CVSS: 6.2EPSS: 13%CPEs: 37EXPL: 4CVE-2014-1684 – VideoLAN VLC Media Player 2.1.2 - '.asf' Crash (PoC)
https://notcve.org/view.php?id=CVE-2014-1684
06 Feb 2014 — The ASF_ReadObject_file_properties function in modules/demux/asf/libasf.c in the ASF Demuxer in VideoLAN VLC Media Player before 2.1.3 allows remote attackers to cause a denial of service (divide-by-zero error and crash) via a zero minimum and maximum data packet size in an ASF file. La función ASF_ReadObject_file_properties en modules/demux/asf/libasf.c en el Demuxer ASF en VideoLAN VLC Media Player anterior a 2.1.3 permite a atacantes remotos causar una denegación de servicio (error de división por cero y... • https://packetstorm.news/files/id/125080 • CWE-189: Numeric Errors •
CVSS: 9.8EPSS: 4%CPEs: 2EXPL: 1CVE-2013-6934 – Gentoo Linux Security Advisory 201411-01
https://notcve.org/view.php?id=CVE-2013-6934
23 Jan 2014 — The parseRTSPRequestString function in Live Networks Live555 Streaming Media 2013.11.26, as used in VideoLAN VLC Media Player, allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a space character at the beginning of an RTSP message, which triggers an integer underflow, infinite loop, and buffer overflow. NOTE: this vulnerability exists because of an incomplete fix for CVE-2013-6933. La función parseRTSPRequestString en Live Networks Live555 Streaming Media 2... • http://isecpartners.github.io/fuzzing/vulnerabilities/2013/12/30/vlc-vulnerability.html • CWE-189: Numeric Errors •
CVSS: 9.8EPSS: 10%CPEs: 33EXPL: 2CVE-2013-6283 – VideoLAN VLC Media Player 2.0.8 - '.m3u' Local Crash (PoC)
https://notcve.org/view.php?id=CVE-2013-6283
25 Oct 2013 — VideoLAN VLC Media Player 2.0.8 and earlier allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a long string in a URL in a m3u file. VideoLAN VLC Media Player 2.0.8 y versiones anteriores permite a atacantes remotos provocar una denegación de servicio (cuelgue) y posiblemente ejecutar código arbitrario a través de una cadena larga con la URL de un archivo m3u. Multiple vulnerabilities have been found in VLC, the worst of which could lead to user-assisted exe... • https://www.exploit-db.com/exploits/27700 • CWE-20: Improper Input Validation •
CVSS: 9.8EPSS: 3%CPEs: 8EXPL: 0CVE-2013-4388 – Gentoo Linux Security Advisory 201411-01
https://notcve.org/view.php?id=CVE-2013-4388
11 Oct 2013 — Buffer overflow in the mp4a packetizer (modules/packetizer/mpeg4audio.c) in VideoLAN VLC Media Player before 2.0.8 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via unspecified vectors. Desbordamiento de buffer en el empaquetador mp4a (modules/packetizer/mpeg4audio.c) en VideoLAN VLC Media Player anterior a la versión 2.0.8 permite a atacantes remotos provocar una denegación de servicio (cuelgue) y posiblemente ejecutar código arbitrario a través de vectore... • http://git.videolan.org/?p=vlc.git%3Ba=commitdiff%3Bh=9794ec1cd268c04c8bca13a5fae15df6594dff3e • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 6.8EPSS: 0%CPEs: 1EXPL: 1CVE-2013-3245 – Gentoo Linux Security Advisory 201411-01
https://notcve.org/view.php?id=CVE-2013-3245
10 Jul 2013 — plugins/demux/libmkv_plugin.dll in VideoLAN VLC Media Player 2.0.7, and possibly other versions, allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a crafted MKV file, possibly involving an integer overflow and out-of-bounds read or heap-based buffer overflow, or an uncaught exception. NOTE: the vendor disputes the severity and claimed vulnerability type of this issue, stating "This PoC crashes VLC, indeed, but does nothing more... this is not an integer ove... • http://seclists.org/fulldisclosure/2013/Jul/71 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer CWE-122: Heap-based Buffer Overflow CWE-125: Out-of-bounds Read •