Page 12 of 86 results (0.010 seconds)

CVSS: 6.8EPSS: 9%CPEs: 17EXPL: 0

Heap-based buffer overflow in the MP4_ReadBox_skcr function in libmp4.c in the MP4 demultiplexer in VideoLAN VLC media player 1.x before 1.1.9 allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a crafted MP4 file. Un desbordamiento de búfer en la región heap de la memoria en la función MP4_ReadBox_skcr en la biblioteca libmp4.c en el demultiplexor MP4 en el reproductor multimedia VLC de VideoLAN versiones 1.x anterior a 1.1.9, permite a los atacantes remotos causar una denegación de servicio (bloqueo de aplicación) o posiblemente ejecutar código arbitrario por medio de un archivo MP4. • http://git.videolan.org/?p=vlc.git%3Ba=commit%3Bh=5637ca8141bf39f263ecdb62035d2cb45c740821 http://openwall.com/lists/oss-security/2011/04/11/17 http://openwall.com/lists/oss-security/2011/04/13/14 http://openwall.com/lists/oss-security/2011/04/13/17 http://secunia.com/advisories/43890 http://secunia.com/advisories/44022 http://securitytracker.com/id?1025373 http://www.debian.org/security/2011/dsa-2218 http://www.securityfocus.com/bid/47293 http://www.videolan.org/se • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •

CVSS: 7.6EPSS: 3%CPEs: 1EXPL: 2

Buffer overflow in VideoLAN VLC media player 1.0.5 allows user-assisted remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via a crafted .mp3 file that is played during bookmark creation. Desbordamiento de búfer en VideoLAN VLC media player v1.0.5 permite provocar, a atacantes remotos asistidos por un usuario local, una denegación de servicio (por corrupción de memoria y bloqueo de la aplicación) o posiblemente ejecutar código arbitrario a través de un archivo mp3 debidamente modificado que se reproduce durante la creación de un marcador. • http://openwall.com/lists/oss-security/2011/03/02/3 http://openwall.com/lists/oss-security/2011/03/03/8 http://openwall.com/lists/oss-security/2011/03/03/9 http://openwall.com/lists/oss-security/2011/03/28/7 http://secunia.com/advisories/38853 http://www.osvdb.org/62728 http://www.securityfocus.com/bid/38569 http://www.zeroscience.mk/en/vulnerabilities/ZSL-2010-4931.php https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A14 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •

CVSS: 9.3EPSS: 94%CPEs: 70EXPL: 4

libdirectx_plugin.dll in VideoLAN VLC Media Player before 1.1.8 allows remote attackers to execute arbitrary code via a crafted width in an AMV file, related to a "dangling pointer vulnerability." libdirectx_plugin.dll del reproductor multimedia VideoLAN VLC en versiones anteriores a la 1.1.8 permite a atacantes remotos ejecutar código de su elección a través de una anchura modificada de un fichero AMV. Relacionado con una vulnerabilidad de puntero no liberado. • https://www.exploit-db.com/exploits/17048 http://secunia.com/advisories/43826 http://securityreason.com/securityalert/8162 http://securitytracker.com/id?1025250 http://www.coresecurity.com/content/vlc-vulnerabilities-amv-nsv-files http://www.debian.org/security/2011/dsa-2211 http://www.exploit-db.com/exploits/17048 http://www.metasploit.com/modules/exploit/windows/browser/vlc_amv http://www.osvdb.org/71277 http://www.securityfocus.com/archive/1/517150/100/0/threaded http:/ • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •

CVSS: 9.3EPSS: 8%CPEs: 70EXPL: 1

libdirectx_plugin.dll in VideoLAN VLC Media Player before 1.1.8 allows remote attackers to execute arbitrary code via a crafted width in an NSV file. libdirectx_plugin.dll de VideoLAN VLC Media Player en versiones anteriores a v1.1.8 permite a atacantes remotos la ejecución de código arbitrario mediante la manipulación de la anchura en ficheros NSV • http://secunia.com/advisories/43826 http://securityreason.com/securityalert/8162 http://securitytracker.com/id?1025250 http://www.coresecurity.com/content/vlc-vulnerabilities-amv-nsv-files http://www.debian.org/security/2011/dsa-2211 http://www.osvdb.org/71278 http://www.securityfocus.com/archive/1/517150/100/0/threaded http://www.securityfocus.com/bid/47012 http://www.videolan.org/vlc/releases/1.1.8.html http://www.vupen.com/english/advisories/2011/0759 https://excha • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •

CVSS: 6.8EPSS: 78%CPEs: 7EXPL: 3

The StripTags function in (1) the USF decoder (modules/codec/subtitles/subsdec.c) and (2) the Text decoder (modules/codec/subtitles/subsusf.c) in VideoLAN VLC Media Player 1.1 before 1.1.6-rc allows remote attackers to execute arbitrary code via a subtitle with an opening "<" without a closing ">" in an MKV file, which triggers heap memory corruption, as demonstrated using refined-australia-blu720p-sample.mkv. La función StripTags en (1) el decodificador USF (modules/codec/subtitles/subsdec.c) y (2) el decodificador de texto (modules/codec/subtitles/subsusf.c) en VideoLAN VLC Media Player 1.1 antes de v1.1.6- rc permite a atacantes remotos ejecutar código arbitrario a través de un subtítulo con una abertura "<" sin cierre ">" en un fichero MKV, que provoca daños en la memoria dinámica, como lo demuestra el uso refined-australia-blu720p-sample.mkv. VLC Media Player suffers from a subtitle StripTags() function memory corruption vulnerability. • https://www.exploit-db.com/exploits/16108 http://git.videolan.org/gitweb.cgi?p=vlc/vlc-1.1.git%3Ba=tag%3Bh=bb16813ddb61a53113c71bccc525559405785452 http://mailman.videolan.org/pipermail/vlc-devel/2011-January/078607.html http://mailman.videolan.org/pipermail/vlc-devel/2011-January/078614.html http://securityreason.com/securityalert/8064 http://www.exploit-db.com/exploits/16108 http://www.openwall.com/lists/oss-security/2011/01/25/7 http://www.openwall.com/lists/oss-security/2011/01 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •