CVE-2011-2194 – VideoLAN VLC Media Player 1.1.9 - XSPF Playlist Local File Integer Overflow
https://notcve.org/view.php?id=CVE-2011-2194
Integer overflow in the XSPF playlist parser in VideoLAN VLC media player 0.8.5 through 1.1.9 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via unspecified vectors that trigger a heap-based buffer overflow. Vulnerabilidad de desbordamiento de entero en el analizador de lista de reproducción XSPF de VLC v0.8.5 a v1.1.9 permite a atacantes remotos causar una denegación de servicio (caída de la aplicación) y posiblemente ejecutar código arbitrario a través de vectores no especificados que desencadenan un desbordamiento de búfer basado en memoria dinámica. • https://www.exploit-db.com/exploits/17372 http://secunia.com/advisories/44892 http://www.debian.org/security/2011/dsa-2257 http://www.securityfocus.com/bid/48171 http://www.videolan.org/security/sa1104.html https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A14774 • CWE-189: Numeric Errors •
CVE-2011-1684
https://notcve.org/view.php?id=CVE-2011-1684
Heap-based buffer overflow in the MP4_ReadBox_skcr function in libmp4.c in the MP4 demultiplexer in VideoLAN VLC media player 1.x before 1.1.9 allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a crafted MP4 file. Un desbordamiento de búfer en la región heap de la memoria en la función MP4_ReadBox_skcr en la biblioteca libmp4.c en el demultiplexor MP4 en el reproductor multimedia VLC de VideoLAN versiones 1.x anterior a 1.1.9, permite a los atacantes remotos causar una denegación de servicio (bloqueo de aplicación) o posiblemente ejecutar código arbitrario por medio de un archivo MP4. • http://git.videolan.org/?p=vlc.git%3Ba=commit%3Bh=5637ca8141bf39f263ecdb62035d2cb45c740821 http://openwall.com/lists/oss-security/2011/04/11/17 http://openwall.com/lists/oss-security/2011/04/13/14 http://openwall.com/lists/oss-security/2011/04/13/17 http://secunia.com/advisories/43890 http://secunia.com/advisories/44022 http://securitytracker.com/id?1025373 http://www.debian.org/security/2011/dsa-2218 http://www.securityfocus.com/bid/47293 http://www.videolan.org/se • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVE-2011-1087
https://notcve.org/view.php?id=CVE-2011-1087
Buffer overflow in VideoLAN VLC media player 1.0.5 allows user-assisted remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via a crafted .mp3 file that is played during bookmark creation. Desbordamiento de búfer en VideoLAN VLC media player v1.0.5 permite provocar, a atacantes remotos asistidos por un usuario local, una denegación de servicio (por corrupción de memoria y bloqueo de la aplicación) o posiblemente ejecutar código arbitrario a través de un archivo mp3 debidamente modificado que se reproduce durante la creación de un marcador. • http://openwall.com/lists/oss-security/2011/03/02/3 http://openwall.com/lists/oss-security/2011/03/03/8 http://openwall.com/lists/oss-security/2011/03/03/9 http://openwall.com/lists/oss-security/2011/03/28/7 http://secunia.com/advisories/38853 http://www.osvdb.org/62728 http://www.securityfocus.com/bid/38569 http://www.zeroscience.mk/en/vulnerabilities/ZSL-2010-4931.php https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A14 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVE-2010-3275 – VideoLAN VLC Media Player 1.1.4 - 'AMV' Dangling Pointer
https://notcve.org/view.php?id=CVE-2010-3275
libdirectx_plugin.dll in VideoLAN VLC Media Player before 1.1.8 allows remote attackers to execute arbitrary code via a crafted width in an AMV file, related to a "dangling pointer vulnerability." libdirectx_plugin.dll del reproductor multimedia VideoLAN VLC en versiones anteriores a la 1.1.8 permite a atacantes remotos ejecutar código de su elección a través de una anchura modificada de un fichero AMV. Relacionado con una vulnerabilidad de puntero no liberado. • https://www.exploit-db.com/exploits/17048 http://secunia.com/advisories/43826 http://securityreason.com/securityalert/8162 http://securitytracker.com/id?1025250 http://www.coresecurity.com/content/vlc-vulnerabilities-amv-nsv-files http://www.debian.org/security/2011/dsa-2211 http://www.exploit-db.com/exploits/17048 http://www.metasploit.com/modules/exploit/windows/browser/vlc_amv http://www.osvdb.org/71277 http://www.securityfocus.com/archive/1/517150/100/0/threaded http:/ • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVE-2010-3276
https://notcve.org/view.php?id=CVE-2010-3276
libdirectx_plugin.dll in VideoLAN VLC Media Player before 1.1.8 allows remote attackers to execute arbitrary code via a crafted width in an NSV file. libdirectx_plugin.dll de VideoLAN VLC Media Player en versiones anteriores a v1.1.8 permite a atacantes remotos la ejecución de código arbitrario mediante la manipulación de la anchura en ficheros NSV • http://secunia.com/advisories/43826 http://securityreason.com/securityalert/8162 http://securitytracker.com/id?1025250 http://www.coresecurity.com/content/vlc-vulnerabilities-amv-nsv-files http://www.debian.org/security/2011/dsa-2211 http://www.osvdb.org/71278 http://www.securityfocus.com/archive/1/517150/100/0/threaded http://www.securityfocus.com/bid/47012 http://www.videolan.org/vlc/releases/1.1.8.html http://www.vupen.com/english/advisories/2011/0759 https://excha • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •