CVSS: 9.8EPSS: 34%CPEs: 2EXPL: 1CVE-2013-6934 – Gentoo Linux Security Advisory 201411-01
https://notcve.org/view.php?id=CVE-2013-6934
23 Jan 2014 — The parseRTSPRequestString function in Live Networks Live555 Streaming Media 2013.11.26, as used in VideoLAN VLC Media Player, allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a space character at the beginning of an RTSP message, which triggers an integer underflow, infinite loop, and buffer overflow. NOTE: this vulnerability exists because of an incomplete fix for CVE-2013-6933. La función parseRTSPRequestString en Live Networks Live555 Streaming Media 2... • http://isecpartners.github.io/fuzzing/vulnerabilities/2013/12/30/vlc-vulnerability.html • CWE-189: Numeric Errors •
CVSS: 9.8EPSS: 12%CPEs: 33EXPL: 2CVE-2013-6283 – VideoLAN VLC Media Player 2.0.8 - '.m3u' Local Crash (PoC)
https://notcve.org/view.php?id=CVE-2013-6283
25 Oct 2013 — VideoLAN VLC Media Player 2.0.8 and earlier allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a long string in a URL in a m3u file. VideoLAN VLC Media Player 2.0.8 y versiones anteriores permite a atacantes remotos provocar una denegación de servicio (cuelgue) y posiblemente ejecutar código arbitrario a través de una cadena larga con la URL de un archivo m3u. Multiple vulnerabilities have been found in VLC, the worst of which could lead to user-assisted exe... • https://www.exploit-db.com/exploits/27700 • CWE-20: Improper Input Validation •
CVSS: 8.8EPSS: 9%CPEs: 39EXPL: 2CVE-2010-2062 – Gentoo Linux Security Advisory 201411-01
https://notcve.org/view.php?id=CVE-2010-2062
25 Oct 2013 — Integer underflow in the real_get_rdt_chunk function in real.c, as used in modules/access/rtsp/real.c in VideoLAN VLC media player before 1.0.1 and stream/realrtsp/real.c in MPlayer before r29447, allows remote attackers to execute arbitrary code via a crafted length value in an RDT chunk header. Desbordamiento de enteros en la función real_get_rdt_chunk en real.c, utilizado en modules/access/rtsp/real.c del reproductor multimedia VideoLAN VLC anterior a 1.0.1 y en stream/realrtsp/real.c en MPlayer anterior... • http://git.videolan.org/?p=vlc.git%3Ba=commit%3Bh=dc74600c97eb834c08674676e209afa842053aca • CWE-189: Numeric Errors •
CVSS: 9.8EPSS: 5%CPEs: 8EXPL: 0CVE-2013-4388 – Gentoo Linux Security Advisory 201411-01
https://notcve.org/view.php?id=CVE-2013-4388
11 Oct 2013 — Buffer overflow in the mp4a packetizer (modules/packetizer/mpeg4audio.c) in VideoLAN VLC Media Player before 2.0.8 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via unspecified vectors. Desbordamiento de buffer en el empaquetador mp4a (modules/packetizer/mpeg4audio.c) en VideoLAN VLC Media Player anterior a la versión 2.0.8 permite a atacantes remotos provocar una denegación de servicio (cuelgue) y posiblemente ejecutar código arbitrario a través de vectore... • http://git.videolan.org/?p=vlc.git%3Ba=commitdiff%3Bh=9794ec1cd268c04c8bca13a5fae15df6594dff3e • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 5.5EPSS: 0%CPEs: 5EXPL: 1CVE-2012-5855 – Gentoo Linux Security Advisory 201411-01
https://notcve.org/view.php?id=CVE-2012-5855
10 Jul 2013 — The SHAddToRecentDocs function in VideoLAN VLC media player 2.0.4 and earlier might allow user-assisted attackers to cause a denial of service (crash) via a crafted file name that triggers an incorrect string-length calculation when the file is added to VLC. NOTE: it is not clear whether this issue crosses privilege boundaries or whether it can be exploited without user interaction. La función SHAddToRecentDocs en VideoLAN VLC media player v2.0.4 y versiones anteriores podría permitir a los atacantes asisti... • http://marc.info/?l=oss-security&m=135274330022215&w=2 • CWE-189: Numeric Errors •
CVSS: 9.3EPSS: 20%CPEs: 5EXPL: 1CVE-2013-1868 – VideoLAN VLC Media Player 2.0.4 - '.swf' Crash (PoC)
https://notcve.org/view.php?id=CVE-2013-1868
10 Jul 2013 — Multiple buffer overflows in VideoLAN VLC media player 2.0.4 and earlier allow remote attackers to cause a denial of service (crash) and execute arbitrary code via vectors related to the (1) freetype renderer and (2) HTML subtitle parser. Múltiples desbordamientos de búfer en VideoLAN VLC media player v2.0.4 y anteriores permite a atacantes remotos provocar una denegación de servicio (caída) y ejecutar código arbitrario a través de vectores relacionados con el (1) procesador freetype y (2) el analizador (pa... • https://www.exploit-db.com/exploits/23201 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 7.8EPSS: 2%CPEs: 6EXPL: 1CVE-2013-1954 – Gentoo Linux Security Advisory 201411-01
https://notcve.org/view.php?id=CVE-2013-1954
10 Jul 2013 — The ASF Demuxer (modules/demux/asf/asf.c) in VideoLAN VLC media player 2.0.5 and earlier allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a crafted ASF movie that triggers an out-of-bounds read. El ASF Demuxer (modules/demux/asf/asf.c) en VideoLAN VLC media player v2.0.5 y anteriores permite a atacantes remotos provocar una denegación de servicio (caída) y posiblemente ejecutar código arbitrario a través de un fichero ASF especialmente diseñado que genera ... • http://git.videolan.org/?p=vlc.git%3Ba=commitdiff%3Bh=b31ce523331aa3a6e620b68cdfe3f161d519631e • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 6.8EPSS: 2%CPEs: 1EXPL: 1CVE-2013-3245 – Gentoo Linux Security Advisory 201411-01
https://notcve.org/view.php?id=CVE-2013-3245
10 Jul 2013 — plugins/demux/libmkv_plugin.dll in VideoLAN VLC Media Player 2.0.7, and possibly other versions, allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a crafted MKV file, possibly involving an integer overflow and out-of-bounds read or heap-based buffer overflow, or an uncaught exception. NOTE: the vendor disputes the severity and claimed vulnerability type of this issue, stating "This PoC crashes VLC, indeed, but does nothing more... this is not an integer ove... • http://seclists.org/fulldisclosure/2013/Jul/71 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer CWE-122: Heap-based Buffer Overflow CWE-125: Out-of-bounds Read •
CVSS: 9.3EPSS: 5%CPEs: 34EXPL: 0CVE-2012-0023 – Gentoo Linux Security Advisory 201411-01
https://notcve.org/view.php?id=CVE-2012-0023
30 Oct 2012 — Double free vulnerability in the get_chunk_header function in modules/demux/ty.c in VideoLAN VLC media player 0.9.0 through 1.1.12 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a crafted TiVo (TY) file. Vulnerabilidad de doble liberación en la función get_chunk_header en modules/demux/ty.c en VideoLAN VLC media player v0.9.0 hasta v1.1.12 permite a atacantes remotos provocar una denegación de servicio (caída de la aplicación) y posiblemente ejecutar cód... • http://git.videolan.org/?p=vlc.git%3Ba=commit%3Bh=7d282fac1cc455b5a5eca2bb56375efcbf879b06 • CWE-399: Resource Management Errors •
CVSS: 5.5EPSS: 60%CPEs: 1EXPL: 2CVE-2012-5470 – VideoLAN VLC Media Player 2.0.3 - '.png' ReadAV Crash (PoC)
https://notcve.org/view.php?id=CVE-2012-5470
26 Oct 2012 — libpng_plugin in VideoLAN VLC media player 2.0.3 allows remote attackers to cause a denial of service (application crash) via a crafted PNG file. libpng_plugin en VideoLAN VLC media player v2.0.3 permite a atacantes remotos a provocar una denegación de servicio (caída de la aplicación) a través de un fichero PNG manipulado. Multiple vulnerabilities have been found in VLC, the worst of which could lead to user-assisted execution of arbitrary code. Versions less than 2.1.2 are affected. • https://www.exploit-db.com/exploits/21889 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •