CVSS: 7.8EPSS: 4%CPEs: 40EXPL: 0CVE-2011-3623 – Gentoo Linux Security Advisory 201411-01
https://notcve.org/view.php?id=CVE-2011-3623
05 Nov 2014 — Multiple stack-based buffer overflows in VideoLAN VLC media player before 1.0.2 allow remote attackers to execute arbitrary code via (1) a crafted ASF file, related to the ASF_ObjectDumpDebug function in modules/demux/asf/libasf.c; (2) a crafted AVI file, related to the AVI_ChunkDumpDebug_level function in modules/demux/avi/libavi.c; or (3) a crafted MP4 file, related to the __MP4_BoxDumpStructure function in modules/demux/mp4/libmp4.c. Desbordamiento de buffer basado en memoria dinámica en el reproductor m... • http://git.videolan.org/?p=vlc.git%3Ba=commit%3Bh=861e374d03e6c60c7d3c98428c632fe3b9e371b2 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 5.5EPSS: 9%CPEs: 1EXPL: 4CVE-2014-3441 – VideoLAN VLC Media Player 2.1.3 - '.wav' File Memory Corruption
https://notcve.org/view.php?id=CVE-2014-3441
09 May 2014 — codec\libpng_plugin.dll in VideoLAN VLC Media Player 2.1.3 allows remote attackers to cause a denial of service (crash) via a crafted .png file, as demonstrated by a png in a .wave file. codec\libpng_plugin.dll en VideoLAN VLC Media Player 2.1.3 permite a atacantes remotos causar una denegación de servicio (caída) a través de un archivo .png manipulado, tal y como fue demostrado por un png en un archivo .wave. VLC Player version 2.1.3 suffers from a memory corruption vulnerability. • https://packetstorm.news/files/id/126564 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 5.5EPSS: 0%CPEs: 105EXPL: 0CVE-2013-7340
https://notcve.org/view.php?id=CVE-2013-7340
20 Mar 2014 — VideoLAN VLC Media Player before 2.0.7 allows remote attackers to cause a denial of service (memory consumption) via a crafted playlist file. VideoLAN VLC Media Player anterior a 2.0.7 permite a atacantes remotos causar una denegación de servicio (consumo de memoria) a través de un archivo de lista de reproducción manipulado. • http://www.videolan.org/developers/vlc-branch/NEWS • CWE-399: Resource Management Errors •
CVSS: 6.2EPSS: 13%CPEs: 37EXPL: 4CVE-2014-1684 – VideoLAN VLC Media Player 2.1.2 - '.asf' Crash (PoC)
https://notcve.org/view.php?id=CVE-2014-1684
06 Feb 2014 — The ASF_ReadObject_file_properties function in modules/demux/asf/libasf.c in the ASF Demuxer in VideoLAN VLC Media Player before 2.1.3 allows remote attackers to cause a denial of service (divide-by-zero error and crash) via a zero minimum and maximum data packet size in an ASF file. La función ASF_ReadObject_file_properties en modules/demux/asf/libasf.c en el Demuxer ASF en VideoLAN VLC Media Player anterior a 2.1.3 permite a atacantes remotos causar una denegación de servicio (error de división por cero y... • https://packetstorm.news/files/id/125080 • CWE-189: Numeric Errors •
CVSS: 9.8EPSS: 4%CPEs: 2EXPL: 1CVE-2013-6934 – Gentoo Linux Security Advisory 201411-01
https://notcve.org/view.php?id=CVE-2013-6934
23 Jan 2014 — The parseRTSPRequestString function in Live Networks Live555 Streaming Media 2013.11.26, as used in VideoLAN VLC Media Player, allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a space character at the beginning of an RTSP message, which triggers an integer underflow, infinite loop, and buffer overflow. NOTE: this vulnerability exists because of an incomplete fix for CVE-2013-6933. La función parseRTSPRequestString en Live Networks Live555 Streaming Media 2... • http://isecpartners.github.io/fuzzing/vulnerabilities/2013/12/30/vlc-vulnerability.html • CWE-189: Numeric Errors •
CVSS: 9.8EPSS: 10%CPEs: 33EXPL: 2CVE-2013-6283 – VideoLAN VLC Media Player 2.0.8 - '.m3u' Local Crash (PoC)
https://notcve.org/view.php?id=CVE-2013-6283
25 Oct 2013 — VideoLAN VLC Media Player 2.0.8 and earlier allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a long string in a URL in a m3u file. VideoLAN VLC Media Player 2.0.8 y versiones anteriores permite a atacantes remotos provocar una denegación de servicio (cuelgue) y posiblemente ejecutar código arbitrario a través de una cadena larga con la URL de un archivo m3u. Multiple vulnerabilities have been found in VLC, the worst of which could lead to user-assisted exe... • https://www.exploit-db.com/exploits/27700 • CWE-20: Improper Input Validation •
CVSS: 8.8EPSS: 5%CPEs: 39EXPL: 2CVE-2010-2062 – Gentoo Linux Security Advisory 201411-01
https://notcve.org/view.php?id=CVE-2010-2062
25 Oct 2013 — Integer underflow in the real_get_rdt_chunk function in real.c, as used in modules/access/rtsp/real.c in VideoLAN VLC media player before 1.0.1 and stream/realrtsp/real.c in MPlayer before r29447, allows remote attackers to execute arbitrary code via a crafted length value in an RDT chunk header. Desbordamiento de enteros en la función real_get_rdt_chunk en real.c, utilizado en modules/access/rtsp/real.c del reproductor multimedia VideoLAN VLC anterior a 1.0.1 y en stream/realrtsp/real.c en MPlayer anterior... • http://git.videolan.org/?p=vlc.git%3Ba=commit%3Bh=dc74600c97eb834c08674676e209afa842053aca • CWE-189: Numeric Errors •
CVSS: 9.8EPSS: 3%CPEs: 8EXPL: 0CVE-2013-4388 – Gentoo Linux Security Advisory 201411-01
https://notcve.org/view.php?id=CVE-2013-4388
11 Oct 2013 — Buffer overflow in the mp4a packetizer (modules/packetizer/mpeg4audio.c) in VideoLAN VLC Media Player before 2.0.8 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via unspecified vectors. Desbordamiento de buffer en el empaquetador mp4a (modules/packetizer/mpeg4audio.c) en VideoLAN VLC Media Player anterior a la versión 2.0.8 permite a atacantes remotos provocar una denegación de servicio (cuelgue) y posiblemente ejecutar código arbitrario a través de vectore... • http://git.videolan.org/?p=vlc.git%3Ba=commitdiff%3Bh=9794ec1cd268c04c8bca13a5fae15df6594dff3e • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 9.3EPSS: 50%CPEs: 5EXPL: 1CVE-2013-1868 – VideoLAN VLC Media Player 2.0.4 - '.swf' Crash (PoC)
https://notcve.org/view.php?id=CVE-2013-1868
10 Jul 2013 — Multiple buffer overflows in VideoLAN VLC media player 2.0.4 and earlier allow remote attackers to cause a denial of service (crash) and execute arbitrary code via vectors related to the (1) freetype renderer and (2) HTML subtitle parser. Múltiples desbordamientos de búfer en VideoLAN VLC media player v2.0.4 y anteriores permite a atacantes remotos provocar una denegación de servicio (caída) y ejecutar código arbitrario a través de vectores relacionados con el (1) procesador freetype y (2) el analizador (pa... • https://www.exploit-db.com/exploits/23201 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 7.8EPSS: 2%CPEs: 6EXPL: 1CVE-2013-1954 – Gentoo Linux Security Advisory 201411-01
https://notcve.org/view.php?id=CVE-2013-1954
10 Jul 2013 — The ASF Demuxer (modules/demux/asf/asf.c) in VideoLAN VLC media player 2.0.5 and earlier allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a crafted ASF movie that triggers an out-of-bounds read. El ASF Demuxer (modules/demux/asf/asf.c) en VideoLAN VLC media player v2.0.5 y anteriores permite a atacantes remotos provocar una denegación de servicio (caída) y posiblemente ejecutar código arbitrario a través de un fichero ASF especialmente diseñado que genera ... • http://git.videolan.org/?p=vlc.git%3Ba=commitdiff%3Bh=b31ce523331aa3a6e620b68cdfe3f161d519631e • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •