CVSS: 7.8EPSS: 6%CPEs: 4EXPL: 0CVE-2020-13428 – Ubuntu Security Notice USN-6180-1
https://notcve.org/view.php?id=CVE-2020-13428
08 Jun 2020 — A heap-based buffer overflow in the hxxx_AnnexB_to_xVC function in modules/packetizer/hxxx_nal.c in VideoLAN VLC media player before 3.0.11 for macOS/iOS allows remote attackers to cause a denial of service (application crash) or execute arbitrary code via a crafted H.264 Annex-B video (.avi for example) file. Un desbordamiento del búfer en la región heap de la memoria en la función hxxx_AnnexB_to_xVC en el archivo modules/packetizer/hxxx_nal.c en el reproductor multimedia VideoLAN VLC en versines anteriore... • http://git.videolan.org/?p=vlc/vlc-3.0.git%3Ba=commit%3Bh=d5c43c21c747ff30ed19fcca745dea3481c733e0 • CWE-787: Out-of-bounds Write •
CVSS: 7.8EPSS: 1%CPEs: 1EXPL: 1CVE-2019-19721 – Ubuntu Security Notice USN-6180-1
https://notcve.org/view.php?id=CVE-2019-19721
15 May 2020 — An off-by-one error in the DecodeBlock function in codec/sdl_image.c in VideoLAN VLC media player before 3.0.9 allows remote attackers to cause a denial of service (memory corruption) via a crafted image file. NOTE: this may be related to the SDL_Image product. Un error por un paso en la función DecodeBlock en el archivo codec/sdl_image.c en reproductor multimedia VideoLAN VLC versiones anteriores a 3.0.9, permite a atacantes remotos causar una denegación de servicio (corrupción de la memoria) por medio de ... • http://hg.libsdl.org/SDL_image • CWE-193: Off-by-one Error CWE-787: Out-of-bounds Write •
CVSS: 5.3EPSS: 0%CPEs: 1EXPL: 0CVE-2013-3564
https://notcve.org/view.php?id=CVE-2013-3564
06 Feb 2020 — The web interface in VideoLAN VLC media player before 2.0.7 has no access control which allows remote attackers to view directory listings via the 'dir' command or issue other commands without authenticating. La interfaz web en el reproductor multimedia VideoLAN VLC versiones anteriores a 2.0.7, no presentan un control de acceso, lo que permite a atacantes remotos visualizar los listados de directorios por medio del comando "dir" o emitir otros comandos sin autenticarse. • https://www3.trustwave.com/spiderlabs/advisories/TWSL2013-007.txt • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 6.1EPSS: 0%CPEs: 2EXPL: 1CVE-2013-3565
https://notcve.org/view.php?id=CVE-2013-3565
31 Jan 2020 — Multiple cross-site scripting (XSS) vulnerabilities in the HTTP Interface in VideoLAN VLC Media Player before 2.0.7 allow remote attackers to inject arbitrary web script or HTML via the (1) command parameter to requests/vlm_cmd.xml, (2) dir parameter to requests/browse.xml, or (3) URI in a request, which is returned in an error message through share/lua/intf/http.lua. Múltiples vulnerabilidades de tipo cross-site scripting (XSS) en la interfaz HTTP en VideoLAN VLC Media Player versiones anteriores a 2.0.7, ... • http://git.videolan.org/gitweb.cgi/vlc.git/?p=vlc.git%3Ba=commitdiff%3Bh=bf02b8dd211d5a52aa301a9a2ff4e73ed8195881 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 7.8EPSS: 4%CPEs: 1EXPL: 0CVE-2014-9625
https://notcve.org/view.php?id=CVE-2014-9625
24 Jan 2020 — The GetUpdateFile function in misc/update.c in the Updater in VideoLAN VLC media player before 2.1.6 performs an incorrect cast operation from a 64-bit integer to a 32-bit integer, which allows remote attackers to conduct buffer overflow attacks and execute arbitrary code via a crafted update status file, aka an "integer truncation" vulnerability. La función GetUpdateFile en el archivo misc/update.c en el Updater en el reproductor multimedia VLC de VideoLAN versiones anteriores a 2.1.6, realiza una operació... • http://openwall.com/lists/oss-security/2015/01/20/5 • CWE-120: Buffer Copy without Checking Size of Input ('Classic Buffer Overflow') •
