CVSS: 9.8EPSS: 1%CPEs: 1EXPL: 1CVE-2014-6440
https://notcve.org/view.php?id=CVE-2014-6440
VideoLAN VLC media player before 2.1.5 allows remote attackers to execute arbitrary code or cause a denial of service. VideoLAN VLC media player en versiones anteriores a 2.1.5 permite a atacantes remotos ejecutar código arbitrario o provocar una denegación de servicio. • http://billblough.net/blog/2015/03/04/cve-2014-6440-heap-overflow-in-vlc-transcode-module http://seclists.org/oss-sec/2015/q1/751 http://www.securityfocus.com/bid/72950 http://www.videolan.org/developers/vlc-branch/NEWS https://security.gentoo.org/glsa/201603-08 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 4.6EPSS: 0%CPEs: 24EXPL: 0CVE-2008-2147
https://notcve.org/view.php?id=CVE-2008-2147
Untrusted search path vulnerability in VideoLAN VLC before 0.9.0 allows local users to execute arbitrary code via a malicious library under the modules/ or plugins/ subdirectories of the current working directory. Vulnerabilidad de búsqueda en ruta no confiable en VideoLAN VLC anterior a 0.9.0 permite a usuarios locales ejecutar código de su elección a través de una librería bajo los subdirectorios modules/ o plugins/ del directorio actual. • http://git.videolan.org/?p=vlc.git%3Ba=commit%3Bh=c7cef4fdd8dd72ce0a45be3cda8ba98df5e83181 http://secunia.com/advisories/31317 http://security.gentoo.org/glsa/glsa-200807-13.xml http://trac.videolan.org/vlc/ticket/1578 https://exchange.xforce.ibmcloud.com/vulnerabilities/42377 • CWE-264: Permissions, Privileges, and Access Controls •
CVSS: 6.8EPSS: 2%CPEs: 60EXPL: 0CVE-2008-1768
https://notcve.org/view.php?id=CVE-2008-1768
Multiple integer overflows in VLC before 0.8.6f allow remote attackers to cause a denial of service (crash) via the (1) MP4 demuxer, (2) Real demuxer, and (3) Cinepak codec, which triggers a buffer overflow. Múltiples desbordamientos de enteros en VLC anterior a 0.8.6f, permite a atacantes remotos provocar una denegación de servicio (caída) a través del demultiplexador (1) MP4, (2) Real y (3) el codec Cinepak, que inicia el desbordamiento de búfer. • http://secunia.com/advisories/29503 http://secunia.com/advisories/29800 http://security.gentoo.org/glsa/glsa-200804-25.xml http://wiki.videolan.org/Changelog/0.8.6f http://www.securityfocus.com/bid/28903 http://www.videolan.org/developers/vlc/NEWS http://www.videolan.org/security/sa0803.php http://www.vupen.com/english/advisories/2008/0985 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A14412 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 6.8EPSS: 1%CPEs: 60EXPL: 1CVE-2008-1769 – Kantaris 0.3.4 - SSA Subtitle Local Buffer Overflow
https://notcve.org/view.php?id=CVE-2008-1769
VLC before 0.8.6f allow remote attackers to cause a denial of service (crash) via a crafted Cinepak file that triggers an out-of-bounds array access and memory corruption. VLC versions anteriores a la 0.8.6f, permite a atacantes remotos provocar una denegación de servicio (caída) a través de un Cinepak manipulado que dispara un acceso a array fuera de límite y una corrupción de memoria. • https://www.exploit-db.com/exploits/5498 http://bugs.gentoo.org/show_bug.cgi?id=214627#c3 http://git.videolan.org/gitweb.cgi/vlc.git/?a=commit%3Bh=cf489d7bff3c1b36b2d5501ecf21129c78104d98 http://secunia.com/advisories/29503 http://secunia.com/advisories/29800 http://security.gentoo.org/glsa/glsa-200804-25.xml http://wiki.videolan.org/Changelog/0.8.6f http://www.securityfocus.com/bid/28904 http://www.videolan.org/developers/vlc/NEWS http://www.videolan.org/security/sa0803. • CWE-399: Resource Management Errors •
CVSS: 6.8EPSS: 22%CPEs: 1EXPL: 2CVE-2008-1881 – VideoLAN VLC Media Player 0.8.6d SSA Parsing Double Sh311 - Universal
https://notcve.org/view.php?id=CVE-2008-1881
Stack-based buffer overflow in the ParseSSA function (modules/demux/subtitle.c) in VLC 0.8.6e allows remote attackers to execute arbitrary code via a long subtitle in an SSA file. NOTE: this issue is due to an incomplete fix for CVE-2007-6681. Desbordamiento de búfer basado en pila en la función ParseSSA (modules/demux/subtitle.c) en VLC 0.8.6e permite a atacantes remotos ejecutar código de su elección mediante un subtitulo largeo en un archivo SSA. NOTA: este problema es debido a una corrección incompleta para CVE-2007-6681. • https://www.exploit-db.com/exploits/5667 https://www.exploit-db.com/exploits/5250 http://aluigi.altervista.org/adv/vlcboffs-adv.txt http://aluigi.org/adv/vlcboffs-adv.txt http://secunia.com/advisories/28233 http://secunia.com/advisories/29800 http://security.gentoo.org/glsa/glsa-200804-25.xml http://wiki.videolan.org/Changelog/0.8.6f http://www.securityfocus.com/archive/1/489698 http://www.securityfocus.com/bid/28251 http://www.securityfocus.com/bid/28274 https&# • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •