantes causar una lectura fuera de los límites por medio de un archivo .avi diseñado It was discovered that VLC could be made to read out of bounds when decoding image files. If a user were tric... • https://code.videolan.org/videolan/vlc-3.0/-/commit/0660acc3ab64d2c3ad99cae887a438f0648faa72 • CWE-125: Out-of-bounds Read •