CVSS: 9.8EPSS: 34%CPEs: 2EXPL: 1CVE-2013-6934 – Gentoo Linux Security Advisory 201411-01
https://notcve.org/view.php?id=CVE-2013-6934
23 Jan 2014 — The parseRTSPRequestString function in Live Networks Live555 Streaming Media 2013.11.26, as used in VideoLAN VLC Media Player, allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a space character at the beginning of an RTSP message, which triggers an integer underflow, infinite loop, and buffer overflow. NOTE: this vulnerability exists because of an incomplete fix for CVE-2013-6933. La función parseRTSPRequestString en Live Networks Live555 Streaming Media 2... • http://isecpartners.github.io/fuzzing/vulnerabilities/2013/12/30/vlc-vulnerability.html • CWE-189: Numeric Errors •
CVSS: 9.8EPSS: 12%CPEs: 33EXPL: 2CVE-2013-6283 – VideoLAN VLC Media Player 2.0.8 - '.m3u' Local Crash (PoC)
https://notcve.org/view.php?id=CVE-2013-6283
25 Oct 2013 — VideoLAN VLC Media Player 2.0.8 and earlier allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a long string in a URL in a m3u file. VideoLAN VLC Media Player 2.0.8 y versiones anteriores permite a atacantes remotos provocar una denegación de servicio (cuelgue) y posiblemente ejecutar código arbitrario a través de una cadena larga con la URL de un archivo m3u. Multiple vulnerabilities have been found in VLC, the worst of which could lead to user-assisted exe... • https://www.exploit-db.com/exploits/27700 • CWE-20: Improper Input Validation •
CVSS: 8.8EPSS: 9%CPEs: 39EXPL: 2CVE-2010-2062 – Gentoo Linux Security Advisory 201411-01
https://notcve.org/view.php?id=CVE-2010-2062
25 Oct 2013 — Integer underflow in the real_get_rdt_chunk function in real.c, as used in modules/access/rtsp/real.c in VideoLAN VLC media player before 1.0.1 and stream/realrtsp/real.c in MPlayer before r29447, allows remote attackers to execute arbitrary code via a crafted length value in an RDT chunk header. Desbordamiento de enteros en la función real_get_rdt_chunk en real.c, utilizado en modules/access/rtsp/real.c del reproductor multimedia VideoLAN VLC anterior a 1.0.1 y en stream/realrtsp/real.c en MPlayer anterior... • http://git.videolan.org/?p=vlc.git%3Ba=commit%3Bh=dc74600c97eb834c08674676e209afa842053aca • CWE-189: Numeric Errors •
CVSS: 9.8EPSS: 5%CPEs: 8EXPL: 0CVE-2013-4388 – Gentoo Linux Security Advisory 201411-01
https://notcve.org/view.php?id=CVE-2013-4388
11 Oct 2013 — Buffer overflow in the mp4a packetizer (modules/packetizer/mpeg4audio.c) in VideoLAN VLC Media Player before 2.0.8 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via unspecified vectors. Desbordamiento de buffer en el empaquetador mp4a (modules/packetizer/mpeg4audio.c) en VideoLAN VLC Media Player anterior a la versión 2.0.8 permite a atacantes remotos provocar una denegación de servicio (cuelgue) y posiblemente ejecutar código arbitrario a través de vectore... • http://git.videolan.org/?p=vlc.git%3Ba=commitdiff%3Bh=9794ec1cd268c04c8bca13a5fae15df6594dff3e • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 5.5EPSS: 0%CPEs: 5EXPL: 1CVE-2012-5855 – Gentoo Linux Security Advisory 201411-01
https://notcve.org/view.php?id=CVE-2012-5855
10 Jul 2013 — The SHAddToRecentDocs function in VideoLAN VLC media player 2.0.4 and earlier might allow user-assisted attackers to cause a denial of service (crash) via a crafted file name that triggers an incorrect string-length calculation when the file is added to VLC. NOTE: it is not clear whether this issue crosses privilege boundaries or whether it can be exploited without user interaction. La función SHAddToRecentDocs en VideoLAN VLC media player v2.0.4 y versiones anteriores podría permitir a los atacantes asisti... • http://marc.info/?l=oss-security&m=135274330022215&w=2 • CWE-189: Numeric Errors •
CVSS: 9.3EPSS: 20%CPEs: 5EXPL: 1CVE-2013-1868 – VideoLAN VLC Media Player 2.0.4 - '.swf' Crash (PoC)
https://notcve.org/view.php?id=CVE-2013-1868
10 Jul 2013 — Multiple buffer overflows in VideoLAN VLC media player 2.0.4 and earlier allow remote attackers to cause a denial of service (crash) and execute arbitrary code via vectors related to the (1) freetype renderer and (2) HTML subtitle parser. Múltiples desbordamientos de búfer en VideoLAN VLC media player v2.0.4 y anteriores permite a atacantes remotos provocar una denegación de servicio (caída) y ejecutar código arbitrario a través de vectores relacionados con el (1) procesador freetype y (2) el analizador (pa... • https://www.exploit-db.com/exploits/23201 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 7.8EPSS: 2%CPEs: 6EXPL: 1CVE-2013-1954 – Gentoo Linux Security Advisory 201411-01
https://notcve.org/view.php?id=CVE-2013-1954
10 Jul 2013 — The ASF Demuxer (modules/demux/asf/asf.c) in VideoLAN VLC media player 2.0.5 and earlier allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a crafted ASF movie that triggers an out-of-bounds read. El ASF Demuxer (modules/demux/asf/asf.c) en VideoLAN VLC media player v2.0.5 y anteriores permite a atacantes remotos provocar una denegación de servicio (caída) y posiblemente ejecutar código arbitrario a través de un fichero ASF especialmente diseñado que genera ... • http://git.videolan.org/?p=vlc.git%3Ba=commitdiff%3Bh=b31ce523331aa3a6e620b68cdfe3f161d519631e • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 7.8EPSS: 5%CPEs: 99EXPL: 0CVE-2012-3377 – Gentoo Linux Security Advisory 201411-01
https://notcve.org/view.php?id=CVE-2012-3377
12 Jul 2012 — Heap-based buffer overflow in the Ogg_DecodePacket function in the OGG demuxer (modules/demux/ogg.c) in VideoLAN VLC media player before 2.0.2 allows remote attackers to cause a denial of service (application crash) and possibly execute arbitrary code via a crafted OGG file. Un desbordamiento de búfer basado en memoria dinámica en la función Ogg_DecodePacket en el demuxer OGG (modules/demux/ogg.c) en VideoLAN VLC media player antes de v2.0.2 permite a atacantes remotos causar una denegación de servicio (por... • http://git.videolan.org/?p=vlc/vlc-2.0.git%3Ba=commitdiff%3Bh=16e9e126333fb7acb47d363366fee3deadc8331e • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 9.3EPSS: 95%CPEs: 107EXPL: 2CVE-2012-1775 – VideoLAN VLC Media Player 2.0.0 - Mms Stream Handling Buffer Overflow
https://notcve.org/view.php?id=CVE-2012-1775
19 Mar 2012 — Stack-based buffer overflow in VideoLAN VLC media player before 2.0.1 allows remote attackers to execute arbitrary code via a crafted MMS:// stream. Un desbordamiento de búfer Basado en pila en VideoLAN VLC media player antes de v2.0.1 permite a atacantes remotos ejecutar código de su elección a través de un stream MMS:// modificado a mano. Multiple vulnerabilities have been found in VLC, the worst of which could lead to user-assisted execution of arbitrary code. Versions less than 2.1.2 are affected. • https://www.exploit-db.com/exploits/18825 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 9.3EPSS: 4%CPEs: 107EXPL: 0CVE-2012-1776 – Gentoo Linux Security Advisory 201411-01
https://notcve.org/view.php?id=CVE-2012-1776
19 Mar 2012 — Multiple heap-based buffer overflows in VideoLAN VLC media player before 2.0.1 allow remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a crafted Real RTSP stream. Múltiples desbordamientos de buffer de memoria dinámica en el reproductor multimedia VideoLAN VLC anteriores a 2.0.1. Permiten a atacantes remotos provocar una denegación de servicio (caída de la aplicación) o posiblemente ejecutar código arbitrario a través de un stream Real RTSP modificado. ... • http://osvdb.org/80189 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •