CVSS: 6.8EPSS: 5%CPEs: 74EXPL: 0CVE-2011-2588
https://notcve.org/view.php?id=CVE-2011-2588
Heap-based buffer overflow in the AVI_ChunkRead_strf function in libavi.c in the AVI demuxer in VideoLAN VLC media player before 1.1.11 allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a crafted AVI media file. Desbordamiento de búfer basado en memoria dinámica en la función AVI_ChunkRead_strf en libavi.c en el demulpiplexor AVI en el reproductor multimedia VideoLAN VLC anterior a v1.1.11 ,permite a atacantes remotos causar una denegación de servicio (caída de la aplicación) o ejecutar código arbitrario a través de un fichero AVI manipulado. • http://git.videolan.org/?p=vlc.git%3Ba=commit%3Bh=9c14964bd11482d5c1d6c0e223440f9f1e5b1831 http://secunia.com/advisories/45066 http://www.securityfocus.com/bid/48664 http://www.videolan.org/security/sa1106.html https://exchange.xforce.ibmcloud.com/vulnerabilities/68532 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A14858 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 6.8EPSS: 2%CPEs: 115EXPL: 0CVE-2011-1931
https://notcve.org/view.php?id=CVE-2011-1931
sp5xdec.c in the Sunplus SP5X JPEG decoder in libavcodec in FFmpeg before 0.6.3 and libav through 0.6.2, as used in VideoLAN VLC media player 1.1.9 and earlier and other products, performs a write operation outside the bounds of an unspecified array, which allows remote attackers to cause a denial of service (memory corruption) or possibly execute arbitrary code via a malformed AMV file. sp5xdec.c en el decodificador Sunplus SP5X JPEG en libavcodec en FFmpeg antes de v0.6.3 y libav hasta v0.6.2, tal y como se utiliza en VideoLAN VLC media player v1.1.9 y versiones anteriores y otros productos, realiza una operación de escritura fuera de los límites permitidos de un array no especificado, lo que permite a atacantes remotos causar una denegación de servicio (por corrupción de memoria) o posiblemente ejecutar código arbitrario a través de un archivo AMV mal formado. • http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=624339 http://git.videolan.org/?p=ffmpeg.git%3Ba=commit%3Bh=89f903b3d5ec38c9c5d90fba7e626fa0eda61a32 http://securityreason.com/securityalert/8299 http://www.securityfocus.com/archive/1/517706 http://www.securityfocus.com/bid/47602 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 9.3EPSS: 94%CPEs: 70EXPL: 4CVE-2010-3275 – VideoLAN VLC Media Player 1.1.4 - 'AMV' Dangling Pointer
https://notcve.org/view.php?id=CVE-2010-3275
libdirectx_plugin.dll in VideoLAN VLC Media Player before 1.1.8 allows remote attackers to execute arbitrary code via a crafted width in an AMV file, related to a "dangling pointer vulnerability." libdirectx_plugin.dll del reproductor multimedia VideoLAN VLC en versiones anteriores a la 1.1.8 permite a atacantes remotos ejecutar código de su elección a través de una anchura modificada de un fichero AMV. Relacionado con una vulnerabilidad de puntero no liberado. • https://www.exploit-db.com/exploits/17048 http://secunia.com/advisories/43826 http://securityreason.com/securityalert/8162 http://securitytracker.com/id?1025250 http://www.coresecurity.com/content/vlc-vulnerabilities-amv-nsv-files http://www.debian.org/security/2011/dsa-2211 http://www.exploit-db.com/exploits/17048 http://www.metasploit.com/modules/exploit/windows/browser/vlc_amv http://www.osvdb.org/71277 http://www.securityfocus.com/archive/1/517150/100/0/threaded http:/ • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 9.3EPSS: 8%CPEs: 70EXPL: 1CVE-2010-3276
https://notcve.org/view.php?id=CVE-2010-3276
libdirectx_plugin.dll in VideoLAN VLC Media Player before 1.1.8 allows remote attackers to execute arbitrary code via a crafted width in an NSV file. libdirectx_plugin.dll de VideoLAN VLC Media Player en versiones anteriores a v1.1.8 permite a atacantes remotos la ejecución de código arbitrario mediante la manipulación de la anchura en ficheros NSV • http://secunia.com/advisories/43826 http://securityreason.com/securityalert/8162 http://securitytracker.com/id?1025250 http://www.coresecurity.com/content/vlc-vulnerabilities-amv-nsv-files http://www.debian.org/security/2011/dsa-2211 http://www.osvdb.org/71278 http://www.securityfocus.com/archive/1/517150/100/0/threaded http://www.securityfocus.com/bid/47012 http://www.videolan.org/vlc/releases/1.1.8.html http://www.vupen.com/english/advisories/2011/0759 https://excha • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 9.3EPSS: 97%CPEs: 69EXPL: 1CVE-2011-0531 – VideoLAN VLC Media Player 1.1.6 - 'MKV' Memory Corruption
https://notcve.org/view.php?id=CVE-2011-0531
demux/mkv/mkv.hpp in the MKV demuxer plugin in VideoLAN VLC media player 1.1.6.1 and earlier allows remote attackers to cause a denial of service (crash) and execute arbitrary commands via a crafted MKV (WebM or Matroska) file that triggers memory corruption, related to "class mismatching" and the MKV_IS_ID macro. demux/mkv/mkv.hpp en el plugin MKV demuxer en VideoLAN VLC Media Player v1.1.6.1 y anteriores permite a atacantes remotos causar una denegación de servicio (caída) y ejecutar comandos arbitrarios a través de un archivo MKV (Matroska o WebM) manipulado que realiza una corrupción de memoria, relacionado con "class mismatching" y la macro MKV_IS_ID. • https://www.exploit-db.com/exploits/16637 http://git.videolan.org/?p=vlc.git%3Ba=commit%3Bh=59491dcedffbf97612d2c572943b56ee4289dd07 http://osvdb.org/70698 http://secunia.com/advisories/43131 http://secunia.com/advisories/43242 http://www.debian.org/security/2011/dsa-2159 http://www.openwall.com/lists/oss-security/2011/01/31/4 http://www.openwall.com/lists/oss-security/2011/01/31/8 http://www.securityfocus.com/bid/46060 http://www.securitytracker.com/id?1025018 http: • CWE-20: Improper Input Validation •