CVSS: 7.5EPSS: 12%CPEs: 33EXPL: 2CVE-2013-6283 – VideoLAN VLC Media Player 2.0.8 - '.m3u' Local Crash (PoC)
https://notcve.org/view.php?id=CVE-2013-6283
VideoLAN VLC Media Player 2.0.8 and earlier allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a long string in a URL in a m3u file. VideoLAN VLC Media Player 2.0.8 y versiones anteriores permite a atacantes remotos provocar una denegación de servicio (cuelgue) y posiblemente ejecutar código arbitrario a través de una cadena larga con la URL de un archivo m3u. • https://www.exploit-db.com/exploits/27700 http://www.exploit-db.com/exploits/27700 http://www.osvdb.org/96603 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A19318 • CWE-20: Improper Input Validation •
CVSS: 7.5EPSS: 6%CPEs: 39EXPL: 2CVE-2010-2062
https://notcve.org/view.php?id=CVE-2010-2062
Integer underflow in the real_get_rdt_chunk function in real.c, as used in modules/access/rtsp/real.c in VideoLAN VLC media player before 1.0.1 and stream/realrtsp/real.c in MPlayer before r29447, allows remote attackers to execute arbitrary code via a crafted length value in an RDT chunk header. Desbordamiento de enteros en la función real_get_rdt_chunk en real.c, utilizado en modules/access/rtsp/real.c del reproductor multimedia VideoLAN VLC anterior a 1.0.1 y en stream/realrtsp/real.c en MPlayer anterior a r29447, permite a atacantes remotos ejecutar código arbitrario a través del valor longitud modificado en la cabecera RDT • http://git.videolan.org/?p=vlc.git%3Ba=commit%3Bh=dc74600c97eb834c08674676e209afa842053aca http://openwall.com/lists/oss-security/2010/06/04/4 http://seclists.org/fulldisclosure/2009/Jul/418 https://dzcore.wordpress.com/2009/07/27/dzc-2009-001-the-movie-player-and-vlc-media-player-real-data-transport-parsing-integer-underflow • CWE-189: Numeric Errors •
CVSS: 6.8EPSS: 5%CPEs: 8EXPL: 0CVE-2013-4388
https://notcve.org/view.php?id=CVE-2013-4388
Buffer overflow in the mp4a packetizer (modules/packetizer/mpeg4audio.c) in VideoLAN VLC Media Player before 2.0.8 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via unspecified vectors. Desbordamiento de buffer en el empaquetador mp4a (modules/packetizer/mpeg4audio.c) en VideoLAN VLC Media Player anterior a la versión 2.0.8 permite a atacantes remotos provocar una denegación de servicio (cuelgue) y posiblemente ejecutar código arbitrario a través de vectores sin especificar. • http://git.videolan.org/?p=vlc.git%3Ba=commitdiff%3Bh=9794ec1cd268c04c8bca13a5fae15df6594dff3e http://secunia.com/advisories/59793 http://www.openwall.com/lists/oss-security/2013/10/01/2 http://www.securityfocus.com/bid/62724 http://www.securitytracker.com/id/1029120 http://www.videolan.org/developers/vlc-branch/NEWS https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A18086 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 6.8EPSS: 4%CPEs: 6EXPL: 1CVE-2013-1954
https://notcve.org/view.php?id=CVE-2013-1954
The ASF Demuxer (modules/demux/asf/asf.c) in VideoLAN VLC media player 2.0.5 and earlier allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a crafted ASF movie that triggers an out-of-bounds read. El ASF Demuxer (modules/demux/asf/asf.c) en VideoLAN VLC media player v2.0.5 y anteriores permite a atacantes remotos provocar una denegación de servicio (caída) y posiblemente ejecutar código arbitrario a través de un fichero ASF especialmente diseñado que genera una lectura fuera de los límites. • http://git.videolan.org/?p=vlc.git%3Ba=commitdiff%3Bh=b31ce523331aa3a6e620b68cdfe3f161d519631e http://marc.info/?l=oss-security&m=136593191416152&w=2 http://marc.info/?l=oss-security&m=136610343501731&w=2 http://secunia.com/advisories/59793 http://trac.videolan.org/vlc/ticket/8024 http://www.osvdb.org/89598 http://www.securityfocus.com/bid/57333 http://www.videolan.org/security/sa1302.html https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A17023 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 9.3EPSS: 17%CPEs: 5EXPL: 1CVE-2013-1868 – VideoLAN VLC Media Player 2.0.4 - '.swf' Crash (PoC)
https://notcve.org/view.php?id=CVE-2013-1868
Multiple buffer overflows in VideoLAN VLC media player 2.0.4 and earlier allow remote attackers to cause a denial of service (crash) and execute arbitrary code via vectors related to the (1) freetype renderer and (2) HTML subtitle parser. Múltiples desbordamientos de búfer en VideoLAN VLC media player v2.0.4 y anteriores permite a atacantes remotos provocar una denegación de servicio (caída) y ejecutar código arbitrario a través de vectores relacionados con el (1) procesador freetype y (2) el analizador (parser) de subtitulos HTML. • https://www.exploit-db.com/exploits/23201 http://marc.info/?l=oss-security&m=136367945627336&w=2 http://secunia.com/advisories/59793 http://www.securityfocus.com/bid/57079 http://www.videolan.org/security/sa1301.html https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A17226 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •