Page 15 of 95 results (0.030 seconds)

CVSS: 9.3EPSS: 4%CPEs: 67EXPL: 0

Multiple heap-based buffer overflows in cdg.c in the CDG decoder in VideoLAN VLC Media Player before 1.1.6 allow remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a crafted CDG video. Múltiples desbordamientos de búfer de la memoria dinámica en cdg.c del descodificador CDG para VideoLAN VLC Media Player anterior a v1.1.6 permite a atacantes remotos causar una denegación de servicio (caída de aplicación) o posiblemente ejecutar código de su elección a través de un vídeo CDG manipulado • http://download.videolan.org/pub/videolan/vlc/1.1.6/vlc-1.1.6.tar.bz2 http://git.videolan.org/?p=vlc.git%3Ba=commit%3Bh=f9b664eac0e1a7bceed9d7b5854fd9fc351b4aab http://openwall.com/lists/oss-security/2011/01/19/6 http://openwall.com/lists/oss-security/2011/01/20/3 http://www.securityfocus.com/bid/45927 http://www.vupen.com/english/advisories/2011/0185 https://exchange.xforce.ibmcloud.com/vulnerabilities/64879 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg&# • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •

CVSS: 9.3EPSS: 5%CPEs: 67EXPL: 0

Multiple integer overflows in real.c in the Real demuxer plugin in VideoLAN VLC Media Player before 1.1.6 allow remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a zero i_subpackets value in a Real Media file, leading to a heap-based buffer overflow. Múltiples desbordamientos de entero en real.c en el complemento Real demuxer en VideoLAN VLC Media Player anterior a v1.1.6 permite a atacantes remotos causar una denegación de servicio (caída de aplicación) o posiblemente ejecutar código de su elección a través de un valor cero i_subpackets en un archivo de Real Media, que conduce a un desbordamiento de búfer basado en montón .. • http://git.videolan.org/?p=vlc.git%3Ba=commit%3Bh=6568965770f906d34d4aef83237842a5376adb55 http://www.cs.brown.edu/people/drosenbe/research.html http://www.securityfocus.com/bid/45632 http://www.videolan.org/security/sa1007.html http://www.vupen.com/english/advisories/2010/3345 https://exchange.xforce.ibmcloud.com/vulnerabilities/64461 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A13950 • CWE-189: Numeric Errors •

CVSS: 9.3EPSS: 51%CPEs: 65EXPL: 2

Untrusted search path vulnerability in bin/winvlc.c in VLC Media Player 1.1.3 and earlier allows local users, and possibly remote attackers, to execute arbitrary code and conduct DLL hijacking attacks via a Trojan horse wintab32.dll that is located in the same folder as a .mp3 file. Vulnerabilidad de ruta de búsqueda no confiable en bin/winvlc.c de VLC Media Player v1.1.3 y anteriores permite a usuarios locales, y puede que atacantes remotos, ejecutar código de su elección y producir un ataque de secuestro de DLL, a través de un troyano wintab32.dll que está ubicado en la misma carpeta que un fichero .mp3. • https://www.exploit-db.com/exploits/14750 http://git.videolan.org/?p=vlc/vlc-1.1.git%3Ba=blobdiff%3Bf=bin/winvlc.c%3Bh=ac9b97ca9f5f9ba001f13bf61eb5127a1c1dbcbf%3Bhp=2d09cba320e3b0def7069ce1ebab25d1340161c5%3Bhb=43a31df56c37bd62c691cdbe3c1f11babd164b56%3Bhpb=2d366da738b19f8d761d7084746c6db6f52808c6 http://secunia.com/advisories/41107 http://www.exploit-db.com/exploits/14750 http://www.openwall.com/lists/oss-security/2010/08/25/10 http://www.openwall.com/lists/oss-security/2010/08/25/9 http://www.vupen.com/english/advis •

CVSS: 5.0EPSS: 2%CPEs: 22EXPL: 0

The ReadMetaFromId3v2 function in taglib.cpp in the TagLib plugin in VideoLAN VLC media player 0.9.0 through 1.1.2 does not properly process ID3v2 tags, which allows remote attackers to cause a denial of service (application crash) via a crafted media file. La función ReadMetaFromId3v2 en taglib.cpp en el plugin TagLib en VideoLAN VLC media player v0.9.0 hasta v1.1.2 no procesa adecuadamente las etiquetas ID3v2, lo que permite a atacantes remotos provocar una denegación de servicio (caída de aplicación) a través de un archivo media manipulado. • http://git.videolan.org/?p=vlc/vlc-1.0.git%3Ba=commit%3Bh=22a22e356c9d93993086810b2e25b59b55925b3a http://git.videolan.org/?p=vlc/vlc-1.1.git%3Ba=commit%3Bh=24918843e57c7962e28fcb01845adce82bed6516 http://www.securityfocus.com/bid/42386 http://www.videolan.org/security/sa1004.html http://www.vupen.com/english/advisories/2010/2087 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A14676 • CWE-20: Improper Input Validation •

CVSS: 9.3EPSS: 8%CPEs: 1EXPL: 3

Stack-based buffer overflow in VideoLAN VLC Media Player 0.8.6 allows user-assisted remote attackers to execute arbitrary code via an ogg file with a crafted Advanced SubStation Alpha Subtitle (.ass) file, probably involving the Dialogue field. Desbordamiento de búfer basado en pila en VideoLAN VLC Media Player 0.8.6 permite a atacantes remotos asistidos por el usuario, ejecutar código de su elección mediante un fichero ogg con un fichero Advanced SubStation Alpha Subtitle (.ass) manipulado, probablemente en relación con el campo Dialogue. • https://www.exploit-db.com/exploits/11174 http://www.exploit-db.com/exploits/11174 http://www.securityfocus.com/bid/37832 https://exchange.xforce.ibmcloud.com/vulnerabilities/55717 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A14342 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •