CVE-2014-1684 – VideoLAN VLC Media Player 2.1.2 - '.asf' Crash (PoC)
https://notcve.org/view.php?id=CVE-2014-1684
The ASF_ReadObject_file_properties function in modules/demux/asf/libasf.c in the ASF Demuxer in VideoLAN VLC Media Player before 2.1.3 allows remote attackers to cause a denial of service (divide-by-zero error and crash) via a zero minimum and maximum data packet size in an ASF file. La función ASF_ReadObject_file_properties en modules/demux/asf/libasf.c en el Demuxer ASF en VideoLAN VLC Media Player anterior a 2.1.3 permite a atacantes remotos causar una denegación de servicio (error de división por cero y caída) a través de un tamaño mínimo y máximo de cero del paquete de datos en un archivo ASF. • https://www.exploit-db.com/exploits/31429 http://git.videolan.org/gitweb.cgi/vlc.git/?p=vlc.git%3Ba=commitdiff%3Bh=98787d0843612271e99d62bee0dfd8197f0cf404 http://www.elsherei.com/?p=269 https://security.gentoo.org/glsa/201603-08 https://trac.videolan.org/vlc/ticket/10482 • CWE-189: Numeric Errors •
CVE-2013-6934
https://notcve.org/view.php?id=CVE-2013-6934
The parseRTSPRequestString function in Live Networks Live555 Streaming Media 2013.11.26, as used in VideoLAN VLC Media Player, allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a space character at the beginning of an RTSP message, which triggers an integer underflow, infinite loop, and buffer overflow. NOTE: this vulnerability exists because of an incomplete fix for CVE-2013-6933. La función parseRTSPRequestString en Live Networks Live555 Streaming Media 2013.11.26, tal como se usa en VideoLAN VLC Media Player, permite a atacantes remotos provocar una denegación de servicio (caída) y posiblemente ejecutar código arbitrario a través de un carácter en blanco en el comienzo de un mensaje RTSP, lo que desencadena en un underflow de enteros, bucle infinito, y desbordamiento de búfer. NOTA: esta vulnerabilidad existe por una solución incompleta en CVE-2013-6933. • http://isecpartners.github.io/fuzzing/vulnerabilities/2013/12/30/vlc-vulnerability.html http://www.live555.com/liveMedia/public/changelog.txt http://www.securityfocus.com/bid/65139 • CWE-189: Numeric Errors •
CVE-2013-6283 – VideoLAN VLC Media Player 2.0.8 - '.m3u' Local Crash (PoC)
https://notcve.org/view.php?id=CVE-2013-6283
VideoLAN VLC Media Player 2.0.8 and earlier allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a long string in a URL in a m3u file. VideoLAN VLC Media Player 2.0.8 y versiones anteriores permite a atacantes remotos provocar una denegación de servicio (cuelgue) y posiblemente ejecutar código arbitrario a través de una cadena larga con la URL de un archivo m3u. • https://www.exploit-db.com/exploits/27700 http://www.exploit-db.com/exploits/27700 http://www.osvdb.org/96603 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A19318 • CWE-20: Improper Input Validation •
CVE-2013-4388
https://notcve.org/view.php?id=CVE-2013-4388
Buffer overflow in the mp4a packetizer (modules/packetizer/mpeg4audio.c) in VideoLAN VLC Media Player before 2.0.8 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via unspecified vectors. Desbordamiento de buffer en el empaquetador mp4a (modules/packetizer/mpeg4audio.c) en VideoLAN VLC Media Player anterior a la versión 2.0.8 permite a atacantes remotos provocar una denegación de servicio (cuelgue) y posiblemente ejecutar código arbitrario a través de vectores sin especificar. • http://git.videolan.org/?p=vlc.git%3Ba=commitdiff%3Bh=9794ec1cd268c04c8bca13a5fae15df6594dff3e http://secunia.com/advisories/59793 http://www.openwall.com/lists/oss-security/2013/10/01/2 http://www.securityfocus.com/bid/62724 http://www.securitytracker.com/id/1029120 http://www.videolan.org/developers/vlc-branch/NEWS https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A18086 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVE-2013-3245
https://notcve.org/view.php?id=CVE-2013-3245
plugins/demux/libmkv_plugin.dll in VideoLAN VLC Media Player 2.0.7, and possibly other versions, allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a crafted MKV file, possibly involving an integer overflow and out-of-bounds read or heap-based buffer overflow, or an uncaught exception. NOTE: the vendor disputes the severity and claimed vulnerability type of this issue, stating "This PoC crashes VLC, indeed, but does nothing more... this is not an integer overflow error, but an uncaught exception and I doubt that it is exploitable. This uncaught exception makes VLC abort, not execute random code, on my Linux 64bits machine." A PoC posted by the original researcher shows signs of an attacker-controlled out-of-bounds read, but the affected instruction does not involve a register that directly influences control flow **EN DISPUTA** plugins/demux/libmkv_plugin.dll en VideoLAN VLC Media Player v2.0.7, y posiblemente otras versiones, permite a atacantes remotos provocar una denegación de servicio (caída) y posiblemente ejecutar código arbitrario a través de un archivo MKV especialmente diseñado, posiblemente provocando un desbordamiento de entero y fuera de los límites de lectura o desbordamiento de búfer basado en memoria dinámica, o una excepción no capturada. NOTA: el vendedor se afirmó que, "este PoC bloquea VLC, en efecto, pero no hace nada más ... esto no es un error de desbordamiento de entero, sino una excepción no capturada y dudo que sea explotable. • http://seclists.org/fulldisclosure/2013/Jul/71 http://seclists.org/fulldisclosure/2013/Jul/77 http://seclists.org/fulldisclosure/2013/Jul/79 http://secunia.com/advisories/52956 http://secunia.com/blog/372 http://www.jbkempf.com/blog/post/2013/More-lies-from-Secunia http://www.securityfocus.com/bid/61032 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer CWE-122: Heap-based Buffer Overflow CWE-125: Out-of-bounds Read •