CVSS: 7.8EPSS: 0%CPEs: 3EXPL: 0CVE-2019-14535 – Debian Security Advisory 4504-1
https://notcve.org/view.php?id=CVE-2019-14535
21 Aug 2019 — A divide-by-zero error exists in the SeekIndex function of demux/asf/asf.c in VideoLAN VLC media player 3.0.7.1. As a result, an FPE can be triggered via a crafted WMV file. Se presenta un error de división por cero en la función SeekIndex del archivo demux/asf/asf.c en VideoLAN VLC media player versión 3.0.7.1. Como resultado, puede ser activado un FPE por medio de un archivo WMV especialmente diseñado. Multiple security issues were discovered in the VLC media player, which could result in the execution of... • http://git.videolan.org/?p=vlc.git&a=search&h=refs/heads/master&st=commit&s=cve-2019 • CWE-369: Divide By Zero •
CVSS: 5.5EPSS: 0%CPEs: 5EXPL: 1CVE-2019-5460
https://notcve.org/view.php?id=CVE-2019-5460
30 Jul 2019 — Double Free in VLC versions <= 3.0.6 leads to a crash. Una vulnerabilidad de Doble Liberación en VLC versiones anteriores a 3.0.6 (incluida), conlleva a un bloqueo. • http://lists.opensuse.org/opensuse-security-announce/2019-08/msg00005.html • CWE-415: Double Free •
CVSS: 7.1EPSS: 0%CPEs: 5EXPL: 1CVE-2019-5459
https://notcve.org/view.php?id=CVE-2019-5459
30 Jul 2019 — An Integer underflow in VLC Media Player versions < 3.0.7 leads to an out-of-band read. Un desbordamiento de enteros de VLC Media Player versiones anteriores a 3.0.7, conlleva a una lectura fuera de banda. • http://lists.opensuse.org/opensuse-security-announce/2019-08/msg00005.html • CWE-191: Integer Underflow (Wrap or Wraparound) •
CVSS: 9.8EPSS: 1%CPEs: 9EXPL: 1CVE-2019-13962 – Ubuntu Security Notice USN-4131-1
https://notcve.org/view.php?id=CVE-2019-13962
18 Jul 2019 — lavc_CopyPicture in modules/codec/avcodec/video.c in VideoLAN VLC media player through 3.0.7 has a heap-based buffer over-read because it does not properly validate the width and height. lavc_CopyPicture en modules / codec / avcodec / video.c en el reproductor de medios VideoLAN VLC a través de 3.0.7 tiene una lectura en exceso del búfer basado en el montón porque no valida correctamente el ancho y la altura. It was discovered that VLC incorrectly handled certain media files. If a user were tricked into ope... • http://git.videolan.org/?p=vlc/vlc-3.0.git%3Ba=commit%3Bh=2b4f9d0b0e0861f262c90e9b9b94e7d53b864509 • CWE-125: Out-of-bounds Read •
CVSS: 5.5EPSS: 0%CPEs: 1EXPL: 1CVE-2019-13615 – Ubuntu Security Notice USN-4073-1
https://notcve.org/view.php?id=CVE-2019-13615
16 Jul 2019 — libebml before 1.3.6, as used in the MKV module in VideoLAN VLC Media Player binaries before 3.0.3, has a heap-based buffer over-read in EbmlElement::FindNextElement. libebml en versiones anteriores a la 1.3.6, tal como se usa en el módulo MKV en los binarios de VideoLAN VLC Media Player en versiones anteriores a la 3.0.3, tiene una sobrelectura de búfer basada en memoria dinámica (heap) en EbmlElement :: FindNextElement. It was discovered that libEBML incorrectly handled certain media files. If a user were... • http://www.securityfocus.com/bid/109304 • CWE-125: Out-of-bounds Read •
CVSS: 7.8EPSS: 1%CPEs: 9EXPL: 0CVE-2019-13602 – Ubuntu Security Notice USN-4074-1
https://notcve.org/view.php?id=CVE-2019-13602
14 Jul 2019 — An Integer Underflow in MP4_EIA608_Convert() in modules/demux/mp4/mp4.c in VideoLAN VLC media player through 3.0.7.1 allows remote attackers to cause a denial of service (heap-based buffer overflow and crash) or possibly have unspecified other impact via a crafted .mp4 file. Un desbordamiento inferior de enteros en MP4_EIA608_Convert() en modules/demux/mp4/mp4.c en VideoLAN VLC media player hasta la versión 3.0.7.1 permitiría un atacante remoto causar una denegación de servicio (desbordamiento de buffer bas... • http://lists.opensuse.org/opensuse-security-announce/2019-08/msg00005.html • CWE-191: Integer Underflow (Wrap or Wraparound) CWE-787: Out-of-bounds Write •
CVSS: 9.8EPSS: 2%CPEs: 1EXPL: 0CVE-2019-12874 – Ubuntu Security Notice USN-4074-1
https://notcve.org/view.php?id=CVE-2019-12874
18 Jun 2019 — An issue was discovered in zlib_decompress_extra in modules/demux/mkv/util.cpp in VideoLAN VLC media player 3.x through 3.0.7. The Matroska demuxer, while parsing a malformed MKV file type, has a double free. Se descubrió un problema en zlib_decompress_extra en módulos / demux / mkv / util.cpp en el reproductor de medios VideoLAN VLC 3.x a 3.0.7. El demuxer de Matroska, mientras analiza un tipo de archivo MKV con formato incorrecto, tiene un doble libre. It was discovered that the VLC CAF demuxer incorrectl... • http://git.videolan.org/?p=vlc.git%3Ba=commit%3Bh=81023659c7de5ac2637b4a879195efef50846102 • CWE-415: Double Free •
CVSS: 6.5EPSS: 15%CPEs: 1EXPL: 0CVE-2019-5439 – Ubuntu Security Notice USN-4074-1
https://notcve.org/view.php?id=CVE-2019-5439
13 Jun 2019 — A Buffer Overflow in VLC Media Player < 3.0.7 causes a crash which can possibly be further developed into a remote code execution exploit. Una desbordamiento en el buffer en VLC Media Player Player < 3.0.7 causa un bloqueo el cual, puede ser posiblemente más desarrollado hacia una explotación en la ejecución del código remoto It was discovered that the VLC CAF demuxer incorrectly handled certain files. If a user were tricked into opening a specially-crafted CAF file, a remote attacker could use this issue t... • http://lists.opensuse.org/opensuse-security-announce/2019-08/msg00005.html • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer CWE-120: Buffer Copy without Checking Size of Input ('Classic Buffer Overflow') •
CVSS: 9.1EPSS: 1%CPEs: 2EXPL: 1CVE-2018-19857 – Ubuntu Security Notice USN-4074-1
https://notcve.org/view.php?id=CVE-2018-19857
05 Dec 2018 — The CAF demuxer in modules/demux/caf.c in VideoLAN VLC media player 3.0.4 may read memory from an uninitialized pointer when processing magic cookies in CAF files, because a ReadKukiChunk() cast converts a return value to an unsigned int even if that value is negative. This could result in a denial of service and/or a potential infoleak. El demuxer CAF en modules/demux/caf.c en VideoLAN VLC media player 3.0.4 podría leer memoria desde un puntero no inicializado al procesar cookies mágicas en los archivos CA... • http://lists.opensuse.org/opensuse-security-announce/2019-08/msg00005.html • CWE-824: Access of Uninitialized Pointer •
CVSS: 8.0EPSS: 75%CPEs: 2EXPL: 4CVE-2018-11529 – VLC Media Player - MKV Use-After-Free
https://notcve.org/view.php?id=CVE-2018-11529
10 Jul 2018 — VideoLAN VLC media player 2.2.x is prone to a use after free vulnerability which an attacker can leverage to execute arbitrary code via crafted MKV files. Failed exploit attempts will likely result in denial of service conditions. VideoLAN VLC media player en versiones 2.2.x es propenso a una vulnerabilidad de uso de memoria previamente liberada, que podría ser aprovechada por un atacante para ejecutar código arbitrario mediante archivos MKV manipulados. Los intentos de explotación fallidos podrían resultar... • https://packetstorm.news/files/id/149759 • CWE-416: Use After Free •