CVSS: 9.3EPSS: 16%CPEs: 36EXPL: 2CVE-2008-5032 – VideoLAN VLC Media Player < 0.9.6 - 'CUE' Local Buffer Overflow (PoC)
https://notcve.org/view.php?id=CVE-2008-5032
10 Nov 2008 — Stack-based buffer overflow in VideoLAN VLC media player 0.5.0 through 0.9.5 might allow user-assisted attackers to execute arbitrary code via the header of an invalid CUE image file, related to modules/access/vcd/cdrom.c. NOTE: this identifier originally included an issue related to RealText, but that issue has been assigned a separate identifier, CVE-2008-5036. Un desbordamiento de búfer en la región stack de la memoria en el reproductor multimedia VideoLAN VLC versiones 0.5.0 hasta 0.9.5, podría permitir... • https://www.exploit-db.com/exploits/9686 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 9.3EPSS: 13%CPEs: 5EXPL: 2CVE-2008-4686 – VideoLAN VLC Media Player 0.9.4 - '.TY' Local Stack Buffer Overflow
https://notcve.org/view.php?id=CVE-2008-4686
22 Oct 2008 — Multiple integer overflows in ty.c in the TY demux plugin (aka the TiVo demuxer) in VideoLAN VLC media player, probably 0.9.4, might allow remote attackers to execute arbitrary code via a crafted .ty file, a different vulnerability than CVE-2008-4654. Múltiples desbordamientos de enteros en el archivo ty.c en el plugin TY demux (también se conoce como TiVo demuxer) en reproductor multimedia VideoLAN VLC, probablemente versión 0.9.4, podría permitir a los atacantes remotos ejecutar código arbitrario por medi... • https://www.exploit-db.com/exploits/6798 • CWE-189: Numeric Errors •
CVSS: 9.3EPSS: 77%CPEs: 5EXPL: 8CVE-2008-4654 – VideoLAN VLC Media Player 0.9.4 - TiVo Buffer Overflow
https://notcve.org/view.php?id=CVE-2008-4654
21 Oct 2008 — Stack-based buffer overflow in the parse_master function in the Ty demux plugin (modules/demux/ty.c) in VLC Media Player 0.9.0 through 0.9.4 allows remote attackers to execute arbitrary code via a TiVo TY media file with a header containing a crafted size value. Desbordamiento de búfer basado en pila en la función parse_master en el plugin modules/demux/ty.c) en VLC Media Player v0.9.0 a la 0.9.4, permite a atacantes remotos ejecutar código de su elección a través de un archivo TiVo TY con una cabecera que ... • https://www.exploit-db.com/exploits/16629 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 9.8EPSS: 16%CPEs: 1EXPL: 3CVE-2008-4558 – VideoLAN VLC Media Player 0.9.2 Media Player - XSPF Memory Corruption
https://notcve.org/view.php?id=CVE-2008-4558
14 Oct 2008 — Array index error in VLC media player 0.9.2 allows remote attackers to overwrite arbitrary memory and execute arbitrary code via an XSPF playlist file with a negative identifier tag, which passes a signed comparison. Error de índice de array en VLC media player 0.9.2 permite a atacantes remotos sobrescribir memoria de su elección y ejecutar código de su elección a través de un fichero lista de reproduccio´n XSPF con una etiqueta con identificador negativo, lo cual pasa una comparación firmada. • https://www.exploit-db.com/exploits/6756 • CWE-399: Resource Management Errors •
CVSS: 7.8EPSS: 8%CPEs: 1EXPL: 2CVE-2008-3794 – VideoLAN VLC Media Player 0.8.6i - Mms Protocol Handling Heap Overflow (PoC)
https://notcve.org/view.php?id=CVE-2008-3794
26 Aug 2008 — Integer signedness error in the mms_ReceiveCommand function in modules/access/mms/mmstu.c in VLC Media Player 0.8.6i allows remote attackers to execute arbitrary code via a crafted mmst link with a negative size value, which bypasses a size check and triggers an integer overflow followed by a heap-based buffer overflow. Un error en la propiedad signedness de enteros en la función mms_ReceiveCommand en el archivo modules/access/mms/mmstu.c en Reproductor Multimedia VLC versión 0.8.6i, permite a los atacantes... • https://www.exploit-db.com/exploits/6293 • CWE-189: Numeric Errors •
CVSS: 9.3EPSS: 25%CPEs: 1EXPL: 2CVE-2008-3732 – VideoLAN VLC Media Player 0.8.6i - '.tta' File Parsing Heap Overflow (PoC)
https://notcve.org/view.php?id=CVE-2008-3732
20 Aug 2008 — Integer overflow in the Open function in modules/demux/tta.c in VLC Media Player 0.8.6i allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a crafted TTA file, which triggers a heap-based buffer overflow. NOTE: some of these details are obtained from third party information. Desbordamiento de entero en la función Open en modules/demux/tta.c de VLC Media Player 0.8.6i, permite a atacantes remotos provocar una denegación de servicio (caída de la apli... • https://www.exploit-db.com/exploits/6252 • CWE-189: Numeric Errors •
CVSS: 9.3EPSS: 8%CPEs: 2EXPL: 0CVE-2008-2430
https://notcve.org/view.php?id=CVE-2008-2430
07 Jul 2008 — Integer overflow in the Open function in modules/demux/wav.c in VLC Media Player 0.8.6h on Windows allows remote attackers to execute arbitrary code via a large fmt chunk in a WAV file. Desbordamiento de entero en la Función Open en modules/demux/wav.c en VLC Media Player 0.8.6h ejecutado sobre Windows, permite a atacantes remotos ejecutar código de su elección a través de un fragmento fmt de gran tamaño en un archivo WAV. • http://secunia.com/advisories/30601 • CWE-189: Numeric Errors •
CVSS: 9.3EPSS: 25%CPEs: 2EXPL: 1CVE-2008-0984 – Kantaris 0.3.4 - SSA Subtitle Local Buffer Overflow
https://notcve.org/view.php?id=CVE-2008-0984
26 Feb 2008 — The MP4 demuxer (mp4.c) for VLC media player 0.8.6d and earlier, as used in Miro Player 1.1 and earlier, allows remote attackers to overwrite arbitrary memory and execute arbitrary code via a malformed MP4 file. El demultiplexor MP4 (mp4.c) para el reproductor multimedia VLC versión 0.8.6d y anterior, tal y como es usado en Miro Player versión 1.1 y anteriores, permite a los atacantes remotos sobrescribir la memoria arbitraria y ejecutar código arbitrario por medio de un archivo MP4 malformado. • https://www.exploit-db.com/exploits/5498 • CWE-399: Resource Management Errors •
CVSS: 8.8EPSS: 21%CPEs: 1EXPL: 1CVE-2008-0295 – Kantaris 0.3.4 - SSA Subtitle Local Buffer Overflow
https://notcve.org/view.php?id=CVE-2008-0295
16 Jan 2008 — Heap-based buffer overflow in modules/access/rtsp/real_sdpplin.c in the Xine library, as used in VideoLAN VLC Media Player 0.8.6d and earlier, allows user-assisted remote attackers to cause a denial of service (crash) or execute arbitrary code via long Session Description Protocol (SDP) data. Desbordamiento de búfer basado en montículo en modules/access/rtsp/real_sdpplin.c de la biblioteca Xine, tal y como se usa en VideoLAN VLC Media Player 0.8.6d y versiones anteriores, permite a atacantes remotos con la ... • https://www.exploit-db.com/exploits/5498 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 10.0EPSS: 9%CPEs: 2EXPL: 2CVE-2008-0296 – Kantaris 0.3.4 - SSA Subtitle Local Buffer Overflow
https://notcve.org/view.php?id=CVE-2008-0296
16 Jan 2008 — Heap-based buffer overflow in the libaccess_realrtsp plugin in VideoLAN VLC Media Player 0.8.6d and earlier on Windows might allow remote RTSP servers to cause a denial of service (application crash) or execute arbitrary code via a long string. Desbordamiento de búfer basado en montículo en el plugin libaccess_realrtsp de VideoLAN VLC Media Player 0.8.6d y versiones anteriores en Windows, podría permitir a servidores RTSP remotos provocar una denegación de servicio (caída de aplicación) ó ejecutar código de... • https://www.exploit-db.com/exploits/5498 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •