CVSS: 5.5EPSS: 0%CPEs: 1EXPL: 1CVE-2019-13615
https://notcve.org/view.php?id=CVE-2019-13615
libebml before 1.3.6, as used in the MKV module in VideoLAN VLC Media Player binaries before 3.0.3, has a heap-based buffer over-read in EbmlElement::FindNextElement. libebml en versiones anteriores a la 1.3.6, tal como se usa en el módulo MKV en los binarios de VideoLAN VLC Media Player en versiones anteriores a la 3.0.3, tiene una sobrelectura de búfer basada en memoria dinámica (heap) en EbmlElement :: FindNextElement. • http://www.securityfocus.com/bid/109304 https://github.com/Matroska-Org/libebml/commit/05beb69ba60acce09f73ed491bb76f332849c3a0 https://github.com/Matroska-Org/libebml/commit/b66ca475be967547af9a3784e720fbbacd381be6 https://github.com/Matroska-Org/libebml/compare/release-1.3.5...release-1.3.6 https://trac.videolan.org/vlc/ticket/22474 https://usn.ubuntu.com/4073-1 • CWE-125: Out-of-bounds Read •
CVSS: 7.8EPSS: 0%CPEs: 9EXPL: 0CVE-2019-13602
https://notcve.org/view.php?id=CVE-2019-13602
An Integer Underflow in MP4_EIA608_Convert() in modules/demux/mp4/mp4.c in VideoLAN VLC media player through 3.0.7.1 allows remote attackers to cause a denial of service (heap-based buffer overflow and crash) or possibly have unspecified other impact via a crafted .mp4 file. Un desbordamiento inferior de enteros en MP4_EIA608_Convert() en modules/demux/mp4/mp4.c en VideoLAN VLC media player hasta la versión 3.0.7.1 permitiría un atacante remoto causar una denegación de servicio (desbordamiento de buffer basado en memoria dinámica y caída) o posiblemente tener otro impacto no especificado mediante un archivo .mp4 especialmente diseñado. • http://lists.opensuse.org/opensuse-security-announce/2019-08/msg00005.html http://lists.opensuse.org/opensuse-security-announce/2019-08/msg00037.html http://lists.opensuse.org/opensuse-security-announce/2019-08/msg00040.html http://lists.opensuse.org/opensuse-security-announce/2019-08/msg00081.html http://lists.opensuse.org/opensuse-security-announce/2020-04/msg00036.html http://lists.opensuse.org/opensuse-security-announce/2020-04/msg00046.html http://www.securityfocus.com/bid/109158 https://git.vi • CWE-191: Integer Underflow (Wrap or Wraparound) CWE-787: Out-of-bounds Write •
CVSS: 9.8EPSS: 8%CPEs: 1EXPL: 0CVE-2019-12874
https://notcve.org/view.php?id=CVE-2019-12874
An issue was discovered in zlib_decompress_extra in modules/demux/mkv/util.cpp in VideoLAN VLC media player 3.x through 3.0.7. The Matroska demuxer, while parsing a malformed MKV file type, has a double free. Se descubrió un problema en zlib_decompress_extra en módulos / demux / mkv / util.cpp en el reproductor de medios VideoLAN VLC 3.x a 3.0.7. El demuxer de Matroska, mientras analiza un tipo de archivo MKV con formato incorrecto, tiene un doble libre. • http://git.videolan.org/?p=vlc.git%3Ba=commit%3Bh=81023659c7de5ac2637b4a879195efef50846102 http://lists.opensuse.org/opensuse-security-announce/2019-08/msg00005.html http://lists.opensuse.org/opensuse-security-announce/2019-08/msg00037.html http://lists.opensuse.org/opensuse-security-announce/2019-08/msg00040.html http://lists.opensuse.org/opensuse-security-announce/2019-08/msg00081.html http://www.securityfocus.com/bid/108882 https://security.gentoo.org/glsa/201908-23 https://usn.ubuntu.com/4074-1 • CWE-415: Double Free •
CVSS: 6.5EPSS: 5%CPEs: 1EXPL: 0CVE-2019-5439
https://notcve.org/view.php?id=CVE-2019-5439
A Buffer Overflow in VLC Media Player < 3.0.7 causes a crash which can possibly be further developed into a remote code execution exploit. Una desbordamiento en el buffer en VLC Media Player Player < 3.0.7 causa un bloqueo el cual, puede ser posiblemente más desarrollado hacia una explotación en la ejecución del código remoto • http://lists.opensuse.org/opensuse-security-announce/2019-08/msg00005.html http://lists.opensuse.org/opensuse-security-announce/2019-08/msg00037.html http://lists.opensuse.org/opensuse-security-announce/2019-08/msg00040.html http://lists.opensuse.org/opensuse-security-announce/2019-08/msg00081.html http://www.securityfocus.com/bid/108769 https://hackerone.com/reports/484398 https://security.gentoo.org/glsa/201908-23 https://usn.ubuntu.com/4074-1 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer CWE-120: Buffer Copy without Checking Size of Input ('Classic Buffer Overflow') •
CVSS: 8.8EPSS: 0%CPEs: 2EXPL: 1CVE-2018-11516
https://notcve.org/view.php?id=CVE-2018-11516
The vlc_demux_chained_Delete function in input/demux_chained.c in VideoLAN VLC media player 3.0.1 allows remote attackers to cause a denial of service (heap corruption and application crash) or possibly have unspecified other impact via a crafted .swf file. PI Coresight 2016 R2 contiene una vulnerabilidad de Cross-Site Request Forgery (CSRF) que podría permitir el acceso al sistema PI. OSIsoft recomienda que los usuarios actualicen a PI Vision 2017 o siguientes para mitigar esta vulnerabilidad. • http://code610.blogspot.com/2018/05/make-free-vlc.html http://www.securityfocus.com/bid/104293 http://www.securitytracker.com/id/1041312 http://www.videolan.org/security/sa1801.html • CWE-416: Use After Free •