CVSS: 7.8EPSS: 0%CPEs: 2EXPL: 1CVE-2019-18278
https://notcve.org/view.php?id=CVE-2019-18278
23 Oct 2019 — When executing VideoLAN VLC media player 3.0.8 with libqt on Windows, Data from a Faulting Address controls Code Flow starting at libqt_plugin!vlc_entry_license__3_0_0f+0x00000000003b9aba. NOTE: the VideoLAN security team indicates that they have not been contacted, and have no way of reproducing this issue. Al ejecutar el reproductor de medios VideoLAN VLC 3.0.8 con libqt en Windows, los datos de una dirección con errores controlan el flujo de código a partir de libqt_plugin! Vlc_entry_license__3_0_0f + 0x... • https://code610.blogspot.com/2019/10/random-bytes-in-vlc-308.html •
CVSS: 7.8EPSS: 0%CPEs: 3EXPL: 0CVE-2019-14438 – Debian Security Advisory 4504-1
https://notcve.org/view.php?id=CVE-2019-14438
21 Aug 2019 — A heap-based buffer over-read in xiph_PackHeaders() in modules/demux/xiph.h in VideoLAN VLC media player 3.0.7.1 allows remote attackers to trigger a heap-based buffer over-read via a crafted .ogg file. Una lectura excesiva del búfer en la región heap de la memoria en la función xiph_PackHeaders() en el archivo modules/demux/xiph.h en VideoLAN VLC media player versión 3.0.7.1, permite a atacantes remotos activar una lectura excesiva del búfer en la región heap de la memoria por medio de un archivo .ogg dise... • http://git.videolan.org/?p=vlc.git&a=search&h=refs%2Fheads%2Fmaster&st=commit&s=cve-2019 • CWE-125: Out-of-bounds Read •
CVSS: 7.8EPSS: 0%CPEs: 3EXPL: 0CVE-2019-14970 – Debian Security Advisory 4504-1
https://notcve.org/view.php?id=CVE-2019-14970
21 Aug 2019 — A vulnerability in mkv::event_thread_t in VideoLAN VLC media player 3.0.7.1 allows remote attackers to trigger a heap-based buffer overflow via a crafted .mkv file. Una vulnerabilidad en la función mkv::event_thread_t en VideoLAN VLC media player versión 3.0.7.1, permite a atacantes remotos desencadenar un desbordamiento del búfer en la región heap de la memoria por medio de un archivo .mkv diseñado. Multiple security issues were discovered in the VLC media player, which could result in the execution of arb... • http://git.videolan.org/?p=vlc.git&a=search&h=refs/heads/master&st=commit&s=cve-2019 • CWE-787: Out-of-bounds Write •
CVSS: 7.8EPSS: 0%CPEs: 3EXPL: 0CVE-2019-14776 – Debian Security Advisory 4504-1
https://notcve.org/view.php?id=CVE-2019-14776
21 Aug 2019 — A heap-based buffer over-read exists in DemuxInit() in demux/asf/asf.c in VideoLAN VLC media player 3.0.7.1 via a crafted .mkv file. Se presenta una lectura excesiva del búfer en la región heap de la memoria en la función DemuxInit() en el archivo demux/asf/asf.c en VideoLAN VLC media player versión 3.0.7.1 por medio de un archivo .mkv diseñado. Multiple security issues were discovered in the VLC media player, which could result in the execution of arbitrary code or denial of service if a malformed file/str... • http://git.videolan.org/?p=vlc.git&a=search&h=refs/heads/master&st=commit&s=cve-2019 • CWE-125: Out-of-bounds Read •
CVSS: 7.8EPSS: 0%CPEs: 3EXPL: 0CVE-2019-14778 – Debian Security Advisory 4504-1
https://notcve.org/view.php?id=CVE-2019-14778
21 Aug 2019 — The mkv::virtual_segment_c::seek method of demux/mkv/virtual_segment.cpp in VideoLAN VLC media player 3.0.7.1 has a use-after-free. El método mkv::virtual_segment_c::seek del archivo demux/mkv/virtual_segment.cpp en VideoLAN VLC media player versión 3.0.7.1, presenta un uso de la memoria previamente liberada. Multiple security issues were discovered in the VLC media player, which could result in the execution of arbitrary code or denial of service if a malformed file/stream is processed. • http://git.videolan.org/?p=vlc.git&a=search&h=refs/heads/master&st=commit&s=cve-2019 • CWE-416: Use After Free •
CVSS: 7.8EPSS: 0%CPEs: 3EXPL: 0CVE-2019-14437 – Debian Security Advisory 4504-1
