CVSS: 5.5EPSS: 0%CPEs: 5EXPL: 1CVE-2019-5460
https://notcve.org/view.php?id=CVE-2019-5460
Double Free in VLC versions <= 3.0.6 leads to a crash. Una vulnerabilidad de Doble Liberación en VLC versiones anteriores a 3.0.6 (incluida), conlleva a un bloqueo. • http://lists.opensuse.org/opensuse-security-announce/2019-08/msg00005.html http://lists.opensuse.org/opensuse-security-announce/2019-08/msg00037.html http://lists.opensuse.org/opensuse-security-announce/2019-08/msg00040.html http://lists.opensuse.org/opensuse-security-announce/2019-08/msg00081.html https://hackerone.com/reports/503208 • CWE-415: Double Free •
CVSS: 7.1EPSS: 0%CPEs: 5EXPL: 1CVE-2019-5459
https://notcve.org/view.php?id=CVE-2019-5459
An Integer underflow in VLC Media Player versions < 3.0.7 leads to an out-of-band read. Un desbordamiento de enteros de VLC Media Player versiones anteriores a 3.0.7, conlleva a una lectura fuera de banda. • http://lists.opensuse.org/opensuse-security-announce/2019-08/msg00005.html http://lists.opensuse.org/opensuse-security-announce/2019-08/msg00037.html http://lists.opensuse.org/opensuse-security-announce/2019-08/msg00040.html http://lists.opensuse.org/opensuse-security-announce/2019-08/msg00081.html https://hackerone.com/reports/502816 • CWE-191: Integer Underflow (Wrap or Wraparound) •
CVSS: 9.8EPSS: 0%CPEs: 9EXPL: 1CVE-2019-13962
https://notcve.org/view.php?id=CVE-2019-13962
lavc_CopyPicture in modules/codec/avcodec/video.c in VideoLAN VLC media player through 3.0.7 has a heap-based buffer over-read because it does not properly validate the width and height. lavc_CopyPicture en modules / codec / avcodec / video.c en el reproductor de medios VideoLAN VLC a través de 3.0.7 tiene una lectura en exceso del búfer basado en el montón porque no valida correctamente el ancho y la altura. • http://git.videolan.org/?p=vlc/vlc-3.0.git%3Ba=commit%3Bh=2b4f9d0b0e0861f262c90e9b9b94e7d53b864509 http://lists.opensuse.org/opensuse-security-announce/2019-08/msg00005.html http://lists.opensuse.org/opensuse-security-announce/2019-08/msg00037.html http://lists.opensuse.org/opensuse-security-announce/2019-08/msg00040.html http://lists.opensuse.org/opensuse-security-announce/2019-08/msg00081.html http://lists.opensuse.org/opensuse-security-announce/2020-04/msg00036.html http://lists.opensuse.org/opensuse-sec • CWE-125: Out-of-bounds Read •
CVSS: 5.5EPSS: 0%CPEs: 1EXPL: 1CVE-2019-13615
https://notcve.org/view.php?id=CVE-2019-13615
libebml before 1.3.6, as used in the MKV module in VideoLAN VLC Media Player binaries before 3.0.3, has a heap-based buffer over-read in EbmlElement::FindNextElement. libebml en versiones anteriores a la 1.3.6, tal como se usa en el módulo MKV en los binarios de VideoLAN VLC Media Player en versiones anteriores a la 3.0.3, tiene una sobrelectura de búfer basada en memoria dinámica (heap) en EbmlElement :: FindNextElement. • http://www.securityfocus.com/bid/109304 https://github.com/Matroska-Org/libebml/commit/05beb69ba60acce09f73ed491bb76f332849c3a0 https://github.com/Matroska-Org/libebml/commit/b66ca475be967547af9a3784e720fbbacd381be6 https://github.com/Matroska-Org/libebml/compare/release-1.3.5...release-1.3.6 https://trac.videolan.org/vlc/ticket/22474 https://usn.ubuntu.com/4073-1 • CWE-125: Out-of-bounds Read •
CVSS: 7.8EPSS: 0%CPEs: 9EXPL: 0CVE-2019-13602
https://notcve.org/view.php?id=CVE-2019-13602
An Integer Underflow in MP4_EIA608_Convert() in modules/demux/mp4/mp4.c in VideoLAN VLC media player through 3.0.7.1 allows remote attackers to cause a denial of service (heap-based buffer overflow and crash) or possibly have unspecified other impact via a crafted .mp4 file. Un desbordamiento inferior de enteros en MP4_EIA608_Convert() en modules/demux/mp4/mp4.c en VideoLAN VLC media player hasta la versión 3.0.7.1 permitiría un atacante remoto causar una denegación de servicio (desbordamiento de buffer basado en memoria dinámica y caída) o posiblemente tener otro impacto no especificado mediante un archivo .mp4 especialmente diseñado. • http://lists.opensuse.org/opensuse-security-announce/2019-08/msg00005.html http://lists.opensuse.org/opensuse-security-announce/2019-08/msg00037.html http://lists.opensuse.org/opensuse-security-announce/2019-08/msg00040.html http://lists.opensuse.org/opensuse-security-announce/2019-08/msg00081.html http://lists.opensuse.org/opensuse-security-announce/2020-04/msg00036.html http://lists.opensuse.org/opensuse-security-announce/2020-04/msg00046.html http://www.securityfocus.com/bid/109158 https://git.vi • CWE-191: Integer Underflow (Wrap or Wraparound) CWE-787: Out-of-bounds Write •