CVSS: 9.8EPSS: 28%CPEs: 2EXPL: 1CVE-2016-5108 – VideoLAN VLC Media Player 2.2.1 - 'DecodeAdpcmImaQT' Buffer Overflow
https://notcve.org/view.php?id=CVE-2016-5108
Buffer overflow in the DecodeAdpcmImaQT function in modules/codec/adpcm.c in VideoLAN VLC media player before 2.2.4 allows remote attackers to cause a denial of service (crash) or possibly execute arbitrary code via a crafted QuickTime IMA file. Desbordamiento de buffer en la función DecodeAdpcmImaQT en modules/codec/adpcm.c en VideoLAN VLC media player en versiones anteriores a 2.2.4 permite a atacantes remotos provocar una denegación de servicio (caída) o posiblemente ejecutar código arbitrario a través de un archivo QuickTime IMA manipulado. • https://www.exploit-db.com/exploits/41025 http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00045.html http://www.debian.org/security/2016/dsa-3598 http://www.securityfocus.com/bid/90924 http://www.securitytracker.com/id/1036009 http://www.videolan.org/security/sa1601.html https://security.gentoo.org/glsa/201701-39 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 5.5EPSS: 0%CPEs: 2EXPL: 1CVE-2016-3941
https://notcve.org/view.php?id=CVE-2016-3941
Buffer overflow in the AStreamPeekStream function in input/stream.c in VideoLAN VLC media player before 2.2.0 allows remote attackers to cause a denial of service (crash) via a crafted wav file, related to "seek across EOF." Desbordamiento de buffer en la función AStreamPeekStream en input/stream.c en VideoLAN VLC media player en versiones anteriores a 2.2.0 permite a atacantes remotos provocar una denegación de servicio (caída) a través de un archivo wav manipulado, relacionado con "buscar a través de EOF". • http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00045.html http://www.securitytracker.com/id/1035456 https://bugs.launchpad.net/ubuntu/+source/vlc/+bug/1533633 https://mailman.videolan.org/pipermail/vlc-commits/2015-January/028938.html • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 6.8EPSS: 19%CPEs: 1EXPL: 0CVE-2015-5949
https://notcve.org/view.php?id=CVE-2015-5949
VideoLAN VLC media player 2.2.1 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a crafted 3GP file, which triggers the freeing of arbitrary pointers. Vulnerabilidad en VideoLAN VLC media player 2.2.1, permite a atacantes remotos causar una denegación de servicio (caída) y posiblemente ejecutar código arbitrario a través de un archivo 3GP manipulado, lo que hace que se desencadene la liberación de punteros arbitrarios. • http://lists.opensuse.org/opensuse-security-announce/2016-02/msg00040.html http://packetstormsecurity.com/files/133266/VLC-2.2.1-Arbitrary-Pointer-Dereference.html http://www.debian.org/security/2015/dsa-3342 http://www.openwall.com/lists/oss-security/2015/08/20/3 http://www.openwall.com/lists/oss-security/2015/08/20/8 http://www.securityfocus.com/archive/1/536287/100/0/threaded https://git.videolan.org/?p=vlc/vlc-2.2.git%3Ba=commitdiff%3Bh=ce91452460a75d7424b165c4dc8db98114c3cbd9% • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 4.3EPSS: 0%CPEs: 1EXPL: 2CVE-2014-9743
https://notcve.org/view.php?id=CVE-2014-9743
Cross-site scripting (XSS) vulnerability in the httpd_HtmlError function in network/httpd.c in the web interface in VideoLAN VLC Media Player before 2.2.0 allows remote attackers to inject arbitrary web script or HTML via the path info. Vulnerabilidad de XSS en la función httpd_HtmlError en network/httpd.c en la interfaz web en VideoLAN VLC Media Player en versiones anteriores a 2.2.0, permite a atacantes remotos inyectar secuencias de comandos web o HTML arbitrarios a través de información de ruta. • http://git.videolan.org/?p=vlc.git%3Ba=commit%3Bh=fe5063ec5ad1873039ea719eb1f137c8f3bda84b http://seclists.org/fulldisclosure/2014/Mar/324 http://www.quantumleap.it/vlc-reflected-xss-vulnerability http://www.securityfocus.com/bid/66307 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 7.8EPSS: 1%CPEs: 2EXPL: 0CVE-2014-9629
https://notcve.org/view.php?id=CVE-2014-9629
Integer overflow in the Encode function in modules/codec/schroedinger.c in VideoLAN VLC media player before 2.1.6 and 2.2.x before 2.2.1 allows remote attackers to conduct buffer overflow attacks and execute arbitrary code via a crafted length value. Un desbordamiento de enteros en la función Encode en el archivo modules/codec/schroedinger.c en el reproductor multimedia VLC de VideoLAN versiones anteriores a 2.1.6 y versiones 2.2.x anteriores a 2.2.1, permite a atacantes remotos llevar a cabo ataques de desbordamiento de búfer y ejecutar código arbitrario por medio de un valor de longitud diseñado. • http://openwall.com/lists/oss-security/2015/01/20/5 https://github.com/videolan/vlc/commit/9bb0353a5c63a7f8c6fc853faa3df4b4df1f5eb5 https://www.videolan.org/security/sa1501.html • CWE-120: Buffer Copy without Checking Size of Input ('Classic Buffer Overflow') •