CVSS: 7.8EPSS: 0%CPEs: 2EXPL: 1CVE-2019-18278
https://notcve.org/view.php?id=CVE-2019-18278
23 Oct 2019 — When executing VideoLAN VLC media player 3.0.8 with libqt on Windows, Data from a Faulting Address controls Code Flow starting at libqt_plugin!vlc_entry_license__3_0_0f+0x00000000003b9aba. NOTE: the VideoLAN security team indicates that they have not been contacted, and have no way of reproducing this issue. Al ejecutar el reproductor de medios VideoLAN VLC 3.0.8 con libqt en Windows, los datos de una dirección con errores controlan el flujo de código a partir de libqt_plugin! Vlc_entry_license__3_0_0f + 0x... • https://code610.blogspot.com/2019/10/random-bytes-in-vlc-308.html •
CVSS: 7.8EPSS: 0%CPEs: 3EXPL: 0CVE-2019-14776 – Debian Security Advisory 4504-1
https://notcve.org/view.php?id=CVE-2019-14776
21 Aug 2019 — A heap-based buffer over-read exists in DemuxInit() in demux/asf/asf.c in VideoLAN VLC media player 3.0.7.1 via a crafted .mkv file. Se presenta una lectura excesiva del búfer en la región heap de la memoria en la función DemuxInit() en el archivo demux/asf/asf.c en VideoLAN VLC media player versión 3.0.7.1 por medio de un archivo .mkv diseñado. Multiple security issues were discovered in the VLC media player, which could result in the execution of arbitrary code or denial of service if a malformed file/str... • http://git.videolan.org/?p=vlc.git&a=search&h=refs/heads/master&st=commit&s=cve-2019 • CWE-125: Out-of-bounds Read •
CVSS: 7.8EPSS: 0%CPEs: 3EXPL: 0CVE-2019-14777 – Ubuntu Security Notice USN-4131-1
https://notcve.org/view.php?id=CVE-2019-14777
21 Aug 2019 — The Control function of demux/mkv/mkv.cpp in VideoLAN VLC media player 3.0.7.1 has a use-after-free. La función Control del archivo demux/mkv/mkv.cpp en VideoLAN VLC media player versión 3.0.7.1, presenta un uso de la memoria previamente liberada. It was discovered that VLC incorrectly handled certain media files. If a user were tricked into opening a specially-crafted file, a remote attacker could use this issue to cause VLC to crash, resulting in a denial of service, or possibly execute arbitrary code. • http://git.videolan.org/?p=vlc.git&a=search&h=refs/heads/master&st=commit&s=cve-2019 • CWE-416: Use After Free •
CVSS: 7.8EPSS: 0%CPEs: 3EXPL: 0CVE-2019-14778 – Debian Security Advisory 4504-1
https://notcve.org/view.php?id=CVE-2019-14778
21 Aug 2019 — The mkv::virtual_segment_c::seek method of demux/mkv/virtual_segment.cpp in VideoLAN VLC media player 3.0.7.1 has a use-after-free. El método mkv::virtual_segment_c::seek del archivo demux/mkv/virtual_segment.cpp en VideoLAN VLC media player versión 3.0.7.1, presenta un uso de la memoria previamente liberada. Multiple security issues were discovered in the VLC media player, which could result in the execution of arbitrary code or denial of service if a malformed file/stream is processed. • http://git.videolan.org/?p=vlc.git&a=search&h=refs/heads/master&st=commit&s=cve-2019 • CWE-416: Use After Free •
CVSS: 7.8EPSS: 0%CPEs: 3EXPL: 0CVE-2019-14970 – Debian Security Advisory 4504-1
https://notcve.org/view.php?id=CVE-2019-14970
21 Aug 2019 — A vulnerability in mkv::event_thread_t in VideoLAN VLC media player 3.0.7.1 allows remote attackers to trigger a heap-based buffer overflow via a crafted .mkv file. Una vulnerabilidad en la función mkv::event_thread_t en VideoLAN VLC media player versión 3.0.7.1, permite a atacantes remotos desencadenar un desbordamiento del búfer en la región heap de la memoria por medio de un archivo .mkv diseñado. Multiple security issues were discovered in the VLC media player, which could result in the execution of arb... • http://git.videolan.org/?p=vlc.git&a=search&h=refs/heads/master&st=commit&s=cve-2019 • CWE-787: Out-of-bounds Write •