CVSS: 7.8EPSS: 0%CPEs: 2EXPL: 0CVE-2023-46814
https://notcve.org/view.php?id=CVE-2023-46814
22 Nov 2023 — A binary hijacking vulnerability exists within the VideoLAN VLC media player before 3.0.19 on Windows. The uninstaller attempts to execute code with elevated privileges out of a standard user writable location. Standard users may use this to gain arbitrary code execution as SYSTEM. Existe una vulnerabilidad de secuestro binario en el reproductor multimedia VideoLAN VLC anterior a 3.0.19 en Windows. El desinstalador intenta ejecutar código con privilegios elevados desde una ubicación de escritura estándar po... • https://www.videolan.org/security/sb-vlc3019.html • CWE-427: Uncontrolled Search Path Element •
CVSS: 10.0EPSS: 0%CPEs: 1EXPL: 1CVE-2023-47359 – Ubuntu Security Notice USN-6783-1
https://notcve.org/view.php?id=CVE-2023-47359
07 Nov 2023 — Videolan VLC prior to version 3.0.20 contains an incorrect offset read that leads to a Heap-Based Buffer Overflow in function GetPacket() and results in a memory corruption. Videolan VLC anterior a la versión 3.0.20 contiene una lectura de desplazamiento incorrecta que provoca un desbordamiento del búfer en la función GetPacket() y provoca daños en la memoria. It was discovered that VLC incorrectly handled certain media files. A remote attacker could possibly use this issue to cause VLC to crash, resulting ... • https://0xariana.github.io/blog/real_bugs/vlc/mms • CWE-787: Out-of-bounds Write •
CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 1CVE-2023-47360
https://notcve.org/view.php?id=CVE-2023-47360
07 Nov 2023 — Videolan VLC prior to version 3.0.20 contains an Integer underflow that leads to an incorrect packet length. Videolan VLC anterior a la versión 3.0.20 contiene un desbordamiento insuficiente de enteros que conduce a una longitud de paquete incorrecta. • https://0xariana.github.io/blog/real_bugs/vlc/mms • CWE-191: Integer Underflow (Wrap or Wraparound) •
CVSS: 7.8EPSS: 0%CPEs: 2EXPL: 1CVE-2022-41325 – Debian Security Advisory 5297-1
https://notcve.org/view.php?id=CVE-2022-41325
06 Dec 2022 — An integer overflow in the VNC module in VideoLAN VLC Media Player through 3.0.17.4 allows attackers, by tricking a user into opening a crafted playlist or connecting to a rogue VNC server, to crash VLC or execute code under some conditions. Un desbordamiento de enteros en el módulo VNC en VideoLAN VLC Media Player hasta la versión 3.0.17.4 permite a los atacantes, al engañar a un usuario para que abra una lista de reproducción manipulada se conecte a un servidor VNC fraudulento, bloquear VLC o ejecutar cód... • https://twitter.com/0xMitsurugi • CWE-190: Integer Overflow or Wraparound •
CVSS: 7.8EPSS: 0%CPEs: 3EXPL: 1CVE-2020-26664 – Gentoo Linux Security Advisory 202101-37
https://notcve.org/view.php?id=CVE-2020-26664
08 Jan 2021 — A vulnerability in EbmlTypeDispatcher::send in VideoLAN VLC media player 3.0.11 allows attackers to trigger a heap-based buffer overflow via a crafted .mkv file. Una vulnerabilidad en la función EbmlTypeDispatcher::send en VideoLAN VLC media player versión 3.0.11, permite a atacantes desencadenar un desbordamiento del búfer en la región heap de la memoria por medio de un archivo .mkv diseñado Multiple vulnerabilities were discovered in the VLC media player, which could result in the execution of arbitrary c... • http://videolan.com • CWE-787: Out-of-bounds Write •
CVSS: 7.8EPSS: 0%CPEs: 4EXPL: 0CVE-2020-13428 – Ubuntu Security Notice USN-6180-1
https://notcve.org/view.php?id=CVE-2020-13428
08 Jun 2020 — A heap-based buffer overflow in the hxxx_AnnexB_to_xVC function in modules/packetizer/hxxx_nal.c in VideoLAN VLC media player before 3.0.11 for macOS/iOS allows remote attackers to cause a denial of service (application crash) or execute arbitrary code via a crafted H.264 Annex-B video (.avi for example) file. Un desbordamiento del búfer en la región heap de la memoria en la función hxxx_AnnexB_to_xVC en el archivo modules/packetizer/hxxx_nal.c en el reproductor multimedia VideoLAN VLC en versines anteriore... • http://git.videolan.org/?p=vlc/vlc-3.0.git%3Ba=commit%3Bh=d5c43c21c747ff30ed19fcca745dea3481c733e0 • CWE-787: Out-of-bounds Write •
CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 1CVE-2019-19721 – Ubuntu Security Notice USN-6180-1
https://notcve.org/view.php?id=CVE-2019-19721
15 May 2020 — An off-by-one error in the DecodeBlock function in codec/sdl_image.c in VideoLAN VLC media player before 3.0.9 allows remote attackers to cause a denial of service (memory corruption) via a crafted image file. NOTE: this may be related to the SDL_Image product. Un error por un paso en la función DecodeBlock en el archivo codec/sdl_image.c en reproductor multimedia VideoLAN VLC versiones anteriores a 3.0.9, permite a atacantes remotos causar una denegación de servicio (corrupción de la memoria) por medio de ... • http://hg.libsdl.org/SDL_image • CWE-193: Off-by-one Error CWE-787: Out-of-bounds Write •
CVSS: 5.5EPSS: 0%CPEs: 5EXPL: 1CVE-2019-5460
https://notcve.org/view.php?id=CVE-2019-5460
30 Jul 2019 — Double Free in VLC versions <= 3.0.6 leads to a crash. Una vulnerabilidad de Doble Liberación en VLC versiones anteriores a 3.0.6 (incluida), conlleva a un bloqueo. • http://lists.opensuse.org/opensuse-security-announce/2019-08/msg00005.html • CWE-415: Double Free •
CVSS: 7.1EPSS: 0%CPEs: 5EXPL: 1CVE-2019-5459
https://notcve.org/view.php?id=CVE-2019-5459
30 Jul 2019 — An Integer underflow in VLC Media Player versions < 3.0.7 leads to an out-of-band read. Un desbordamiento de enteros de VLC Media Player versiones anteriores a 3.0.7, conlleva a una lectura fuera de banda. • http://lists.opensuse.org/opensuse-security-announce/2019-08/msg00005.html • CWE-191: Integer Underflow (Wrap or Wraparound) •
CVSS: 9.8EPSS: 1%CPEs: 9EXPL: 1CVE-2019-13962 – Ubuntu Security Notice USN-4131-1
https://notcve.org/view.php?id=CVE-2019-13962
18 Jul 2019 — lavc_CopyPicture in modules/codec/avcodec/video.c in VideoLAN VLC media player through 3.0.7 has a heap-based buffer over-read because it does not properly validate the width and height. lavc_CopyPicture en modules / codec / avcodec / video.c en el reproductor de medios VideoLAN VLC a través de 3.0.7 tiene una lectura en exceso del búfer basado en el montón porque no valida correctamente el ancho y la altura. It was discovered that VLC incorrectly handled certain media files. If a user were tricked into ope... • http://git.videolan.org/?p=vlc/vlc-3.0.git%3Ba=commit%3Bh=2b4f9d0b0e0861f262c90e9b9b94e7d53b864509 • CWE-125: Out-of-bounds Read •