CVSS: 9.3EPSS: 95%CPEs: 107EXPL: 2CVE-2012-1775 – VideoLAN VLC Media Player 2.0.0 - Mms Stream Handling Buffer Overflow
https://notcve.org/view.php?id=CVE-2012-1775
19 Mar 2012 — Stack-based buffer overflow in VideoLAN VLC media player before 2.0.1 allows remote attackers to execute arbitrary code via a crafted MMS:// stream. Un desbordamiento de búfer Basado en pila en VideoLAN VLC media player antes de v2.0.1 permite a atacantes remotos ejecutar código de su elección a través de un stream MMS:// modificado a mano. Multiple vulnerabilities have been found in VLC, the worst of which could lead to user-assisted execution of arbitrary code. Versions less than 2.1.2 are affected. • https://www.exploit-db.com/exploits/18825 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 9.3EPSS: 4%CPEs: 107EXPL: 0CVE-2012-1776 – Gentoo Linux Security Advisory 201411-01
https://notcve.org/view.php?id=CVE-2012-1776
19 Mar 2012 — Multiple heap-based buffer overflows in VideoLAN VLC media player before 2.0.1 allow remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a crafted Real RTSP stream. Múltiples desbordamientos de buffer de memoria dinámica en el reproductor multimedia VideoLAN VLC anteriores a 2.0.1. Permiten a atacantes remotos provocar una denegación de servicio (caída de la aplicación) o posiblemente ejecutar código arbitrario a través de un stream Real RTSP modificado. ... • http://osvdb.org/80189 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 9.3EPSS: 18%CPEs: 40EXPL: 1CVE-2011-2194 – VideoLAN VLC Media Player 1.1.9 - XSPF Playlist Local File Integer Overflow
https://notcve.org/view.php?id=CVE-2011-2194
24 Jun 2011 — Integer overflow in the XSPF playlist parser in VideoLAN VLC media player 0.8.5 through 1.1.9 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via unspecified vectors that trigger a heap-based buffer overflow. Vulnerabilidad de desbordamiento de entero en el analizador de lista de reproducción XSPF de VLC v0.8.5 a v1.1.9 permite a atacantes remotos causar una denegación de servicio (caída de la aplicación) y posiblemente ejecutar código arbitrario a través de ... • https://www.exploit-db.com/exploits/17372 • CWE-189: Numeric Errors •
CVSS: 9.3EPSS: 0%CPEs: 36EXPL: 2CVE-2008-5032 – VideoLAN VLC Media Player < 0.9.6 - 'CUE' Local Buffer Overflow (PoC)
https://notcve.org/view.php?id=CVE-2008-5032
10 Nov 2008 — Stack-based buffer overflow in VideoLAN VLC media player 0.5.0 through 0.9.5 might allow user-assisted attackers to execute arbitrary code via the header of an invalid CUE image file, related to modules/access/vcd/cdrom.c. NOTE: this identifier originally included an issue related to RealText, but that issue has been assigned a separate identifier, CVE-2008-5036. Un desbordamiento de búfer en la región stack de la memoria en el reproductor multimedia VideoLAN VLC versiones 0.5.0 hasta 0.9.5, podría permitir... • https://www.exploit-db.com/exploits/9686 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 7.8EPSS: 0%CPEs: 24EXPL: 0CVE-2008-2147
https://notcve.org/view.php?id=CVE-2008-2147
12 May 2008 — Untrusted search path vulnerability in VideoLAN VLC before 0.9.0 allows local users to execute arbitrary code via a malicious library under the modules/ or plugins/ subdirectories of the current working directory. Vulnerabilidad de búsqueda en ruta no confiable en VideoLAN VLC anterior a 0.9.0 permite a usuarios locales ejecutar código de su elección a través de una librería bajo los subdirectorios modules/ o plugins/ del directorio actual. • http://git.videolan.org/?p=vlc.git%3Ba=commit%3Bh=c7cef4fdd8dd72ce0a45be3cda8ba98df5e83181 • CWE-264: Permissions, Privileges, and Access Controls •
CVSS: 7.5EPSS: 2%CPEs: 60EXPL: 1CVE-2008-1769 – Kantaris 0.3.4 - SSA Subtitle Local Buffer Overflow
https://notcve.org/view.php?id=CVE-2008-1769
24 Apr 2008 — VLC before 0.8.6f allow remote attackers to cause a denial of service (crash) via a crafted Cinepak file that triggers an out-of-bounds array access and memory corruption. VLC versions anteriores a la 0.8.6f, permite a atacantes remotos provocar una denegación de servicio (caída) a través de un Cinepak manipulado que dispara un acceso a array fuera de límite y una corrupción de memoria. • https://www.exploit-db.com/exploits/5498 • CWE-399: Resource Management Errors •
CVSS: 7.5EPSS: 2%CPEs: 60EXPL: 0CVE-2008-1768
https://notcve.org/view.php?id=CVE-2008-1768
24 Apr 2008 — Multiple integer overflows in VLC before 0.8.6f allow remote attackers to cause a denial of service (crash) via the (1) MP4 demuxer, (2) Real demuxer, and (3) Cinepak codec, which triggers a buffer overflow. Múltiples desbordamientos de enteros en VLC anterior a 0.8.6f, permite a atacantes remotos provocar una denegación de servicio (caída) a través del demultiplexador (1) MP4, (2) Real y (3) el codec Cinepak, que inicia el desbordamiento de búfer. • http://secunia.com/advisories/29503 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 7.5EPSS: 1%CPEs: 1EXPL: 0CVE-2007-6684
https://notcve.org/view.php?id=CVE-2007-6684
17 Jan 2008 — The RTSP module in VideoLAN VLC 0.8.6d allows remote attackers to cause a denial of service (crash) via a request without a Transport parameter, which triggers a NULL pointer dereference. El módulo RTSP de VideoLAN VLC 0.8.6d permite a atacantes remotos provocar una denegación de servicio (caída) mediante una petición sin el parámetro Transfer, lo cual provoca una referencia a un puntero nulo. • http://mailman.videolan.org/pipermail/vlc-devel/2007-September/034722.html • CWE-20: Improper Input Validation •
CVSS: 9.8EPSS: 29%CPEs: 1EXPL: 2CVE-2007-6681 – Kantaris 0.3.4 - SSA Subtitle Local Buffer Overflow
https://notcve.org/view.php?id=CVE-2007-6681
17 Jan 2008 — Stack-based buffer overflow in modules/demux/subtitle.c in VideoLAN VLC 0.8.6d allows remote attackers to execute arbitrary code via a long subtitle in a (1) MicroDvd, (2) SSA, and (3) Vplayer file. Desbordamiento de búfer basado en pila en modules/demux/subtitle.c de VideoLAN VLC 0.8.6d permite a atacantes remotos ejecutar código de su elección mediante un subtítulo largo en un fichero (1) MicroDvd, (2) SSA, y (3) Vplayer. • https://www.exploit-db.com/exploits/5498 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 7.5EPSS: 0%CPEs: 1EXPL: 1CVE-2007-6683
https://notcve.org/view.php?id=CVE-2007-6683
17 Jan 2008 — The browser plugin in VideoLAN VLC 0.8.6d allows remote attackers to overwrite arbitrary files via (1) the :demuxdump-file option in a filename in a playlist, or (2) a EXTVLCOPT statement in an MP3 file, possibly an argument injection vulnerability. La extensión de navegación de VideoLAN VLC 0.8.6d permite a atacantes remotos sobrescribir ficheros de su elección mediante (1) la opción :demuxdump-file en un nombre de fichero de una lista de reproducción, o (2) una sentencia EXTVLCOPT en un fichero MP3, posib... • http://mailman.videolan.org/pipermail/vlc-devel/2007-December/037726.html •