CVSS: 9.3EPSS: 26%CPEs: 2EXPL: 1CVE-2008-0984 – Kantaris 0.3.4 - SSA Subtitle Local Buffer Overflow
https://notcve.org/view.php?id=CVE-2008-0984
26 Feb 2008 — The MP4 demuxer (mp4.c) for VLC media player 0.8.6d and earlier, as used in Miro Player 1.1 and earlier, allows remote attackers to overwrite arbitrary memory and execute arbitrary code via a malformed MP4 file. El demultiplexor MP4 (mp4.c) para el reproductor multimedia VLC versión 0.8.6d y anterior, tal y como es usado en Miro Player versión 1.1 y anteriores, permite a los atacantes remotos sobrescribir la memoria arbitraria y ejecutar código arbitrario por medio de un archivo MP4 malformado. • https://www.exploit-db.com/exploits/5498 • CWE-399: Resource Management Errors •
CVSS: 8.8EPSS: 21%CPEs: 1EXPL: 1CVE-2008-0295 – Kantaris 0.3.4 - SSA Subtitle Local Buffer Overflow
https://notcve.org/view.php?id=CVE-2008-0295
16 Jan 2008 — Heap-based buffer overflow in modules/access/rtsp/real_sdpplin.c in the Xine library, as used in VideoLAN VLC Media Player 0.8.6d and earlier, allows user-assisted remote attackers to cause a denial of service (crash) or execute arbitrary code via long Session Description Protocol (SDP) data. Desbordamiento de búfer basado en montículo en modules/access/rtsp/real_sdpplin.c de la biblioteca Xine, tal y como se usa en VideoLAN VLC Media Player 0.8.6d y versiones anteriores, permite a atacantes remotos con la ... • https://www.exploit-db.com/exploits/5498 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 10.0EPSS: 9%CPEs: 2EXPL: 2CVE-2008-0296 – Kantaris 0.3.4 - SSA Subtitle Local Buffer Overflow
https://notcve.org/view.php?id=CVE-2008-0296
16 Jan 2008 — Heap-based buffer overflow in the libaccess_realrtsp plugin in VideoLAN VLC Media Player 0.8.6d and earlier on Windows might allow remote RTSP servers to cause a denial of service (application crash) or execute arbitrary code via a long string. Desbordamiento de búfer basado en montículo en el plugin libaccess_realrtsp de VideoLAN VLC Media Player 0.8.6d y versiones anteriores en Windows, podría permitir a servidores RTSP remotos provocar una denegación de servicio (caída de aplicación) ó ejecutar código de... • https://www.exploit-db.com/exploits/5498 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 7.8EPSS: 1%CPEs: 1EXPL: 0CVE-2007-3467
https://notcve.org/view.php?id=CVE-2007-3467
27 Jun 2007 — Integer overflow in the __status_Update function in stats.c VideoLAN VLC Media Player before 0.8.6c allows remote attackers to cause a denial of service (crash) via a WAV file with a large sample rate. Desbordamiento de entero en la función the __status_Update en stats.c de VideoLAN VLC Media Player anterior a 0.8.6c permite a atacantes remotos provocar una denegación de servicio (caída) mediante un fichero WAV con una tasa de muestreo grande. • http://osvdb.org/42189 •
CVSS: 7.8EPSS: 1%CPEs: 1EXPL: 0CVE-2007-3468
https://notcve.org/view.php?id=CVE-2007-3468
27 Jun 2007 — input.c in VideoLAN VLC Media Player before 0.8.6c allows remote attackers to cause a denial of service (crash) via a crafted WAV file that causes an uninitialized i_nb_resamplers variable to be used. input.c en VideoLAN VLC Media Player anterior a 0.8.6c permite a atacantes remotos provocar una denegación de servicio (caída) mediante un fichero WAV artesanal que provoca que una variable i_nb_resamplers no inicializada sea usada. • http://osvdb.org/38992 •
CVSS: 9.8EPSS: 55%CPEs: 10EXPL: 3CVE-2007-0017 – VideoLAN VLC Media Player 0.8.6 (PPC) - 'udp://' Format String (PoC)
https://notcve.org/view.php?id=CVE-2007-0017
03 Jan 2007 — Multiple format string vulnerabilities in (1) the cdio_log_handler function in modules/access/cdda/access.c in the CDDA (libcdda_plugin) plugin, and the (2) cdio_log_handler and (3) vcd_log_handler functions in modules/access/vcdx/access.c in the VCDX (libvcdx_plugin) plugin, in VideoLAN VLC 0.7.0 through 0.8.6 allow user-assisted remote attackers to execute arbitrary code via format string specifiers in an invalid URI, as demonstrated by a udp://-- URI in an M3U file. Múltiples vulnerabilidades de cadena d... • https://www.exploit-db.com/exploits/3069 • CWE-134: Use of Externally-Controlled Format String •