https://notcve.org/view.php?id=CVE-2019-14437
21 Aug 2019 — The xiph_SplitHeaders function in modules/demux/xiph.h in VideoLAN VLC media player 3.0.7.1 does not check array bounds properly. As a result, a heap-based buffer over-read can be triggered via a crafted .ogg file. La función xiph_SplitHeaders en el archivo modules/demux/xiph.h en VideoLAN VLC media player versión 3.0.7.1, no comprueba los límites de la matriz apropiadamente. Como resultado, puede ser activada una lectura excesiva del búfer en la región heap de la memoria por medio de un archivo .ogg diseña... • http://git.videolan.org/?p=vlc.git&a=search&h=refs%2Fheads%2Fmaster&st=commit&s=cve-2019 • CWE-125: Out-of-bounds Read CWE-129: Improper Validation of Array Index •
CVSS: 5.5EPSS: 0%CPEs: 3EXPL: 0CVE-2019-14534 – Debian Security Advisory 4504-1
https://notcve.org/view.php?id=CVE-2019-14534
21 Aug 2019 — In VideoLAN VLC media player 3.0.7.1, there is a NULL pointer dereference at the function SeekPercent of demux/asf/asf.c that will lead to a denial of service attack. En VideoLAN VLC Media Player versión 3.0.7.1, hay una desreferencia del puntero NULL en la función SeekPercent del archivo demux/asf/asf.c, lo que conllevará a un ataque de denegación de servicio. Multiple security issues were discovered in the VLC media player, which could result in the execution of arbitrary code or denial of service if a ma... • http://git.videolan.org/?p=vlc.git&a=search&h=refs/heads/master&st=commit&s=cve-2019 • CWE-476: NULL Pointer Dereference •
CVSS: 7.8EPSS: 0%CPEs: 3EXPL: 0CVE-2019-14777 – Ubuntu Security Notice USN-4131-1
https://notcve.org/view.php?id=CVE-2019-14777
21 Aug 2019 — The Control function of demux/mkv/mkv.cpp in VideoLAN VLC media player 3.0.7.1 has a use-after-free. La función Control del archivo demux/mkv/mkv.cpp en VideoLAN VLC media player versión 3.0.7.1, presenta un uso de la memoria previamente liberada. It was discovered that VLC incorrectly handled certain media files. If a user were tricked into opening a specially-crafted file, a remote attacker could use this issue to cause VLC to crash, resulting in a denial of service, or possibly execute arbitrary code. • http://git.videolan.org/?p=vlc.git&a=search&h=refs/heads/master&st=commit&s=cve-2019 • CWE-416: Use After Free •
CVSS: 7.8EPSS: 0%CPEs: 3EXPL: 0CVE-2019-14498 – Debian Security Advisory 4504-1
https://notcve.org/view.php?id=CVE-2019-14498
21 Aug 2019 — A divide-by-zero error exists in the Control function of demux/caf.c in VideoLAN VLC media player 3.0.7.1. As a result, an FPE can be triggered via a crafted CAF file. Existe un error de división por cero en la función Control del archivo demux/caf.c en VideoLAN VLC media player versión 3.0.7.1. Como resultado, puede ser activado un FPE por medio de un archivo CAF diseñado. Multiple security issues were discovered in the VLC media player, which could result in the execution of arbitrary code or denial of se... • http://git.videolan.org/?p=vlc.git&a=search&h=refs/heads/master&st=commit&s=cve-2019 • CWE-369: Divide By Zero •
CVSS: 7.8EPSS: 0%CPEs: 3EXPL: 0CVE-2019-14533 – Ubuntu Security Notice USN-4131-1
https://notcve.org/view.php?id=CVE-2019-14533
21 Aug 2019 — The Control function of demux/asf/asf.c in VideoLAN VLC media player 3.0.7.1 has a use-after-free. La función Control del archivo demux/asf/asf.c en VideoLAN VLC media player versión 3.0.7.1, presenta un uso de la memoria previamente liberada. It was discovered that VLC incorrectly handled certain media files. If a user were tricked into opening a specially-crafted file, a remote attacker could use this issue to cause VLC to crash, resulting in a denial of service, or possibly execute arbitrary code. • http://git.videolan.org/?p=vlc.git&a=search&h=refs/heads/master&st=commit&s=cve-2019 • CWE-416: Use After Free •