CVSS: 7.5EPSS: 87%CPEs: 2EXPL: 1CVE-2013-6934
https://notcve.org/view.php?id=CVE-2013-6934
The parseRTSPRequestString function in Live Networks Live555 Streaming Media 2013.11.26, as used in VideoLAN VLC Media Player, allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a space character at the beginning of an RTSP message, which triggers an integer underflow, infinite loop, and buffer overflow. NOTE: this vulnerability exists because of an incomplete fix for CVE-2013-6933. La función parseRTSPRequestString en Live Networks Live555 Streaming Media 2013.11.26, tal como se usa en VideoLAN VLC Media Player, permite a atacantes remotos provocar una denegación de servicio (caída) y posiblemente ejecutar código arbitrario a través de un carácter en blanco en el comienzo de un mensaje RTSP, lo que desencadena en un underflow de enteros, bucle infinito, y desbordamiento de búfer. NOTA: esta vulnerabilidad existe por una solución incompleta en CVE-2013-6933. • http://isecpartners.github.io/fuzzing/vulnerabilities/2013/12/30/vlc-vulnerability.html http://www.live555.com/liveMedia/public/changelog.txt http://www.securityfocus.com/bid/65139 • CWE-189: Numeric Errors •
CVSS: 7.5EPSS: 12%CPEs: 33EXPL: 2CVE-2013-6283 – VideoLAN VLC Media Player 2.0.8 - '.m3u' Local Crash (PoC)
https://notcve.org/view.php?id=CVE-2013-6283
VideoLAN VLC Media Player 2.0.8 and earlier allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a long string in a URL in a m3u file. VideoLAN VLC Media Player 2.0.8 y versiones anteriores permite a atacantes remotos provocar una denegación de servicio (cuelgue) y posiblemente ejecutar código arbitrario a través de una cadena larga con la URL de un archivo m3u. • https://www.exploit-db.com/exploits/27700 http://www.exploit-db.com/exploits/27700 http://www.osvdb.org/96603 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A19318 • CWE-20: Improper Input Validation •
CVSS: 7.5EPSS: 6%CPEs: 39EXPL: 2CVE-2010-2062
https://notcve.org/view.php?id=CVE-2010-2062
Integer underflow in the real_get_rdt_chunk function in real.c, as used in modules/access/rtsp/real.c in VideoLAN VLC media player before 1.0.1 and stream/realrtsp/real.c in MPlayer before r29447, allows remote attackers to execute arbitrary code via a crafted length value in an RDT chunk header. Desbordamiento de enteros en la función real_get_rdt_chunk en real.c, utilizado en modules/access/rtsp/real.c del reproductor multimedia VideoLAN VLC anterior a 1.0.1 y en stream/realrtsp/real.c en MPlayer anterior a r29447, permite a atacantes remotos ejecutar código arbitrario a través del valor longitud modificado en la cabecera RDT • http://git.videolan.org/?p=vlc.git%3Ba=commit%3Bh=dc74600c97eb834c08674676e209afa842053aca http://openwall.com/lists/oss-security/2010/06/04/4 http://seclists.org/fulldisclosure/2009/Jul/418 https://dzcore.wordpress.com/2009/07/27/dzc-2009-001-the-movie-player-and-vlc-media-player-real-data-transport-parsing-integer-underflow • CWE-189: Numeric Errors •
CVSS: 6.8EPSS: 5%CPEs: 8EXPL: 0CVE-2013-4388
https://notcve.org/view.php?id=CVE-2013-4388
Buffer overflow in the mp4a packetizer (modules/packetizer/mpeg4audio.c) in VideoLAN VLC Media Player before 2.0.8 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via unspecified vectors. Desbordamiento de buffer en el empaquetador mp4a (modules/packetizer/mpeg4audio.c) en VideoLAN VLC Media Player anterior a la versión 2.0.8 permite a atacantes remotos provocar una denegación de servicio (cuelgue) y posiblemente ejecutar código arbitrario a través de vectores sin especificar. • http://git.videolan.org/?p=vlc.git%3Ba=commitdiff%3Bh=9794ec1cd268c04c8bca13a5fae15df6594dff3e http://secunia.com/advisories/59793 http://www.openwall.com/lists/oss-security/2013/10/01/2 http://www.securityfocus.com/bid/62724 http://www.securitytracker.com/id/1029120 http://www.videolan.org/developers/vlc-branch/NEWS https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A18086 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 6.8EPSS: 4%CPEs: 6EXPL: 1CVE-2013-1954
https://notcve.org/view.php?id=CVE-2013-1954
The ASF Demuxer (modules/demux/asf/asf.c) in VideoLAN VLC media player 2.0.5 and earlier allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a crafted ASF movie that triggers an out-of-bounds read. El ASF Demuxer (modules/demux/asf/asf.c) en VideoLAN VLC media player v2.0.5 y anteriores permite a atacantes remotos provocar una denegación de servicio (caída) y posiblemente ejecutar código arbitrario a través de un fichero ASF especialmente diseñado que genera una lectura fuera de los límites. • http://git.videolan.org/?p=vlc.git%3Ba=commitdiff%3Bh=b31ce523331aa3a6e620b68cdfe3f161d519631e http://marc.info/?l=oss-security&m=136593191416152&w=2 http://marc.info/?l=oss-security&m=136610343501731&w=2 http://secunia.com/advisories/59793 http://trac.videolan.org/vlc/ticket/8024 http://www.osvdb.org/89598 http://www.securityfocus.com/bid/57333 http://www.videolan.org/security/sa1302.html https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A17023 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •