CVSS: 7.8EPSS: 5%CPEs: 1EXPL: 2CVE-2011-1087 – Gentoo Linux Security Advisory 201411-01
https://notcve.org/view.php?id=CVE-2011-1087
03 May 2011 — Buffer overflow in VideoLAN VLC media player 1.0.5 allows user-assisted remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via a crafted .mp3 file that is played during bookmark creation. Desbordamiento de búfer en VideoLAN VLC media player v1.0.5 permite provocar, a atacantes remotos asistidos por un usuario local, una denegación de servicio (por corrupción de memoria y bloqueo de la aplicación) o posiblemente ejecutar código arbitrari... • http://openwall.com/lists/oss-security/2011/03/02/3 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 9.3EPSS: 12%CPEs: 70EXPL: 1CVE-2010-3276 – Gentoo Linux Security Advisory 201411-01
https://notcve.org/view.php?id=CVE-2010-3276
28 Mar 2011 — libdirectx_plugin.dll in VideoLAN VLC Media Player before 1.1.8 allows remote attackers to execute arbitrary code via a crafted width in an NSV file. libdirectx_plugin.dll de VideoLAN VLC Media Player en versiones anteriores a v1.1.8 permite a atacantes remotos la ejecución de código arbitrario mediante la manipulación de la anchura en ficheros NSV Multiple vulnerabilities have been found in VLC, the worst of which could lead to user-assisted execution of arbitrary code. Versions less than 2.1.2 are affecte... • http://secunia.com/advisories/43826 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 9.3EPSS: 90%CPEs: 70EXPL: 4CVE-2010-3275 – VideoLAN VLC Media Player 1.1.4 - 'AMV' Dangling Pointer
https://notcve.org/view.php?id=CVE-2010-3275
28 Mar 2011 — libdirectx_plugin.dll in VideoLAN VLC Media Player before 1.1.8 allows remote attackers to execute arbitrary code via a crafted width in an AMV file, related to a "dangling pointer vulnerability." libdirectx_plugin.dll del reproductor multimedia VideoLAN VLC en versiones anteriores a la 1.1.8 permite a atacantes remotos ejecutar código de su elección a través de una anchura modificada de un fichero AMV. Relacionado con una vulnerabilidad de puntero no liberado. Multiple vulnerabilities have been found in VL... • https://www.exploit-db.com/exploits/17048 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 7.8EPSS: 57%CPEs: 7EXPL: 3CVE-2011-0522 – VideoLAN VLC Media Player 1.1 - Subtitle 'StripTags()' Memory Corruption
https://notcve.org/view.php?id=CVE-2011-0522
07 Feb 2011 — The StripTags function in (1) the USF decoder (modules/codec/subtitles/subsdec.c) and (2) the Text decoder (modules/codec/subtitles/subsusf.c) in VideoLAN VLC Media Player 1.1 before 1.1.6-rc allows remote attackers to execute arbitrary code via a subtitle with an opening "<" without a closing ">" in an MKV file, which triggers heap memory corruption, as demonstrated using refined-australia-blu720p-sample.mkv. La función StripTags en (1) el decodificador USF (modules/codec/subtitles/subsdec.c) y (2) el deco... • https://www.exploit-db.com/exploits/16108 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 9.3EPSS: 96%CPEs: 69EXPL: 1CVE-2011-0531 – VideoLAN VLC Media Player 1.1.6 - 'MKV' Memory Corruption
https://notcve.org/view.php?id=CVE-2011-0531
07 Feb 2011 — demux/mkv/mkv.hpp in the MKV demuxer plugin in VideoLAN VLC media player 1.1.6.1 and earlier allows remote attackers to cause a denial of service (crash) and execute arbitrary commands via a crafted MKV (WebM or Matroska) file that triggers memory corruption, related to "class mismatching" and the MKV_IS_ID macro. demux/mkv/mkv.hpp en el plugin MKV demuxer en VideoLAN VLC Media Player v1.1.6.1 y anteriores permite a atacantes remotos causar una denegación de servicio (caída) y ejecutar comandos arbitrarios ... • https://www.exploit-db.com/exploits/16637 • CWE-20: Improper Input Validation •
CVSS: 9.3EPSS: 4%CPEs: 67EXPL: 0CVE-2011-0021 – Gentoo Linux Security Advisory 201411-01
https://notcve.org/view.php?id=CVE-2011-0021
25 Jan 2011 — Multiple heap-based buffer overflows in cdg.c in the CDG decoder in VideoLAN VLC Media Player before 1.1.6 allow remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a crafted CDG video. Múltiples desbordamientos de búfer de la memoria dinámica en cdg.c del descodificador CDG para VideoLAN VLC Media Player anterior a v1.1.6 permite a atacantes remotos causar una denegación de servicio (caída de aplicación) o posiblemente ejecutar código de su elección a tr... • http://download.videolan.org/pub/videolan/vlc/1.1.6/vlc-1.1.6.tar.bz2 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 9.3EPSS: 3%CPEs: 67EXPL: 0CVE-2010-3907 – Gentoo Linux Security Advisory 201411-01
https://notcve.org/view.php?id=CVE-2010-3907
03 Jan 2011 — Multiple integer overflows in real.c in the Real demuxer plugin in VideoLAN VLC Media Player before 1.1.6 allow remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a zero i_subpackets value in a Real Media file, leading to a heap-based buffer overflow. Múltiples desbordamientos de entero en real.c en el complemento Real demuxer en VideoLAN VLC Media Player anterior a v1.1.6 permite a atacantes remotos causar una denegación de servicio (caída de aplicación... • http://git.videolan.org/?p=vlc.git%3Ba=commit%3Bh=6568965770f906d34d4aef83237842a5376adb55 • CWE-189: Numeric Errors •
CVSS: 9.3EPSS: 59%CPEs: 65EXPL: 3CVE-2010-3124 – VideoLAN VLC Media Player 1.1.3 - 'wintab32.dll' DLL Hijacking
https://notcve.org/view.php?id=CVE-2010-3124
26 Aug 2010 — Untrusted search path vulnerability in bin/winvlc.c in VLC Media Player 1.1.3 and earlier allows local users, and possibly remote attackers, to execute arbitrary code and conduct DLL hijacking attacks via a Trojan horse wintab32.dll that is located in the same folder as a .mp3 file. Vulnerabilidad de ruta de búsqueda no confiable en bin/winvlc.c de VLC Media Player v1.1.3 y anteriores permite a usuarios locales, y puede que atacantes remotos, ejecutar código de su elección y producir un ataque de secuestro ... • https://www.exploit-db.com/exploits/14750 •
CVSS: 5.5EPSS: 3%CPEs: 22EXPL: 0CVE-2010-2937 – Gentoo Linux Security Advisory 201411-01
https://notcve.org/view.php?id=CVE-2010-2937
20 Aug 2010 — The ReadMetaFromId3v2 function in taglib.cpp in the TagLib plugin in VideoLAN VLC media player 0.9.0 through 1.1.2 does not properly process ID3v2 tags, which allows remote attackers to cause a denial of service (application crash) via a crafted media file. La función ReadMetaFromId3v2 en taglib.cpp en el plugin TagLib en VideoLAN VLC media player v0.9.0 hasta v1.1.2 no procesa adecuadamente las etiquetas ID3v2, lo que permite a atacantes remotos provocar una denegación de servicio (caída de aplicación) a t... • http://git.videolan.org/?p=vlc/vlc-1.0.git%3Ba=commit%3Bh=22a22e356c9d93993086810b2e25b59b55925b3a • CWE-20: Improper Input Validation •
CVSS: 9.3EPSS: 8%CPEs: 1EXPL: 3CVE-2010-0364 – VideoLAN VLC Media Player 0.8.6 a/b/c/d (Win32 Universal) - '.ass' Local Buffer Overflow
https://notcve.org/view.php?id=CVE-2010-0364
21 Jan 2010 — Stack-based buffer overflow in VideoLAN VLC Media Player 0.8.6 allows user-assisted remote attackers to execute arbitrary code via an ogg file with a crafted Advanced SubStation Alpha Subtitle (.ass) file, probably involving the Dialogue field. Desbordamiento de búfer basado en pila en VideoLAN VLC Media Player 0.8.6 permite a atacantes remotos asistidos por el usuario, ejecutar código de su elección mediante un fichero ogg con un fichero Advanced SubStation Alpha Subtitle (.ass) manipulado, probablemente e... • https://www.exploit-db.com/exploits/11174 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •