CVSS: 9.3EPSS: 59%CPEs: 65EXPL: 3CVE-2010-3124 – VideoLAN VLC Media Player 1.1.3 - 'wintab32.dll' DLL Hijacking
https://notcve.org/view.php?id=CVE-2010-3124
26 Aug 2010 — Untrusted search path vulnerability in bin/winvlc.c in VLC Media Player 1.1.3 and earlier allows local users, and possibly remote attackers, to execute arbitrary code and conduct DLL hijacking attacks via a Trojan horse wintab32.dll that is located in the same folder as a .mp3 file. Vulnerabilidad de ruta de búsqueda no confiable en bin/winvlc.c de VLC Media Player v1.1.3 y anteriores permite a usuarios locales, y puede que atacantes remotos, ejecutar código de su elección y producir un ataque de secuestro ... • https://www.exploit-db.com/exploits/14750 •
CVSS: 5.5EPSS: 3%CPEs: 22EXPL: 0CVE-2010-2937 – Gentoo Linux Security Advisory 201411-01
https://notcve.org/view.php?id=CVE-2010-2937
20 Aug 2010 — The ReadMetaFromId3v2 function in taglib.cpp in the TagLib plugin in VideoLAN VLC media player 0.9.0 through 1.1.2 does not properly process ID3v2 tags, which allows remote attackers to cause a denial of service (application crash) via a crafted media file. La función ReadMetaFromId3v2 en taglib.cpp en el plugin TagLib en VideoLAN VLC media player v0.9.0 hasta v1.1.2 no procesa adecuadamente las etiquetas ID3v2, lo que permite a atacantes remotos provocar una denegación de servicio (caída de aplicación) a t... • http://git.videolan.org/?p=vlc/vlc-1.0.git%3Ba=commit%3Bh=22a22e356c9d93993086810b2e25b59b55925b3a • CWE-20: Improper Input Validation •
CVSS: 9.3EPSS: 8%CPEs: 1EXPL: 3CVE-2010-0364 – VideoLAN VLC Media Player 0.8.6 a/b/c/d (Win32 Universal) - '.ass' Local Buffer Overflow
https://notcve.org/view.php?id=CVE-2010-0364
21 Jan 2010 — Stack-based buffer overflow in VideoLAN VLC Media Player 0.8.6 allows user-assisted remote attackers to execute arbitrary code via an ogg file with a crafted Advanced SubStation Alpha Subtitle (.ass) file, probably involving the Dialogue field. Desbordamiento de búfer basado en pila en VideoLAN VLC Media Player 0.8.6 permite a atacantes remotos asistidos por el usuario, ejecutar código de su elección mediante un fichero ogg con un fichero Advanced SubStation Alpha Subtitle (.ass) manipulado, probablemente e... • https://www.exploit-db.com/exploits/11174 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 9.3EPSS: 94%CPEs: 2EXPL: 4CVE-2009-2484 – VideoLAN VLC Media Player 0.9.9 - 'smb://' URI Stack Buffer Overflow (PoC)
https://notcve.org/view.php?id=CVE-2009-2484
16 Jul 2009 — Stack-based buffer overflow in the Win32AddConnection function in modules/access/smb.c in VideoLAN VLC media player 0.9.9, when running on Microsoft Windows, allows remote attackers to cause a denial of service (application crash) and possibly execute arbitrary code via a long smb URI in a playlist file. Desbordamiento de búfer basado en pila en la función Win32AddConnection en modules/access/smb.c en VideoLAN VLC media player v0.9.9, cuando se ejecuta en Microsoft Windows, permite a los atacantes remotos c... • https://www.exploit-db.com/exploits/9029 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 7.5EPSS: 9%CPEs: 1EXPL: 2CVE-2009-1045 – VideoLAN VLC Media Player 0.9.8a - Web UI 'input' Remote Denial of Service
https://notcve.org/view.php?id=CVE-2009-1045
23 Mar 2009 — requests/status.xml in VLC 0.9.8a allows remote attackers to cause a denial of service (stack consumption and crash) via a long input argument in an in_play action. El archivo requests/status.xml en VLC versión 0.9.8a, permite a los atacantes remotos causar una denegación de servicio (consumo de pila y bloqueo) por medio de un argumento de entrada largo en una acción in_play. • https://www.exploit-db.com/exploits/8213 • CWE-20: Improper Input Validation •
CVSS: 9.3EPSS: 29%CPEs: 9EXPL: 1CVE-2008-5276
https://notcve.org/view.php?id=CVE-2008-5276
03 Dec 2008 — Integer overflow in the ReadRealIndex function in real.c in the Real demuxer plugin in VideoLAN VLC media player 0.9.0 through 0.9.7 allows remote attackers to execute arbitrary code via a malformed RealMedia (.rm) file that triggers a heap-based buffer overflow. Desbordamiento de entero en la función ReadRealIndex en el archivo real.c en el Real demuxer plugin en reproductor multimedia VideoLAN VLC desde la versión 0.9.0 hasta 0.9.7, permite a los atacante remotos ejecutar arbitrariamente código a través d... • http://git.videolan.org/?p=vlc.git%3Ba=commitdiff%3Bh=d19de4e9f2211cbe5bde00726b66c47a424f4e07 • CWE-189: Numeric Errors •
CVSS: 9.3EPSS: 96%CPEs: 7EXPL: 3CVE-2008-5036 – VideoLAN VLC Media Player < 0.9.6 - '.rt' Local Stack Buffer Overflow
https://notcve.org/view.php?id=CVE-2008-5036
10 Nov 2008 — Stack-based buffer overflow in VideoLAN VLC media player 0.9.x before 0.9.6 might allow user-assisted attackers to execute arbitrary code via an an invalid RealText (rt) subtitle file, related to the ParseRealText function in modules/demux/subtitle.c. NOTE: this issue was SPLIT from CVE-2008-5032 on 20081110. Desbordamiento de búfer basado en pila en VideoLAN VLC media player v0.9.x anteriores a v0.9.6 permite a atacantes remotos asistidos por el usuario ejecutar código de su elección a través de un fichero... • https://www.exploit-db.com/exploits/7051 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 9.3EPSS: 0%CPEs: 36EXPL: 2CVE-2008-5032 – VideoLAN VLC Media Player < 0.9.6 - 'CUE' Local Buffer Overflow (PoC)
https://notcve.org/view.php?id=CVE-2008-5032
10 Nov 2008 — Stack-based buffer overflow in VideoLAN VLC media player 0.5.0 through 0.9.5 might allow user-assisted attackers to execute arbitrary code via the header of an invalid CUE image file, related to modules/access/vcd/cdrom.c. NOTE: this identifier originally included an issue related to RealText, but that issue has been assigned a separate identifier, CVE-2008-5036. Un desbordamiento de búfer en la región stack de la memoria en el reproductor multimedia VideoLAN VLC versiones 0.5.0 hasta 0.9.5, podría permitir... • https://www.exploit-db.com/exploits/9686 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 9.3EPSS: 4%CPEs: 5EXPL: 2CVE-2008-4686 – VideoLAN VLC Media Player 0.9.4 - '.TY' Local Stack Buffer Overflow
https://notcve.org/view.php?id=CVE-2008-4686
22 Oct 2008 — Multiple integer overflows in ty.c in the TY demux plugin (aka the TiVo demuxer) in VideoLAN VLC media player, probably 0.9.4, might allow remote attackers to execute arbitrary code via a crafted .ty file, a different vulnerability than CVE-2008-4654. Múltiples desbordamientos de enteros en el archivo ty.c en el plugin TY demux (también se conoce como TiVo demuxer) en reproductor multimedia VideoLAN VLC, probablemente versión 0.9.4, podría permitir a los atacantes remotos ejecutar código arbitrario por medi... • https://www.exploit-db.com/exploits/6798 • CWE-189: Numeric Errors •
CVSS: 9.3EPSS: 86%CPEs: 5EXPL: 7CVE-2008-4654 – VideoLAN VLC Media Player 0.9.4 - TiVo Buffer Overflow
https://notcve.org/view.php?id=CVE-2008-4654
21 Oct 2008 — Stack-based buffer overflow in the parse_master function in the Ty demux plugin (modules/demux/ty.c) in VLC Media Player 0.9.0 through 0.9.4 allows remote attackers to execute arbitrary code via a TiVo TY media file with a header containing a crafted size value. Desbordamiento de búfer basado en pila en la función parse_master en el plugin modules/demux/ty.c) en VLC Media Player v0.9.0 a la 0.9.4, permite a atacantes remotos ejecutar código de su elección a través de un archivo TiVo TY con una cabecera que ... • https://www.exploit-db.com/exploits/16629 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •