CVSS: 7.5EPSS: 87%CPEs: 2EXPL: 1CVE-2013-6934
https://notcve.org/view.php?id=CVE-2013-6934
The parseRTSPRequestString function in Live Networks Live555 Streaming Media 2013.11.26, as used in VideoLAN VLC Media Player, allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a space character at the beginning of an RTSP message, which triggers an integer underflow, infinite loop, and buffer overflow. NOTE: this vulnerability exists because of an incomplete fix for CVE-2013-6933. La función parseRTSPRequestString en Live Networks Live555 Streaming Media 2013.11.26, tal como se usa en VideoLAN VLC Media Player, permite a atacantes remotos provocar una denegación de servicio (caída) y posiblemente ejecutar código arbitrario a través de un carácter en blanco en el comienzo de un mensaje RTSP, lo que desencadena en un underflow de enteros, bucle infinito, y desbordamiento de búfer. NOTA: esta vulnerabilidad existe por una solución incompleta en CVE-2013-6933. • http://isecpartners.github.io/fuzzing/vulnerabilities/2013/12/30/vlc-vulnerability.html http://www.live555.com/liveMedia/public/changelog.txt http://www.securityfocus.com/bid/65139 • CWE-189: Numeric Errors •
CVSS: 7.5EPSS: 12%CPEs: 33EXPL: 2CVE-2013-6283 – VideoLAN VLC Media Player 2.0.8 - '.m3u' Local Crash (PoC)
https://notcve.org/view.php?id=CVE-2013-6283
VideoLAN VLC Media Player 2.0.8 and earlier allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a long string in a URL in a m3u file. VideoLAN VLC Media Player 2.0.8 y versiones anteriores permite a atacantes remotos provocar una denegación de servicio (cuelgue) y posiblemente ejecutar código arbitrario a través de una cadena larga con la URL de un archivo m3u. • https://www.exploit-db.com/exploits/27700 http://www.exploit-db.com/exploits/27700 http://www.osvdb.org/96603 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A19318 • CWE-20: Improper Input Validation •
CVSS: 7.5EPSS: 9%CPEs: 39EXPL: 2CVE-2010-2062
https://notcve.org/view.php?id=CVE-2010-2062
Integer underflow in the real_get_rdt_chunk function in real.c, as used in modules/access/rtsp/real.c in VideoLAN VLC media player before 1.0.1 and stream/realrtsp/real.c in MPlayer before r29447, allows remote attackers to execute arbitrary code via a crafted length value in an RDT chunk header. Desbordamiento de enteros en la función real_get_rdt_chunk en real.c, utilizado en modules/access/rtsp/real.c del reproductor multimedia VideoLAN VLC anterior a 1.0.1 y en stream/realrtsp/real.c en MPlayer anterior a r29447, permite a atacantes remotos ejecutar código arbitrario a través del valor longitud modificado en la cabecera RDT • http://git.videolan.org/?p=vlc.git%3Ba=commit%3Bh=dc74600c97eb834c08674676e209afa842053aca http://openwall.com/lists/oss-security/2010/06/04/4 http://seclists.org/fulldisclosure/2009/Jul/418 https://dzcore.wordpress.com/2009/07/27/dzc-2009-001-the-movie-player-and-vlc-media-player-real-data-transport-parsing-integer-underflow • CWE-189: Numeric Errors •
CVSS: 6.8EPSS: 5%CPEs: 8EXPL: 0CVE-2013-4388
https://notcve.org/view.php?id=CVE-2013-4388
Buffer overflow in the mp4a packetizer (modules/packetizer/mpeg4audio.c) in VideoLAN VLC Media Player before 2.0.8 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via unspecified vectors. Desbordamiento de buffer en el empaquetador mp4a (modules/packetizer/mpeg4audio.c) en VideoLAN VLC Media Player anterior a la versión 2.0.8 permite a atacantes remotos provocar una denegación de servicio (cuelgue) y posiblemente ejecutar código arbitrario a través de vectores sin especificar. • http://git.videolan.org/?p=vlc.git%3Ba=commitdiff%3Bh=9794ec1cd268c04c8bca13a5fae15df6594dff3e http://secunia.com/advisories/59793 http://www.openwall.com/lists/oss-security/2013/10/01/2 http://www.securityfocus.com/bid/62724 http://www.securitytracker.com/id/1029120 http://www.videolan.org/developers/vlc-branch/NEWS https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A18086 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 9.3EPSS: 23%CPEs: 5EXPL: 1CVE-2013-1868 – VideoLAN VLC Media Player 2.0.4 - '.swf' Crash (PoC)
https://notcve.org/view.php?id=CVE-2013-1868
Multiple buffer overflows in VideoLAN VLC media player 2.0.4 and earlier allow remote attackers to cause a denial of service (crash) and execute arbitrary code via vectors related to the (1) freetype renderer and (2) HTML subtitle parser. Múltiples desbordamientos de búfer en VideoLAN VLC media player v2.0.4 y anteriores permite a atacantes remotos provocar una denegación de servicio (caída) y ejecutar código arbitrario a través de vectores relacionados con el (1) procesador freetype y (2) el analizador (parser) de subtitulos HTML. • https://www.exploit-db.com/exploits/23201 http://marc.info/?l=oss-security&m=136367945627336&w=2 http://secunia.com/advisories/59793 http://www.securityfocus.com/bid/57079 http://www.videolan.org/security/sa1301.html https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A17226 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •