CVSS: 7.8EPSS: 0%CPEs: 3EXPL: 0CVE-2019-14498 – Debian Security Advisory 4504-1
https://notcve.org/view.php?id=CVE-2019-14498
21 Aug 2019 — A divide-by-zero error exists in the Control function of demux/caf.c in VideoLAN VLC media player 3.0.7.1. As a result, an FPE can be triggered via a crafted CAF file. Existe un error de división por cero en la función Control del archivo demux/caf.c en VideoLAN VLC media player versión 3.0.7.1. Como resultado, puede ser activado un FPE por medio de un archivo CAF diseñado. Multiple security issues were discovered in the VLC media player, which could result in the execution of arbitrary code or denial of se... • http://git.videolan.org/?p=vlc.git&a=search&h=refs/heads/master&st=commit&s=cve-2019 • CWE-369: Divide By Zero •
CVSS: 7.8EPSS: 0%CPEs: 3EXPL: 0CVE-2019-14533 – Ubuntu Security Notice USN-4131-1
https://notcve.org/view.php?id=CVE-2019-14533
21 Aug 2019 — The Control function of demux/asf/asf.c in VideoLAN VLC media player 3.0.7.1 has a use-after-free. La función Control del archivo demux/asf/asf.c en VideoLAN VLC media player versión 3.0.7.1, presenta un uso de la memoria previamente liberada. It was discovered that VLC incorrectly handled certain media files. If a user were tricked into opening a specially-crafted file, a remote attacker could use this issue to cause VLC to crash, resulting in a denial of service, or possibly execute arbitrary code. • http://git.videolan.org/?p=vlc.git&a=search&h=refs/heads/master&st=commit&s=cve-2019 • CWE-416: Use After Free •
CVSS: 7.8EPSS: 0%CPEs: 3EXPL: 0CVE-2019-14535 – Debian Security Advisory 4504-1
https://notcve.org/view.php?id=CVE-2019-14535
21 Aug 2019 — A divide-by-zero error exists in the SeekIndex function of demux/asf/asf.c in VideoLAN VLC media player 3.0.7.1. As a result, an FPE can be triggered via a crafted WMV file. Se presenta un error de división por cero en la función SeekIndex del archivo demux/asf/asf.c en VideoLAN VLC media player versión 3.0.7.1. Como resultado, puede ser activado un FPE por medio de un archivo WMV especialmente diseñado. Multiple security issues were discovered in the VLC media player, which could result in the execution of... • http://git.videolan.org/?p=vlc.git&a=search&h=refs/heads/master&st=commit&s=cve-2019 • CWE-369: Divide By Zero •
CVSS: 7.8EPSS: 0%CPEs: 3EXPL: 0CVE-2019-14776 – Debian Security Advisory 4504-1
https://notcve.org/view.php?id=CVE-2019-14776
21 Aug 2019 — A heap-based buffer over-read exists in DemuxInit() in demux/asf/asf.c in VideoLAN VLC media player 3.0.7.1 via a crafted .mkv file. Se presenta una lectura excesiva del búfer en la región heap de la memoria en la función DemuxInit() en el archivo demux/asf/asf.c en VideoLAN VLC media player versión 3.0.7.1 por medio de un archivo .mkv diseñado. Multiple security issues were discovered in the VLC media player, which could result in the execution of arbitrary code or denial of service if a malformed file/str... • http://git.videolan.org/?p=vlc.git&a=search&h=refs/heads/master&st=commit&s=cve-2019 • CWE-125: Out-of-bounds Read •
CVSS: 7.8EPSS: 0%CPEs: 3EXPL: 0CVE-2019-14777 – Ubuntu Security Notice USN-4131-1
https://notcve.org/view.php?id=CVE-2019-14777
21 Aug 2019 — The Control function of demux/mkv/mkv.cpp in VideoLAN VLC media player 3.0.7.1 has a use-after-free. La función Control del archivo demux/mkv/mkv.cpp en VideoLAN VLC media player versión 3.0.7.1, presenta un uso de la memoria previamente liberada. It was discovered that VLC incorrectly handled certain media files. If a user were tricked into opening a specially-crafted file, a remote attacker could use this issue to cause VLC to crash, resulting in a denial of service, or possibly execute arbitrary code. • http://git.videolan.org/?p=vlc.git&a=search&h=refs/heads/master&st=commit&s=cve-2019 • CWE-416: Use After Free •
CVSS: 7.8EPSS: 0%CPEs: 3EXPL: 0CVE-2019-14778 – Debian Security Advisory 4504-1
https://notcve.org/view.php?id=CVE-2019-14778
21 Aug 2019 — The mkv::virtual_segment_c::seek method of demux/mkv/virtual_segment.cpp in VideoLAN VLC media player 3.0.7.1 has a use-after-free. El método mkv::virtual_segment_c::seek del archivo demux/mkv/virtual_segment.cpp en VideoLAN VLC media player versión 3.0.7.1, presenta un uso de la memoria previamente liberada. Multiple security issues were discovered in the VLC media player, which could result in the execution of arbitrary code or denial of service if a malformed file/stream is processed. • http://git.videolan.org/?p=vlc.git&a=search&h=refs/heads/master&st=commit&s=cve-2019 • CWE-416: Use After Free •
CVSS: 7.8EPSS: 0%CPEs: 3EXPL: 0CVE-2019-14970 – Debian Security Advisory 4504-1
https://notcve.org/view.php?id=CVE-2019-14970
21 Aug 2019 — A vulnerability in mkv::event_thread_t in VideoLAN VLC media player 3.0.7.1 allows remote attackers to trigger a heap-based buffer overflow via a crafted .mkv file. Una vulnerabilidad en la función mkv::event_thread_t en VideoLAN VLC media player versión 3.0.7.1, permite a atacantes remotos desencadenar un desbordamiento del búfer en la región heap de la memoria por medio de un archivo .mkv diseñado. Multiple security issues were discovered in the VLC media player, which could result in the execution of arb... • http://git.videolan.org/?p=vlc.git&a=search&h=refs/heads/master&st=commit&s=cve-2019 • CWE-787: Out-of-bounds Write •
CVSS: 7.8EPSS: 0%CPEs: 9EXPL: 0CVE-2019-13602 – Ubuntu Security Notice USN-4074-1
https://notcve.org/view.php?id=CVE-2019-13602
14 Jul 2019 — An Integer Underflow in MP4_EIA608_Convert() in modules/demux/mp4/mp4.c in VideoLAN VLC media player through 3.0.7.1 allows remote attackers to cause a denial of service (heap-based buffer overflow and crash) or possibly have unspecified other impact via a crafted .mp4 file. Un desbordamiento inferior de enteros en MP4_EIA608_Convert() en modules/demux/mp4/mp4.c en VideoLAN VLC media player hasta la versión 3.0.7.1 permitiría un atacante remoto causar una denegación de servicio (desbordamiento de buffer bas... • http://lists.opensuse.org/opensuse-security-announce/2019-08/msg00005.html • CWE-191: Integer Underflow (Wrap or Wraparound) CWE-787: Out-of-bounds Write •