All the vulnerabilites related to videolan - vlc_media_player
cve-2007-3316
Vulnerability from cvelistv5
Published
2007-06-21 18:00
Modified
2024-08-07 14:14
Severity ?
EPSS score ?
Summary
Multiple format string vulnerabilities in plugins in VideoLAN VLC Media Player before 0.8.6c allow remote attackers to cause a denial of service (crash) or execute arbitrary code via format string specifiers in (1) an Ogg/Vorbis file, (2) an Ogg/Theora file, (3) a CDDB entry for a CD Digital Audio (CDDA) file, or (4) Service Announce Protocol (SAP) multicast packets.
References
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T14:14:12.858Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "GLSA-200707-12",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO",
"x_transferred"
],
"url": "http://security.gentoo.org/glsa/glsa-200707-12.xml"
},
{
"name": "20070621 VLC 0.8.6b format string vulnerability \u0026 integer overflow",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://www.securityfocus.com/archive/1/471933/100/0/threaded"
},
{
"name": "37382",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://osvdb.org/37382"
},
{
"name": "24555",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/24555"
},
{
"name": "VU#200928",
"tags": [
"third-party-advisory",
"x_refsource_CERT-VN",
"x_transferred"
],
"url": "http://www.kb.cert.org/vuls/id/200928"
},
{
"name": "26269",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/26269"
},
{
"name": "37381",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://osvdb.org/37381"
},
{
"name": "37380",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://osvdb.org/37380"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://www.isecpartners.com/advisories/2007-001-vlc.txt"
},
{
"name": "ADV-2007-2262",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2007/2262"
},
{
"name": "oval:org.mitre.oval:def:14600",
"tags": [
"vdb-entry",
"signature",
"x_refsource_OVAL",
"x_transferred"
],
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A14600"
},
{
"name": "37379",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://osvdb.org/37379"
},
{
"name": "25753",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/25753"
},
{
"name": "DSA-1332",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN",
"x_transferred"
],
"url": "http://www.debian.org/security/2007/dsa-1332"
},
{
"name": "25980",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/25980"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.videolan.org/sa0702.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2007-06-20T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Multiple format string vulnerabilities in plugins in VideoLAN VLC Media Player before 0.8.6c allow remote attackers to cause a denial of service (crash) or execute arbitrary code via format string specifiers in (1) an Ogg/Vorbis file, (2) an Ogg/Theora file, (3) a CDDB entry for a CD Digital Audio (CDDA) file, or (4) Service Announce Protocol (SAP) multicast packets."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-10-16T14:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "GLSA-200707-12",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO"
],
"url": "http://security.gentoo.org/glsa/glsa-200707-12.xml"
},
{
"name": "20070621 VLC 0.8.6b format string vulnerability \u0026 integer overflow",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://www.securityfocus.com/archive/1/471933/100/0/threaded"
},
{
"name": "37382",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://osvdb.org/37382"
},
{
"name": "24555",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/24555"
},
{
"name": "VU#200928",
"tags": [
"third-party-advisory",
"x_refsource_CERT-VN"
],
"url": "http://www.kb.cert.org/vuls/id/200928"
},
{
"name": "26269",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/26269"
},
{
"name": "37381",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://osvdb.org/37381"
},
{
"name": "37380",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://osvdb.org/37380"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://www.isecpartners.com/advisories/2007-001-vlc.txt"
},
{
"name": "ADV-2007-2262",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2007/2262"
},
{
"name": "oval:org.mitre.oval:def:14600",
"tags": [
"vdb-entry",
"signature",
"x_refsource_OVAL"
],
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A14600"
},
{
"name": "37379",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://osvdb.org/37379"
},
{
"name": "25753",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/25753"
},
{
"name": "DSA-1332",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN"
],
"url": "http://www.debian.org/security/2007/dsa-1332"
},
{
"name": "25980",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/25980"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.videolan.org/sa0702.html"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2007-3316",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Multiple format string vulnerabilities in plugins in VideoLAN VLC Media Player before 0.8.6c allow remote attackers to cause a denial of service (crash) or execute arbitrary code via format string specifiers in (1) an Ogg/Vorbis file, (2) an Ogg/Theora file, (3) a CDDB entry for a CD Digital Audio (CDDA) file, or (4) Service Announce Protocol (SAP) multicast packets."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "GLSA-200707-12",
"refsource": "GENTOO",
"url": "http://security.gentoo.org/glsa/glsa-200707-12.xml"
},
{
"name": "20070621 VLC 0.8.6b format string vulnerability \u0026 integer overflow",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/471933/100/0/threaded"
},
{
"name": "37382",
"refsource": "OSVDB",
"url": "http://osvdb.org/37382"
},
{
"name": "24555",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/24555"
},
{
"name": "VU#200928",
"refsource": "CERT-VN",
"url": "http://www.kb.cert.org/vuls/id/200928"
},
{
"name": "26269",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/26269"
},
{
"name": "37381",
"refsource": "OSVDB",
"url": "http://osvdb.org/37381"
},
{
"name": "37380",
"refsource": "OSVDB",
"url": "http://osvdb.org/37380"
},
{
"name": "http://www.isecpartners.com/advisories/2007-001-vlc.txt",
"refsource": "MISC",
"url": "http://www.isecpartners.com/advisories/2007-001-vlc.txt"
},
{
"name": "ADV-2007-2262",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2007/2262"
},
{
"name": "oval:org.mitre.oval:def:14600",
"refsource": "OVAL",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A14600"
},
{
"name": "37379",
"refsource": "OSVDB",
"url": "http://osvdb.org/37379"
},
{
"name": "25753",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/25753"
},
{
"name": "DSA-1332",
"refsource": "DEBIAN",
"url": "http://www.debian.org/security/2007/dsa-1332"
},
{
"name": "25980",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/25980"
},
{
"name": "http://www.videolan.org/sa0702.html",
"refsource": "CONFIRM",
"url": "http://www.videolan.org/sa0702.html"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2007-3316",
"datePublished": "2007-06-21T18:00:00",
"dateReserved": "2007-06-21T00:00:00",
"dateUpdated": "2024-08-07T14:14:12.858Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2007-3468
Vulnerability from cvelistv5
Published
2007-06-27 22:00
Modified
2024-08-07 14:21
Severity ?
EPSS score ?
Summary
input.c in VideoLAN VLC Media Player before 0.8.6c allows remote attackers to cause a denial of service (crash) via a crafted WAV file that causes an uninitialized i_nb_resamplers variable to be used.
References
| ▼ | URL | Tags |
|---|---|---|
| http://www.securityfocus.com/archive/1/471933/100/0/threaded | mailing-list, x_refsource_BUGTRAQ | |
| https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A14744 | vdb-entry, signature, x_refsource_OVAL | |
| http://osvdb.org/38992 | vdb-entry, x_refsource_OSVDB | |
| http://www.isecpartners.com/advisories/2007-001-vlc.txt | x_refsource_MISC | |
| http://www.debian.org/security/2007/dsa-1332 | vendor-advisory, x_refsource_DEBIAN | |
| http://secunia.com/advisories/25980 | third-party-advisory, x_refsource_SECUNIA |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T14:21:34.896Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "20070621 VLC 0.8.6b format string vulnerability \u0026 integer overflow",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://www.securityfocus.com/archive/1/471933/100/0/threaded"
},
{
"name": "oval:org.mitre.oval:def:14744",
"tags": [
"vdb-entry",
"signature",
"x_refsource_OVAL",
"x_transferred"
],
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A14744"
},
{
"name": "38992",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://osvdb.org/38992"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://www.isecpartners.com/advisories/2007-001-vlc.txt"
},
{
"name": "DSA-1332",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN",
"x_transferred"
],
"url": "http://www.debian.org/security/2007/dsa-1332"
},
{
"name": "25980",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/25980"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2007-06-12T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "input.c in VideoLAN VLC Media Player before 0.8.6c allows remote attackers to cause a denial of service (crash) via a crafted WAV file that causes an uninitialized i_nb_resamplers variable to be used."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-10-16T14:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "20070621 VLC 0.8.6b format string vulnerability \u0026 integer overflow",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://www.securityfocus.com/archive/1/471933/100/0/threaded"
},
{
"name": "oval:org.mitre.oval:def:14744",
"tags": [
"vdb-entry",
"signature",
"x_refsource_OVAL"
],
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A14744"
},
{
"name": "38992",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://osvdb.org/38992"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://www.isecpartners.com/advisories/2007-001-vlc.txt"
},
{
"name": "DSA-1332",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN"
],
"url": "http://www.debian.org/security/2007/dsa-1332"
},
{
"name": "25980",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/25980"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2007-3468",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "input.c in VideoLAN VLC Media Player before 0.8.6c allows remote attackers to cause a denial of service (crash) via a crafted WAV file that causes an uninitialized i_nb_resamplers variable to be used."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "20070621 VLC 0.8.6b format string vulnerability \u0026 integer overflow",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/471933/100/0/threaded"
},
{
"name": "oval:org.mitre.oval:def:14744",
"refsource": "OVAL",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A14744"
},
{
"name": "38992",
"refsource": "OSVDB",
"url": "http://osvdb.org/38992"
},
{
"name": "http://www.isecpartners.com/advisories/2007-001-vlc.txt",
"refsource": "MISC",
"url": "http://www.isecpartners.com/advisories/2007-001-vlc.txt"
},
{
"name": "DSA-1332",
"refsource": "DEBIAN",
"url": "http://www.debian.org/security/2007/dsa-1332"
},
{
"name": "25980",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/25980"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2007-3468",
"datePublished": "2007-06-27T22:00:00",
"dateReserved": "2007-06-27T00:00:00",
"dateUpdated": "2024-08-07T14:21:34.896Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2009-1045
Vulnerability from cvelistv5
Published
2009-03-23 16:00
Modified
2024-08-07 04:57
Severity ?
EPSS score ?
Summary
requests/status.xml in VLC 0.9.8a allows remote attackers to cause a denial of service (stack consumption and crash) via a long input argument in an in_play action.
References
| ▼ | URL | Tags |
|---|---|---|
| https://exchange.xforce.ibmcloud.com/vulnerabilities/49249 | vdb-entry, x_refsource_XF | |
| https://www.exploit-db.com/exploits/8213 | exploit, x_refsource_EXPLOIT-DB | |
| http://bugs.gentoo.org/show_bug.cgi?id=262708 | x_refsource_MISC | |
| https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A14357 | vdb-entry, signature, x_refsource_OVAL | |
| http://www.openwall.com/lists/oss-security/2009/03/17/4 | mailing-list, x_refsource_MLIST | |
| http://www.securityfocus.com/bid/34126 | vdb-entry, x_refsource_BID |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T04:57:17.506Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "vlcmediaplayer-web-status-bo(49249)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/49249"
},
{
"name": "8213",
"tags": [
"exploit",
"x_refsource_EXPLOIT-DB",
"x_transferred"
],
"url": "https://www.exploit-db.com/exploits/8213"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://bugs.gentoo.org/show_bug.cgi?id=262708"
},
{
"name": "oval:org.mitre.oval:def:14357",
"tags": [
"vdb-entry",
"signature",
"x_refsource_OVAL",
"x_transferred"
],
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A14357"
},
{
"name": "[oss-security] 20090317 CVE request -- firefox, vlc, WeeChat",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2009/03/17/4"
},
{
"name": "34126",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/34126"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2009-03-16T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "requests/status.xml in VLC 0.9.8a allows remote attackers to cause a denial of service (stack consumption and crash) via a long input argument in an in_play action."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-09-28T12:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "vlcmediaplayer-web-status-bo(49249)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/49249"
},
{
"name": "8213",
"tags": [
"exploit",
"x_refsource_EXPLOIT-DB"
],
"url": "https://www.exploit-db.com/exploits/8213"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://bugs.gentoo.org/show_bug.cgi?id=262708"
},
{
"name": "oval:org.mitre.oval:def:14357",
"tags": [
"vdb-entry",
"signature",
"x_refsource_OVAL"
],
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A14357"
},
{
"name": "[oss-security] 20090317 CVE request -- firefox, vlc, WeeChat",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://www.openwall.com/lists/oss-security/2009/03/17/4"
},
{
"name": "34126",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/34126"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2009-1045",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "requests/status.xml in VLC 0.9.8a allows remote attackers to cause a denial of service (stack consumption and crash) via a long input argument in an in_play action."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "vlcmediaplayer-web-status-bo(49249)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/49249"
},
{
"name": "8213",
"refsource": "EXPLOIT-DB",
"url": "https://www.exploit-db.com/exploits/8213"
},
{
"name": "http://bugs.gentoo.org/show_bug.cgi?id=262708",
"refsource": "MISC",
"url": "http://bugs.gentoo.org/show_bug.cgi?id=262708"
},
{
"name": "oval:org.mitre.oval:def:14357",
"refsource": "OVAL",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A14357"
},
{
"name": "[oss-security] 20090317 CVE request -- firefox, vlc, WeeChat",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2009/03/17/4"
},
{
"name": "34126",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/34126"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2009-1045",
"datePublished": "2009-03-23T16:00:00",
"dateReserved": "2009-03-23T00:00:00",
"dateUpdated": "2024-08-07T04:57:17.506Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2014-9597
Vulnerability from cvelistv5
Published
2015-01-21 11:00
Modified
2024-08-06 13:47
Severity ?
EPSS score ?
Summary
The picture_pool_Delete function in misc/picture_pool.c in VideoLAN VLC media player 2.1.5 allows remote attackers to execute arbitrary code or cause a denial of service (DEP violation and application crash) via a crafted FLV file.
References
| ▼ | URL | Tags |
|---|---|---|
| http://www.binarysniper.net/2015/01/vlc-media-player-215-memory-corruption.html | x_refsource_MISC | |
| http://seclists.org/fulldisclosure/2015/Jan/72 | mailing-list, x_refsource_FULLDISC | |
| https://security.gentoo.org/glsa/201603-08 | vendor-advisory, x_refsource_GENTOO | |
| https://trac.videolan.org/vlc/ticket/13389 | x_refsource_MISC | |
| https://trac.videolan.org/vlc/attachment/ticket/13389/windbglog.txt | x_refsource_MISC |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T13:47:41.681Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://www.binarysniper.net/2015/01/vlc-media-player-215-memory-corruption.html"
},
{
"name": "20150116 VLC Media Player 2.1.5 Memory Corruption Vulnerabilities (CVE-2014-9597, CVE-2014-9597)",
"tags": [
"mailing-list",
"x_refsource_FULLDISC",
"x_transferred"
],
"url": "http://seclists.org/fulldisclosure/2015/Jan/72"
},
{
"name": "GLSA-201603-08",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO",
"x_transferred"
],
"url": "https://security.gentoo.org/glsa/201603-08"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://trac.videolan.org/vlc/ticket/13389"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://trac.videolan.org/vlc/attachment/ticket/13389/windbglog.txt"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2015-01-16T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "The picture_pool_Delete function in misc/picture_pool.c in VideoLAN VLC media player 2.1.5 allows remote attackers to execute arbitrary code or cause a denial of service (DEP violation and application crash) via a crafted FLV file."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-06-30T16:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "http://www.binarysniper.net/2015/01/vlc-media-player-215-memory-corruption.html"
},
{
"name": "20150116 VLC Media Player 2.1.5 Memory Corruption Vulnerabilities (CVE-2014-9597, CVE-2014-9597)",
"tags": [
"mailing-list",
"x_refsource_FULLDISC"
],
"url": "http://seclists.org/fulldisclosure/2015/Jan/72"
},
{
"name": "GLSA-201603-08",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO"
],
"url": "https://security.gentoo.org/glsa/201603-08"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://trac.videolan.org/vlc/ticket/13389"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://trac.videolan.org/vlc/attachment/ticket/13389/windbglog.txt"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2014-9597",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The picture_pool_Delete function in misc/picture_pool.c in VideoLAN VLC media player 2.1.5 allows remote attackers to execute arbitrary code or cause a denial of service (DEP violation and application crash) via a crafted FLV file."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://www.binarysniper.net/2015/01/vlc-media-player-215-memory-corruption.html",
"refsource": "MISC",
"url": "http://www.binarysniper.net/2015/01/vlc-media-player-215-memory-corruption.html"
},
{
"name": "20150116 VLC Media Player 2.1.5 Memory Corruption Vulnerabilities (CVE-2014-9597, CVE-2014-9597)",
"refsource": "FULLDISC",
"url": "http://seclists.org/fulldisclosure/2015/Jan/72"
},
{
"name": "GLSA-201603-08",
"refsource": "GENTOO",
"url": "https://security.gentoo.org/glsa/201603-08"
},
{
"name": "https://trac.videolan.org/vlc/ticket/13389",
"refsource": "MISC",
"url": "https://trac.videolan.org/vlc/ticket/13389"
},
{
"name": "https://trac.videolan.org/vlc/attachment/ticket/13389/windbglog.txt",
"refsource": "MISC",
"url": "https://trac.videolan.org/vlc/attachment/ticket/13389/windbglog.txt"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2014-9597",
"datePublished": "2015-01-21T11:00:00",
"dateReserved": "2015-01-15T00:00:00",
"dateUpdated": "2024-08-06T13:47:41.681Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2019-14533
Vulnerability from cvelistv5
Published
2019-08-29 18:43
Modified
2024-08-05 00:19
Severity ?
EPSS score ?
Summary
The Control function of demux/asf/asf.c in VideoLAN VLC media player 3.0.7.1 has a use-after-free.
References
| ▼ | URL | Tags |
|---|---|---|
| http://git.videolan.org/?p=vlc.git&a=search&h=refs/heads/master&st=commit&s=cve-2019 | x_refsource_CONFIRM | |
| https://www.debian.org/security/2019/dsa-4504 | vendor-advisory, x_refsource_DEBIAN | |
| https://seclists.org/bugtraq/2019/Aug/36 | mailing-list, x_refsource_BUGTRAQ | |
| https://www.videolan.org/security/sb-vlc308.html | x_refsource_CONFIRM | |
| https://security.gentoo.org/glsa/201909-02 | vendor-advisory, x_refsource_GENTOO | |
| https://usn.ubuntu.com/4131-1/ | vendor-advisory, x_refsource_UBUNTU | |
| http://lists.opensuse.org/opensuse-security-announce/2020-04/msg00036.html | vendor-advisory, x_refsource_SUSE | |
| http://lists.opensuse.org/opensuse-security-announce/2020-04/msg00046.html | vendor-advisory, x_refsource_SUSE |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T00:19:41.197Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://git.videolan.org/?p=vlc.git\u0026a=search\u0026h=refs/heads/master\u0026st=commit\u0026s=cve-2019"
},
{
"name": "DSA-4504",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN",
"x_transferred"
],
"url": "https://www.debian.org/security/2019/dsa-4504"
},
{
"name": "20190821 [SECURITY] [DSA 4504-1] vlc security update",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "https://seclists.org/bugtraq/2019/Aug/36"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://www.videolan.org/security/sb-vlc308.html"
},
{
"name": "GLSA-201909-02",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO",
"x_transferred"
],
"url": "https://security.gentoo.org/glsa/201909-02"
},
{
"name": "USN-4131-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU",
"x_transferred"
],
"url": "https://usn.ubuntu.com/4131-1/"
},
{
"name": "openSUSE-SU-2020:0545",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2020-04/msg00036.html"
},
{
"name": "openSUSE-SU-2020:0562",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2020-04/msg00046.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2019-08-14T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "The Control function of demux/asf/asf.c in VideoLAN VLC media player 3.0.7.1 has a use-after-free."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2020-04-29T11:06:08",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://git.videolan.org/?p=vlc.git\u0026a=search\u0026h=refs/heads/master\u0026st=commit\u0026s=cve-2019"
},
{
"name": "DSA-4504",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN"
],
"url": "https://www.debian.org/security/2019/dsa-4504"
},
{
"name": "20190821 [SECURITY] [DSA 4504-1] vlc security update",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "https://seclists.org/bugtraq/2019/Aug/36"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://www.videolan.org/security/sb-vlc308.html"
},
{
"name": "GLSA-201909-02",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO"
],
"url": "https://security.gentoo.org/glsa/201909-02"
},
{
"name": "USN-4131-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU"
],
"url": "https://usn.ubuntu.com/4131-1/"
},
{
"name": "openSUSE-SU-2020:0545",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2020-04/msg00036.html"
},
{
"name": "openSUSE-SU-2020:0562",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2020-04/msg00046.html"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2019-14533",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The Control function of demux/asf/asf.c in VideoLAN VLC media player 3.0.7.1 has a use-after-free."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://git.videolan.org/?p=vlc.git\u0026a=search\u0026h=refs/heads/master\u0026st=commit\u0026s=cve-2019",
"refsource": "CONFIRM",
"url": "http://git.videolan.org/?p=vlc.git\u0026a=search\u0026h=refs/heads/master\u0026st=commit\u0026s=cve-2019"
},
{
"name": "DSA-4504",
"refsource": "DEBIAN",
"url": "https://www.debian.org/security/2019/dsa-4504"
},
{
"name": "20190821 [SECURITY] [DSA 4504-1] vlc security update",
"refsource": "BUGTRAQ",
"url": "https://seclists.org/bugtraq/2019/Aug/36"
},
{
"name": "https://www.videolan.org/security/sb-vlc308.html",
"refsource": "CONFIRM",
"url": "https://www.videolan.org/security/sb-vlc308.html"
},
{
"name": "GLSA-201909-02",
"refsource": "GENTOO",
"url": "https://security.gentoo.org/glsa/201909-02"
},
{
"name": "USN-4131-1",
"refsource": "UBUNTU",
"url": "https://usn.ubuntu.com/4131-1/"
},
{
"name": "openSUSE-SU-2020:0545",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2020-04/msg00036.html"
},
{
"name": "openSUSE-SU-2020:0562",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2020-04/msg00046.html"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2019-14533",
"datePublished": "2019-08-29T18:43:45",
"dateReserved": "2019-08-02T00:00:00",
"dateUpdated": "2024-08-05T00:19:41.197Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2011-2588
Vulnerability from cvelistv5
Published
2011-07-27 01:29
Modified
2024-08-06 23:08
Severity ?
EPSS score ?
Summary
Heap-based buffer overflow in the AVI_ChunkRead_strf function in libavi.c in the AVI demuxer in VideoLAN VLC media player before 1.1.11 allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a crafted AVI media file.
References
| ▼ | URL | Tags |
|---|---|---|
| http://secunia.com/advisories/45066 | third-party-advisory, x_refsource_SECUNIA | |
| https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A14858 | vdb-entry, signature, x_refsource_OVAL | |
| http://www.videolan.org/security/sa1106.html | x_refsource_CONFIRM | |
| http://www.securityfocus.com/bid/48664 | vdb-entry, x_refsource_BID | |
| https://exchange.xforce.ibmcloud.com/vulnerabilities/68532 | vdb-entry, x_refsource_XF | |
| http://git.videolan.org/?p=vlc.git%3Ba=commit%3Bh=9c14964bd11482d5c1d6c0e223440f9f1e5b1831 | x_refsource_CONFIRM |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T23:08:23.776Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "45066",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/45066"
},
{
"name": "oval:org.mitre.oval:def:14858",
"tags": [
"vdb-entry",
"signature",
"x_refsource_OVAL",
"x_transferred"
],
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A14858"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.videolan.org/security/sa1106.html"
},
{
"name": "48664",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/48664"
},
{
"name": "vlcmediaplayer-strf-bo(68532)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/68532"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://git.videolan.org/?p=vlc.git%3Ba=commit%3Bh=9c14964bd11482d5c1d6c0e223440f9f1e5b1831"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2011-07-12T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Heap-based buffer overflow in the AVI_ChunkRead_strf function in libavi.c in the AVI demuxer in VideoLAN VLC media player before 1.1.11 allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a crafted AVI media file."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-09-18T12:57:01",
"orgId": "44d08088-2bea-4760-83a6-1e9be26b15ab",
"shortName": "flexera"
},
"references": [
{
"name": "45066",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/45066"
},
{
"name": "oval:org.mitre.oval:def:14858",
"tags": [
"vdb-entry",
"signature",
"x_refsource_OVAL"
],
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A14858"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.videolan.org/security/sa1106.html"
},
{
"name": "48664",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/48664"
},
{
"name": "vlcmediaplayer-strf-bo(68532)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/68532"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://git.videolan.org/?p=vlc.git%3Ba=commit%3Bh=9c14964bd11482d5c1d6c0e223440f9f1e5b1831"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "PSIRT-CNA@flexerasoftware.com",
"ID": "CVE-2011-2588",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Heap-based buffer overflow in the AVI_ChunkRead_strf function in libavi.c in the AVI demuxer in VideoLAN VLC media player before 1.1.11 allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a crafted AVI media file."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "45066",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/45066"
},
{
"name": "oval:org.mitre.oval:def:14858",
"refsource": "OVAL",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A14858"
},
{
"name": "http://www.videolan.org/security/sa1106.html",
"refsource": "CONFIRM",
"url": "http://www.videolan.org/security/sa1106.html"
},
{
"name": "48664",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/48664"
},
{
"name": "vlcmediaplayer-strf-bo(68532)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/68532"
},
{
"name": "http://git.videolan.org/?p=vlc.git;a=commit;h=9c14964bd11482d5c1d6c0e223440f9f1e5b1831",
"refsource": "CONFIRM",
"url": "http://git.videolan.org/?p=vlc.git;a=commit;h=9c14964bd11482d5c1d6c0e223440f9f1e5b1831"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "44d08088-2bea-4760-83a6-1e9be26b15ab",
"assignerShortName": "flexera",
"cveId": "CVE-2011-2588",
"datePublished": "2011-07-27T01:29:00",
"dateReserved": "2011-06-29T00:00:00",
"dateUpdated": "2024-08-06T23:08:23.776Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2007-6262
Vulnerability from cvelistv5
Published
2007-12-06 02:00
Modified
2024-08-07 16:02
Severity ?
EPSS score ?
Summary
A certain ActiveX control in axvlc.dll in VideoLAN VLC 0.8.6 before 0.8.6d allows remote attackers to execute arbitrary code via crafted arguments to the (1) addTarget, (2) getVariable, or (3) setVariable function, resulting from a "bad initialized pointer," aka a "recursive plugin release vulnerability."
References
| ▼ | URL | Tags |
|---|---|---|
| https://exchange.xforce.ibmcloud.com/vulnerabilities/38816 | vdb-entry, x_refsource_XF | |
| http://www.videolan.org/sa0703.html | x_refsource_CONFIRM | |
| http://www.vupen.com/english/advisories/2007/4061 | vdb-entry, x_refsource_VUPEN | |
| http://www.coresecurity.com/?action=item&id=2035 | x_refsource_MISC | |
| https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A14280 | vdb-entry, signature, x_refsource_OVAL | |
| http://secunia.com/advisories/27878 | third-party-advisory, x_refsource_SECUNIA | |
| http://www.securityfocus.com/archive/1/484563/100/0/threaded | mailing-list, x_refsource_BUGTRAQ | |
| http://www.securityfocus.com/bid/26675 | vdb-entry, x_refsource_BID | |
| http://securityreason.com/securityalert/3420 | third-party-advisory, x_refsource_SREASON |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T16:02:35.568Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "vlcmediaplayer-activex-memory-overwrite(38816)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/38816"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.videolan.org/sa0703.html"
},
{
"name": "ADV-2007-4061",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2007/4061"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://www.coresecurity.com/?action=item\u0026id=2035"
},
{
"name": "oval:org.mitre.oval:def:14280",
"tags": [
"vdb-entry",
"signature",
"x_refsource_OVAL",
"x_transferred"
],
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A14280"
},
{
"name": "27878",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/27878"
},
{
"name": "20071204 CORE-2007-1004: VLC Activex Bad Pointer Initialization Vulnerability",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://www.securityfocus.com/archive/1/484563/100/0/threaded"
},
{
"name": "26675",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/26675"
},
{
"name": "3420",
"tags": [
"third-party-advisory",
"x_refsource_SREASON",
"x_transferred"
],
"url": "http://securityreason.com/securityalert/3420"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2007-11-30T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "A certain ActiveX control in axvlc.dll in VideoLAN VLC 0.8.6 before 0.8.6d allows remote attackers to execute arbitrary code via crafted arguments to the (1) addTarget, (2) getVariable, or (3) setVariable function, resulting from a \"bad initialized pointer,\" aka a \"recursive plugin release vulnerability.\""
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-10-15T20:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "vlcmediaplayer-activex-memory-overwrite(38816)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/38816"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.videolan.org/sa0703.html"
},
{
"name": "ADV-2007-4061",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2007/4061"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://www.coresecurity.com/?action=item\u0026id=2035"
},
{
"name": "oval:org.mitre.oval:def:14280",
"tags": [
"vdb-entry",
"signature",
"x_refsource_OVAL"
],
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A14280"
},
{
"name": "27878",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/27878"
},
{
"name": "20071204 CORE-2007-1004: VLC Activex Bad Pointer Initialization Vulnerability",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://www.securityfocus.com/archive/1/484563/100/0/threaded"
},
{
"name": "26675",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/26675"
},
{
"name": "3420",
"tags": [
"third-party-advisory",
"x_refsource_SREASON"
],
"url": "http://securityreason.com/securityalert/3420"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2007-6262",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "A certain ActiveX control in axvlc.dll in VideoLAN VLC 0.8.6 before 0.8.6d allows remote attackers to execute arbitrary code via crafted arguments to the (1) addTarget, (2) getVariable, or (3) setVariable function, resulting from a \"bad initialized pointer,\" aka a \"recursive plugin release vulnerability.\""
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "vlcmediaplayer-activex-memory-overwrite(38816)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/38816"
},
{
"name": "http://www.videolan.org/sa0703.html",
"refsource": "CONFIRM",
"url": "http://www.videolan.org/sa0703.html"
},
{
"name": "ADV-2007-4061",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2007/4061"
},
{
"name": "http://www.coresecurity.com/?action=item\u0026id=2035",
"refsource": "MISC",
"url": "http://www.coresecurity.com/?action=item\u0026id=2035"
},
{
"name": "oval:org.mitre.oval:def:14280",
"refsource": "OVAL",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A14280"
},
{
"name": "27878",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/27878"
},
{
"name": "20071204 CORE-2007-1004: VLC Activex Bad Pointer Initialization Vulnerability",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/484563/100/0/threaded"
},
{
"name": "26675",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/26675"
},
{
"name": "3420",
"refsource": "SREASON",
"url": "http://securityreason.com/securityalert/3420"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2007-6262",
"datePublished": "2007-12-06T02:00:00",
"dateReserved": "2007-12-05T00:00:00",
"dateUpdated": "2024-08-07T16:02:35.568Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2012-1775
Vulnerability from cvelistv5
Published
2012-03-19 16:00
Modified
2024-08-06 19:08
Severity ?
EPSS score ?
Summary
Stack-based buffer overflow in VideoLAN VLC media player before 2.0.1 allows remote attackers to execute arbitrary code via a crafted MMS:// stream.
References
| ▼ | URL | Tags |
|---|---|---|
| http://www.securityfocus.com/bid/53391 | vdb-entry, x_refsource_BID | |
| http://www.exploit-db.com/exploits/18825 | exploit, x_refsource_EXPLOIT-DB | |
| http://www.securityfocus.com/bid/52550 | vdb-entry, x_refsource_BID | |
| http://www.videolan.org/security/sa1201.html | x_refsource_CONFIRM | |
| http://git.videolan.org/?p=vlc/vlc-2.0.git%3Ba=commit%3Bh=11a95cce96fffdbaba1be6034d7b42721667821c | x_refsource_CONFIRM | |
| https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A14820 | vdb-entry, signature, x_refsource_OVAL |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T19:08:38.509Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "53391",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/53391"
},
{
"name": "18825",
"tags": [
"exploit",
"x_refsource_EXPLOIT-DB",
"x_transferred"
],
"url": "http://www.exploit-db.com/exploits/18825"
},
{
"name": "52550",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/52550"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.videolan.org/security/sa1201.html"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://git.videolan.org/?p=vlc/vlc-2.0.git%3Ba=commit%3Bh=11a95cce96fffdbaba1be6034d7b42721667821c"
},
{
"name": "oval:org.mitre.oval:def:14820",
"tags": [
"vdb-entry",
"signature",
"x_refsource_OVAL",
"x_transferred"
],
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A14820"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2012-03-15T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Stack-based buffer overflow in VideoLAN VLC media player before 2.0.1 allows remote attackers to execute arbitrary code via a crafted MMS:// stream."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-12-13T18:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "53391",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/53391"
},
{
"name": "18825",
"tags": [
"exploit",
"x_refsource_EXPLOIT-DB"
],
"url": "http://www.exploit-db.com/exploits/18825"
},
{
"name": "52550",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/52550"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.videolan.org/security/sa1201.html"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://git.videolan.org/?p=vlc/vlc-2.0.git%3Ba=commit%3Bh=11a95cce96fffdbaba1be6034d7b42721667821c"
},
{
"name": "oval:org.mitre.oval:def:14820",
"tags": [
"vdb-entry",
"signature",
"x_refsource_OVAL"
],
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A14820"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2012-1775",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Stack-based buffer overflow in VideoLAN VLC media player before 2.0.1 allows remote attackers to execute arbitrary code via a crafted MMS:// stream."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "53391",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/53391"
},
{
"name": "18825",
"refsource": "EXPLOIT-DB",
"url": "http://www.exploit-db.com/exploits/18825"
},
{
"name": "52550",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/52550"
},
{
"name": "http://www.videolan.org/security/sa1201.html",
"refsource": "CONFIRM",
"url": "http://www.videolan.org/security/sa1201.html"
},
{
"name": "http://git.videolan.org/?p=vlc/vlc-2.0.git;a=commit;h=11a95cce96fffdbaba1be6034d7b42721667821c",
"refsource": "CONFIRM",
"url": "http://git.videolan.org/?p=vlc/vlc-2.0.git;a=commit;h=11a95cce96fffdbaba1be6034d7b42721667821c"
},
{
"name": "oval:org.mitre.oval:def:14820",
"refsource": "OVAL",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A14820"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2012-1775",
"datePublished": "2012-03-19T16:00:00",
"dateReserved": "2012-03-19T00:00:00",
"dateUpdated": "2024-08-06T19:08:38.509Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2012-5470
Vulnerability from cvelistv5
Published
2012-10-26 10:00
Modified
2024-08-06 21:05
Severity ?
EPSS score ?
Summary
libpng_plugin in VideoLAN VLC media player 2.0.3 allows remote attackers to cause a denial of service (application crash) via a crafted PNG file.
References
| ▼ | URL | Tags |
|---|---|---|
| http://www.exploit-db.com/exploits/21889/ | exploit, x_refsource_EXPLOIT-DB | |
| http://openwall.com/lists/oss-security/2012/10/24/3 | mailing-list, x_refsource_MLIST | |
| http://www.securityfocus.com/bid/55850 | vdb-entry, x_refsource_BID | |
| https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A15540 | vdb-entry, signature, x_refsource_OVAL |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T21:05:47.397Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "21889",
"tags": [
"exploit",
"x_refsource_EXPLOIT-DB",
"x_transferred"
],
"url": "http://www.exploit-db.com/exploits/21889/"
},
{
"name": "[oss-security] 20121024 VLC 2.0.3 libpng_plugin CVE-2012-5470",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://openwall.com/lists/oss-security/2012/10/24/3"
},
{
"name": "55850",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/55850"
},
{
"name": "oval:org.mitre.oval:def:15540",
"tags": [
"vdb-entry",
"signature",
"x_refsource_OVAL",
"x_transferred"
],
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A15540"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2012-10-11T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "libpng_plugin in VideoLAN VLC media player 2.0.3 allows remote attackers to cause a denial of service (application crash) via a crafted PNG file."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-09-18T12:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "21889",
"tags": [
"exploit",
"x_refsource_EXPLOIT-DB"
],
"url": "http://www.exploit-db.com/exploits/21889/"
},
{
"name": "[oss-security] 20121024 VLC 2.0.3 libpng_plugin CVE-2012-5470",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://openwall.com/lists/oss-security/2012/10/24/3"
},
{
"name": "55850",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/55850"
},
{
"name": "oval:org.mitre.oval:def:15540",
"tags": [
"vdb-entry",
"signature",
"x_refsource_OVAL"
],
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A15540"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2012-5470",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "libpng_plugin in VideoLAN VLC media player 2.0.3 allows remote attackers to cause a denial of service (application crash) via a crafted PNG file."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "21889",
"refsource": "EXPLOIT-DB",
"url": "http://www.exploit-db.com/exploits/21889/"
},
{
"name": "[oss-security] 20121024 VLC 2.0.3 libpng_plugin CVE-2012-5470",
"refsource": "MLIST",
"url": "http://openwall.com/lists/oss-security/2012/10/24/3"
},
{
"name": "55850",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/55850"
},
{
"name": "oval:org.mitre.oval:def:15540",
"refsource": "OVAL",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A15540"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2012-5470",
"datePublished": "2012-10-26T10:00:00",
"dateReserved": "2012-10-24T00:00:00",
"dateUpdated": "2024-08-06T21:05:47.397Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2021-25803
Vulnerability from cvelistv5
Published
2021-07-26 16:26
Modified
2024-08-03 20:11
Severity ?
EPSS score ?
Summary
A buffer overflow vulnerability in the vlc_input_attachment_New component of VideoLAN VLC Media Player 3.0.11 allows attackers to cause an out-of-bounds read via a crafted .avi file.
References
| ▼ | URL | Tags |
|---|---|---|
| https://code.videolan.org/videolan/vlc-3.0/-/commit/56cbe9c4b59edbdc5e1bb2687992f3bbf492eccb | x_refsource_MISC |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T20:11:28.449Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://code.videolan.org/videolan/vlc-3.0/-/commit/56cbe9c4b59edbdc5e1bb2687992f3bbf492eccb"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "A buffer overflow vulnerability in the vlc_input_attachment_New component of VideoLAN VLC Media Player 3.0.11 allows attackers to cause an out-of-bounds read via a crafted .avi file."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2021-07-26T16:26:58",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://code.videolan.org/videolan/vlc-3.0/-/commit/56cbe9c4b59edbdc5e1bb2687992f3bbf492eccb"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2021-25803",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "A buffer overflow vulnerability in the vlc_input_attachment_New component of VideoLAN VLC Media Player 3.0.11 allows attackers to cause an out-of-bounds read via a crafted .avi file."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://code.videolan.org/videolan/vlc-3.0/-/commit/56cbe9c4b59edbdc5e1bb2687992f3bbf492eccb",
"refsource": "MISC",
"url": "https://code.videolan.org/videolan/vlc-3.0/-/commit/56cbe9c4b59edbdc5e1bb2687992f3bbf492eccb"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2021-25803",
"datePublished": "2021-07-26T16:26:58",
"dateReserved": "2021-01-22T00:00:00",
"dateUpdated": "2024-08-03T20:11:28.449Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2011-0021
Vulnerability from cvelistv5
Published
2011-01-25 18:00
Modified
2024-08-06 21:43
Severity ?
EPSS score ?
Summary
Multiple heap-based buffer overflows in cdg.c in the CDG decoder in VideoLAN VLC Media Player before 1.1.6 allow remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a crafted CDG video.
References
| ▼ | URL | Tags |
|---|---|---|
| https://exchange.xforce.ibmcloud.com/vulnerabilities/64879 | vdb-entry, x_refsource_XF | |
| https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A12460 | vdb-entry, signature, x_refsource_OVAL | |
| http://www.vupen.com/english/advisories/2011/0185 | vdb-entry, x_refsource_VUPEN | |
| http://openwall.com/lists/oss-security/2011/01/20/3 | mailing-list, x_refsource_MLIST | |
| http://openwall.com/lists/oss-security/2011/01/19/6 | mailing-list, x_refsource_MLIST | |
| http://www.securityfocus.com/bid/45927 | vdb-entry, x_refsource_BID | |
| http://download.videolan.org/pub/videolan/vlc/1.1.6/vlc-1.1.6.tar.bz2 | x_refsource_CONFIRM | |
| http://git.videolan.org/?p=vlc.git%3Ba=commit%3Bh=f9b664eac0e1a7bceed9d7b5854fd9fc351b4aab | x_refsource_CONFIRM |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T21:43:14.106Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "vlcmediaplayer-cdg-code-execution(64879)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/64879"
},
{
"name": "oval:org.mitre.oval:def:12460",
"tags": [
"vdb-entry",
"signature",
"x_refsource_OVAL",
"x_transferred"
],
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A12460"
},
{
"name": "ADV-2011-0185",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2011/0185"
},
{
"name": "[oss-security] 20110120 Re: CVE request: heap corruption in VLC media player",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://openwall.com/lists/oss-security/2011/01/20/3"
},
{
"name": "[oss-security] 20110119 CVE request: heap corruption in VLC media player",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://openwall.com/lists/oss-security/2011/01/19/6"
},
{
"name": "45927",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/45927"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://download.videolan.org/pub/videolan/vlc/1.1.6/vlc-1.1.6.tar.bz2"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://git.videolan.org/?p=vlc.git%3Ba=commit%3Bh=f9b664eac0e1a7bceed9d7b5854fd9fc351b4aab"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2011-01-19T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Multiple heap-based buffer overflows in cdg.c in the CDG decoder in VideoLAN VLC Media Player before 1.1.6 allow remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a crafted CDG video."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-09-18T12:57:01",
"orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"shortName": "redhat"
},
"references": [
{
"name": "vlcmediaplayer-cdg-code-execution(64879)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/64879"
},
{
"name": "oval:org.mitre.oval:def:12460",
"tags": [
"vdb-entry",
"signature",
"x_refsource_OVAL"
],
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A12460"
},
{
"name": "ADV-2011-0185",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2011/0185"
},
{
"name": "[oss-security] 20110120 Re: CVE request: heap corruption in VLC media player",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://openwall.com/lists/oss-security/2011/01/20/3"
},
{
"name": "[oss-security] 20110119 CVE request: heap corruption in VLC media player",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://openwall.com/lists/oss-security/2011/01/19/6"
},
{
"name": "45927",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/45927"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://download.videolan.org/pub/videolan/vlc/1.1.6/vlc-1.1.6.tar.bz2"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://git.videolan.org/?p=vlc.git%3Ba=commit%3Bh=f9b664eac0e1a7bceed9d7b5854fd9fc351b4aab"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "secalert@redhat.com",
"ID": "CVE-2011-0021",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Multiple heap-based buffer overflows in cdg.c in the CDG decoder in VideoLAN VLC Media Player before 1.1.6 allow remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a crafted CDG video."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "vlcmediaplayer-cdg-code-execution(64879)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/64879"
},
{
"name": "oval:org.mitre.oval:def:12460",
"refsource": "OVAL",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A12460"
},
{
"name": "ADV-2011-0185",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2011/0185"
},
{
"name": "[oss-security] 20110120 Re: CVE request: heap corruption in VLC media player",
"refsource": "MLIST",
"url": "http://openwall.com/lists/oss-security/2011/01/20/3"
},
{
"name": "[oss-security] 20110119 CVE request: heap corruption in VLC media player",
"refsource": "MLIST",
"url": "http://openwall.com/lists/oss-security/2011/01/19/6"
},
{
"name": "45927",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/45927"
},
{
"name": "http://download.videolan.org/pub/videolan/vlc/1.1.6/vlc-1.1.6.tar.bz2",
"refsource": "CONFIRM",
"url": "http://download.videolan.org/pub/videolan/vlc/1.1.6/vlc-1.1.6.tar.bz2"
},
{
"name": "http://git.videolan.org/?p=vlc.git;a=commit;h=f9b664eac0e1a7bceed9d7b5854fd9fc351b4aab",
"refsource": "CONFIRM",
"url": "http://git.videolan.org/?p=vlc.git;a=commit;h=f9b664eac0e1a7bceed9d7b5854fd9fc351b4aab"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"assignerShortName": "redhat",
"cveId": "CVE-2011-0021",
"datePublished": "2011-01-25T18:00:00",
"dateReserved": "2010-12-07T00:00:00",
"dateUpdated": "2024-08-06T21:43:14.106Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2016-3941
Vulnerability from cvelistv5
Published
2016-04-18 15:00
Modified
2024-08-06 00:10
Severity ?
EPSS score ?
Summary
Buffer overflow in the AStreamPeekStream function in input/stream.c in VideoLAN VLC media player before 2.2.0 allows remote attackers to cause a denial of service (crash) via a crafted wav file, related to "seek across EOF."
References
| ▼ | URL | Tags |
|---|---|---|
| http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00045.html | vendor-advisory, x_refsource_SUSE | |
| https://mailman.videolan.org/pipermail/vlc-commits/2015-January/028938.html | mailing-list, x_refsource_MLIST | |
| https://bugs.launchpad.net/ubuntu/+source/vlc/+bug/1533633 | x_refsource_CONFIRM | |
| http://www.securitytracker.com/id/1035456 | vdb-entry, x_refsource_SECTRACK |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T00:10:31.862Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "openSUSE-SU-2016:1651",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00045.html"
},
{
"name": "[vlc-commits] 20150131 stream: handle seek across EOF correctly (hopefully)",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://mailman.videolan.org/pipermail/vlc-commits/2015-January/028938.html"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://bugs.launchpad.net/ubuntu/+source/vlc/+bug/1533633"
},
{
"name": "1035456",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://www.securitytracker.com/id/1035456"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2015-01-31T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Buffer overflow in the AStreamPeekStream function in input/stream.c in VideoLAN VLC media player before 2.2.0 allows remote attackers to cause a denial of service (crash) via a crafted wav file, related to \"seek across EOF.\""
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2016-11-28T20:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "openSUSE-SU-2016:1651",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00045.html"
},
{
"name": "[vlc-commits] 20150131 stream: handle seek across EOF correctly (hopefully)",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "https://mailman.videolan.org/pipermail/vlc-commits/2015-January/028938.html"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://bugs.launchpad.net/ubuntu/+source/vlc/+bug/1533633"
},
{
"name": "1035456",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://www.securitytracker.com/id/1035456"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2016-3941",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Buffer overflow in the AStreamPeekStream function in input/stream.c in VideoLAN VLC media player before 2.2.0 allows remote attackers to cause a denial of service (crash) via a crafted wav file, related to \"seek across EOF.\""
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "openSUSE-SU-2016:1651",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00045.html"
},
{
"name": "[vlc-commits] 20150131 stream: handle seek across EOF correctly (hopefully)",
"refsource": "MLIST",
"url": "https://mailman.videolan.org/pipermail/vlc-commits/2015-January/028938.html"
},
{
"name": "https://bugs.launchpad.net/ubuntu/+source/vlc/+bug/1533633",
"refsource": "CONFIRM",
"url": "https://bugs.launchpad.net/ubuntu/+source/vlc/+bug/1533633"
},
{
"name": "1035456",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1035456"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2016-3941",
"datePublished": "2016-04-18T15:00:00",
"dateReserved": "2016-03-30T00:00:00",
"dateUpdated": "2024-08-06T00:10:31.862Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2014-9629
Vulnerability from cvelistv5
Published
2020-01-24 21:57
Modified
2024-08-06 13:47
Severity ?
EPSS score ?
Summary
Integer overflow in the Encode function in modules/codec/schroedinger.c in VideoLAN VLC media player before 2.1.6 and 2.2.x before 2.2.1 allows remote attackers to conduct buffer overflow attacks and execute arbitrary code via a crafted length value.
References
| ▼ | URL | Tags |
|---|---|---|
| http://openwall.com/lists/oss-security/2015/01/20/5 | x_refsource_MISC | |
| https://github.com/videolan/vlc/commit/9bb0353a5c63a7f8c6fc853faa3df4b4df1f5eb5 | x_refsource_MISC | |
| https://www.videolan.org/security/sa1501.html | x_refsource_CONFIRM |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T13:47:41.805Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://openwall.com/lists/oss-security/2015/01/20/5"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/videolan/vlc/commit/9bb0353a5c63a7f8c6fc853faa3df4b4df1f5eb5"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://www.videolan.org/security/sa1501.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2014-12-05T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Integer overflow in the Encode function in modules/codec/schroedinger.c in VideoLAN VLC media player before 2.1.6 and 2.2.x before 2.2.1 allows remote attackers to conduct buffer overflow attacks and execute arbitrary code via a crafted length value."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2020-01-24T21:57:17",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "http://openwall.com/lists/oss-security/2015/01/20/5"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/videolan/vlc/commit/9bb0353a5c63a7f8c6fc853faa3df4b4df1f5eb5"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://www.videolan.org/security/sa1501.html"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2014-9629",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Integer overflow in the Encode function in modules/codec/schroedinger.c in VideoLAN VLC media player before 2.1.6 and 2.2.x before 2.2.1 allows remote attackers to conduct buffer overflow attacks and execute arbitrary code via a crafted length value."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://openwall.com/lists/oss-security/2015/01/20/5",
"refsource": "MISC",
"url": "http://openwall.com/lists/oss-security/2015/01/20/5"
},
{
"name": "https://github.com/videolan/vlc/commit/9bb0353a5c63a7f8c6fc853faa3df4b4df1f5eb5",
"refsource": "MISC",
"url": "https://github.com/videolan/vlc/commit/9bb0353a5c63a7f8c6fc853faa3df4b4df1f5eb5"
},
{
"name": "https://www.videolan.org/security/sa1501.html",
"refsource": "CONFIRM",
"url": "https://www.videolan.org/security/sa1501.html"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2014-9629",
"datePublished": "2020-01-24T21:57:17",
"dateReserved": "2015-01-20T00:00:00",
"dateUpdated": "2024-08-06T13:47:41.805Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2010-1442
Vulnerability from cvelistv5
Published
2014-12-26 20:00
Modified
2024-08-07 01:21
Severity ?
EPSS score ?
Summary
VideoLAN VLC media player before 1.0.6 allows remote attackers to cause a denial of service (invalid memory access and application crash) or possibly execute arbitrary code via a crafted byte stream to the (1) AVI, (2) ASF, or (3) Matroska (aka MKV) demuxer.
References
| ▼ | URL | Tags |
|---|---|---|
| http://www.videolan.org/security/sa1003.html | x_refsource_CONFIRM | |
| http://openwall.com/lists/oss-security/2010/04/28/4 | mailing-list, x_refsource_MLIST |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T01:21:19.040Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.videolan.org/security/sa1003.html"
},
{
"name": "[oss-security] 20100428 Re: CVE request: VLC \u003c1.0.6 Multiple issues",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://openwall.com/lists/oss-security/2010/04/28/4"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2010-04-19T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "VideoLAN VLC media player before 1.0.6 allows remote attackers to cause a denial of service (invalid memory access and application crash) or possibly execute arbitrary code via a crafted byte stream to the (1) AVI, (2) ASF, or (3) Matroska (aka MKV) demuxer."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2014-12-26T19:57:00",
"orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"shortName": "redhat"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.videolan.org/security/sa1003.html"
},
{
"name": "[oss-security] 20100428 Re: CVE request: VLC \u003c1.0.6 Multiple issues",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://openwall.com/lists/oss-security/2010/04/28/4"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "secalert@redhat.com",
"ID": "CVE-2010-1442",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "VideoLAN VLC media player before 1.0.6 allows remote attackers to cause a denial of service (invalid memory access and application crash) or possibly execute arbitrary code via a crafted byte stream to the (1) AVI, (2) ASF, or (3) Matroska (aka MKV) demuxer."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://www.videolan.org/security/sa1003.html",
"refsource": "CONFIRM",
"url": "http://www.videolan.org/security/sa1003.html"
},
{
"name": "[oss-security] 20100428 Re: CVE request: VLC \u003c1.0.6 Multiple issues",
"refsource": "MLIST",
"url": "http://openwall.com/lists/oss-security/2010/04/28/4"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"assignerShortName": "redhat",
"cveId": "CVE-2010-1442",
"datePublished": "2014-12-26T20:00:00",
"dateReserved": "2010-04-15T00:00:00",
"dateUpdated": "2024-08-07T01:21:19.040Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2010-3124
Vulnerability from cvelistv5
Published
2010-08-26 18:00
Modified
2024-08-07 02:55
Severity ?
EPSS score ?
Summary
Untrusted search path vulnerability in bin/winvlc.c in VLC Media Player 1.1.3 and earlier allows local users, and possibly remote attackers, to execute arbitrary code and conduct DLL hijacking attacks via a Trojan horse wintab32.dll that is located in the same folder as a .mp3 file.
References
| ▼ | URL | Tags |
|---|---|---|
| http://git.videolan.org/?p=vlc/vlc-1.1.git%3Ba=blobdiff%3Bf=bin/winvlc.c%3Bh=ac9b97ca9f5f9ba001f13bf61eb5127a1c1dbcbf%3Bhp=2d09cba320e3b0def7069ce1ebab25d1340161c5%3Bhb=43a31df56c37bd62c691cdbe3c1f11babd164b56%3Bhpb=2d366da738b19f8d761d7084746c6db6f52808c6 | x_refsource_CONFIRM | |
| http://www.vupen.com/english/advisories/2010/2172 | vdb-entry, x_refsource_VUPEN | |
| http://www.openwall.com/lists/oss-security/2010/08/25/9 | mailing-list, x_refsource_MLIST | |
| http://www.exploit-db.com/exploits/14750 | exploit, x_refsource_EXPLOIT-DB | |
| http://secunia.com/advisories/41107 | third-party-advisory, x_refsource_SECUNIA | |
| http://www.openwall.com/lists/oss-security/2010/08/25/10 | mailing-list, x_refsource_MLIST | |
| https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A12190 | vdb-entry, signature, x_refsource_OVAL |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T02:55:46.828Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://git.videolan.org/?p=vlc/vlc-1.1.git%3Ba=blobdiff%3Bf=bin/winvlc.c%3Bh=ac9b97ca9f5f9ba001f13bf61eb5127a1c1dbcbf%3Bhp=2d09cba320e3b0def7069ce1ebab25d1340161c5%3Bhb=43a31df56c37bd62c691cdbe3c1f11babd164b56%3Bhpb=2d366da738b19f8d761d7084746c6db6f52808c6"
},
{
"name": "ADV-2010-2172",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2010/2172"
},
{
"name": "[oss-security] 20100825 CVE request: VLC media player - DLL preloading vulnerability",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2010/08/25/9"
},
{
"name": "14750",
"tags": [
"exploit",
"x_refsource_EXPLOIT-DB",
"x_transferred"
],
"url": "http://www.exploit-db.com/exploits/14750"
},
{
"name": "41107",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/41107"
},
{
"name": "[oss-security] 20100825 Re: CVE request: VLC media player - DLL preloading vulnerability",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2010/08/25/10"
},
{
"name": "oval:org.mitre.oval:def:12190",
"tags": [
"vdb-entry",
"signature",
"x_refsource_OVAL",
"x_transferred"
],
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A12190"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2010-08-25T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Untrusted search path vulnerability in bin/winvlc.c in VLC Media Player 1.1.3 and earlier allows local users, and possibly remote attackers, to execute arbitrary code and conduct DLL hijacking attacks via a Trojan horse wintab32.dll that is located in the same folder as a .mp3 file."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-09-18T12:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://git.videolan.org/?p=vlc/vlc-1.1.git%3Ba=blobdiff%3Bf=bin/winvlc.c%3Bh=ac9b97ca9f5f9ba001f13bf61eb5127a1c1dbcbf%3Bhp=2d09cba320e3b0def7069ce1ebab25d1340161c5%3Bhb=43a31df56c37bd62c691cdbe3c1f11babd164b56%3Bhpb=2d366da738b19f8d761d7084746c6db6f52808c6"
},
{
"name": "ADV-2010-2172",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2010/2172"
},
{
"name": "[oss-security] 20100825 CVE request: VLC media player - DLL preloading vulnerability",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://www.openwall.com/lists/oss-security/2010/08/25/9"
},
{
"name": "14750",
"tags": [
"exploit",
"x_refsource_EXPLOIT-DB"
],
"url": "http://www.exploit-db.com/exploits/14750"
},
{
"name": "41107",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/41107"
},
{
"name": "[oss-security] 20100825 Re: CVE request: VLC media player - DLL preloading vulnerability",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://www.openwall.com/lists/oss-security/2010/08/25/10"
},
{
"name": "oval:org.mitre.oval:def:12190",
"tags": [
"vdb-entry",
"signature",
"x_refsource_OVAL"
],
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A12190"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2010-3124",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Untrusted search path vulnerability in bin/winvlc.c in VLC Media Player 1.1.3 and earlier allows local users, and possibly remote attackers, to execute arbitrary code and conduct DLL hijacking attacks via a Trojan horse wintab32.dll that is located in the same folder as a .mp3 file."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://git.videolan.org/?p=vlc/vlc-1.1.git;a=blobdiff;f=bin/winvlc.c;h=ac9b97ca9f5f9ba001f13bf61eb5127a1c1dbcbf;hp=2d09cba320e3b0def7069ce1ebab25d1340161c5;hb=43a31df56c37bd62c691cdbe3c1f11babd164b56;hpb=2d366da738b19f8d761d7084746c6db6f52808c6",
"refsource": "CONFIRM",
"url": "http://git.videolan.org/?p=vlc/vlc-1.1.git;a=blobdiff;f=bin/winvlc.c;h=ac9b97ca9f5f9ba001f13bf61eb5127a1c1dbcbf;hp=2d09cba320e3b0def7069ce1ebab25d1340161c5;hb=43a31df56c37bd62c691cdbe3c1f11babd164b56;hpb=2d366da738b19f8d761d7084746c6db6f52808c6"
},
{
"name": "ADV-2010-2172",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2010/2172"
},
{
"name": "[oss-security] 20100825 CVE request: VLC media player - DLL preloading vulnerability",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2010/08/25/9"
},
{
"name": "14750",
"refsource": "EXPLOIT-DB",
"url": "http://www.exploit-db.com/exploits/14750"
},
{
"name": "41107",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/41107"
},
{
"name": "[oss-security] 20100825 Re: CVE request: VLC media player - DLL preloading vulnerability",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2010/08/25/10"
},
{
"name": "oval:org.mitre.oval:def:12190",
"refsource": "OVAL",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A12190"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2010-3124",
"datePublished": "2010-08-26T18:00:00",
"dateReserved": "2010-08-25T00:00:00",
"dateUpdated": "2024-08-07T02:55:46.828Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2022-41325
Vulnerability from cvelistv5
Published
2022-12-06 00:00
Modified
2024-08-03 12:42
Severity ?
EPSS score ?
Summary
An integer overflow in the VNC module in VideoLAN VLC Media Player through 3.0.17.4 allows attackers, by tricking a user into opening a crafted playlist or connecting to a rogue VNC server, to crash VLC or execute code under some conditions.
References
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T12:42:45.693Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://twitter.com/0xMitsurugi"
},
{
"tags": [
"x_transferred"
],
"url": "https://www.synacktiv.com/sites/default/files/2022-11/vlc_vnc_int_overflow-CVE-2022-41325.pdf"
},
{
"tags": [
"x_transferred"
],
"url": "https://www.videolan.org/security/sb-vlc3018.html"
},
{
"name": "DSA-5297",
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://www.debian.org/security/2022/dsa-5297"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "An integer overflow in the VNC module in VideoLAN VLC Media Player through 3.0.17.4 allows attackers, by tricking a user into opening a crafted playlist or connecting to a rogue VNC server, to crash VLC or execute code under some conditions."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-12-07T00:00:00",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"url": "https://twitter.com/0xMitsurugi"
},
{
"url": "https://www.synacktiv.com/sites/default/files/2022-11/vlc_vnc_int_overflow-CVE-2022-41325.pdf"
},
{
"url": "https://www.videolan.org/security/sb-vlc3018.html"
},
{
"name": "DSA-5297",
"tags": [
"vendor-advisory"
],
"url": "https://www.debian.org/security/2022/dsa-5297"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2022-41325",
"datePublished": "2022-12-06T00:00:00",
"dateReserved": "2022-09-23T00:00:00",
"dateUpdated": "2024-08-03T12:42:45.693Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2012-1776
Vulnerability from cvelistv5
Published
2012-03-19 16:00
Modified
2024-08-06 19:08
Severity ?
EPSS score ?
Summary
Multiple heap-based buffer overflows in VideoLAN VLC media player before 2.0.1 allow remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a crafted Real RTSP stream.
References
| ▼ | URL | Tags |
|---|---|---|
| http://www.videolan.org/security/sa1202.html | x_refsource_CONFIRM | |
| http://www.securityfocus.com/bid/52550 | vdb-entry, x_refsource_BID | |
| http://osvdb.org/80189 | vdb-entry, x_refsource_OSVDB | |
| https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A14817 | vdb-entry, signature, x_refsource_OVAL | |
| https://exchange.xforce.ibmcloud.com/vulnerabilities/74118 | vdb-entry, x_refsource_XF |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T19:08:38.511Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.videolan.org/security/sa1202.html"
},
{
"name": "52550",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/52550"
},
{
"name": "80189",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://osvdb.org/80189"
},
{
"name": "oval:org.mitre.oval:def:14817",
"tags": [
"vdb-entry",
"signature",
"x_refsource_OVAL",
"x_transferred"
],
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A14817"
},
{
"name": "vlcmediaplayer-realrtsp-bo(74118)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/74118"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2012-03-15T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Multiple heap-based buffer overflows in VideoLAN VLC media player before 2.0.1 allow remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a crafted Real RTSP stream."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-01-05T15:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.videolan.org/security/sa1202.html"
},
{
"name": "52550",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/52550"
},
{
"name": "80189",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://osvdb.org/80189"
},
{
"name": "oval:org.mitre.oval:def:14817",
"tags": [
"vdb-entry",
"signature",
"x_refsource_OVAL"
],
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A14817"
},
{
"name": "vlcmediaplayer-realrtsp-bo(74118)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/74118"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2012-1776",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Multiple heap-based buffer overflows in VideoLAN VLC media player before 2.0.1 allow remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a crafted Real RTSP stream."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://www.videolan.org/security/sa1202.html",
"refsource": "CONFIRM",
"url": "http://www.videolan.org/security/sa1202.html"
},
{
"name": "52550",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/52550"
},
{
"name": "80189",
"refsource": "OSVDB",
"url": "http://osvdb.org/80189"
},
{
"name": "oval:org.mitre.oval:def:14817",
"refsource": "OVAL",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A14817"
},
{
"name": "vlcmediaplayer-realrtsp-bo(74118)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/74118"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2012-1776",
"datePublished": "2012-03-19T16:00:00",
"dateReserved": "2012-03-19T00:00:00",
"dateUpdated": "2024-08-06T19:08:38.511Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2007-3467
Vulnerability from cvelistv5
Published
2007-06-27 22:00
Modified
2024-08-07 14:21
Severity ?
EPSS score ?
Summary
Integer overflow in the __status_Update function in stats.c VideoLAN VLC Media Player before 0.8.6c allows remote attackers to cause a denial of service (crash) via a WAV file with a large sample rate.
References
| ▼ | URL | Tags |
|---|---|---|
| http://www.securityfocus.com/archive/1/471933/100/0/threaded | mailing-list, x_refsource_BUGTRAQ | |
| http://osvdb.org/42189 | vdb-entry, x_refsource_OSVDB | |
| http://www.isecpartners.com/advisories/2007-001-vlc.txt | x_refsource_MISC | |
| https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A14863 | vdb-entry, signature, x_refsource_OVAL | |
| http://www.debian.org/security/2007/dsa-1332 | vendor-advisory, x_refsource_DEBIAN | |
| http://secunia.com/advisories/25980 | third-party-advisory, x_refsource_SECUNIA |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T14:21:36.430Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "20070621 VLC 0.8.6b format string vulnerability \u0026 integer overflow",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://www.securityfocus.com/archive/1/471933/100/0/threaded"
},
{
"name": "42189",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://osvdb.org/42189"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://www.isecpartners.com/advisories/2007-001-vlc.txt"
},
{
"name": "oval:org.mitre.oval:def:14863",
"tags": [
"vdb-entry",
"signature",
"x_refsource_OVAL",
"x_transferred"
],
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A14863"
},
{
"name": "DSA-1332",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN",
"x_transferred"
],
"url": "http://www.debian.org/security/2007/dsa-1332"
},
{
"name": "25980",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/25980"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2007-06-12T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Integer overflow in the __status_Update function in stats.c VideoLAN VLC Media Player before 0.8.6c allows remote attackers to cause a denial of service (crash) via a WAV file with a large sample rate."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-10-16T14:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "20070621 VLC 0.8.6b format string vulnerability \u0026 integer overflow",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://www.securityfocus.com/archive/1/471933/100/0/threaded"
},
{
"name": "42189",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://osvdb.org/42189"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://www.isecpartners.com/advisories/2007-001-vlc.txt"
},
{
"name": "oval:org.mitre.oval:def:14863",
"tags": [
"vdb-entry",
"signature",
"x_refsource_OVAL"
],
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A14863"
},
{
"name": "DSA-1332",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN"
],
"url": "http://www.debian.org/security/2007/dsa-1332"
},
{
"name": "25980",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/25980"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2007-3467",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Integer overflow in the __status_Update function in stats.c VideoLAN VLC Media Player before 0.8.6c allows remote attackers to cause a denial of service (crash) via a WAV file with a large sample rate."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "20070621 VLC 0.8.6b format string vulnerability \u0026 integer overflow",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/471933/100/0/threaded"
},
{
"name": "42189",
"refsource": "OSVDB",
"url": "http://osvdb.org/42189"
},
{
"name": "http://www.isecpartners.com/advisories/2007-001-vlc.txt",
"refsource": "MISC",
"url": "http://www.isecpartners.com/advisories/2007-001-vlc.txt"
},
{
"name": "oval:org.mitre.oval:def:14863",
"refsource": "OVAL",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A14863"
},
{
"name": "DSA-1332",
"refsource": "DEBIAN",
"url": "http://www.debian.org/security/2007/dsa-1332"
},
{
"name": "25980",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/25980"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2007-3467",
"datePublished": "2007-06-27T22:00:00",
"dateReserved": "2007-06-27T00:00:00",
"dateUpdated": "2024-08-07T14:21:36.430Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2017-17670
Vulnerability from cvelistv5
Published
2017-12-15 09:00
Modified
2024-08-05 20:59
Severity ?
EPSS score ?
Summary
In VideoLAN VLC media player through 2.2.8, there is a type conversion vulnerability in modules/demux/mp4/libmp4.c in the MP4 demux module leading to a invalid free, because the type of a box may be changed between a read operation and a free operation.
References
| ▼ | URL | Tags |
|---|---|---|
| http://www.securityfocus.com/bid/102214 | vdb-entry, x_refsource_BID | |
| http://www.securitytracker.com/id/1040938 | vdb-entry, x_refsource_SECTRACK | |
| https://www.debian.org/security/2018/dsa-4203 | vendor-advisory, x_refsource_DEBIAN | |
| http://openwall.com/lists/oss-security/2017/12/15/1 | x_refsource_MISC |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T20:59:17.528Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "102214",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/102214"
},
{
"name": "1040938",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://www.securitytracker.com/id/1040938"
},
{
"name": "DSA-4203",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN",
"x_transferred"
],
"url": "https://www.debian.org/security/2018/dsa-4203"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://openwall.com/lists/oss-security/2017/12/15/1"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2017-12-15T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "In VideoLAN VLC media player through 2.2.8, there is a type conversion vulnerability in modules/demux/mp4/libmp4.c in the MP4 demux module leading to a invalid free, because the type of a box may be changed between a read operation and a free operation."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-06-01T09:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "102214",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/102214"
},
{
"name": "1040938",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://www.securitytracker.com/id/1040938"
},
{
"name": "DSA-4203",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN"
],
"url": "https://www.debian.org/security/2018/dsa-4203"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://openwall.com/lists/oss-security/2017/12/15/1"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2017-17670",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "In VideoLAN VLC media player through 2.2.8, there is a type conversion vulnerability in modules/demux/mp4/libmp4.c in the MP4 demux module leading to a invalid free, because the type of a box may be changed between a read operation and a free operation."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "102214",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/102214"
},
{
"name": "1040938",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1040938"
},
{
"name": "DSA-4203",
"refsource": "DEBIAN",
"url": "https://www.debian.org/security/2018/dsa-4203"
},
{
"name": "http://openwall.com/lists/oss-security/2017/12/15/1",
"refsource": "MISC",
"url": "http://openwall.com/lists/oss-security/2017/12/15/1"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2017-17670",
"datePublished": "2017-12-15T09:00:00",
"dateReserved": "2017-12-13T00:00:00",
"dateUpdated": "2024-08-05T20:59:17.528Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2020-13428
Vulnerability from cvelistv5
Published
2020-06-08 18:13
Modified
2024-08-04 12:18
Severity ?
EPSS score ?
Summary
A heap-based buffer overflow in the hxxx_AnnexB_to_xVC function in modules/packetizer/hxxx_nal.c in VideoLAN VLC media player before 3.0.11 for macOS/iOS allows remote attackers to cause a denial of service (application crash) or execute arbitrary code via a crafted H.264 Annex-B video (.avi for example) file.
References
| ▼ | URL | Tags |
|---|---|---|
| https://github.com/videolan/vlc/commits/master/modules/packetizer/hxxx_nal.c | x_refsource_MISC | |
| http://git.videolan.org/?p=vlc/vlc-3.0.git%3Ba=commit%3Bh=d5c43c21c747ff30ed19fcca745dea3481c733e0 | x_refsource_MISC | |
| https://github.com/videolan/vlc-3.0/releases/tag/3.0.11 | x_refsource_CONFIRM | |
| https://www.debian.org/security/2020/dsa-4704 | vendor-advisory, x_refsource_DEBIAN | |
| https://www.videolan.org/security/sb-vlc3011.html | x_refsource_CONFIRM |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T12:18:18.469Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/videolan/vlc/commits/master/modules/packetizer/hxxx_nal.c"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://git.videolan.org/?p=vlc/vlc-3.0.git%3Ba=commit%3Bh=d5c43c21c747ff30ed19fcca745dea3481c733e0"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://github.com/videolan/vlc-3.0/releases/tag/3.0.11"
},
{
"name": "DSA-4704",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN",
"x_transferred"
],
"url": "https://www.debian.org/security/2020/dsa-4704"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://www.videolan.org/security/sb-vlc3011.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "A heap-based buffer overflow in the hxxx_AnnexB_to_xVC function in modules/packetizer/hxxx_nal.c in VideoLAN VLC media player before 3.0.11 for macOS/iOS allows remote attackers to cause a denial of service (application crash) or execute arbitrary code via a crafted H.264 Annex-B video (.avi for example) file."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2020-06-19T15:04:24",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/videolan/vlc/commits/master/modules/packetizer/hxxx_nal.c"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://git.videolan.org/?p=vlc/vlc-3.0.git%3Ba=commit%3Bh=d5c43c21c747ff30ed19fcca745dea3481c733e0"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/videolan/vlc-3.0/releases/tag/3.0.11"
},
{
"name": "DSA-4704",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN"
],
"url": "https://www.debian.org/security/2020/dsa-4704"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://www.videolan.org/security/sb-vlc3011.html"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2020-13428",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "A heap-based buffer overflow in the hxxx_AnnexB_to_xVC function in modules/packetizer/hxxx_nal.c in VideoLAN VLC media player before 3.0.11 for macOS/iOS allows remote attackers to cause a denial of service (application crash) or execute arbitrary code via a crafted H.264 Annex-B video (.avi for example) file."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://github.com/videolan/vlc/commits/master/modules/packetizer/hxxx_nal.c",
"refsource": "MISC",
"url": "https://github.com/videolan/vlc/commits/master/modules/packetizer/hxxx_nal.c"
},
{
"name": "http://git.videolan.org/?p=vlc/vlc-3.0.git;a=commit;h=d5c43c21c747ff30ed19fcca745dea3481c733e0",
"refsource": "MISC",
"url": "http://git.videolan.org/?p=vlc/vlc-3.0.git;a=commit;h=d5c43c21c747ff30ed19fcca745dea3481c733e0"
},
{
"name": "https://github.com/videolan/vlc-3.0/releases/tag/3.0.11",
"refsource": "CONFIRM",
"url": "https://github.com/videolan/vlc-3.0/releases/tag/3.0.11"
},
{
"name": "DSA-4704",
"refsource": "DEBIAN",
"url": "https://www.debian.org/security/2020/dsa-4704"
},
{
"name": "https://www.videolan.org/security/sb-vlc3011.html",
"refsource": "CONFIRM",
"url": "https://www.videolan.org/security/sb-vlc3011.html"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2020-13428",
"datePublished": "2020-06-08T18:13:04",
"dateReserved": "2020-05-23T00:00:00",
"dateUpdated": "2024-08-04T12:18:18.469Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2019-18278
Vulnerability from cvelistv5
Published
2019-10-23 13:22
Modified
2024-08-05 01:47
Severity ?
EPSS score ?
Summary
When executing VideoLAN VLC media player 3.0.8 with libqt on Windows, Data from a Faulting Address controls Code Flow starting at libqt_plugin!vlc_entry_license__3_0_0f+0x00000000003b9aba. NOTE: the VideoLAN security team indicates that they have not been contacted, and have no way of reproducing this issue.
References
| ▼ | URL | Tags |
|---|---|---|
| https://code610.blogspot.com/2019/10/random-bytes-in-vlc-308.html | x_refsource_MISC |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T01:47:14.143Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://code610.blogspot.com/2019/10/random-bytes-in-vlc-308.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "When executing VideoLAN VLC media player 3.0.8 with libqt on Windows, Data from a Faulting Address controls Code Flow starting at libqt_plugin!vlc_entry_license__3_0_0f+0x00000000003b9aba. NOTE: the VideoLAN security team indicates that they have not been contacted, and have no way of reproducing this issue."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2019-12-03T14:29:22",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://code610.blogspot.com/2019/10/random-bytes-in-vlc-308.html"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2019-18278",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "When executing VideoLAN VLC media player 3.0.8 with libqt on Windows, Data from a Faulting Address controls Code Flow starting at libqt_plugin!vlc_entry_license__3_0_0f+0x00000000003b9aba. NOTE: the VideoLAN security team indicates that they have not been contacted, and have no way of reproducing this issue."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://code610.blogspot.com/2019/10/random-bytes-in-vlc-308.html",
"refsource": "MISC",
"url": "https://code610.blogspot.com/2019/10/random-bytes-in-vlc-308.html"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2019-18278",
"datePublished": "2019-10-23T13:22:26",
"dateReserved": "2019-10-23T00:00:00",
"dateUpdated": "2024-08-05T01:47:14.143Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2010-1444
Vulnerability from cvelistv5
Published
2014-12-26 20:00
Modified
2024-08-07 01:21
Severity ?
EPSS score ?
Summary
The ZIP archive decompressor in VideoLAN VLC media player before 1.0.6 allows remote attackers to cause a denial of service (invalid memory access and application crash) or possibly execute arbitrary code via a crafted archive.
References
| ▼ | URL | Tags |
|---|---|---|
| http://www.videolan.org/security/sa1003.html | x_refsource_CONFIRM | |
| http://git.videolan.org/?p=vlc/vlc-1.1.git%3Ba=commit%3Bh=08813ee6f8eb0faf83790bd4247c0a97af75a1cf | x_refsource_CONFIRM | |
| http://openwall.com/lists/oss-security/2010/04/28/4 | mailing-list, x_refsource_MLIST |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T01:21:19.129Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.videolan.org/security/sa1003.html"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://git.videolan.org/?p=vlc/vlc-1.1.git%3Ba=commit%3Bh=08813ee6f8eb0faf83790bd4247c0a97af75a1cf"
},
{
"name": "[oss-security] 20100428 Re: CVE request: VLC \u003c1.0.6 Multiple issues",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://openwall.com/lists/oss-security/2010/04/28/4"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2010-04-19T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "The ZIP archive decompressor in VideoLAN VLC media player before 1.0.6 allows remote attackers to cause a denial of service (invalid memory access and application crash) or possibly execute arbitrary code via a crafted archive."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2014-12-26T19:57:00",
"orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"shortName": "redhat"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.videolan.org/security/sa1003.html"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://git.videolan.org/?p=vlc/vlc-1.1.git%3Ba=commit%3Bh=08813ee6f8eb0faf83790bd4247c0a97af75a1cf"
},
{
"name": "[oss-security] 20100428 Re: CVE request: VLC \u003c1.0.6 Multiple issues",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://openwall.com/lists/oss-security/2010/04/28/4"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "secalert@redhat.com",
"ID": "CVE-2010-1444",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The ZIP archive decompressor in VideoLAN VLC media player before 1.0.6 allows remote attackers to cause a denial of service (invalid memory access and application crash) or possibly execute arbitrary code via a crafted archive."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://www.videolan.org/security/sa1003.html",
"refsource": "CONFIRM",
"url": "http://www.videolan.org/security/sa1003.html"
},
{
"name": "http://git.videolan.org/?p=vlc/vlc-1.1.git;a=commit;h=08813ee6f8eb0faf83790bd4247c0a97af75a1cf",
"refsource": "CONFIRM",
"url": "http://git.videolan.org/?p=vlc/vlc-1.1.git;a=commit;h=08813ee6f8eb0faf83790bd4247c0a97af75a1cf"
},
{
"name": "[oss-security] 20100428 Re: CVE request: VLC \u003c1.0.6 Multiple issues",
"refsource": "MLIST",
"url": "http://openwall.com/lists/oss-security/2010/04/28/4"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"assignerShortName": "redhat",
"cveId": "CVE-2010-1444",
"datePublished": "2014-12-26T20:00:00",
"dateReserved": "2010-04-15T00:00:00",
"dateUpdated": "2024-08-07T01:21:19.129Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2014-9627
Vulnerability from cvelistv5
Published
2020-01-24 21:57
Modified
2024-08-06 13:47
Severity ?
EPSS score ?
Summary
The MP4_ReadBox_String function in modules/demux/mp4/libmp4.c in VideoLAN VLC media player before 2.1.6 performs an incorrect cast operation from a 64-bit integer to a 32-bit integer, which allows remote attackers to cause a denial of service or possibly have unspecified other impact via a large box size.
References
| ▼ | URL | Tags |
|---|---|---|
| http://openwall.com/lists/oss-security/2015/01/20/5 | x_refsource_MISC | |
| https://github.com/videolan/vlc/commit/2e7c7091a61aa5d07e7997b393d821e91f593c39 | x_refsource_MISC | |
| https://www.videolan.org/security/sa1501.html | x_refsource_CONFIRM |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T13:47:41.750Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://openwall.com/lists/oss-security/2015/01/20/5"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/videolan/vlc/commit/2e7c7091a61aa5d07e7997b393d821e91f593c39"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://www.videolan.org/security/sa1501.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2014-12-05T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "The MP4_ReadBox_String function in modules/demux/mp4/libmp4.c in VideoLAN VLC media player before 2.1.6 performs an incorrect cast operation from a 64-bit integer to a 32-bit integer, which allows remote attackers to cause a denial of service or possibly have unspecified other impact via a large box size."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2020-01-24T21:57:23",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "http://openwall.com/lists/oss-security/2015/01/20/5"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/videolan/vlc/commit/2e7c7091a61aa5d07e7997b393d821e91f593c39"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://www.videolan.org/security/sa1501.html"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2014-9627",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The MP4_ReadBox_String function in modules/demux/mp4/libmp4.c in VideoLAN VLC media player before 2.1.6 performs an incorrect cast operation from a 64-bit integer to a 32-bit integer, which allows remote attackers to cause a denial of service or possibly have unspecified other impact via a large box size."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://openwall.com/lists/oss-security/2015/01/20/5",
"refsource": "MISC",
"url": "http://openwall.com/lists/oss-security/2015/01/20/5"
},
{
"name": "https://github.com/videolan/vlc/commit/2e7c7091a61aa5d07e7997b393d821e91f593c39",
"refsource": "MISC",
"url": "https://github.com/videolan/vlc/commit/2e7c7091a61aa5d07e7997b393d821e91f593c39"
},
{
"name": "https://www.videolan.org/security/sa1501.html",
"refsource": "CONFIRM",
"url": "https://www.videolan.org/security/sa1501.html"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2014-9627",
"datePublished": "2020-01-24T21:57:23",
"dateReserved": "2015-01-20T00:00:00",
"dateUpdated": "2024-08-06T13:47:41.750Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2017-10699
Vulnerability from cvelistv5
Published
2017-06-30 13:00
Modified
2024-08-05 17:41
Severity ?
EPSS score ?
Summary
avcodec 2.2.x, as used in VideoLAN VLC media player 2.2.7-x before 2017-06-29, allows out-of-bounds heap memory write due to calling memcpy() with a wrong size, leading to a denial of service (application crash) or possibly code execution.
References
| ▼ | URL | Tags |
|---|---|---|
| http://www.securitytracker.com/id/1038816 | vdb-entry, x_refsource_SECTRACK | |
| https://www.debian.org/security/2017/dsa-4045 | vendor-advisory, x_refsource_DEBIAN | |
| https://trac.videolan.org/vlc/ticket/18467 | x_refsource_CONFIRM |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T17:41:55.558Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "1038816",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://www.securitytracker.com/id/1038816"
},
{
"name": "DSA-4045",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN",
"x_transferred"
],
"url": "https://www.debian.org/security/2017/dsa-4045"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://trac.videolan.org/vlc/ticket/18467"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2017-06-30T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "avcodec 2.2.x, as used in VideoLAN VLC media player 2.2.7-x before 2017-06-29, allows out-of-bounds heap memory write due to calling memcpy() with a wrong size, leading to a denial of service (application crash) or possibly code execution."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-11-22T10:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "1038816",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://www.securitytracker.com/id/1038816"
},
{
"name": "DSA-4045",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN"
],
"url": "https://www.debian.org/security/2017/dsa-4045"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://trac.videolan.org/vlc/ticket/18467"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2017-10699",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "avcodec 2.2.x, as used in VideoLAN VLC media player 2.2.7-x before 2017-06-29, allows out-of-bounds heap memory write due to calling memcpy() with a wrong size, leading to a denial of service (application crash) or possibly code execution."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "1038816",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1038816"
},
{
"name": "DSA-4045",
"refsource": "DEBIAN",
"url": "https://www.debian.org/security/2017/dsa-4045"
},
{
"name": "https://trac.videolan.org/vlc/ticket/18467",
"refsource": "CONFIRM",
"url": "https://trac.videolan.org/vlc/ticket/18467"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2017-10699",
"datePublished": "2017-06-30T13:00:00",
"dateReserved": "2017-06-30T00:00:00",
"dateUpdated": "2024-08-05T17:41:55.558Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2014-9743
Vulnerability from cvelistv5
Published
2015-08-17 15:00
Modified
2024-09-16 18:28
Severity ?
EPSS score ?
Summary
Cross-site scripting (XSS) vulnerability in the httpd_HtmlError function in network/httpd.c in the web interface in VideoLAN VLC Media Player before 2.2.0 allows remote attackers to inject arbitrary web script or HTML via the path info.
References
| ▼ | URL | Tags |
|---|---|---|
| http://seclists.org/fulldisclosure/2014/Mar/324 | mailing-list, x_refsource_FULLDISC | |
| http://www.securityfocus.com/bid/66307 | vdb-entry, x_refsource_BID | |
| http://git.videolan.org/?p=vlc.git%3Ba=commit%3Bh=fe5063ec5ad1873039ea719eb1f137c8f3bda84b | x_refsource_CONFIRM | |
| http://www.quantumleap.it/vlc-reflected-xss-vulnerability/ | x_refsource_MISC |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T13:55:04.807Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "20140318 [Quantum Leap Advisory] #QLA140216 - VLC Reflected XSS vulnerability",
"tags": [
"mailing-list",
"x_refsource_FULLDISC",
"x_transferred"
],
"url": "http://seclists.org/fulldisclosure/2014/Mar/324"
},
{
"name": "66307",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/66307"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://git.videolan.org/?p=vlc.git%3Ba=commit%3Bh=fe5063ec5ad1873039ea719eb1f137c8f3bda84b"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://www.quantumleap.it/vlc-reflected-xss-vulnerability/"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Cross-site scripting (XSS) vulnerability in the httpd_HtmlError function in network/httpd.c in the web interface in VideoLAN VLC Media Player before 2.2.0 allows remote attackers to inject arbitrary web script or HTML via the path info."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2015-08-17T15:00:00Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "20140318 [Quantum Leap Advisory] #QLA140216 - VLC Reflected XSS vulnerability",
"tags": [
"mailing-list",
"x_refsource_FULLDISC"
],
"url": "http://seclists.org/fulldisclosure/2014/Mar/324"
},
{
"name": "66307",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/66307"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://git.videolan.org/?p=vlc.git%3Ba=commit%3Bh=fe5063ec5ad1873039ea719eb1f137c8f3bda84b"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://www.quantumleap.it/vlc-reflected-xss-vulnerability/"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2014-9743",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Cross-site scripting (XSS) vulnerability in the httpd_HtmlError function in network/httpd.c in the web interface in VideoLAN VLC Media Player before 2.2.0 allows remote attackers to inject arbitrary web script or HTML via the path info."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "20140318 [Quantum Leap Advisory] #QLA140216 - VLC Reflected XSS vulnerability",
"refsource": "FULLDISC",
"url": "http://seclists.org/fulldisclosure/2014/Mar/324"
},
{
"name": "66307",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/66307"
},
{
"name": "http://git.videolan.org/?p=vlc.git;a=commit;h=fe5063ec5ad1873039ea719eb1f137c8f3bda84b",
"refsource": "CONFIRM",
"url": "http://git.videolan.org/?p=vlc.git;a=commit;h=fe5063ec5ad1873039ea719eb1f137c8f3bda84b"
},
{
"name": "http://www.quantumleap.it/vlc-reflected-xss-vulnerability/",
"refsource": "MISC",
"url": "http://www.quantumleap.it/vlc-reflected-xss-vulnerability/"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2014-9743",
"datePublished": "2015-08-17T15:00:00Z",
"dateReserved": "2015-08-17T00:00:00Z",
"dateUpdated": "2024-09-16T18:28:29.581Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2019-13615
Vulnerability from cvelistv5
Published
2019-07-16 16:06
Modified
2024-08-04 23:57
Severity ?
EPSS score ?
Summary
libebml before 1.3.6, as used in the MKV module in VideoLAN VLC Media Player binaries before 3.0.3, has a heap-based buffer over-read in EbmlElement::FindNextElement.
References
| ▼ | URL | Tags |
|---|---|---|
| https://trac.videolan.org/vlc/ticket/22474 | x_refsource_MISC | |
| http://www.securityfocus.com/bid/109304 | vdb-entry, x_refsource_BID | |
| https://github.com/Matroska-Org/libebml/commit/05beb69ba60acce09f73ed491bb76f332849c3a0 | x_refsource_MISC | |
| https://github.com/Matroska-Org/libebml/compare/release-1.3.5...release-1.3.6 | x_refsource_MISC | |
| https://usn.ubuntu.com/4073-1/ | vendor-advisory, x_refsource_UBUNTU | |
| https://github.com/Matroska-Org/libebml/commit/b66ca475be967547af9a3784e720fbbacd381be6 | x_refsource_MISC |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T23:57:39.469Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://trac.videolan.org/vlc/ticket/22474"
},
{
"name": "109304",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/109304"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/Matroska-Org/libebml/commit/05beb69ba60acce09f73ed491bb76f332849c3a0"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/Matroska-Org/libebml/compare/release-1.3.5...release-1.3.6"
},
{
"name": "USN-4073-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU",
"x_transferred"
],
"url": "https://usn.ubuntu.com/4073-1/"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/Matroska-Org/libebml/commit/b66ca475be967547af9a3784e720fbbacd381be6"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "libebml before 1.3.6, as used in the MKV module in VideoLAN VLC Media Player binaries before 3.0.3, has a heap-based buffer over-read in EbmlElement::FindNextElement."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2019-07-25T18:08:16",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://trac.videolan.org/vlc/ticket/22474"
},
{
"name": "109304",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/109304"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/Matroska-Org/libebml/commit/05beb69ba60acce09f73ed491bb76f332849c3a0"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/Matroska-Org/libebml/compare/release-1.3.5...release-1.3.6"
},
{
"name": "USN-4073-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU"
],
"url": "https://usn.ubuntu.com/4073-1/"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/Matroska-Org/libebml/commit/b66ca475be967547af9a3784e720fbbacd381be6"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2019-13615",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "libebml before 1.3.6, as used in the MKV module in VideoLAN VLC Media Player binaries before 3.0.3, has a heap-based buffer over-read in EbmlElement::FindNextElement."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://trac.videolan.org/vlc/ticket/22474",
"refsource": "MISC",
"url": "https://trac.videolan.org/vlc/ticket/22474"
},
{
"name": "109304",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/109304"
},
{
"name": "https://github.com/Matroska-Org/libebml/commit/05beb69ba60acce09f73ed491bb76f332849c3a0",
"refsource": "MISC",
"url": "https://github.com/Matroska-Org/libebml/commit/05beb69ba60acce09f73ed491bb76f332849c3a0"
},
{
"name": "https://github.com/Matroska-Org/libebml/compare/release-1.3.5...release-1.3.6",
"refsource": "MISC",
"url": "https://github.com/Matroska-Org/libebml/compare/release-1.3.5...release-1.3.6"
},
{
"name": "USN-4073-1",
"refsource": "UBUNTU",
"url": "https://usn.ubuntu.com/4073-1/"
},
{
"name": "https://github.com/Matroska-Org/libebml/commit/b66ca475be967547af9a3784e720fbbacd381be6",
"refsource": "MISC",
"url": "https://github.com/Matroska-Org/libebml/commit/b66ca475be967547af9a3784e720fbbacd381be6"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2019-13615",
"datePublished": "2019-07-16T16:06:34",
"dateReserved": "2019-07-16T00:00:00",
"dateUpdated": "2024-08-04T23:57:39.469Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2016-5108
Vulnerability from cvelistv5
Published
2016-06-08 14:00
Modified
2024-08-06 00:53
Severity ?
EPSS score ?
Summary
Buffer overflow in the DecodeAdpcmImaQT function in modules/codec/adpcm.c in VideoLAN VLC media player before 2.2.4 allows remote attackers to cause a denial of service (crash) or possibly execute arbitrary code via a crafted QuickTime IMA file.
References
| ▼ | URL | Tags |
|---|---|---|
| http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00045.html | vendor-advisory, x_refsource_SUSE | |
| http://www.securitytracker.com/id/1036009 | vdb-entry, x_refsource_SECTRACK | |
| http://www.debian.org/security/2016/dsa-3598 | vendor-advisory, x_refsource_DEBIAN | |
| http://www.securityfocus.com/bid/90924 | vdb-entry, x_refsource_BID | |
| https://security.gentoo.org/glsa/201701-39 | vendor-advisory, x_refsource_GENTOO | |
| http://www.videolan.org/security/sa1601.html | x_refsource_CONFIRM |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T00:53:47.384Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "openSUSE-SU-2016:1651",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00045.html"
},
{
"name": "1036009",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://www.securitytracker.com/id/1036009"
},
{
"name": "DSA-3598",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN",
"x_transferred"
],
"url": "http://www.debian.org/security/2016/dsa-3598"
},
{
"name": "90924",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/90924"
},
{
"name": "GLSA-201701-39",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO",
"x_transferred"
],
"url": "https://security.gentoo.org/glsa/201701-39"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.videolan.org/security/sa1601.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2016-06-01T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Buffer overflow in the DecodeAdpcmImaQT function in modules/codec/adpcm.c in VideoLAN VLC media player before 2.2.4 allows remote attackers to cause a denial of service (crash) or possibly execute arbitrary code via a crafted QuickTime IMA file."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-06-30T16:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "openSUSE-SU-2016:1651",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00045.html"
},
{
"name": "1036009",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://www.securitytracker.com/id/1036009"
},
{
"name": "DSA-3598",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN"
],
"url": "http://www.debian.org/security/2016/dsa-3598"
},
{
"name": "90924",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/90924"
},
{
"name": "GLSA-201701-39",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO"
],
"url": "https://security.gentoo.org/glsa/201701-39"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.videolan.org/security/sa1601.html"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2016-5108",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Buffer overflow in the DecodeAdpcmImaQT function in modules/codec/adpcm.c in VideoLAN VLC media player before 2.2.4 allows remote attackers to cause a denial of service (crash) or possibly execute arbitrary code via a crafted QuickTime IMA file."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "openSUSE-SU-2016:1651",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00045.html"
},
{
"name": "1036009",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1036009"
},
{
"name": "DSA-3598",
"refsource": "DEBIAN",
"url": "http://www.debian.org/security/2016/dsa-3598"
},
{
"name": "90924",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/90924"
},
{
"name": "GLSA-201701-39",
"refsource": "GENTOO",
"url": "https://security.gentoo.org/glsa/201701-39"
},
{
"name": "http://www.videolan.org/security/sa1601.html",
"refsource": "CONFIRM",
"url": "http://www.videolan.org/security/sa1601.html"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2016-5108",
"datePublished": "2016-06-08T14:00:00",
"dateReserved": "2016-05-27T00:00:00",
"dateUpdated": "2024-08-06T00:53:47.384Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2019-5460
Vulnerability from cvelistv5
Published
2019-07-30 20:38
Modified
2024-08-04 19:54
Severity ?
EPSS score ?
Summary
Double Free in VLC versions <= 3.0.6 leads to a crash.
References
| ▼ | URL | Tags |
|---|---|---|
| https://hackerone.com/reports/503208 | x_refsource_MISC | |
| http://lists.opensuse.org/opensuse-security-announce/2019-08/msg00005.html | vendor-advisory, x_refsource_SUSE | |
| http://lists.opensuse.org/opensuse-security-announce/2019-08/msg00040.html | vendor-advisory, x_refsource_SUSE | |
| http://lists.opensuse.org/opensuse-security-announce/2019-08/msg00037.html | vendor-advisory, x_refsource_SUSE | |
| http://lists.opensuse.org/opensuse-security-announce/2019-08/msg00081.html | vendor-advisory, x_refsource_SUSE |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| ▼ | n/a | VLC Media Player |
Version: Fixed in 3.0.7 |
|
|
|||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T19:54:53.471Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://hackerone.com/reports/503208"
},
{
"name": "openSUSE-SU-2019:1840",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2019-08/msg00005.html"
},
{
"name": "openSUSE-SU-2019:1909",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2019-08/msg00040.html"
},
{
"name": "openSUSE-SU-2019:1897",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2019-08/msg00037.html"
},
{
"name": "openSUSE-SU-2019:2015",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2019-08/msg00081.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "VLC Media Player",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "Fixed in 3.0.7"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Double Free in VLC versions \u003c= 3.0.6 leads to a crash."
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-415",
"description": "Double Free (CWE-415)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2019-08-26T20:06:12",
"orgId": "36234546-b8fa-4601-9d6f-f4e334aa8ea1",
"shortName": "hackerone"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://hackerone.com/reports/503208"
},
{
"name": "openSUSE-SU-2019:1840",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2019-08/msg00005.html"
},
{
"name": "openSUSE-SU-2019:1909",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2019-08/msg00040.html"
},
{
"name": "openSUSE-SU-2019:1897",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2019-08/msg00037.html"
},
{
"name": "openSUSE-SU-2019:2015",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2019-08/msg00081.html"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "support@hackerone.com",
"ID": "CVE-2019-5460",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "VLC Media Player",
"version": {
"version_data": [
{
"version_value": "Fixed in 3.0.7"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Double Free in VLC versions \u003c= 3.0.6 leads to a crash."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Double Free (CWE-415)"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://hackerone.com/reports/503208",
"refsource": "MISC",
"url": "https://hackerone.com/reports/503208"
},
{
"name": "openSUSE-SU-2019:1840",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2019-08/msg00005.html"
},
{
"name": "openSUSE-SU-2019:1909",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2019-08/msg00040.html"
},
{
"name": "openSUSE-SU-2019:1897",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2019-08/msg00037.html"
},
{
"name": "openSUSE-SU-2019:2015",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2019-08/msg00081.html"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "36234546-b8fa-4601-9d6f-f4e334aa8ea1",
"assignerShortName": "hackerone",
"cveId": "CVE-2019-5460",
"datePublished": "2019-07-30T20:38:22",
"dateReserved": "2019-01-04T00:00:00",
"dateUpdated": "2024-08-04T19:54:53.471Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2021-25802
Vulnerability from cvelistv5
Published
2021-07-26 16:26
Modified
2024-08-03 20:11
Severity ?
EPSS score ?
Summary
A buffer overflow vulnerability in the AVI_ExtractSubtitle component of VideoLAN VLC Media Player 3.0.11 allows attackers to cause an out-of-bounds read via a crafted .avi file.
References
| ▼ | URL | Tags |
|---|---|---|
| https://code.videolan.org/videolan/vlc-3.0/-/commit/0660acc3ab64d2c3ad99cae887a438f0648faa72 | x_refsource_MISC |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T20:11:28.440Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://code.videolan.org/videolan/vlc-3.0/-/commit/0660acc3ab64d2c3ad99cae887a438f0648faa72"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "A buffer overflow vulnerability in the AVI_ExtractSubtitle component of VideoLAN VLC Media Player 3.0.11 allows attackers to cause an out-of-bounds read via a crafted .avi file."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2021-07-26T16:26:57",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://code.videolan.org/videolan/vlc-3.0/-/commit/0660acc3ab64d2c3ad99cae887a438f0648faa72"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2021-25802",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "A buffer overflow vulnerability in the AVI_ExtractSubtitle component of VideoLAN VLC Media Player 3.0.11 allows attackers to cause an out-of-bounds read via a crafted .avi file."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://code.videolan.org/videolan/vlc-3.0/-/commit/0660acc3ab64d2c3ad99cae887a438f0648faa72",
"refsource": "MISC",
"url": "https://code.videolan.org/videolan/vlc-3.0/-/commit/0660acc3ab64d2c3ad99cae887a438f0648faa72"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2021-25802",
"datePublished": "2021-07-26T16:26:57",
"dateReserved": "2021-01-22T00:00:00",
"dateUpdated": "2024-08-03T20:11:28.440Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2019-14535
Vulnerability from cvelistv5
Published
2019-08-29 17:38
Modified
2024-08-05 00:19
Severity ?
EPSS score ?
Summary
A divide-by-zero error exists in the SeekIndex function of demux/asf/asf.c in VideoLAN VLC media player 3.0.7.1. As a result, an FPE can be triggered via a crafted WMV file.
References
| ▼ | URL | Tags |
|---|---|---|
| http://git.videolan.org/?p=vlc.git&a=search&h=refs/heads/master&st=commit&s=cve-2019 | x_refsource_CONFIRM | |
| https://www.debian.org/security/2019/dsa-4504 | vendor-advisory, x_refsource_DEBIAN | |
| https://seclists.org/bugtraq/2019/Aug/36 | mailing-list, x_refsource_BUGTRAQ | |
| https://www.videolan.org/security/sb-vlc308.html | x_refsource_CONFIRM | |
| https://security.gentoo.org/glsa/201909-02 | vendor-advisory, x_refsource_GENTOO | |
| https://usn.ubuntu.com/4131-1/ | vendor-advisory, x_refsource_UBUNTU | |
| http://lists.opensuse.org/opensuse-security-announce/2020-04/msg00036.html | vendor-advisory, x_refsource_SUSE | |
| http://lists.opensuse.org/opensuse-security-announce/2020-04/msg00046.html | vendor-advisory, x_refsource_SUSE |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T00:19:41.378Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://git.videolan.org/?p=vlc.git\u0026a=search\u0026h=refs/heads/master\u0026st=commit\u0026s=cve-2019"
},
{
"name": "DSA-4504",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN",
"x_transferred"
],
"url": "https://www.debian.org/security/2019/dsa-4504"
},
{
"name": "20190821 [SECURITY] [DSA 4504-1] vlc security update",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "https://seclists.org/bugtraq/2019/Aug/36"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://www.videolan.org/security/sb-vlc308.html"
},
{
"name": "GLSA-201909-02",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO",
"x_transferred"
],
"url": "https://security.gentoo.org/glsa/201909-02"
},
{
"name": "USN-4131-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU",
"x_transferred"
],
"url": "https://usn.ubuntu.com/4131-1/"
},
{
"name": "openSUSE-SU-2020:0545",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2020-04/msg00036.html"
},
{
"name": "openSUSE-SU-2020:0562",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2020-04/msg00046.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2019-08-14T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "A divide-by-zero error exists in the SeekIndex function of demux/asf/asf.c in VideoLAN VLC media player 3.0.7.1. As a result, an FPE can be triggered via a crafted WMV file."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2020-04-29T11:06:13",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://git.videolan.org/?p=vlc.git\u0026a=search\u0026h=refs/heads/master\u0026st=commit\u0026s=cve-2019"
},
{
"name": "DSA-4504",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN"
],
"url": "https://www.debian.org/security/2019/dsa-4504"
},
{
"name": "20190821 [SECURITY] [DSA 4504-1] vlc security update",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "https://seclists.org/bugtraq/2019/Aug/36"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://www.videolan.org/security/sb-vlc308.html"
},
{
"name": "GLSA-201909-02",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO"
],
"url": "https://security.gentoo.org/glsa/201909-02"
},
{
"name": "USN-4131-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU"
],
"url": "https://usn.ubuntu.com/4131-1/"
},
{
"name": "openSUSE-SU-2020:0545",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2020-04/msg00036.html"
},
{
"name": "openSUSE-SU-2020:0562",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2020-04/msg00046.html"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2019-14535",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "A divide-by-zero error exists in the SeekIndex function of demux/asf/asf.c in VideoLAN VLC media player 3.0.7.1. As a result, an FPE can be triggered via a crafted WMV file."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://git.videolan.org/?p=vlc.git\u0026a=search\u0026h=refs/heads/master\u0026st=commit\u0026s=cve-2019",
"refsource": "CONFIRM",
"url": "http://git.videolan.org/?p=vlc.git\u0026a=search\u0026h=refs/heads/master\u0026st=commit\u0026s=cve-2019"
},
{
"name": "DSA-4504",
"refsource": "DEBIAN",
"url": "https://www.debian.org/security/2019/dsa-4504"
},
{
"name": "20190821 [SECURITY] [DSA 4504-1] vlc security update",
"refsource": "BUGTRAQ",
"url": "https://seclists.org/bugtraq/2019/Aug/36"
},
{
"name": "https://www.videolan.org/security/sb-vlc308.html",
"refsource": "CONFIRM",
"url": "https://www.videolan.org/security/sb-vlc308.html"
},
{
"name": "GLSA-201909-02",
"refsource": "GENTOO",
"url": "https://security.gentoo.org/glsa/201909-02"
},
{
"name": "USN-4131-1",
"refsource": "UBUNTU",
"url": "https://usn.ubuntu.com/4131-1/"
},
{
"name": "openSUSE-SU-2020:0545",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2020-04/msg00036.html"
},
{
"name": "openSUSE-SU-2020:0562",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2020-04/msg00046.html"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2019-14535",
"datePublished": "2019-08-29T17:38:30",
"dateReserved": "2019-08-02T00:00:00",
"dateUpdated": "2024-08-05T00:19:41.378Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2017-9301
Vulnerability from cvelistv5
Published
2017-05-29 19:00
Modified
2024-08-05 17:02
Severity ?
EPSS score ?
Summary
plugins\audio_filter\libmpgatofixed32_plugin.dll in VideoLAN VLC media player 2.2.4 allows remote attackers to cause a denial of service (invalid read and application crash) or possibly have unspecified other impact via a crafted file.
References
| ▼ | URL | Tags |
|---|---|---|
| http://www.securityfocus.com/bid/98746 | vdb-entry, x_refsource_BID | |
| http://code610.blogspot.com/2017/04/multiple-crashes-in-vlc-224.html | x_refsource_MISC |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T17:02:44.165Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "98746",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/98746"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://code610.blogspot.com/2017/04/multiple-crashes-in-vlc-224.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2017-05-29T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "plugins\\audio_filter\\libmpgatofixed32_plugin.dll in VideoLAN VLC media player 2.2.4 allows remote attackers to cause a denial of service (invalid read and application crash) or possibly have unspecified other impact via a crafted file."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-05-31T09:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "98746",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/98746"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://code610.blogspot.com/2017/04/multiple-crashes-in-vlc-224.html"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2017-9301",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "plugins\\audio_filter\\libmpgatofixed32_plugin.dll in VideoLAN VLC media player 2.2.4 allows remote attackers to cause a denial of service (invalid read and application crash) or possibly have unspecified other impact via a crafted file."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "98746",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/98746"
},
{
"name": "http://code610.blogspot.com/2017/04/multiple-crashes-in-vlc-224.html",
"refsource": "MISC",
"url": "http://code610.blogspot.com/2017/04/multiple-crashes-in-vlc-224.html"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2017-9301",
"datePublished": "2017-05-29T19:00:00",
"dateReserved": "2017-05-29T00:00:00",
"dateUpdated": "2024-08-05T17:02:44.165Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2021-25801
Vulnerability from cvelistv5
Published
2021-07-26 16:26
Modified
2024-08-03 20:11
Severity ?
EPSS score ?
Summary
A buffer overflow vulnerability in the __Parse_indx component of VideoLAN VLC Media Player 3.0.11 allows attackers to cause an out-of-bounds read via a crafted .avi file.
References
| ▼ | URL | Tags |
|---|---|---|
| https://code.videolan.org/videolan/vlc-3.0/-/commit/f5f8cc3ab8825f178de3f6714bfbff8b3f293fd2 | x_refsource_MISC |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T20:11:28.440Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://code.videolan.org/videolan/vlc-3.0/-/commit/f5f8cc3ab8825f178de3f6714bfbff8b3f293fd2"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "A buffer overflow vulnerability in the __Parse_indx component of VideoLAN VLC Media Player 3.0.11 allows attackers to cause an out-of-bounds read via a crafted .avi file."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2021-07-26T16:26:55",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://code.videolan.org/videolan/vlc-3.0/-/commit/f5f8cc3ab8825f178de3f6714bfbff8b3f293fd2"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2021-25801",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "A buffer overflow vulnerability in the __Parse_indx component of VideoLAN VLC Media Player 3.0.11 allows attackers to cause an out-of-bounds read via a crafted .avi file."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://code.videolan.org/videolan/vlc-3.0/-/commit/f5f8cc3ab8825f178de3f6714bfbff8b3f293fd2",
"refsource": "MISC",
"url": "https://code.videolan.org/videolan/vlc-3.0/-/commit/f5f8cc3ab8825f178de3f6714bfbff8b3f293fd2"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2021-25801",
"datePublished": "2021-07-26T16:26:55",
"dateReserved": "2021-01-22T00:00:00",
"dateUpdated": "2024-08-03T20:11:28.440Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2014-9628
Vulnerability from cvelistv5
Published
2020-01-24 21:57
Modified
2024-08-06 13:47
Severity ?
EPSS score ?
Summary
The MP4_ReadBox_String function in modules/demux/mp4/libmp4.c in VideoLAN VLC media player before 2.1.6 allows remote attackers to trigger an unintended zero-size malloc and conduct buffer overflow attacks, and consequently execute arbitrary code, via a box size of 7.
References
| ▼ | URL | Tags |
|---|---|---|
| http://openwall.com/lists/oss-security/2015/01/20/5 | x_refsource_MISC | |
| https://github.com/videolan/vlc/commit/2e7c7091a61aa5d07e7997b393d821e91f593c39 | x_refsource_MISC | |
| https://www.videolan.org/security/sa1501.html | x_refsource_CONFIRM |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T13:47:41.918Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://openwall.com/lists/oss-security/2015/01/20/5"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/videolan/vlc/commit/2e7c7091a61aa5d07e7997b393d821e91f593c39"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://www.videolan.org/security/sa1501.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2014-12-05T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "The MP4_ReadBox_String function in modules/demux/mp4/libmp4.c in VideoLAN VLC media player before 2.1.6 allows remote attackers to trigger an unintended zero-size malloc and conduct buffer overflow attacks, and consequently execute arbitrary code, via a box size of 7."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2020-01-24T21:57:20",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "http://openwall.com/lists/oss-security/2015/01/20/5"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/videolan/vlc/commit/2e7c7091a61aa5d07e7997b393d821e91f593c39"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://www.videolan.org/security/sa1501.html"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2014-9628",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The MP4_ReadBox_String function in modules/demux/mp4/libmp4.c in VideoLAN VLC media player before 2.1.6 allows remote attackers to trigger an unintended zero-size malloc and conduct buffer overflow attacks, and consequently execute arbitrary code, via a box size of 7."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://openwall.com/lists/oss-security/2015/01/20/5",
"refsource": "MISC",
"url": "http://openwall.com/lists/oss-security/2015/01/20/5"
},
{
"name": "https://github.com/videolan/vlc/commit/2e7c7091a61aa5d07e7997b393d821e91f593c39",
"refsource": "MISC",
"url": "https://github.com/videolan/vlc/commit/2e7c7091a61aa5d07e7997b393d821e91f593c39"
},
{
"name": "https://www.videolan.org/security/sa1501.html",
"refsource": "CONFIRM",
"url": "https://www.videolan.org/security/sa1501.html"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2014-9628",
"datePublished": "2020-01-24T21:57:20",
"dateReserved": "2015-01-20T00:00:00",
"dateUpdated": "2024-08-06T13:47:41.918Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2019-14534
Vulnerability from cvelistv5
Published
2019-08-29 18:41
Modified
2024-08-05 00:19
Severity ?
EPSS score ?
Summary
In VideoLAN VLC media player 3.0.7.1, there is a NULL pointer dereference at the function SeekPercent of demux/asf/asf.c that will lead to a denial of service attack.
References
| ▼ | URL | Tags |
|---|---|---|
| http://git.videolan.org/?p=vlc.git&a=search&h=refs/heads/master&st=commit&s=cve-2019 | x_refsource_CONFIRM | |
| https://www.debian.org/security/2019/dsa-4504 | vendor-advisory, x_refsource_DEBIAN | |
| https://seclists.org/bugtraq/2019/Aug/36 | mailing-list, x_refsource_BUGTRAQ | |
| https://www.videolan.org/security/sb-vlc308.html | x_refsource_CONFIRM | |
| https://security.gentoo.org/glsa/201909-02 | vendor-advisory, x_refsource_GENTOO | |
| https://usn.ubuntu.com/4131-1/ | vendor-advisory, x_refsource_UBUNTU | |
| http://lists.opensuse.org/opensuse-security-announce/2020-04/msg00036.html | vendor-advisory, x_refsource_SUSE | |
| http://lists.opensuse.org/opensuse-security-announce/2020-04/msg00046.html | vendor-advisory, x_refsource_SUSE |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T00:19:41.192Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://git.videolan.org/?p=vlc.git\u0026a=search\u0026h=refs/heads/master\u0026st=commit\u0026s=cve-2019"
},
{
"name": "DSA-4504",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN",
"x_transferred"
],
"url": "https://www.debian.org/security/2019/dsa-4504"
},
{
"name": "20190821 [SECURITY] [DSA 4504-1] vlc security update",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "https://seclists.org/bugtraq/2019/Aug/36"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://www.videolan.org/security/sb-vlc308.html"
},
{
"name": "GLSA-201909-02",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO",
"x_transferred"
],
"url": "https://security.gentoo.org/glsa/201909-02"
},
{
"name": "USN-4131-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU",
"x_transferred"
],
"url": "https://usn.ubuntu.com/4131-1/"
},
{
"name": "openSUSE-SU-2020:0545",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2020-04/msg00036.html"
},
{
"name": "openSUSE-SU-2020:0562",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2020-04/msg00046.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2019-08-14T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "In VideoLAN VLC media player 3.0.7.1, there is a NULL pointer dereference at the function SeekPercent of demux/asf/asf.c that will lead to a denial of service attack."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2020-04-29T11:06:13",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://git.videolan.org/?p=vlc.git\u0026a=search\u0026h=refs/heads/master\u0026st=commit\u0026s=cve-2019"
},
{
"name": "DSA-4504",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN"
],
"url": "https://www.debian.org/security/2019/dsa-4504"
},
{
"name": "20190821 [SECURITY] [DSA 4504-1] vlc security update",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "https://seclists.org/bugtraq/2019/Aug/36"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://www.videolan.org/security/sb-vlc308.html"
},
{
"name": "GLSA-201909-02",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO"
],
"url": "https://security.gentoo.org/glsa/201909-02"
},
{
"name": "USN-4131-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU"
],
"url": "https://usn.ubuntu.com/4131-1/"
},
{
"name": "openSUSE-SU-2020:0545",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2020-04/msg00036.html"
},
{
"name": "openSUSE-SU-2020:0562",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2020-04/msg00046.html"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2019-14534",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "In VideoLAN VLC media player 3.0.7.1, there is a NULL pointer dereference at the function SeekPercent of demux/asf/asf.c that will lead to a denial of service attack."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://git.videolan.org/?p=vlc.git\u0026a=search\u0026h=refs/heads/master\u0026st=commit\u0026s=cve-2019",
"refsource": "CONFIRM",
"url": "http://git.videolan.org/?p=vlc.git\u0026a=search\u0026h=refs/heads/master\u0026st=commit\u0026s=cve-2019"
},
{
"name": "DSA-4504",
"refsource": "DEBIAN",
"url": "https://www.debian.org/security/2019/dsa-4504"
},
{
"name": "20190821 [SECURITY] [DSA 4504-1] vlc security update",
"refsource": "BUGTRAQ",
"url": "https://seclists.org/bugtraq/2019/Aug/36"
},
{
"name": "https://www.videolan.org/security/sb-vlc308.html",
"refsource": "CONFIRM",
"url": "https://www.videolan.org/security/sb-vlc308.html"
},
{
"name": "GLSA-201909-02",
"refsource": "GENTOO",
"url": "https://security.gentoo.org/glsa/201909-02"
},
{
"name": "USN-4131-1",
"refsource": "UBUNTU",
"url": "https://usn.ubuntu.com/4131-1/"
},
{
"name": "openSUSE-SU-2020:0545",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2020-04/msg00036.html"
},
{
"name": "openSUSE-SU-2020:0562",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2020-04/msg00046.html"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2019-14534",
"datePublished": "2019-08-29T18:41:33",
"dateReserved": "2019-08-02T00:00:00",
"dateUpdated": "2024-08-05T00:19:41.192Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2012-5855
Vulnerability from cvelistv5
Published
2013-07-10 19:00
Modified
2024-08-06 21:21
Severity ?
EPSS score ?
Summary
The SHAddToRecentDocs function in VideoLAN VLC media player 2.0.4 and earlier might allow user-assisted attackers to cause a denial of service (crash) via a crafted file name that triggers an incorrect string-length calculation when the file is added to VLC. NOTE: it is not clear whether this issue crosses privilege boundaries or whether it can be exploited without user interaction.
References
| ▼ | URL | Tags |
|---|---|---|
| http://www.securityfocus.com/archive/1/524626 | mailing-list, x_refsource_BUGTRAQ | |
| https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A16781 | vdb-entry, signature, x_refsource_OVAL | |
| http://marc.info/?l=oss-security&m=135274330022215&w=2 | mailing-list, x_refsource_MLIST |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T21:21:27.338Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "20121105 VideoLAN VLC Media Player \u003c= 2.0.4 Crash Bug",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://www.securityfocus.com/archive/1/524626"
},
{
"name": "oval:org.mitre.oval:def:16781",
"tags": [
"vdb-entry",
"signature",
"x_refsource_OVAL",
"x_transferred"
],
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A16781"
},
{
"name": "[oss-security] 20121112 VLC 2.0.4 SHAddToRecentDocs CVE-2012-5855",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://marc.info/?l=oss-security\u0026m=135274330022215\u0026w=2"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2012-11-05T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "The SHAddToRecentDocs function in VideoLAN VLC media player 2.0.4 and earlier might allow user-assisted attackers to cause a denial of service (crash) via a crafted file name that triggers an incorrect string-length calculation when the file is added to VLC. NOTE: it is not clear whether this issue crosses privilege boundaries or whether it can be exploited without user interaction."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-09-18T12:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "20121105 VideoLAN VLC Media Player \u003c= 2.0.4 Crash Bug",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://www.securityfocus.com/archive/1/524626"
},
{
"name": "oval:org.mitre.oval:def:16781",
"tags": [
"vdb-entry",
"signature",
"x_refsource_OVAL"
],
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A16781"
},
{
"name": "[oss-security] 20121112 VLC 2.0.4 SHAddToRecentDocs CVE-2012-5855",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://marc.info/?l=oss-security\u0026m=135274330022215\u0026w=2"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2012-5855",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The SHAddToRecentDocs function in VideoLAN VLC media player 2.0.4 and earlier might allow user-assisted attackers to cause a denial of service (crash) via a crafted file name that triggers an incorrect string-length calculation when the file is added to VLC. NOTE: it is not clear whether this issue crosses privilege boundaries or whether it can be exploited without user interaction."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "20121105 VideoLAN VLC Media Player \u003c= 2.0.4 Crash Bug",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/524626"
},
{
"name": "oval:org.mitre.oval:def:16781",
"refsource": "OVAL",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A16781"
},
{
"name": "[oss-security] 20121112 VLC 2.0.4 SHAddToRecentDocs CVE-2012-5855",
"refsource": "MLIST",
"url": "http://marc.info/?l=oss-security\u0026m=135274330022215\u0026w=2"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2012-5855",
"datePublished": "2013-07-10T19:00:00",
"dateReserved": "2012-11-12T00:00:00",
"dateUpdated": "2024-08-06T21:21:27.338Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2011-0531
Vulnerability from cvelistv5
Published
2011-02-07 20:19
Modified
2024-08-06 21:58
Severity ?
EPSS score ?
Summary
demux/mkv/mkv.hpp in the MKV demuxer plugin in VideoLAN VLC media player 1.1.6.1 and earlier allows remote attackers to cause a denial of service (crash) and execute arbitrary commands via a crafted MKV (WebM or Matroska) file that triggers memory corruption, related to "class mismatching" and the MKV_IS_ID macro.
References
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T21:58:25.230Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "70698",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://osvdb.org/70698"
},
{
"name": "ADV-2011-0363",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2011/0363"
},
{
"name": "43242",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/43242"
},
{
"name": "oval:org.mitre.oval:def:12415",
"tags": [
"vdb-entry",
"signature",
"x_refsource_OVAL",
"x_transferred"
],
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A12415"
},
{
"name": "DSA-2159",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN",
"x_transferred"
],
"url": "http://www.debian.org/security/2011/dsa-2159"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.videolan.org/security/sa1102.html"
},
{
"name": "vlc-mkv-code-execution(65045)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/65045"
},
{
"name": "43131",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/43131"
},
{
"name": "[oss-security] 20110131 CVE request: code execution in VLC media player",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2011/01/31/4"
},
{
"name": "1025018",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://www.securitytracker.com/id?1025018"
},
{
"name": "46060",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/46060"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://git.videolan.org/?p=vlc.git%3Ba=commit%3Bh=59491dcedffbf97612d2c572943b56ee4289dd07"
},
{
"name": "[oss-security] 20110131 Re: CVE request: code execution in VLC media player",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2011/01/31/8"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2011-01-31T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "demux/mkv/mkv.hpp in the MKV demuxer plugin in VideoLAN VLC media player 1.1.6.1 and earlier allows remote attackers to cause a denial of service (crash) and execute arbitrary commands via a crafted MKV (WebM or Matroska) file that triggers memory corruption, related to \"class mismatching\" and the MKV_IS_ID macro."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-09-18T12:57:01",
"orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"shortName": "redhat"
},
"references": [
{
"name": "70698",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://osvdb.org/70698"
},
{
"name": "ADV-2011-0363",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2011/0363"
},
{
"name": "43242",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/43242"
},
{
"name": "oval:org.mitre.oval:def:12415",
"tags": [
"vdb-entry",
"signature",
"x_refsource_OVAL"
],
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A12415"
},
{
"name": "DSA-2159",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN"
],
"url": "http://www.debian.org/security/2011/dsa-2159"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.videolan.org/security/sa1102.html"
},
{
"name": "vlc-mkv-code-execution(65045)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/65045"
},
{
"name": "43131",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/43131"
},
{
"name": "[oss-security] 20110131 CVE request: code execution in VLC media player",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://www.openwall.com/lists/oss-security/2011/01/31/4"
},
{
"name": "1025018",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://www.securitytracker.com/id?1025018"
},
{
"name": "46060",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/46060"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://git.videolan.org/?p=vlc.git%3Ba=commit%3Bh=59491dcedffbf97612d2c572943b56ee4289dd07"
},
{
"name": "[oss-security] 20110131 Re: CVE request: code execution in VLC media player",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://www.openwall.com/lists/oss-security/2011/01/31/8"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "secalert@redhat.com",
"ID": "CVE-2011-0531",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "demux/mkv/mkv.hpp in the MKV demuxer plugin in VideoLAN VLC media player 1.1.6.1 and earlier allows remote attackers to cause a denial of service (crash) and execute arbitrary commands via a crafted MKV (WebM or Matroska) file that triggers memory corruption, related to \"class mismatching\" and the MKV_IS_ID macro."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "70698",
"refsource": "OSVDB",
"url": "http://osvdb.org/70698"
},
{
"name": "ADV-2011-0363",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2011/0363"
},
{
"name": "43242",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/43242"
},
{
"name": "oval:org.mitre.oval:def:12415",
"refsource": "OVAL",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A12415"
},
{
"name": "DSA-2159",
"refsource": "DEBIAN",
"url": "http://www.debian.org/security/2011/dsa-2159"
},
{
"name": "http://www.videolan.org/security/sa1102.html",
"refsource": "CONFIRM",
"url": "http://www.videolan.org/security/sa1102.html"
},
{
"name": "vlc-mkv-code-execution(65045)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/65045"
},
{
"name": "43131",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/43131"
},
{
"name": "[oss-security] 20110131 CVE request: code execution in VLC media player",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2011/01/31/4"
},
{
"name": "1025018",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id?1025018"
},
{
"name": "46060",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/46060"
},
{
"name": "http://git.videolan.org/?p=vlc.git;a=commit;h=59491dcedffbf97612d2c572943b56ee4289dd07",
"refsource": "CONFIRM",
"url": "http://git.videolan.org/?p=vlc.git;a=commit;h=59491dcedffbf97612d2c572943b56ee4289dd07"
},
{
"name": "[oss-security] 20110131 Re: CVE request: code execution in VLC media player",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2011/01/31/8"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"assignerShortName": "redhat",
"cveId": "CVE-2011-0531",
"datePublished": "2011-02-07T20:19:00",
"dateReserved": "2011-01-20T00:00:00",
"dateUpdated": "2024-08-06T21:58:25.230Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2014-9630
Vulnerability from cvelistv5
Published
2020-01-24 21:57
Modified
2024-08-06 13:47
Severity ?
EPSS score ?
Summary
The rtp_packetize_xiph_config function in modules/stream_out/rtpfmt.c in VideoLAN VLC media player before 2.1.6 uses a stack-allocation approach with a size determined by arbitrary input data, which allows remote attackers to cause a denial of service (memory corruption) or possibly have unspecified other impact via a crafted length value.
References
| ▼ | URL | Tags |
|---|---|---|
| http://openwall.com/lists/oss-security/2015/01/20/5 | x_refsource_MISC | |
| https://github.com/videolan/vlc/commit/204291467724867b79735c0ee3aeb0dbc2200f97 | x_refsource_MISC | |
| https://www.videolan.org/security/sa1501.html | x_refsource_CONFIRM |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T13:47:41.808Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://openwall.com/lists/oss-security/2015/01/20/5"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/videolan/vlc/commit/204291467724867b79735c0ee3aeb0dbc2200f97"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://www.videolan.org/security/sa1501.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2014-12-05T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "The rtp_packetize_xiph_config function in modules/stream_out/rtpfmt.c in VideoLAN VLC media player before 2.1.6 uses a stack-allocation approach with a size determined by arbitrary input data, which allows remote attackers to cause a denial of service (memory corruption) or possibly have unspecified other impact via a crafted length value."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2020-01-24T21:57:14",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "http://openwall.com/lists/oss-security/2015/01/20/5"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/videolan/vlc/commit/204291467724867b79735c0ee3aeb0dbc2200f97"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://www.videolan.org/security/sa1501.html"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2014-9630",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The rtp_packetize_xiph_config function in modules/stream_out/rtpfmt.c in VideoLAN VLC media player before 2.1.6 uses a stack-allocation approach with a size determined by arbitrary input data, which allows remote attackers to cause a denial of service (memory corruption) or possibly have unspecified other impact via a crafted length value."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://openwall.com/lists/oss-security/2015/01/20/5",
"refsource": "MISC",
"url": "http://openwall.com/lists/oss-security/2015/01/20/5"
},
{
"name": "https://github.com/videolan/vlc/commit/204291467724867b79735c0ee3aeb0dbc2200f97",
"refsource": "MISC",
"url": "https://github.com/videolan/vlc/commit/204291467724867b79735c0ee3aeb0dbc2200f97"
},
{
"name": "https://www.videolan.org/security/sa1501.html",
"refsource": "CONFIRM",
"url": "https://www.videolan.org/security/sa1501.html"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2014-9630",
"datePublished": "2020-01-24T21:57:14",
"dateReserved": "2015-01-20T00:00:00",
"dateUpdated": "2024-08-06T13:47:41.808Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2010-1441
Vulnerability from cvelistv5
Published
2014-12-26 20:00
Modified
2024-08-07 01:21
Severity ?
EPSS score ?
Summary
Multiple heap-based buffer overflows in VideoLAN VLC media player before 1.0.6 allow remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a crafted byte stream to the (1) A/52, (2) DTS, or (3) MPEG Audio decoder.
References
| ▼ | URL | Tags |
|---|---|---|
| http://www.videolan.org/security/sa1003.html | x_refsource_CONFIRM | |
| http://openwall.com/lists/oss-security/2010/04/28/4 | mailing-list, x_refsource_MLIST |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T01:21:19.172Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.videolan.org/security/sa1003.html"
},
{
"name": "[oss-security] 20100428 Re: CVE request: VLC \u003c1.0.6 Multiple issues",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://openwall.com/lists/oss-security/2010/04/28/4"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2010-04-19T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Multiple heap-based buffer overflows in VideoLAN VLC media player before 1.0.6 allow remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a crafted byte stream to the (1) A/52, (2) DTS, or (3) MPEG Audio decoder."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2014-12-26T19:57:00",
"orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"shortName": "redhat"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.videolan.org/security/sa1003.html"
},
{
"name": "[oss-security] 20100428 Re: CVE request: VLC \u003c1.0.6 Multiple issues",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://openwall.com/lists/oss-security/2010/04/28/4"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "secalert@redhat.com",
"ID": "CVE-2010-1441",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Multiple heap-based buffer overflows in VideoLAN VLC media player before 1.0.6 allow remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a crafted byte stream to the (1) A/52, (2) DTS, or (3) MPEG Audio decoder."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://www.videolan.org/security/sa1003.html",
"refsource": "CONFIRM",
"url": "http://www.videolan.org/security/sa1003.html"
},
{
"name": "[oss-security] 20100428 Re: CVE request: VLC \u003c1.0.6 Multiple issues",
"refsource": "MLIST",
"url": "http://openwall.com/lists/oss-security/2010/04/28/4"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"assignerShortName": "redhat",
"cveId": "CVE-2010-1441",
"datePublished": "2014-12-26T20:00:00",
"dateReserved": "2010-04-15T00:00:00",
"dateUpdated": "2024-08-07T01:21:19.172Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2010-2937
Vulnerability from cvelistv5
Published
2010-08-20 17:00
Modified
2024-08-07 02:46
Severity ?
EPSS score ?
Summary
The ReadMetaFromId3v2 function in taglib.cpp in the TagLib plugin in VideoLAN VLC media player 0.9.0 through 1.1.2 does not properly process ID3v2 tags, which allows remote attackers to cause a denial of service (application crash) via a crafted media file.
References
| ▼ | URL | Tags |
|---|---|---|
| http://git.videolan.org/?p=vlc/vlc-1.0.git%3Ba=commit%3Bh=22a22e356c9d93993086810b2e25b59b55925b3a | x_refsource_CONFIRM | |
| http://git.videolan.org/?p=vlc/vlc-1.1.git%3Ba=commit%3Bh=24918843e57c7962e28fcb01845adce82bed6516 | x_refsource_CONFIRM | |
| http://www.videolan.org/security/sa1004.html | x_refsource_CONFIRM | |
| http://www.securityfocus.com/bid/42386 | vdb-entry, x_refsource_BID | |
| http://www.vupen.com/english/advisories/2010/2087 | vdb-entry, x_refsource_VUPEN | |
| https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A14676 | vdb-entry, signature, x_refsource_OVAL |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T02:46:48.705Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://git.videolan.org/?p=vlc/vlc-1.0.git%3Ba=commit%3Bh=22a22e356c9d93993086810b2e25b59b55925b3a"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://git.videolan.org/?p=vlc/vlc-1.1.git%3Ba=commit%3Bh=24918843e57c7962e28fcb01845adce82bed6516"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.videolan.org/security/sa1004.html"
},
{
"name": "42386",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/42386"
},
{
"name": "ADV-2010-2087",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2010/2087"
},
{
"name": "oval:org.mitre.oval:def:14676",
"tags": [
"vdb-entry",
"signature",
"x_refsource_OVAL",
"x_transferred"
],
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A14676"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2010-08-11T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "The ReadMetaFromId3v2 function in taglib.cpp in the TagLib plugin in VideoLAN VLC media player 0.9.0 through 1.1.2 does not properly process ID3v2 tags, which allows remote attackers to cause a denial of service (application crash) via a crafted media file."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-09-18T12:57:01",
"orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"shortName": "redhat"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://git.videolan.org/?p=vlc/vlc-1.0.git%3Ba=commit%3Bh=22a22e356c9d93993086810b2e25b59b55925b3a"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://git.videolan.org/?p=vlc/vlc-1.1.git%3Ba=commit%3Bh=24918843e57c7962e28fcb01845adce82bed6516"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.videolan.org/security/sa1004.html"
},
{
"name": "42386",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/42386"
},
{
"name": "ADV-2010-2087",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2010/2087"
},
{
"name": "oval:org.mitre.oval:def:14676",
"tags": [
"vdb-entry",
"signature",
"x_refsource_OVAL"
],
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A14676"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "secalert@redhat.com",
"ID": "CVE-2010-2937",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The ReadMetaFromId3v2 function in taglib.cpp in the TagLib plugin in VideoLAN VLC media player 0.9.0 through 1.1.2 does not properly process ID3v2 tags, which allows remote attackers to cause a denial of service (application crash) via a crafted media file."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://git.videolan.org/?p=vlc/vlc-1.0.git;a=commit;h=22a22e356c9d93993086810b2e25b59b55925b3a",
"refsource": "CONFIRM",
"url": "http://git.videolan.org/?p=vlc/vlc-1.0.git;a=commit;h=22a22e356c9d93993086810b2e25b59b55925b3a"
},
{
"name": "http://git.videolan.org/?p=vlc/vlc-1.1.git;a=commit;h=24918843e57c7962e28fcb01845adce82bed6516",
"refsource": "CONFIRM",
"url": "http://git.videolan.org/?p=vlc/vlc-1.1.git;a=commit;h=24918843e57c7962e28fcb01845adce82bed6516"
},
{
"name": "http://www.videolan.org/security/sa1004.html",
"refsource": "CONFIRM",
"url": "http://www.videolan.org/security/sa1004.html"
},
{
"name": "42386",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/42386"
},
{
"name": "ADV-2010-2087",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2010/2087"
},
{
"name": "oval:org.mitre.oval:def:14676",
"refsource": "OVAL",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A14676"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"assignerShortName": "redhat",
"cveId": "CVE-2010-2937",
"datePublished": "2010-08-20T17:00:00",
"dateReserved": "2010-08-04T00:00:00",
"dateUpdated": "2024-08-07T02:46:48.705Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2019-14970
Vulnerability from cvelistv5
Published
2019-08-29 18:55
Modified
2024-08-05 00:34
Severity ?
EPSS score ?
Summary
A vulnerability in mkv::event_thread_t in VideoLAN VLC media player 3.0.7.1 allows remote attackers to trigger a heap-based buffer overflow via a crafted .mkv file.
References
| ▼ | URL | Tags |
|---|---|---|
| http://git.videolan.org/?p=vlc.git&a=search&h=refs/heads/master&st=commit&s=cve-2019 | x_refsource_CONFIRM | |
| https://www.debian.org/security/2019/dsa-4504 | vendor-advisory, x_refsource_DEBIAN | |
| https://seclists.org/bugtraq/2019/Aug/36 | mailing-list, x_refsource_BUGTRAQ | |
| https://www.videolan.org/security/sb-vlc308.html | x_refsource_CONFIRM | |
| https://security.gentoo.org/glsa/201909-02 | vendor-advisory, x_refsource_GENTOO | |
| https://usn.ubuntu.com/4131-1/ | vendor-advisory, x_refsource_UBUNTU | |
| http://lists.opensuse.org/opensuse-security-announce/2020-04/msg00036.html | vendor-advisory, x_refsource_SUSE | |
| http://lists.opensuse.org/opensuse-security-announce/2020-04/msg00046.html | vendor-advisory, x_refsource_SUSE |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T00:34:52.669Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://git.videolan.org/?p=vlc.git\u0026a=search\u0026h=refs/heads/master\u0026st=commit\u0026s=cve-2019"
},
{
"name": "DSA-4504",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN",
"x_transferred"
],
"url": "https://www.debian.org/security/2019/dsa-4504"
},
{
"name": "20190821 [SECURITY] [DSA 4504-1] vlc security update",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "https://seclists.org/bugtraq/2019/Aug/36"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://www.videolan.org/security/sb-vlc308.html"
},
{
"name": "GLSA-201909-02",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO",
"x_transferred"
],
"url": "https://security.gentoo.org/glsa/201909-02"
},
{
"name": "USN-4131-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU",
"x_transferred"
],
"url": "https://usn.ubuntu.com/4131-1/"
},
{
"name": "openSUSE-SU-2020:0545",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2020-04/msg00036.html"
},
{
"name": "openSUSE-SU-2020:0562",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2020-04/msg00046.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2019-08-14T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "A vulnerability in mkv::event_thread_t in VideoLAN VLC media player 3.0.7.1 allows remote attackers to trigger a heap-based buffer overflow via a crafted .mkv file."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2020-04-29T11:06:12",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://git.videolan.org/?p=vlc.git\u0026a=search\u0026h=refs/heads/master\u0026st=commit\u0026s=cve-2019"
},
{
"name": "DSA-4504",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN"
],
"url": "https://www.debian.org/security/2019/dsa-4504"
},
{
"name": "20190821 [SECURITY] [DSA 4504-1] vlc security update",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "https://seclists.org/bugtraq/2019/Aug/36"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://www.videolan.org/security/sb-vlc308.html"
},
{
"name": "GLSA-201909-02",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO"
],
"url": "https://security.gentoo.org/glsa/201909-02"
},
{
"name": "USN-4131-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU"
],
"url": "https://usn.ubuntu.com/4131-1/"
},
{
"name": "openSUSE-SU-2020:0545",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2020-04/msg00036.html"
},
{
"name": "openSUSE-SU-2020:0562",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2020-04/msg00046.html"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2019-14970",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "A vulnerability in mkv::event_thread_t in VideoLAN VLC media player 3.0.7.1 allows remote attackers to trigger a heap-based buffer overflow via a crafted .mkv file."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://git.videolan.org/?p=vlc.git\u0026a=search\u0026h=refs/heads/master\u0026st=commit\u0026s=cve-2019",
"refsource": "CONFIRM",
"url": "http://git.videolan.org/?p=vlc.git\u0026a=search\u0026h=refs/heads/master\u0026st=commit\u0026s=cve-2019"
},
{
"name": "DSA-4504",
"refsource": "DEBIAN",
"url": "https://www.debian.org/security/2019/dsa-4504"
},
{
"name": "20190821 [SECURITY] [DSA 4504-1] vlc security update",
"refsource": "BUGTRAQ",
"url": "https://seclists.org/bugtraq/2019/Aug/36"
},
{
"name": "https://www.videolan.org/security/sb-vlc308.html",
"refsource": "CONFIRM",
"url": "https://www.videolan.org/security/sb-vlc308.html"
},
{
"name": "GLSA-201909-02",
"refsource": "GENTOO",
"url": "https://security.gentoo.org/glsa/201909-02"
},
{
"name": "USN-4131-1",
"refsource": "UBUNTU",
"url": "https://usn.ubuntu.com/4131-1/"
},
{
"name": "openSUSE-SU-2020:0545",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2020-04/msg00036.html"
},
{
"name": "openSUSE-SU-2020:0562",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2020-04/msg00046.html"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2019-14970",
"datePublished": "2019-08-29T18:55:11",
"dateReserved": "2019-08-12T00:00:00",
"dateUpdated": "2024-08-05T00:34:52.669Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2008-0984
Vulnerability from cvelistv5
Published
2008-02-26 19:00
Modified
2024-08-07 08:01
Severity ?
EPSS score ?
Summary
The MP4 demuxer (mp4.c) for VLC media player 0.8.6d and earlier, as used in Miro Player 1.1 and earlier, allows remote attackers to overwrite arbitrary memory and execute arbitrary code via a malformed MP4 file.
References
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T08:01:40.120Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "29122",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/29122"
},
{
"name": "29284",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/29284"
},
{
"name": "DSA-1543",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN",
"x_transferred"
],
"url": "http://www.debian.org/security/2008/dsa-1543"
},
{
"name": "29153",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/29153"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.videolan.org/security/sa0802.html"
},
{
"name": "28007",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/28007"
},
{
"name": "1019510",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://www.securitytracker.com/id?1019510"
},
{
"name": "20080227 CORE-2008-0130: VLC media player chunk context validation error",
"tags": [
"mailing-list",
"x_refsource_FULLDISC",
"x_transferred"
],
"url": "http://lists.grok.org.uk/pipermail/full-disclosure/2008-February/060481.html"
},
{
"name": "20080227 CORE-2008-0130: VLC media player chunk context validation error",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://www.securityfocus.com/archive/1/488841/100/0/threaded"
},
{
"name": "29766",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/29766"
},
{
"name": "ADV-2008-0682",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2008/0682"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://www.coresecurity.com/?action=item\u0026id=2147"
},
{
"name": "GLSA-200803-13",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO",
"x_transferred"
],
"url": "http://www.gentoo.org/security/en/glsa/glsa-200803-13.xml"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2008-02-26T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "The MP4 demuxer (mp4.c) for VLC media player 0.8.6d and earlier, as used in Miro Player 1.1 and earlier, allows remote attackers to overwrite arbitrary memory and execute arbitrary code via a malformed MP4 file."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-10-15T20:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "29122",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/29122"
},
{
"name": "29284",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/29284"
},
{
"name": "DSA-1543",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN"
],
"url": "http://www.debian.org/security/2008/dsa-1543"
},
{
"name": "29153",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/29153"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.videolan.org/security/sa0802.html"
},
{
"name": "28007",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/28007"
},
{
"name": "1019510",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://www.securitytracker.com/id?1019510"
},
{
"name": "20080227 CORE-2008-0130: VLC media player chunk context validation error",
"tags": [
"mailing-list",
"x_refsource_FULLDISC"
],
"url": "http://lists.grok.org.uk/pipermail/full-disclosure/2008-February/060481.html"
},
{
"name": "20080227 CORE-2008-0130: VLC media player chunk context validation error",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://www.securityfocus.com/archive/1/488841/100/0/threaded"
},
{
"name": "29766",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/29766"
},
{
"name": "ADV-2008-0682",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2008/0682"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://www.coresecurity.com/?action=item\u0026id=2147"
},
{
"name": "GLSA-200803-13",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO"
],
"url": "http://www.gentoo.org/security/en/glsa/glsa-200803-13.xml"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2008-0984",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The MP4 demuxer (mp4.c) for VLC media player 0.8.6d and earlier, as used in Miro Player 1.1 and earlier, allows remote attackers to overwrite arbitrary memory and execute arbitrary code via a malformed MP4 file."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "29122",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/29122"
},
{
"name": "29284",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/29284"
},
{
"name": "DSA-1543",
"refsource": "DEBIAN",
"url": "http://www.debian.org/security/2008/dsa-1543"
},
{
"name": "29153",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/29153"
},
{
"name": "http://www.videolan.org/security/sa0802.html",
"refsource": "CONFIRM",
"url": "http://www.videolan.org/security/sa0802.html"
},
{
"name": "28007",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/28007"
},
{
"name": "1019510",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id?1019510"
},
{
"name": "20080227 CORE-2008-0130: VLC media player chunk context validation error",
"refsource": "FULLDISC",
"url": "http://lists.grok.org.uk/pipermail/full-disclosure/2008-February/060481.html"
},
{
"name": "20080227 CORE-2008-0130: VLC media player chunk context validation error",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/488841/100/0/threaded"
},
{
"name": "29766",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/29766"
},
{
"name": "ADV-2008-0682",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2008/0682"
},
{
"name": "http://www.coresecurity.com/?action=item\u0026id=2147",
"refsource": "MISC",
"url": "http://www.coresecurity.com/?action=item\u0026id=2147"
},
{
"name": "GLSA-200803-13",
"refsource": "GENTOO",
"url": "http://www.gentoo.org/security/en/glsa/glsa-200803-13.xml"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2008-0984",
"datePublished": "2008-02-26T19:00:00",
"dateReserved": "2008-02-26T00:00:00",
"dateUpdated": "2024-08-07T08:01:40.120Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2019-14778
Vulnerability from cvelistv5
Published
2019-08-29 18:47
Modified
2024-08-05 00:26
Severity ?
EPSS score ?
Summary
The mkv::virtual_segment_c::seek method of demux/mkv/virtual_segment.cpp in VideoLAN VLC media player 3.0.7.1 has a use-after-free.
References
| ▼ | URL | Tags |
|---|---|---|
| http://git.videolan.org/?p=vlc.git&a=search&h=refs/heads/master&st=commit&s=cve-2019 | x_refsource_CONFIRM | |
| https://www.debian.org/security/2019/dsa-4504 | vendor-advisory, x_refsource_DEBIAN | |
| https://seclists.org/bugtraq/2019/Aug/36 | mailing-list, x_refsource_BUGTRAQ | |
| https://www.videolan.org/security/sb-vlc308.html | x_refsource_CONFIRM | |
| https://security.gentoo.org/glsa/201909-02 | vendor-advisory, x_refsource_GENTOO | |
| https://usn.ubuntu.com/4131-1/ | vendor-advisory, x_refsource_UBUNTU | |
| http://lists.opensuse.org/opensuse-security-announce/2020-04/msg00036.html | vendor-advisory, x_refsource_SUSE | |
| http://lists.opensuse.org/opensuse-security-announce/2020-04/msg00046.html | vendor-advisory, x_refsource_SUSE |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T00:26:38.642Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://git.videolan.org/?p=vlc.git\u0026a=search\u0026h=refs/heads/master\u0026st=commit\u0026s=cve-2019"
},
{
"name": "DSA-4504",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN",
"x_transferred"
],
"url": "https://www.debian.org/security/2019/dsa-4504"
},
{
"name": "20190821 [SECURITY] [DSA 4504-1] vlc security update",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "https://seclists.org/bugtraq/2019/Aug/36"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://www.videolan.org/security/sb-vlc308.html"
},
{
"name": "GLSA-201909-02",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO",
"x_transferred"
],
"url": "https://security.gentoo.org/glsa/201909-02"
},
{
"name": "USN-4131-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU",
"x_transferred"
],
"url": "https://usn.ubuntu.com/4131-1/"
},
{
"name": "openSUSE-SU-2020:0545",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2020-04/msg00036.html"
},
{
"name": "openSUSE-SU-2020:0562",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2020-04/msg00046.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2019-08-14T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "The mkv::virtual_segment_c::seek method of demux/mkv/virtual_segment.cpp in VideoLAN VLC media player 3.0.7.1 has a use-after-free."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2020-04-29T11:06:11",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://git.videolan.org/?p=vlc.git\u0026a=search\u0026h=refs/heads/master\u0026st=commit\u0026s=cve-2019"
},
{
"name": "DSA-4504",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN"
],
"url": "https://www.debian.org/security/2019/dsa-4504"
},
{
"name": "20190821 [SECURITY] [DSA 4504-1] vlc security update",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "https://seclists.org/bugtraq/2019/Aug/36"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://www.videolan.org/security/sb-vlc308.html"
},
{
"name": "GLSA-201909-02",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO"
],
"url": "https://security.gentoo.org/glsa/201909-02"
},
{
"name": "USN-4131-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU"
],
"url": "https://usn.ubuntu.com/4131-1/"
},
{
"name": "openSUSE-SU-2020:0545",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2020-04/msg00036.html"
},
{
"name": "openSUSE-SU-2020:0562",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2020-04/msg00046.html"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2019-14778",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The mkv::virtual_segment_c::seek method of demux/mkv/virtual_segment.cpp in VideoLAN VLC media player 3.0.7.1 has a use-after-free."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://git.videolan.org/?p=vlc.git\u0026a=search\u0026h=refs/heads/master\u0026st=commit\u0026s=cve-2019",
"refsource": "CONFIRM",
"url": "http://git.videolan.org/?p=vlc.git\u0026a=search\u0026h=refs/heads/master\u0026st=commit\u0026s=cve-2019"
},
{
"name": "DSA-4504",
"refsource": "DEBIAN",
"url": "https://www.debian.org/security/2019/dsa-4504"
},
{
"name": "20190821 [SECURITY] [DSA 4504-1] vlc security update",
"refsource": "BUGTRAQ",
"url": "https://seclists.org/bugtraq/2019/Aug/36"
},
{
"name": "https://www.videolan.org/security/sb-vlc308.html",
"refsource": "CONFIRM",
"url": "https://www.videolan.org/security/sb-vlc308.html"
},
{
"name": "GLSA-201909-02",
"refsource": "GENTOO",
"url": "https://security.gentoo.org/glsa/201909-02"
},
{
"name": "USN-4131-1",
"refsource": "UBUNTU",
"url": "https://usn.ubuntu.com/4131-1/"
},
{
"name": "openSUSE-SU-2020:0545",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2020-04/msg00036.html"
},
{
"name": "openSUSE-SU-2020:0562",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2020-04/msg00046.html"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2019-14778",
"datePublished": "2019-08-29T18:47:41",
"dateReserved": "2019-08-08T00:00:00",
"dateUpdated": "2024-08-05T00:26:38.642Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2019-14437
Vulnerability from cvelistv5
Published
2019-08-29 17:30
Modified
2024-08-05 00:19
Severity ?
EPSS score ?
Summary
The xiph_SplitHeaders function in modules/demux/xiph.h in VideoLAN VLC media player 3.0.7.1 does not check array bounds properly. As a result, a heap-based buffer over-read can be triggered via a crafted .ogg file.
References
| ▼ | URL | Tags |
|---|---|---|
| http://git.videolan.org/?p=vlc.git&a=search&h=refs%2Fheads%2Fmaster&st=commit&s=cve-2019 | x_refsource_CONFIRM | |
| https://www.debian.org/security/2019/dsa-4504 | vendor-advisory, x_refsource_DEBIAN | |
| https://seclists.org/bugtraq/2019/Aug/36 | mailing-list, x_refsource_BUGTRAQ | |
| https://www.videolan.org/security/sb-vlc308.html | x_refsource_CONFIRM | |
| https://security.gentoo.org/glsa/201909-02 | vendor-advisory, x_refsource_GENTOO | |
| https://usn.ubuntu.com/4131-1/ | vendor-advisory, x_refsource_UBUNTU | |
| http://lists.opensuse.org/opensuse-security-announce/2020-04/msg00036.html | vendor-advisory, x_refsource_SUSE | |
| http://lists.opensuse.org/opensuse-security-announce/2020-04/msg00046.html | vendor-advisory, x_refsource_SUSE |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T00:19:41.036Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://git.videolan.org/?p=vlc.git\u0026a=search\u0026h=refs%2Fheads%2Fmaster\u0026st=commit\u0026s=cve-2019"
},
{
"name": "DSA-4504",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN",
"x_transferred"
],
"url": "https://www.debian.org/security/2019/dsa-4504"
},
{
"name": "20190821 [SECURITY] [DSA 4504-1] vlc security update",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "https://seclists.org/bugtraq/2019/Aug/36"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://www.videolan.org/security/sb-vlc308.html"
},
{
"name": "GLSA-201909-02",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO",
"x_transferred"
],
"url": "https://security.gentoo.org/glsa/201909-02"
},
{
"name": "USN-4131-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU",
"x_transferred"
],
"url": "https://usn.ubuntu.com/4131-1/"
},
{
"name": "openSUSE-SU-2020:0545",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2020-04/msg00036.html"
},
{
"name": "openSUSE-SU-2020:0562",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2020-04/msg00046.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2019-08-14T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "The xiph_SplitHeaders function in modules/demux/xiph.h in VideoLAN VLC media player 3.0.7.1 does not check array bounds properly. As a result, a heap-based buffer over-read can be triggered via a crafted .ogg file."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2020-04-29T11:06:07",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://git.videolan.org/?p=vlc.git\u0026a=search\u0026h=refs%2Fheads%2Fmaster\u0026st=commit\u0026s=cve-2019"
},
{
"name": "DSA-4504",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN"
],
"url": "https://www.debian.org/security/2019/dsa-4504"
},
{
"name": "20190821 [SECURITY] [DSA 4504-1] vlc security update",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "https://seclists.org/bugtraq/2019/Aug/36"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://www.videolan.org/security/sb-vlc308.html"
},
{
"name": "GLSA-201909-02",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO"
],
"url": "https://security.gentoo.org/glsa/201909-02"
},
{
"name": "USN-4131-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU"
],
"url": "https://usn.ubuntu.com/4131-1/"
},
{
"name": "openSUSE-SU-2020:0545",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2020-04/msg00036.html"
},
{
"name": "openSUSE-SU-2020:0562",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2020-04/msg00046.html"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2019-14437",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The xiph_SplitHeaders function in modules/demux/xiph.h in VideoLAN VLC media player 3.0.7.1 does not check array bounds properly. As a result, a heap-based buffer over-read can be triggered via a crafted .ogg file."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://git.videolan.org/?p=vlc.git\u0026a=search\u0026h=refs%2Fheads%2Fmaster\u0026st=commit\u0026s=cve-2019",
"refsource": "CONFIRM",
"url": "http://git.videolan.org/?p=vlc.git\u0026a=search\u0026h=refs%2Fheads%2Fmaster\u0026st=commit\u0026s=cve-2019"
},
{
"name": "DSA-4504",
"refsource": "DEBIAN",
"url": "https://www.debian.org/security/2019/dsa-4504"
},
{
"name": "20190821 [SECURITY] [DSA 4504-1] vlc security update",
"refsource": "BUGTRAQ",
"url": "https://seclists.org/bugtraq/2019/Aug/36"
},
{
"name": "https://www.videolan.org/security/sb-vlc308.html",
"refsource": "CONFIRM",
"url": "https://www.videolan.org/security/sb-vlc308.html"
},
{
"name": "GLSA-201909-02",
"refsource": "GENTOO",
"url": "https://security.gentoo.org/glsa/201909-02"
},
{
"name": "USN-4131-1",
"refsource": "UBUNTU",
"url": "https://usn.ubuntu.com/4131-1/"
},
{
"name": "openSUSE-SU-2020:0545",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2020-04/msg00036.html"
},
{
"name": "openSUSE-SU-2020:0562",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2020-04/msg00046.html"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2019-14437",
"datePublished": "2019-08-29T17:30:37",
"dateReserved": "2019-07-29T00:00:00",
"dateUpdated": "2024-08-05T00:19:41.036Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2023-47359
Vulnerability from cvelistv5
Published
2023-11-07 00:00
Modified
2024-08-02 21:09
Severity ?
EPSS score ?
Summary
Videolan VLC prior to version 3.0.20 contains an incorrect offset read that leads to a Heap-Based Buffer Overflow in function GetPacket() and results in a memory corruption.
References
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T21:09:36.643Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://0xariana.github.io/blog/real_bugs/vlc/mms"
},
{
"name": "[debian-lts-announce] 20231130 [SECURITY] [DLA 3679-1] vlc security update",
"tags": [
"mailing-list",
"x_transferred"
],
"url": "https://lists.debian.org/debian-lts-announce/2023/11/msg00034.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Videolan VLC prior to version 3.0.20 contains an incorrect offset read that leads to a Heap-Based Buffer Overflow in function GetPacket() and results in a memory corruption."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-12-01T01:06:17.518426",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"url": "https://0xariana.github.io/blog/real_bugs/vlc/mms"
},
{
"name": "[debian-lts-announce] 20231130 [SECURITY] [DLA 3679-1] vlc security update",
"tags": [
"mailing-list"
],
"url": "https://lists.debian.org/debian-lts-announce/2023/11/msg00034.html"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2023-47359",
"datePublished": "2023-11-07T00:00:00",
"dateReserved": "2023-11-06T00:00:00",
"dateUpdated": "2024-08-02T21:09:36.643Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2008-4558
Vulnerability from cvelistv5
Published
2008-10-14 23:00
Modified
2024-08-07 10:17
Severity ?
EPSS score ?
Summary
Array index error in VLC media player 0.9.2 allows remote attackers to overwrite arbitrary memory and execute arbitrary code via an XSPF playlist file with a negative identifier tag, which passes a signed comparison.
References
| ▼ | URL | Tags |
|---|---|---|
| http://www.securityfocus.com/bid/31758 | vdb-entry, x_refsource_BID | |
| http://www.exploit-db.com/exploits/6756 | exploit, x_refsource_EXPLOIT-DB | |
| https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A14726 | vdb-entry, signature, x_refsource_OVAL | |
| http://www.coresecurity.com/content/vlc-xspf-memory-corruption | x_refsource_MISC | |
| http://secunia.com/advisories/32267 | third-party-advisory, x_refsource_SECUNIA | |
| http://www.vupen.com/english/advisories/2008/2826 | vdb-entry, x_refsource_VUPEN | |
| https://exchange.xforce.ibmcloud.com/vulnerabilities/45869 | vdb-entry, x_refsource_XF | |
| http://www.securityfocus.com/archive/1/497354/100/0/threaded | mailing-list, x_refsource_BUGTRAQ |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T10:17:09.874Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "31758",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/31758"
},
{
"name": "6756",
"tags": [
"exploit",
"x_refsource_EXPLOIT-DB",
"x_transferred"
],
"url": "http://www.exploit-db.com/exploits/6756"
},
{
"name": "oval:org.mitre.oval:def:14726",
"tags": [
"vdb-entry",
"signature",
"x_refsource_OVAL",
"x_transferred"
],
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A14726"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://www.coresecurity.com/content/vlc-xspf-memory-corruption"
},
{
"name": "32267",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/32267"
},
{
"name": "ADV-2008-2826",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2008/2826"
},
{
"name": "vlc-parsetracknode-code-execution(45869)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/45869"
},
{
"name": "20081014 CORE-2008-1010: VLC media player XSPF Memory Corruption",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://www.securityfocus.com/archive/1/497354/100/0/threaded"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2008-10-13T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Array index error in VLC media player 0.9.2 allows remote attackers to overwrite arbitrary memory and execute arbitrary code via an XSPF playlist file with a negative identifier tag, which passes a signed comparison."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-10-11T19:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "31758",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/31758"
},
{
"name": "6756",
"tags": [
"exploit",
"x_refsource_EXPLOIT-DB"
],
"url": "http://www.exploit-db.com/exploits/6756"
},
{
"name": "oval:org.mitre.oval:def:14726",
"tags": [
"vdb-entry",
"signature",
"x_refsource_OVAL"
],
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A14726"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://www.coresecurity.com/content/vlc-xspf-memory-corruption"
},
{
"name": "32267",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/32267"
},
{
"name": "ADV-2008-2826",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2008/2826"
},
{
"name": "vlc-parsetracknode-code-execution(45869)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/45869"
},
{
"name": "20081014 CORE-2008-1010: VLC media player XSPF Memory Corruption",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://www.securityfocus.com/archive/1/497354/100/0/threaded"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2008-4558",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Array index error in VLC media player 0.9.2 allows remote attackers to overwrite arbitrary memory and execute arbitrary code via an XSPF playlist file with a negative identifier tag, which passes a signed comparison."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "31758",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/31758"
},
{
"name": "6756",
"refsource": "EXPLOIT-DB",
"url": "http://www.exploit-db.com/exploits/6756"
},
{
"name": "oval:org.mitre.oval:def:14726",
"refsource": "OVAL",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A14726"
},
{
"name": "http://www.coresecurity.com/content/vlc-xspf-memory-corruption",
"refsource": "MISC",
"url": "http://www.coresecurity.com/content/vlc-xspf-memory-corruption"
},
{
"name": "32267",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/32267"
},
{
"name": "ADV-2008-2826",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2008/2826"
},
{
"name": "vlc-parsetracknode-code-execution(45869)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/45869"
},
{
"name": "20081014 CORE-2008-1010: VLC media player XSPF Memory Corruption",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/497354/100/0/threaded"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2008-4558",
"datePublished": "2008-10-14T23:00:00",
"dateReserved": "2008-10-14T00:00:00",
"dateUpdated": "2024-08-07T10:17:09.874Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2019-13962
Vulnerability from cvelistv5
Published
2019-07-18 19:58
Modified
2024-08-05 00:05
Severity ?
EPSS score ?
Summary
lavc_CopyPicture in modules/codec/avcodec/video.c in VideoLAN VLC media player through 3.0.7 has a heap-based buffer over-read because it does not properly validate the width and height.
References
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T00:05:43.976Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://git.videolan.org/?p=vlc/vlc-3.0.git%3Ba=commit%3Bh=2b4f9d0b0e0861f262c90e9b9b94e7d53b864509"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://trac.videolan.org/vlc/ticket/22240"
},
{
"name": "109306",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/109306"
},
{
"name": "openSUSE-SU-2019:1840",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2019-08/msg00005.html"
},
{
"name": "openSUSE-SU-2019:1909",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2019-08/msg00040.html"
},
{
"name": "openSUSE-SU-2019:1897",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2019-08/msg00037.html"
},
{
"name": "DSA-4504",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN",
"x_transferred"
],
"url": "https://www.debian.org/security/2019/dsa-4504"
},
{
"name": "20190821 [SECURITY] [DSA 4504-1] vlc security update",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "https://seclists.org/bugtraq/2019/Aug/36"
},
{
"name": "openSUSE-SU-2019:2015",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2019-08/msg00081.html"
},
{
"name": "GLSA-201909-02",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO",
"x_transferred"
],
"url": "https://security.gentoo.org/glsa/201909-02"
},
{
"name": "USN-4131-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU",
"x_transferred"
],
"url": "https://usn.ubuntu.com/4131-1/"
},
{
"name": "openSUSE-SU-2020:0545",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2020-04/msg00036.html"
},
{
"name": "openSUSE-SU-2020:0562",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2020-04/msg00046.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "lavc_CopyPicture in modules/codec/avcodec/video.c in VideoLAN VLC media player through 3.0.7 has a heap-based buffer over-read because it does not properly validate the width and height."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2020-04-29T11:06:08",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "http://git.videolan.org/?p=vlc/vlc-3.0.git%3Ba=commit%3Bh=2b4f9d0b0e0861f262c90e9b9b94e7d53b864509"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://trac.videolan.org/vlc/ticket/22240"
},
{
"name": "109306",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/109306"
},
{
"name": "openSUSE-SU-2019:1840",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2019-08/msg00005.html"
},
{
"name": "openSUSE-SU-2019:1909",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2019-08/msg00040.html"
},
{
"name": "openSUSE-SU-2019:1897",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2019-08/msg00037.html"
},
{
"name": "DSA-4504",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN"
],
"url": "https://www.debian.org/security/2019/dsa-4504"
},
{
"name": "20190821 [SECURITY] [DSA 4504-1] vlc security update",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "https://seclists.org/bugtraq/2019/Aug/36"
},
{
"name": "openSUSE-SU-2019:2015",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2019-08/msg00081.html"
},
{
"name": "GLSA-201909-02",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO"
],
"url": "https://security.gentoo.org/glsa/201909-02"
},
{
"name": "USN-4131-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU"
],
"url": "https://usn.ubuntu.com/4131-1/"
},
{
"name": "openSUSE-SU-2020:0545",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2020-04/msg00036.html"
},
{
"name": "openSUSE-SU-2020:0562",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2020-04/msg00046.html"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2019-13962",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "lavc_CopyPicture in modules/codec/avcodec/video.c in VideoLAN VLC media player through 3.0.7 has a heap-based buffer over-read because it does not properly validate the width and height."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://git.videolan.org/?p=vlc/vlc-3.0.git;a=commit;h=2b4f9d0b0e0861f262c90e9b9b94e7d53b864509",
"refsource": "MISC",
"url": "http://git.videolan.org/?p=vlc/vlc-3.0.git;a=commit;h=2b4f9d0b0e0861f262c90e9b9b94e7d53b864509"
},
{
"name": "https://trac.videolan.org/vlc/ticket/22240",
"refsource": "MISC",
"url": "https://trac.videolan.org/vlc/ticket/22240"
},
{
"name": "109306",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/109306"
},
{
"name": "openSUSE-SU-2019:1840",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2019-08/msg00005.html"
},
{
"name": "openSUSE-SU-2019:1909",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2019-08/msg00040.html"
},
{
"name": "openSUSE-SU-2019:1897",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2019-08/msg00037.html"
},
{
"name": "DSA-4504",
"refsource": "DEBIAN",
"url": "https://www.debian.org/security/2019/dsa-4504"
},
{
"name": "20190821 [SECURITY] [DSA 4504-1] vlc security update",
"refsource": "BUGTRAQ",
"url": "https://seclists.org/bugtraq/2019/Aug/36"
},
{
"name": "openSUSE-SU-2019:2015",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2019-08/msg00081.html"
},
{
"name": "GLSA-201909-02",
"refsource": "GENTOO",
"url": "https://security.gentoo.org/glsa/201909-02"
},
{
"name": "USN-4131-1",
"refsource": "UBUNTU",
"url": "https://usn.ubuntu.com/4131-1/"
},
{
"name": "openSUSE-SU-2020:0545",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2020-04/msg00036.html"
},
{
"name": "openSUSE-SU-2020:0562",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2020-04/msg00046.html"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2019-13962",
"datePublished": "2019-07-18T19:58:30",
"dateReserved": "2019-07-18T00:00:00",
"dateUpdated": "2024-08-05T00:05:43.976Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2017-9300
Vulnerability from cvelistv5
Published
2017-05-29 19:00
Modified
2024-08-05 17:02
Severity ?
EPSS score ?
Summary
plugins\codec\libflac_plugin.dll in VideoLAN VLC media player 2.2.4 allows remote attackers to cause a denial of service (heap corruption and application crash) or possibly have unspecified other impact via a crafted FLAC file.
References
| ▼ | URL | Tags |
|---|---|---|
| http://www.securityfocus.com/bid/98747 | vdb-entry, x_refsource_BID | |
| https://www.debian.org/security/2017/dsa-4045 | vendor-advisory, x_refsource_DEBIAN | |
| http://code610.blogspot.com/2017/04/multiple-crashes-in-vlc-224.html | x_refsource_MISC |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T17:02:44.157Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "98747",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/98747"
},
{
"name": "DSA-4045",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN",
"x_transferred"
],
"url": "https://www.debian.org/security/2017/dsa-4045"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://code610.blogspot.com/2017/04/multiple-crashes-in-vlc-224.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2017-05-29T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "plugins\\codec\\libflac_plugin.dll in VideoLAN VLC media player 2.2.4 allows remote attackers to cause a denial of service (heap corruption and application crash) or possibly have unspecified other impact via a crafted FLAC file."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-11-22T10:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "98747",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/98747"
},
{
"name": "DSA-4045",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN"
],
"url": "https://www.debian.org/security/2017/dsa-4045"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://code610.blogspot.com/2017/04/multiple-crashes-in-vlc-224.html"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2017-9300",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "plugins\\codec\\libflac_plugin.dll in VideoLAN VLC media player 2.2.4 allows remote attackers to cause a denial of service (heap corruption and application crash) or possibly have unspecified other impact via a crafted FLAC file."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "98747",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/98747"
},
{
"name": "DSA-4045",
"refsource": "DEBIAN",
"url": "https://www.debian.org/security/2017/dsa-4045"
},
{
"name": "http://code610.blogspot.com/2017/04/multiple-crashes-in-vlc-224.html",
"refsource": "MISC",
"url": "http://code610.blogspot.com/2017/04/multiple-crashes-in-vlc-224.html"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2017-9300",
"datePublished": "2017-05-29T19:00:00",
"dateReserved": "2017-05-29T00:00:00",
"dateUpdated": "2024-08-05T17:02:44.157Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2011-2587
Vulnerability from cvelistv5
Published
2011-07-27 01:29
Modified
2024-08-06 23:08
Severity ?
EPSS score ?
Summary
Heap-based buffer overflow in the DemuxAudioSipr function in real.c in the RealMedia demuxer in VideoLAN VLC media player 1.1.x before 1.1.11 allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a crafted Real Media file.
References
| ▼ | URL | Tags |
|---|---|---|
| https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A14851 | vdb-entry, signature, x_refsource_OVAL | |
| http://secunia.com/advisories/45066 | third-party-advisory, x_refsource_SECUNIA | |
| http://www.securityfocus.com/bid/48664 | vdb-entry, x_refsource_BID | |
| http://git.videolan.org/?p=vlc.git%3Ba=commit%3Bh=1bce40644cddee93b4b1877a94a6ce345f32852c | x_refsource_CONFIRM | |
| https://exchange.xforce.ibmcloud.com/vulnerabilities/68531 | vdb-entry, x_refsource_XF | |
| http://www.videolan.org/security/sa1105.html | x_refsource_CONFIRM |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T23:08:23.413Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "oval:org.mitre.oval:def:14851",
"tags": [
"vdb-entry",
"signature",
"x_refsource_OVAL",
"x_transferred"
],
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A14851"
},
{
"name": "45066",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/45066"
},
{
"name": "48664",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/48664"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://git.videolan.org/?p=vlc.git%3Ba=commit%3Bh=1bce40644cddee93b4b1877a94a6ce345f32852c"
},
{
"name": "vlcmediaplayer-rm-bo(68531)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/68531"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.videolan.org/security/sa1105.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2011-07-12T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Heap-based buffer overflow in the DemuxAudioSipr function in real.c in the RealMedia demuxer in VideoLAN VLC media player 1.1.x before 1.1.11 allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a crafted Real Media file."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-09-18T12:57:01",
"orgId": "44d08088-2bea-4760-83a6-1e9be26b15ab",
"shortName": "flexera"
},
"references": [
{
"name": "oval:org.mitre.oval:def:14851",
"tags": [
"vdb-entry",
"signature",
"x_refsource_OVAL"
],
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A14851"
},
{
"name": "45066",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/45066"
},
{
"name": "48664",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/48664"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://git.videolan.org/?p=vlc.git%3Ba=commit%3Bh=1bce40644cddee93b4b1877a94a6ce345f32852c"
},
{
"name": "vlcmediaplayer-rm-bo(68531)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/68531"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.videolan.org/security/sa1105.html"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "PSIRT-CNA@flexerasoftware.com",
"ID": "CVE-2011-2587",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Heap-based buffer overflow in the DemuxAudioSipr function in real.c in the RealMedia demuxer in VideoLAN VLC media player 1.1.x before 1.1.11 allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a crafted Real Media file."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "oval:org.mitre.oval:def:14851",
"refsource": "OVAL",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A14851"
},
{
"name": "45066",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/45066"
},
{
"name": "48664",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/48664"
},
{
"name": "http://git.videolan.org/?p=vlc.git;a=commit;h=1bce40644cddee93b4b1877a94a6ce345f32852c",
"refsource": "CONFIRM",
"url": "http://git.videolan.org/?p=vlc.git;a=commit;h=1bce40644cddee93b4b1877a94a6ce345f32852c"
},
{
"name": "vlcmediaplayer-rm-bo(68531)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/68531"
},
{
"name": "http://www.videolan.org/security/sa1105.html",
"refsource": "CONFIRM",
"url": "http://www.videolan.org/security/sa1105.html"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "44d08088-2bea-4760-83a6-1e9be26b15ab",
"assignerShortName": "flexera",
"cveId": "CVE-2011-2587",
"datePublished": "2011-07-27T01:29:00",
"dateReserved": "2011-06-29T00:00:00",
"dateUpdated": "2024-08-06T23:08:23.413Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2010-2062
Vulnerability from cvelistv5
Published
2014-12-26 20:00
Modified
2024-08-07 02:17
Severity ?
EPSS score ?
Summary
Integer underflow in the real_get_rdt_chunk function in real.c, as used in modules/access/rtsp/real.c in VideoLAN VLC media player before 1.0.1 and stream/realrtsp/real.c in MPlayer before r29447, allows remote attackers to execute arbitrary code via a crafted length value in an RDT chunk header.
References
| ▼ | URL | Tags |
|---|---|---|
| http://seclists.org/fulldisclosure/2009/Jul/418 | mailing-list, x_refsource_FULLDISC | |
| https://dzcore.wordpress.com/2009/07/27/dzc-2009-001-the-movie-player-and-vlc-media-player-real-data-transport-parsing-integer-underflow/ | x_refsource_MISC | |
| http://git.videolan.org/?p=vlc.git%3Ba=commit%3Bh=dc74600c97eb834c08674676e209afa842053aca | x_refsource_CONFIRM | |
| http://openwall.com/lists/oss-security/2010/06/04/4 | mailing-list, x_refsource_MLIST |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T02:17:13.575Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "20090727 [DZC-2009-001] The Movie Player and VLC Media Player Real Data Transport parsing integer underflow.",
"tags": [
"mailing-list",
"x_refsource_FULLDISC",
"x_transferred"
],
"url": "http://seclists.org/fulldisclosure/2009/Jul/418"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://dzcore.wordpress.com/2009/07/27/dzc-2009-001-the-movie-player-and-vlc-media-player-real-data-transport-parsing-integer-underflow/"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://git.videolan.org/?p=vlc.git%3Ba=commit%3Bh=dc74600c97eb834c08674676e209afa842053aca"
},
{
"name": "[oss-security] 20100604 Re: CVE requests for mplayer/vlc and abcm2ps",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://openwall.com/lists/oss-security/2010/06/04/4"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2009-07-27T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Integer underflow in the real_get_rdt_chunk function in real.c, as used in modules/access/rtsp/real.c in VideoLAN VLC media player before 1.0.1 and stream/realrtsp/real.c in MPlayer before r29447, allows remote attackers to execute arbitrary code via a crafted length value in an RDT chunk header."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2014-12-26T19:57:00",
"orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"shortName": "redhat"
},
"references": [
{
"name": "20090727 [DZC-2009-001] The Movie Player and VLC Media Player Real Data Transport parsing integer underflow.",
"tags": [
"mailing-list",
"x_refsource_FULLDISC"
],
"url": "http://seclists.org/fulldisclosure/2009/Jul/418"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://dzcore.wordpress.com/2009/07/27/dzc-2009-001-the-movie-player-and-vlc-media-player-real-data-transport-parsing-integer-underflow/"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://git.videolan.org/?p=vlc.git%3Ba=commit%3Bh=dc74600c97eb834c08674676e209afa842053aca"
},
{
"name": "[oss-security] 20100604 Re: CVE requests for mplayer/vlc and abcm2ps",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://openwall.com/lists/oss-security/2010/06/04/4"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "secalert@redhat.com",
"ID": "CVE-2010-2062",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Integer underflow in the real_get_rdt_chunk function in real.c, as used in modules/access/rtsp/real.c in VideoLAN VLC media player before 1.0.1 and stream/realrtsp/real.c in MPlayer before r29447, allows remote attackers to execute arbitrary code via a crafted length value in an RDT chunk header."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "20090727 [DZC-2009-001] The Movie Player and VLC Media Player Real Data Transport parsing integer underflow.",
"refsource": "FULLDISC",
"url": "http://seclists.org/fulldisclosure/2009/Jul/418"
},
{
"name": "https://dzcore.wordpress.com/2009/07/27/dzc-2009-001-the-movie-player-and-vlc-media-player-real-data-transport-parsing-integer-underflow/",
"refsource": "MISC",
"url": "https://dzcore.wordpress.com/2009/07/27/dzc-2009-001-the-movie-player-and-vlc-media-player-real-data-transport-parsing-integer-underflow/"
},
{
"name": "http://git.videolan.org/?p=vlc.git;a=commit;h=dc74600c97eb834c08674676e209afa842053aca",
"refsource": "CONFIRM",
"url": "http://git.videolan.org/?p=vlc.git;a=commit;h=dc74600c97eb834c08674676e209afa842053aca"
},
{
"name": "[oss-security] 20100604 Re: CVE requests for mplayer/vlc and abcm2ps",
"refsource": "MLIST",
"url": "http://openwall.com/lists/oss-security/2010/06/04/4"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"assignerShortName": "redhat",
"cveId": "CVE-2010-2062",
"datePublished": "2014-12-26T20:00:00",
"dateReserved": "2010-05-25T00:00:00",
"dateUpdated": "2024-08-07T02:17:13.575Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2013-1954
Vulnerability from cvelistv5
Published
2013-07-10 19:00
Modified
2024-08-06 15:20
Severity ?
EPSS score ?
Summary
The ASF Demuxer (modules/demux/asf/asf.c) in VideoLAN VLC media player 2.0.5 and earlier allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a crafted ASF movie that triggers an out-of-bounds read.
References
| ▼ | URL | Tags |
|---|---|---|
| http://marc.info/?l=oss-security&m=136593191416152&w=2 | mailing-list, x_refsource_MLIST | |
| http://secunia.com/advisories/59793 | third-party-advisory, x_refsource_SECUNIA | |
| http://marc.info/?l=oss-security&m=136610343501731&w=2 | mailing-list, x_refsource_MLIST | |
| http://trac.videolan.org/vlc/ticket/8024 | x_refsource_CONFIRM | |
| http://www.securityfocus.com/bid/57333 | vdb-entry, x_refsource_BID | |
| http://git.videolan.org/?p=vlc.git%3Ba=commitdiff%3Bh=b31ce523331aa3a6e620b68cdfe3f161d519631e | x_refsource_CONFIRM | |
| http://www.osvdb.org/89598 | vdb-entry, x_refsource_OSVDB | |
| https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A17023 | vdb-entry, signature, x_refsource_OVAL | |
| http://www.videolan.org/security/sa1302.html | x_refsource_CONFIRM |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T15:20:37.306Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "[oss-security] 20130414 CVE Request: VLC Buffer Overflow in ASF Demuxer",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://marc.info/?l=oss-security\u0026m=136593191416152\u0026w=2"
},
{
"name": "59793",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/59793"
},
{
"name": "[oss-security] 20130416 Re: CVE Request: VLC Buffer Overflow in ASF Demuxer",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://marc.info/?l=oss-security\u0026m=136610343501731\u0026w=2"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://trac.videolan.org/vlc/ticket/8024"
},
{
"name": "57333",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/57333"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://git.videolan.org/?p=vlc.git%3Ba=commitdiff%3Bh=b31ce523331aa3a6e620b68cdfe3f161d519631e"
},
{
"name": "89598",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://www.osvdb.org/89598"
},
{
"name": "oval:org.mitre.oval:def:17023",
"tags": [
"vdb-entry",
"signature",
"x_refsource_OVAL",
"x_transferred"
],
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A17023"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.videolan.org/security/sa1302.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2013-04-14T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "The ASF Demuxer (modules/demux/asf/asf.c) in VideoLAN VLC media player 2.0.5 and earlier allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a crafted ASF movie that triggers an out-of-bounds read."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-09-18T12:57:01",
"orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"shortName": "redhat"
},
"references": [
{
"name": "[oss-security] 20130414 CVE Request: VLC Buffer Overflow in ASF Demuxer",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://marc.info/?l=oss-security\u0026m=136593191416152\u0026w=2"
},
{
"name": "59793",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/59793"
},
{
"name": "[oss-security] 20130416 Re: CVE Request: VLC Buffer Overflow in ASF Demuxer",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://marc.info/?l=oss-security\u0026m=136610343501731\u0026w=2"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://trac.videolan.org/vlc/ticket/8024"
},
{
"name": "57333",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/57333"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://git.videolan.org/?p=vlc.git%3Ba=commitdiff%3Bh=b31ce523331aa3a6e620b68cdfe3f161d519631e"
},
{
"name": "89598",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://www.osvdb.org/89598"
},
{
"name": "oval:org.mitre.oval:def:17023",
"tags": [
"vdb-entry",
"signature",
"x_refsource_OVAL"
],
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A17023"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.videolan.org/security/sa1302.html"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "secalert@redhat.com",
"ID": "CVE-2013-1954",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The ASF Demuxer (modules/demux/asf/asf.c) in VideoLAN VLC media player 2.0.5 and earlier allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a crafted ASF movie that triggers an out-of-bounds read."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "[oss-security] 20130414 CVE Request: VLC Buffer Overflow in ASF Demuxer",
"refsource": "MLIST",
"url": "http://marc.info/?l=oss-security\u0026m=136593191416152\u0026w=2"
},
{
"name": "59793",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/59793"
},
{
"name": "[oss-security] 20130416 Re: CVE Request: VLC Buffer Overflow in ASF Demuxer",
"refsource": "MLIST",
"url": "http://marc.info/?l=oss-security\u0026m=136610343501731\u0026w=2"
},
{
"name": "http://trac.videolan.org/vlc/ticket/8024",
"refsource": "CONFIRM",
"url": "http://trac.videolan.org/vlc/ticket/8024"
},
{
"name": "57333",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/57333"
},
{
"name": "http://git.videolan.org/?p=vlc.git;a=commitdiff;h=b31ce523331aa3a6e620b68cdfe3f161d519631e",
"refsource": "CONFIRM",
"url": "http://git.videolan.org/?p=vlc.git;a=commitdiff;h=b31ce523331aa3a6e620b68cdfe3f161d519631e"
},
{
"name": "89598",
"refsource": "OSVDB",
"url": "http://www.osvdb.org/89598"
},
{
"name": "oval:org.mitre.oval:def:17023",
"refsource": "OVAL",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A17023"
},
{
"name": "http://www.videolan.org/security/sa1302.html",
"refsource": "CONFIRM",
"url": "http://www.videolan.org/security/sa1302.html"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"assignerShortName": "redhat",
"cveId": "CVE-2013-1954",
"datePublished": "2013-07-10T19:00:00",
"dateReserved": "2013-02-19T00:00:00",
"dateUpdated": "2024-08-06T15:20:37.306Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2014-9625
Vulnerability from cvelistv5
Published
2020-01-24 21:57
Modified
2024-08-06 13:47
Severity ?
EPSS score ?
Summary
The GetUpdateFile function in misc/update.c in the Updater in VideoLAN VLC media player before 2.1.6 performs an incorrect cast operation from a 64-bit integer to a 32-bit integer, which allows remote attackers to conduct buffer overflow attacks and execute arbitrary code via a crafted update status file, aka an "integer truncation" vulnerability.
References
| ▼ | URL | Tags |
|---|---|---|
| https://github.com/videolan/vlc/commit/fbe2837bc80f155c001781041a54c58b5524fc14 | x_refsource_MISC | |
| http://openwall.com/lists/oss-security/2015/01/20/5 | x_refsource_MISC | |
| https://www.videolan.org/security/sa1501.html | x_refsource_CONFIRM |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T13:47:41.799Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/videolan/vlc/commit/fbe2837bc80f155c001781041a54c58b5524fc14"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://openwall.com/lists/oss-security/2015/01/20/5"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://www.videolan.org/security/sa1501.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2014-12-06T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "The GetUpdateFile function in misc/update.c in the Updater in VideoLAN VLC media player before 2.1.6 performs an incorrect cast operation from a 64-bit integer to a 32-bit integer, which allows remote attackers to conduct buffer overflow attacks and execute arbitrary code via a crafted update status file, aka an \"integer truncation\" vulnerability."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2020-01-24T21:57:29",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/videolan/vlc/commit/fbe2837bc80f155c001781041a54c58b5524fc14"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://openwall.com/lists/oss-security/2015/01/20/5"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://www.videolan.org/security/sa1501.html"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2014-9625",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The GetUpdateFile function in misc/update.c in the Updater in VideoLAN VLC media player before 2.1.6 performs an incorrect cast operation from a 64-bit integer to a 32-bit integer, which allows remote attackers to conduct buffer overflow attacks and execute arbitrary code via a crafted update status file, aka an \"integer truncation\" vulnerability."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://github.com/videolan/vlc/commit/fbe2837bc80f155c001781041a54c58b5524fc14",
"refsource": "MISC",
"url": "https://github.com/videolan/vlc/commit/fbe2837bc80f155c001781041a54c58b5524fc14"
},
{
"name": "http://openwall.com/lists/oss-security/2015/01/20/5",
"refsource": "MISC",
"url": "http://openwall.com/lists/oss-security/2015/01/20/5"
},
{
"name": "https://www.videolan.org/security/sa1501.html",
"refsource": "CONFIRM",
"url": "https://www.videolan.org/security/sa1501.html"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2014-9625",
"datePublished": "2020-01-24T21:57:29",
"dateReserved": "2015-01-20T00:00:00",
"dateUpdated": "2024-08-06T13:47:41.799Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2019-5439
Vulnerability from cvelistv5
Published
2019-06-13 15:38
Modified
2024-08-04 19:54
Severity ?
EPSS score ?
Summary
A Buffer Overflow in VLC Media Player < 3.0.7 causes a crash which can possibly be further developed into a remote code execution exploit.
References
| ▼ | URL | Tags |
|---|---|---|
| https://hackerone.com/reports/484398 | x_refsource_MISC | |
| http://www.securityfocus.com/bid/108769 | vdb-entry, x_refsource_BID | |
| https://usn.ubuntu.com/4074-1/ | vendor-advisory, x_refsource_UBUNTU | |
| http://lists.opensuse.org/opensuse-security-announce/2019-08/msg00005.html | vendor-advisory, x_refsource_SUSE | |
| http://lists.opensuse.org/opensuse-security-announce/2019-08/msg00040.html | vendor-advisory, x_refsource_SUSE | |
| http://lists.opensuse.org/opensuse-security-announce/2019-08/msg00037.html | vendor-advisory, x_refsource_SUSE | |
| https://security.gentoo.org/glsa/201908-23 | vendor-advisory, x_refsource_GENTOO | |
| http://lists.opensuse.org/opensuse-security-announce/2019-08/msg00081.html | vendor-advisory, x_refsource_SUSE |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| ▼ | n/a | VLC Media Player |
Version: Fixed in 3.0.7 |
|
|
|||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T19:54:53.470Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://hackerone.com/reports/484398"
},
{
"name": "108769",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/108769"
},
{
"name": "USN-4074-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU",
"x_transferred"
],
"url": "https://usn.ubuntu.com/4074-1/"
},
{
"name": "openSUSE-SU-2019:1840",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2019-08/msg00005.html"
},
{
"name": "openSUSE-SU-2019:1909",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2019-08/msg00040.html"
},
{
"name": "openSUSE-SU-2019:1897",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2019-08/msg00037.html"
},
{
"name": "GLSA-201908-23",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO",
"x_transferred"
],
"url": "https://security.gentoo.org/glsa/201908-23"
},
{
"name": "openSUSE-SU-2019:2015",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2019-08/msg00081.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "VLC Media Player",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "Fixed in 3.0.7"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "A Buffer Overflow in VLC Media Player \u003c 3.0.7 causes a crash which can possibly be further developed into a remote code execution exploit."
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-120",
"description": "Classic Buffer Overflow (CWE-120)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2019-08-26T20:06:12",
"orgId": "36234546-b8fa-4601-9d6f-f4e334aa8ea1",
"shortName": "hackerone"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://hackerone.com/reports/484398"
},
{
"name": "108769",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/108769"
},
{
"name": "USN-4074-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU"
],
"url": "https://usn.ubuntu.com/4074-1/"
},
{
"name": "openSUSE-SU-2019:1840",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2019-08/msg00005.html"
},
{
"name": "openSUSE-SU-2019:1909",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2019-08/msg00040.html"
},
{
"name": "openSUSE-SU-2019:1897",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2019-08/msg00037.html"
},
{
"name": "GLSA-201908-23",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO"
],
"url": "https://security.gentoo.org/glsa/201908-23"
},
{
"name": "openSUSE-SU-2019:2015",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2019-08/msg00081.html"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "support@hackerone.com",
"ID": "CVE-2019-5439",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "VLC Media Player",
"version": {
"version_data": [
{
"version_value": "Fixed in 3.0.7"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "A Buffer Overflow in VLC Media Player \u003c 3.0.7 causes a crash which can possibly be further developed into a remote code execution exploit."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Classic Buffer Overflow (CWE-120)"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://hackerone.com/reports/484398",
"refsource": "MISC",
"url": "https://hackerone.com/reports/484398"
},
{
"name": "108769",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/108769"
},
{
"name": "USN-4074-1",
"refsource": "UBUNTU",
"url": "https://usn.ubuntu.com/4074-1/"
},
{
"name": "openSUSE-SU-2019:1840",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2019-08/msg00005.html"
},
{
"name": "openSUSE-SU-2019:1909",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2019-08/msg00040.html"
},
{
"name": "openSUSE-SU-2019:1897",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2019-08/msg00037.html"
},
{
"name": "GLSA-201908-23",
"refsource": "GENTOO",
"url": "https://security.gentoo.org/glsa/201908-23"
},
{
"name": "openSUSE-SU-2019:2015",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2019-08/msg00081.html"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "36234546-b8fa-4601-9d6f-f4e334aa8ea1",
"assignerShortName": "hackerone",
"cveId": "CVE-2019-5439",
"datePublished": "2019-06-13T15:38:36",
"dateReserved": "2019-01-04T00:00:00",
"dateUpdated": "2024-08-04T19:54:53.470Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2009-2484
Vulnerability from cvelistv5
Published
2009-07-16 16:00
Modified
2024-08-07 05:52
Severity ?
EPSS score ?
Summary
Stack-based buffer overflow in the Win32AddConnection function in modules/access/smb.c in VideoLAN VLC media player 0.9.9, when running on Microsoft Windows, allows remote attackers to cause a denial of service (application crash) and possibly execute arbitrary code via a long smb URI in a playlist file.
References
| ▼ | URL | Tags |
|---|---|---|
| http://www.vupen.com/english/advisories/2009/1714 | vdb-entry, x_refsource_VUPEN | |
| http://www.exploit-db.com/exploits/9029 | exploit, x_refsource_EXPLOIT-DB | |
| http://git.videolan.org/?p=vlc.git%3Ba=commit%3Bh=e60a9038b13b5eb805a76755efc5c6d5e080180f | x_refsource_CONFIRM | |
| https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A14800 | vdb-entry, signature, x_refsource_OVAL | |
| http://secunia.com/advisories/35558 | third-party-advisory, x_refsource_SECUNIA | |
| http://www.securityfocus.com/bid/35500 | vdb-entry, x_refsource_BID |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T05:52:14.948Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "ADV-2009-1714",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2009/1714"
},
{
"name": "9029",
"tags": [
"exploit",
"x_refsource_EXPLOIT-DB",
"x_transferred"
],
"url": "http://www.exploit-db.com/exploits/9029"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://git.videolan.org/?p=vlc.git%3Ba=commit%3Bh=e60a9038b13b5eb805a76755efc5c6d5e080180f"
},
{
"name": "oval:org.mitre.oval:def:14800",
"tags": [
"vdb-entry",
"signature",
"x_refsource_OVAL",
"x_transferred"
],
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A14800"
},
{
"name": "35558",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/35558"
},
{
"name": "35500",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/35500"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2009-06-29T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Stack-based buffer overflow in the Win32AddConnection function in modules/access/smb.c in VideoLAN VLC media player 0.9.9, when running on Microsoft Windows, allows remote attackers to cause a denial of service (application crash) and possibly execute arbitrary code via a long smb URI in a playlist file."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-09-18T12:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "ADV-2009-1714",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2009/1714"
},
{
"name": "9029",
"tags": [
"exploit",
"x_refsource_EXPLOIT-DB"
],
"url": "http://www.exploit-db.com/exploits/9029"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://git.videolan.org/?p=vlc.git%3Ba=commit%3Bh=e60a9038b13b5eb805a76755efc5c6d5e080180f"
},
{
"name": "oval:org.mitre.oval:def:14800",
"tags": [
"vdb-entry",
"signature",
"x_refsource_OVAL"
],
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A14800"
},
{
"name": "35558",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/35558"
},
{
"name": "35500",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/35500"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2009-2484",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Stack-based buffer overflow in the Win32AddConnection function in modules/access/smb.c in VideoLAN VLC media player 0.9.9, when running on Microsoft Windows, allows remote attackers to cause a denial of service (application crash) and possibly execute arbitrary code via a long smb URI in a playlist file."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "ADV-2009-1714",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2009/1714"
},
{
"name": "9029",
"refsource": "EXPLOIT-DB",
"url": "http://www.exploit-db.com/exploits/9029"
},
{
"name": "http://git.videolan.org/?p=vlc.git;a=commit;h=e60a9038b13b5eb805a76755efc5c6d5e080180f",
"refsource": "CONFIRM",
"url": "http://git.videolan.org/?p=vlc.git;a=commit;h=e60a9038b13b5eb805a76755efc5c6d5e080180f"
},
{
"name": "oval:org.mitre.oval:def:14800",
"refsource": "OVAL",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A14800"
},
{
"name": "35558",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/35558"
},
{
"name": "35500",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/35500"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2009-2484",
"datePublished": "2009-07-16T16:00:00",
"dateReserved": "2009-07-16T00:00:00",
"dateUpdated": "2024-08-07T05:52:14.948Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2012-0023
Vulnerability from cvelistv5
Published
2012-10-30 19:00
Modified
2024-08-06 18:09
Severity ?
EPSS score ?
Summary
Double free vulnerability in the get_chunk_header function in modules/demux/ty.c in VideoLAN VLC media player 0.9.0 through 1.1.12 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a crafted TiVo (TY) file.
References
| ▼ | URL | Tags |
|---|---|---|
| http://www.openwall.com/lists/oss-security/2012/10/29/5 | mailing-list, x_refsource_MLIST | |
| https://exchange.xforce.ibmcloud.com/vulnerabilities/71916 | vdb-entry, x_refsource_XF | |
| http://www.osvdb.org/77975 | vdb-entry, x_refsource_OSVDB | |
| http://www.securityfocus.com/bid/51231 | vdb-entry, x_refsource_BID | |
| http://secunia.com/advisories/47325 | third-party-advisory, x_refsource_SECUNIA | |
| http://www.openwall.com/lists/oss-security/2012/10/30/9 | mailing-list, x_refsource_MLIST | |
| http://www.videolan.org/security/sa1108.html | x_refsource_CONFIRM | |
| https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A15893 | vdb-entry, signature, x_refsource_OVAL | |
| http://securitytracker.com/id?1026449 | vdb-entry, x_refsource_SECTRACK | |
| http://git.videolan.org/?p=vlc.git%3Ba=commit%3Bh=7d282fac1cc455b5a5eca2bb56375efcbf879b06 | x_refsource_CONFIRM |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T18:09:17.257Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "[oss-security] 20121029 VideoLAN TiVo Demuxer Duplicate CVEs (CVE-2011-5231 and CVE-2012-0023)",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2012/10/29/5"
},
{
"name": "vlcmediaplayer-getchunkheader-code-exec(71916)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/71916"
},
{
"name": "77975",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://www.osvdb.org/77975"
},
{
"name": "51231",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/51231"
},
{
"name": "47325",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/47325"
},
{
"name": "[oss-security] 20121030 RE: VideoLAN TiVo Demuxer Duplicate CVEs (CVE-2011-5231 and CVE-2012-0023)",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2012/10/30/9"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.videolan.org/security/sa1108.html"
},
{
"name": "oval:org.mitre.oval:def:15893",
"tags": [
"vdb-entry",
"signature",
"x_refsource_OVAL",
"x_transferred"
],
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A15893"
},
{
"name": "1026449",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://securitytracker.com/id?1026449"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://git.videolan.org/?p=vlc.git%3Ba=commit%3Bh=7d282fac1cc455b5a5eca2bb56375efcbf879b06"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2011-12-20T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Double free vulnerability in the get_chunk_header function in modules/demux/ty.c in VideoLAN VLC media player 0.9.0 through 1.1.12 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a crafted TiVo (TY) file."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-11-29T19:57:01",
"orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"shortName": "redhat"
},
"references": [
{
"name": "[oss-security] 20121029 VideoLAN TiVo Demuxer Duplicate CVEs (CVE-2011-5231 and CVE-2012-0023)",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://www.openwall.com/lists/oss-security/2012/10/29/5"
},
{
"name": "vlcmediaplayer-getchunkheader-code-exec(71916)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/71916"
},
{
"name": "77975",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://www.osvdb.org/77975"
},
{
"name": "51231",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/51231"
},
{
"name": "47325",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/47325"
},
{
"name": "[oss-security] 20121030 RE: VideoLAN TiVo Demuxer Duplicate CVEs (CVE-2011-5231 and CVE-2012-0023)",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://www.openwall.com/lists/oss-security/2012/10/30/9"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.videolan.org/security/sa1108.html"
},
{
"name": "oval:org.mitre.oval:def:15893",
"tags": [
"vdb-entry",
"signature",
"x_refsource_OVAL"
],
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A15893"
},
{
"name": "1026449",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://securitytracker.com/id?1026449"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://git.videolan.org/?p=vlc.git%3Ba=commit%3Bh=7d282fac1cc455b5a5eca2bb56375efcbf879b06"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "secalert@redhat.com",
"ID": "CVE-2012-0023",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Double free vulnerability in the get_chunk_header function in modules/demux/ty.c in VideoLAN VLC media player 0.9.0 through 1.1.12 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a crafted TiVo (TY) file."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "[oss-security] 20121029 VideoLAN TiVo Demuxer Duplicate CVEs (CVE-2011-5231 and CVE-2012-0023)",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2012/10/29/5"
},
{
"name": "vlcmediaplayer-getchunkheader-code-exec(71916)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/71916"
},
{
"name": "77975",
"refsource": "OSVDB",
"url": "http://www.osvdb.org/77975"
},
{
"name": "51231",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/51231"
},
{
"name": "47325",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/47325"
},
{
"name": "[oss-security] 20121030 RE: VideoLAN TiVo Demuxer Duplicate CVEs (CVE-2011-5231 and CVE-2012-0023)",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2012/10/30/9"
},
{
"name": "http://www.videolan.org/security/sa1108.html",
"refsource": "CONFIRM",
"url": "http://www.videolan.org/security/sa1108.html"
},
{
"name": "oval:org.mitre.oval:def:15893",
"refsource": "OVAL",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A15893"
},
{
"name": "1026449",
"refsource": "SECTRACK",
"url": "http://securitytracker.com/id?1026449"
},
{
"name": "http://git.videolan.org/?p=vlc.git;a=commit;h=7d282fac1cc455b5a5eca2bb56375efcbf879b06",
"refsource": "CONFIRM",
"url": "http://git.videolan.org/?p=vlc.git;a=commit;h=7d282fac1cc455b5a5eca2bb56375efcbf879b06"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"assignerShortName": "redhat",
"cveId": "CVE-2012-0023",
"datePublished": "2012-10-30T19:00:00",
"dateReserved": "2011-12-07T00:00:00",
"dateUpdated": "2024-08-06T18:09:17.257Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2008-4654
Vulnerability from cvelistv5
Published
2008-10-21 22:00
Modified
2024-08-07 10:24
Severity ?
EPSS score ?
Summary
Stack-based buffer overflow in the parse_master function in the Ty demux plugin (modules/demux/ty.c) in VLC Media Player 0.9.0 through 0.9.4 allows remote attackers to execute arbitrary code via a TiVo TY media file with a header containing a crafted size value.
References
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T10:24:20.799Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "ADV-2008-2856",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2008/2856"
},
{
"name": "oval:org.mitre.oval:def:14803",
"tags": [
"vdb-entry",
"signature",
"x_refsource_OVAL",
"x_transferred"
],
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A14803"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://git.videolan.org/?p=vlc.git%3Ba=commit%3Bh=fde9e1cc1fe1ec9635169fa071e42b3aa6436033"
},
{
"name": "32339",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/32339"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://www.trapkit.de/advisories/TKADV2008-010.txt"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://git.videolan.org/?p=vlc.git%3Ba=commitdiff%3Bh=26d92b87bba99b5ea2e17b7eaa39c462d65e9133"
},
{
"name": "[oss-security] 20081019 CVE id request: vlc",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2008/10/19/2"
},
{
"name": "31813",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/31813"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.videolan.org/security/sa0809.html"
},
{
"name": "4460",
"tags": [
"third-party-advisory",
"x_refsource_SREASON",
"x_transferred"
],
"url": "http://securityreason.com/securityalert/4460"
},
{
"name": "vlcmediaplayer-ty-bo(45960)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/45960"
},
{
"name": "20081020 [TKADV2008-010] VLC media player TiVo ty Processing Stack Overflow Vulnerability",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://www.securityfocus.com/archive/1/497587/100/0/threaded"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=502726"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2008-10-18T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Stack-based buffer overflow in the parse_master function in the Ty demux plugin (modules/demux/ty.c) in VLC Media Player 0.9.0 through 0.9.4 allows remote attackers to execute arbitrary code via a TiVo TY media file with a header containing a crafted size value."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-10-11T19:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "ADV-2008-2856",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2008/2856"
},
{
"name": "oval:org.mitre.oval:def:14803",
"tags": [
"vdb-entry",
"signature",
"x_refsource_OVAL"
],
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A14803"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://git.videolan.org/?p=vlc.git%3Ba=commit%3Bh=fde9e1cc1fe1ec9635169fa071e42b3aa6436033"
},
{
"name": "32339",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/32339"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://www.trapkit.de/advisories/TKADV2008-010.txt"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://git.videolan.org/?p=vlc.git%3Ba=commitdiff%3Bh=26d92b87bba99b5ea2e17b7eaa39c462d65e9133"
},
{
"name": "[oss-security] 20081019 CVE id request: vlc",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://www.openwall.com/lists/oss-security/2008/10/19/2"
},
{
"name": "31813",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/31813"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.videolan.org/security/sa0809.html"
},
{
"name": "4460",
"tags": [
"third-party-advisory",
"x_refsource_SREASON"
],
"url": "http://securityreason.com/securityalert/4460"
},
{
"name": "vlcmediaplayer-ty-bo(45960)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/45960"
},
{
"name": "20081020 [TKADV2008-010] VLC media player TiVo ty Processing Stack Overflow Vulnerability",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://www.securityfocus.com/archive/1/497587/100/0/threaded"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=502726"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2008-4654",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Stack-based buffer overflow in the parse_master function in the Ty demux plugin (modules/demux/ty.c) in VLC Media Player 0.9.0 through 0.9.4 allows remote attackers to execute arbitrary code via a TiVo TY media file with a header containing a crafted size value."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "ADV-2008-2856",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2008/2856"
},
{
"name": "oval:org.mitre.oval:def:14803",
"refsource": "OVAL",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A14803"
},
{
"name": "http://git.videolan.org/?p=vlc.git;a=commit;h=fde9e1cc1fe1ec9635169fa071e42b3aa6436033",
"refsource": "CONFIRM",
"url": "http://git.videolan.org/?p=vlc.git;a=commit;h=fde9e1cc1fe1ec9635169fa071e42b3aa6436033"
},
{
"name": "32339",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/32339"
},
{
"name": "http://www.trapkit.de/advisories/TKADV2008-010.txt",
"refsource": "MISC",
"url": "http://www.trapkit.de/advisories/TKADV2008-010.txt"
},
{
"name": "http://git.videolan.org/?p=vlc.git;a=commitdiff;h=26d92b87bba99b5ea2e17b7eaa39c462d65e9133",
"refsource": "CONFIRM",
"url": "http://git.videolan.org/?p=vlc.git;a=commitdiff;h=26d92b87bba99b5ea2e17b7eaa39c462d65e9133"
},
{
"name": "[oss-security] 20081019 CVE id request: vlc",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2008/10/19/2"
},
{
"name": "31813",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/31813"
},
{
"name": "http://www.videolan.org/security/sa0809.html",
"refsource": "CONFIRM",
"url": "http://www.videolan.org/security/sa0809.html"
},
{
"name": "4460",
"refsource": "SREASON",
"url": "http://securityreason.com/securityalert/4460"
},
{
"name": "vlcmediaplayer-ty-bo(45960)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/45960"
},
{
"name": "20081020 [TKADV2008-010] VLC media player TiVo ty Processing Stack Overflow Vulnerability",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/497587/100/0/threaded"
},
{
"name": "http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=502726",
"refsource": "CONFIRM",
"url": "http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=502726"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2008-4654",
"datePublished": "2008-10-21T22:00:00",
"dateReserved": "2008-10-21T00:00:00",
"dateUpdated": "2024-08-07T10:24:20.799Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2019-13602
Vulnerability from cvelistv5
Published
2019-07-14 21:00
Modified
2024-08-04 23:57
Severity ?
EPSS score ?
Summary
An Integer Underflow in MP4_EIA608_Convert() in modules/demux/mp4/mp4.c in VideoLAN VLC media player through 3.0.7.1 allows remote attackers to cause a denial of service (heap-based buffer overflow and crash) or possibly have unspecified other impact via a crafted .mp4 file.
References
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T23:57:39.451Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://git.videolan.org/?p=vlc.git%3Ba=commit%3Bh=8e8e0d72447f8378244f5b4a3dcde036dbeb1491"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://git.videolan.org/?p=vlc.git%3Ba=commit%3Bh=b2b157076d9e94df34502dd8df0787deb940e938"
},
{
"name": "109158",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/109158"
},
{
"name": "USN-4074-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU",
"x_transferred"
],
"url": "https://usn.ubuntu.com/4074-1/"
},
{
"name": "openSUSE-SU-2019:1840",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2019-08/msg00005.html"
},
{
"name": "openSUSE-SU-2019:1909",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2019-08/msg00040.html"
},
{
"name": "openSUSE-SU-2019:1897",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2019-08/msg00037.html"
},
{
"name": "DSA-4504",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN",
"x_transferred"
],
"url": "https://www.debian.org/security/2019/dsa-4504"
},
{
"name": "20190821 [SECURITY] [DSA 4504-1] vlc security update",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "https://seclists.org/bugtraq/2019/Aug/36"
},
{
"name": "openSUSE-SU-2019:2015",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2019-08/msg00081.html"
},
{
"name": "GLSA-201909-02",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO",
"x_transferred"
],
"url": "https://security.gentoo.org/glsa/201909-02"
},
{
"name": "openSUSE-SU-2020:0545",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2020-04/msg00036.html"
},
{
"name": "openSUSE-SU-2020:0562",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2020-04/msg00046.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "An Integer Underflow in MP4_EIA608_Convert() in modules/demux/mp4/mp4.c in VideoLAN VLC media player through 3.0.7.1 allows remote attackers to cause a denial of service (heap-based buffer overflow and crash) or possibly have unspecified other impact via a crafted .mp4 file."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2020-04-29T11:06:14",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://git.videolan.org/?p=vlc.git%3Ba=commit%3Bh=8e8e0d72447f8378244f5b4a3dcde036dbeb1491"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://git.videolan.org/?p=vlc.git%3Ba=commit%3Bh=b2b157076d9e94df34502dd8df0787deb940e938"
},
{
"name": "109158",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/109158"
},
{
"name": "USN-4074-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU"
],
"url": "https://usn.ubuntu.com/4074-1/"
},
{
"name": "openSUSE-SU-2019:1840",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2019-08/msg00005.html"
},
{
"name": "openSUSE-SU-2019:1909",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2019-08/msg00040.html"
},
{
"name": "openSUSE-SU-2019:1897",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2019-08/msg00037.html"
},
{
"name": "DSA-4504",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN"
],
"url": "https://www.debian.org/security/2019/dsa-4504"
},
{
"name": "20190821 [SECURITY] [DSA 4504-1] vlc security update",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "https://seclists.org/bugtraq/2019/Aug/36"
},
{
"name": "openSUSE-SU-2019:2015",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2019-08/msg00081.html"
},
{
"name": "GLSA-201909-02",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO"
],
"url": "https://security.gentoo.org/glsa/201909-02"
},
{
"name": "openSUSE-SU-2020:0545",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2020-04/msg00036.html"
},
{
"name": "openSUSE-SU-2020:0562",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2020-04/msg00046.html"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2019-13602",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "An Integer Underflow in MP4_EIA608_Convert() in modules/demux/mp4/mp4.c in VideoLAN VLC media player through 3.0.7.1 allows remote attackers to cause a denial of service (heap-based buffer overflow and crash) or possibly have unspecified other impact via a crafted .mp4 file."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://git.videolan.org/?p=vlc.git;a=commit;h=8e8e0d72447f8378244f5b4a3dcde036dbeb1491",
"refsource": "MISC",
"url": "https://git.videolan.org/?p=vlc.git;a=commit;h=8e8e0d72447f8378244f5b4a3dcde036dbeb1491"
},
{
"name": "https://git.videolan.org/?p=vlc.git;a=commit;h=b2b157076d9e94df34502dd8df0787deb940e938",
"refsource": "MISC",
"url": "https://git.videolan.org/?p=vlc.git;a=commit;h=b2b157076d9e94df34502dd8df0787deb940e938"
},
{
"name": "109158",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/109158"
},
{
"name": "USN-4074-1",
"refsource": "UBUNTU",
"url": "https://usn.ubuntu.com/4074-1/"
},
{
"name": "openSUSE-SU-2019:1840",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2019-08/msg00005.html"
},
{
"name": "openSUSE-SU-2019:1909",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2019-08/msg00040.html"
},
{
"name": "openSUSE-SU-2019:1897",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2019-08/msg00037.html"
},
{
"name": "DSA-4504",
"refsource": "DEBIAN",
"url": "https://www.debian.org/security/2019/dsa-4504"
},
{
"name": "20190821 [SECURITY] [DSA 4504-1] vlc security update",
"refsource": "BUGTRAQ",
"url": "https://seclists.org/bugtraq/2019/Aug/36"
},
{
"name": "openSUSE-SU-2019:2015",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2019-08/msg00081.html"
},
{
"name": "GLSA-201909-02",
"refsource": "GENTOO",
"url": "https://security.gentoo.org/glsa/201909-02"
},
{
"name": "openSUSE-SU-2020:0545",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2020-04/msg00036.html"
},
{
"name": "openSUSE-SU-2020:0562",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2020-04/msg00046.html"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2019-13602",
"datePublished": "2019-07-14T21:00:27",
"dateReserved": "2019-07-14T00:00:00",
"dateUpdated": "2024-08-04T23:57:39.451Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2008-3794
Vulnerability from cvelistv5
Published
2008-08-26 15:00
Modified
2024-08-07 09:53
Severity ?
EPSS score ?
Summary
Integer signedness error in the mms_ReceiveCommand function in modules/access/mms/mmstu.c in VLC Media Player 0.8.6i allows remote attackers to execute arbitrary code via a crafted mmst link with a negative size value, which bypasses a size check and triggers an integer overflow followed by a heap-based buffer overflow.
References
| ▼ | URL | Tags |
|---|---|---|
| http://www.orange-bat.com/adv/2008/adv.08.24.txt | x_refsource_MISC | |
| http://www.securityfocus.com/bid/30806 | vdb-entry, x_refsource_BID | |
| https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A14531 | vdb-entry, signature, x_refsource_OVAL | |
| http://mailman.videolan.org/pipermail/vlc-devel/2008-August/048488.html | mailing-list, x_refsource_MLIST | |
| https://www.exploit-db.com/exploits/6293 | exploit, x_refsource_EXPLOIT-DB | |
| https://exchange.xforce.ibmcloud.com/vulnerabilities/44659 | vdb-entry, x_refsource_XF | |
| http://www.securitytracker.com/id?1020759 | vdb-entry, x_refsource_SECTRACK | |
| http://securityreason.com/securityalert/4190 | third-party-advisory, x_refsource_SREASON | |
| http://www.openwall.com/lists/oss-security/2008/08/24/3 | mailing-list, x_refsource_MLIST | |
| http://security.gentoo.org/glsa/glsa-200809-06.xml | vendor-advisory, x_refsource_GENTOO |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T09:53:00.042Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://www.orange-bat.com/adv/2008/adv.08.24.txt"
},
{
"name": "30806",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/30806"
},
{
"name": "oval:org.mitre.oval:def:14531",
"tags": [
"vdb-entry",
"signature",
"x_refsource_OVAL",
"x_transferred"
],
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A14531"
},
{
"name": "[vlc-devel] 20080824 commit: MMS integers handling fixes, including buffer overflow ( R\u00e9mi Denis-Courmont )",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://mailman.videolan.org/pipermail/vlc-devel/2008-August/048488.html"
},
{
"name": "6293",
"tags": [
"exploit",
"x_refsource_EXPLOIT-DB",
"x_transferred"
],
"url": "https://www.exploit-db.com/exploits/6293"
},
{
"name": "vlcmediaplayer-memmove-bo(44659)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/44659"
},
{
"name": "1020759",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://www.securitytracker.com/id?1020759"
},
{
"name": "4190",
"tags": [
"third-party-advisory",
"x_refsource_SREASON",
"x_transferred"
],
"url": "http://securityreason.com/securityalert/4190"
},
{
"name": "[oss-security] 20080824 Re: CVE id request: vlc",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2008/08/24/3"
},
{
"name": "GLSA-200809-06",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO",
"x_transferred"
],
"url": "http://security.gentoo.org/glsa/glsa-200809-06.xml"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2008-08-23T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Integer signedness error in the mms_ReceiveCommand function in modules/access/mms/mmstu.c in VLC Media Player 0.8.6i allows remote attackers to execute arbitrary code via a crafted mmst link with a negative size value, which bypasses a size check and triggers an integer overflow followed by a heap-based buffer overflow."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-09-28T12:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "http://www.orange-bat.com/adv/2008/adv.08.24.txt"
},
{
"name": "30806",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/30806"
},
{
"name": "oval:org.mitre.oval:def:14531",
"tags": [
"vdb-entry",
"signature",
"x_refsource_OVAL"
],
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A14531"
},
{
"name": "[vlc-devel] 20080824 commit: MMS integers handling fixes, including buffer overflow ( R\u00e9mi Denis-Courmont )",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://mailman.videolan.org/pipermail/vlc-devel/2008-August/048488.html"
},
{
"name": "6293",
"tags": [
"exploit",
"x_refsource_EXPLOIT-DB"
],
"url": "https://www.exploit-db.com/exploits/6293"
},
{
"name": "vlcmediaplayer-memmove-bo(44659)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/44659"
},
{
"name": "1020759",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://www.securitytracker.com/id?1020759"
},
{
"name": "4190",
"tags": [
"third-party-advisory",
"x_refsource_SREASON"
],
"url": "http://securityreason.com/securityalert/4190"
},
{
"name": "[oss-security] 20080824 Re: CVE id request: vlc",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://www.openwall.com/lists/oss-security/2008/08/24/3"
},
{
"name": "GLSA-200809-06",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO"
],
"url": "http://security.gentoo.org/glsa/glsa-200809-06.xml"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2008-3794",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Integer signedness error in the mms_ReceiveCommand function in modules/access/mms/mmstu.c in VLC Media Player 0.8.6i allows remote attackers to execute arbitrary code via a crafted mmst link with a negative size value, which bypasses a size check and triggers an integer overflow followed by a heap-based buffer overflow."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://www.orange-bat.com/adv/2008/adv.08.24.txt",
"refsource": "MISC",
"url": "http://www.orange-bat.com/adv/2008/adv.08.24.txt"
},
{
"name": "30806",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/30806"
},
{
"name": "oval:org.mitre.oval:def:14531",
"refsource": "OVAL",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A14531"
},
{
"name": "[vlc-devel] 20080824 commit: MMS integers handling fixes, including buffer overflow ( R\u00e9mi Denis-Courmont )",
"refsource": "MLIST",
"url": "http://mailman.videolan.org/pipermail/vlc-devel/2008-August/048488.html"
},
{
"name": "6293",
"refsource": "EXPLOIT-DB",
"url": "https://www.exploit-db.com/exploits/6293"
},
{
"name": "vlcmediaplayer-memmove-bo(44659)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/44659"
},
{
"name": "1020759",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id?1020759"
},
{
"name": "4190",
"refsource": "SREASON",
"url": "http://securityreason.com/securityalert/4190"
},
{
"name": "[oss-security] 20080824 Re: CVE id request: vlc",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2008/08/24/3"
},
{
"name": "GLSA-200809-06",
"refsource": "GENTOO",
"url": "http://security.gentoo.org/glsa/glsa-200809-06.xml"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2008-3794",
"datePublished": "2008-08-26T15:00:00",
"dateReserved": "2008-08-26T00:00:00",
"dateUpdated": "2024-08-07T09:53:00.042Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2013-3565
Vulnerability from cvelistv5
Published
2020-01-31 21:39
Modified
2024-08-06 16:14
Severity ?
EPSS score ?
Summary
Multiple cross-site scripting (XSS) vulnerabilities in the HTTP Interface in VideoLAN VLC Media Player before 2.0.7 allow remote attackers to inject arbitrary web script or HTML via the (1) command parameter to requests/vlm_cmd.xml, (2) dir parameter to requests/browse.xml, or (3) URI in a request, which is returned in an error message through share/lua/intf/http.lua.
References
| ▼ | URL | Tags |
|---|---|---|
| http://www.videolan.org/developers/vlc-branch/NEWS | x_refsource_MISC | |
| https://www3.trustwave.com/spiderlabs/advisories/TWSL2013-007.txt | x_refsource_MISC | |
| http://git.videolan.org/gitweb.cgi/vlc.git/?p=vlc.git%3Ba=commitdiff%3Bh=bf02b8dd211d5a52aa301a9a2ff4e73ed8195881 | x_refsource_MISC | |
| http://lists.opensuse.org/opensuse-updates/2014-03/msg00001.html | x_refsource_MISC |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T16:14:56.392Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://www.videolan.org/developers/vlc-branch/NEWS"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www3.trustwave.com/spiderlabs/advisories/TWSL2013-007.txt"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://git.videolan.org/gitweb.cgi/vlc.git/?p=vlc.git%3Ba=commitdiff%3Bh=bf02b8dd211d5a52aa301a9a2ff4e73ed8195881"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-updates/2014-03/msg00001.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2014-03-03T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Multiple cross-site scripting (XSS) vulnerabilities in the HTTP Interface in VideoLAN VLC Media Player before 2.0.7 allow remote attackers to inject arbitrary web script or HTML via the (1) command parameter to requests/vlm_cmd.xml, (2) dir parameter to requests/browse.xml, or (3) URI in a request, which is returned in an error message through share/lua/intf/http.lua."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2020-01-31T21:39:19",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "http://www.videolan.org/developers/vlc-branch/NEWS"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www3.trustwave.com/spiderlabs/advisories/TWSL2013-007.txt"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://git.videolan.org/gitweb.cgi/vlc.git/?p=vlc.git%3Ba=commitdiff%3Bh=bf02b8dd211d5a52aa301a9a2ff4e73ed8195881"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://lists.opensuse.org/opensuse-updates/2014-03/msg00001.html"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2013-3565",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Multiple cross-site scripting (XSS) vulnerabilities in the HTTP Interface in VideoLAN VLC Media Player before 2.0.7 allow remote attackers to inject arbitrary web script or HTML via the (1) command parameter to requests/vlm_cmd.xml, (2) dir parameter to requests/browse.xml, or (3) URI in a request, which is returned in an error message through share/lua/intf/http.lua."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://www.videolan.org/developers/vlc-branch/NEWS",
"refsource": "MISC",
"url": "http://www.videolan.org/developers/vlc-branch/NEWS"
},
{
"name": "https://www3.trustwave.com/spiderlabs/advisories/TWSL2013-007.txt",
"refsource": "MISC",
"url": "https://www3.trustwave.com/spiderlabs/advisories/TWSL2013-007.txt"
},
{
"name": "http://git.videolan.org/gitweb.cgi/vlc.git/?p=vlc.git;a=commitdiff;h=bf02b8dd211d5a52aa301a9a2ff4e73ed8195881",
"refsource": "MISC",
"url": "http://git.videolan.org/gitweb.cgi/vlc.git/?p=vlc.git;a=commitdiff;h=bf02b8dd211d5a52aa301a9a2ff4e73ed8195881"
},
{
"name": "http://lists.opensuse.org/opensuse-updates/2014-03/msg00001.html",
"refsource": "MISC",
"url": "http://lists.opensuse.org/opensuse-updates/2014-03/msg00001.html"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2013-3565",
"datePublished": "2020-01-31T21:39:19",
"dateReserved": "2013-05-21T00:00:00",
"dateUpdated": "2024-08-06T16:14:56.392Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2008-4686
Vulnerability from cvelistv5
Published
2008-10-22 17:00
Modified
2024-08-07 10:24
Severity ?
EPSS score ?
Summary
Multiple integer overflows in ty.c in the TY demux plugin (aka the TiVo demuxer) in VideoLAN VLC media player, probably 0.9.4, might allow remote attackers to execute arbitrary code via a crafted .ty file, a different vulnerability than CVE-2008-4654.
References
| ▼ | URL | Tags |
|---|---|---|
| http://www.openwall.com/lists/oss-security/2008/10/22/6 | mailing-list, x_refsource_MLIST | |
| https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A14630 | vdb-entry, signature, x_refsource_OVAL | |
| http://git.videolan.org/?p=vlc.git%3Ba=commitdiff%3Bh=d859e6b9537af2d7326276f70de25a840f554dc3 | x_refsource_CONFIRM | |
| http://www.openwall.com/lists/oss-security/2008/10/19/2 | mailing-list, x_refsource_MLIST | |
| http://www.securityfocus.com/bid/31867 | vdb-entry, x_refsource_BID |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T10:24:20.950Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "[oss-security] 20081022 Re: CVE id request: vlc",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2008/10/22/6"
},
{
"name": "oval:org.mitre.oval:def:14630",
"tags": [
"vdb-entry",
"signature",
"x_refsource_OVAL",
"x_transferred"
],
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A14630"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://git.videolan.org/?p=vlc.git%3Ba=commitdiff%3Bh=d859e6b9537af2d7326276f70de25a840f554dc3"
},
{
"name": "[oss-security] 20081019 CVE id request: vlc",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2008/10/19/2"
},
{
"name": "31867",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/31867"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2008-10-19T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Multiple integer overflows in ty.c in the TY demux plugin (aka the TiVo demuxer) in VideoLAN VLC media player, probably 0.9.4, might allow remote attackers to execute arbitrary code via a crafted .ty file, a different vulnerability than CVE-2008-4654."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-09-28T12:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "[oss-security] 20081022 Re: CVE id request: vlc",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://www.openwall.com/lists/oss-security/2008/10/22/6"
},
{
"name": "oval:org.mitre.oval:def:14630",
"tags": [
"vdb-entry",
"signature",
"x_refsource_OVAL"
],
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A14630"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://git.videolan.org/?p=vlc.git%3Ba=commitdiff%3Bh=d859e6b9537af2d7326276f70de25a840f554dc3"
},
{
"name": "[oss-security] 20081019 CVE id request: vlc",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://www.openwall.com/lists/oss-security/2008/10/19/2"
},
{
"name": "31867",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/31867"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2008-4686",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Multiple integer overflows in ty.c in the TY demux plugin (aka the TiVo demuxer) in VideoLAN VLC media player, probably 0.9.4, might allow remote attackers to execute arbitrary code via a crafted .ty file, a different vulnerability than CVE-2008-4654."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "[oss-security] 20081022 Re: CVE id request: vlc",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2008/10/22/6"
},
{
"name": "oval:org.mitre.oval:def:14630",
"refsource": "OVAL",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A14630"
},
{
"name": "http://git.videolan.org/?p=vlc.git;a=commitdiff;h=d859e6b9537af2d7326276f70de25a840f554dc3",
"refsource": "CONFIRM",
"url": "http://git.videolan.org/?p=vlc.git;a=commitdiff;h=d859e6b9537af2d7326276f70de25a840f554dc3"
},
{
"name": "[oss-security] 20081019 CVE id request: vlc",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2008/10/19/2"
},
{
"name": "31867",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/31867"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2008-4686",
"datePublished": "2008-10-22T17:00:00",
"dateReserved": "2008-10-22T00:00:00",
"dateUpdated": "2024-08-07T10:24:20.950Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2018-19857
Vulnerability from cvelistv5
Published
2018-12-05 11:00
Modified
2024-08-05 11:44
Severity ?
EPSS score ?
Summary
The CAF demuxer in modules/demux/caf.c in VideoLAN VLC media player 3.0.4 may read memory from an uninitialized pointer when processing magic cookies in CAF files, because a ReadKukiChunk() cast converts a return value to an unsigned int even if that value is negative. This could result in a denial of service and/or a potential infoleak.
References
| ▼ | URL | Tags |
|---|---|---|
| http://www.securityfocus.com/bid/106130 | vdb-entry, x_refsource_BID | |
| https://git.videolan.org/?p=vlc.git%3Ba=commit%3Bh=0cc5ea748ee5ff7705dde61ab15dff8f58be39d0 | x_refsource_MISC | |
| https://dyntopia.com/advisories/013-vlc | x_refsource_MISC | |
| https://www.debian.org/security/2019/dsa-4366 | vendor-advisory, x_refsource_DEBIAN | |
| https://usn.ubuntu.com/4074-1/ | vendor-advisory, x_refsource_UBUNTU | |
| http://lists.opensuse.org/opensuse-security-announce/2019-08/msg00005.html | vendor-advisory, x_refsource_SUSE | |
| http://lists.opensuse.org/opensuse-security-announce/2019-08/msg00040.html | vendor-advisory, x_refsource_SUSE | |
| http://lists.opensuse.org/opensuse-security-announce/2019-08/msg00037.html | vendor-advisory, x_refsource_SUSE | |
| http://lists.opensuse.org/opensuse-security-announce/2019-08/msg00081.html | vendor-advisory, x_refsource_SUSE |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T11:44:20.649Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "106130",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/106130"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://git.videolan.org/?p=vlc.git%3Ba=commit%3Bh=0cc5ea748ee5ff7705dde61ab15dff8f58be39d0"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://dyntopia.com/advisories/013-vlc"
},
{
"name": "DSA-4366",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN",
"x_transferred"
],
"url": "https://www.debian.org/security/2019/dsa-4366"
},
{
"name": "USN-4074-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU",
"x_transferred"
],
"url": "https://usn.ubuntu.com/4074-1/"
},
{
"name": "openSUSE-SU-2019:1840",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2019-08/msg00005.html"
},
{
"name": "openSUSE-SU-2019:1909",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2019-08/msg00040.html"
},
{
"name": "openSUSE-SU-2019:1897",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2019-08/msg00037.html"
},
{
"name": "openSUSE-SU-2019:2015",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2019-08/msg00081.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2018-12-05T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "The CAF demuxer in modules/demux/caf.c in VideoLAN VLC media player 3.0.4 may read memory from an uninitialized pointer when processing magic cookies in CAF files, because a ReadKukiChunk() cast converts a return value to an unsigned int even if that value is negative. This could result in a denial of service and/or a potential infoleak."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2019-08-26T20:06:12",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "106130",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/106130"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://git.videolan.org/?p=vlc.git%3Ba=commit%3Bh=0cc5ea748ee5ff7705dde61ab15dff8f58be39d0"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://dyntopia.com/advisories/013-vlc"
},
{
"name": "DSA-4366",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN"
],
"url": "https://www.debian.org/security/2019/dsa-4366"
},
{
"name": "USN-4074-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU"
],
"url": "https://usn.ubuntu.com/4074-1/"
},
{
"name": "openSUSE-SU-2019:1840",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2019-08/msg00005.html"
},
{
"name": "openSUSE-SU-2019:1909",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2019-08/msg00040.html"
},
{
"name": "openSUSE-SU-2019:1897",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2019-08/msg00037.html"
},
{
"name": "openSUSE-SU-2019:2015",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2019-08/msg00081.html"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2018-19857",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The CAF demuxer in modules/demux/caf.c in VideoLAN VLC media player 3.0.4 may read memory from an uninitialized pointer when processing magic cookies in CAF files, because a ReadKukiChunk() cast converts a return value to an unsigned int even if that value is negative. This could result in a denial of service and/or a potential infoleak."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "106130",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/106130"
},
{
"name": "https://git.videolan.org/?p=vlc.git;a=commit;h=0cc5ea748ee5ff7705dde61ab15dff8f58be39d0",
"refsource": "MISC",
"url": "https://git.videolan.org/?p=vlc.git;a=commit;h=0cc5ea748ee5ff7705dde61ab15dff8f58be39d0"
},
{
"name": "https://dyntopia.com/advisories/013-vlc",
"refsource": "MISC",
"url": "https://dyntopia.com/advisories/013-vlc"
},
{
"name": "DSA-4366",
"refsource": "DEBIAN",
"url": "https://www.debian.org/security/2019/dsa-4366"
},
{
"name": "USN-4074-1",
"refsource": "UBUNTU",
"url": "https://usn.ubuntu.com/4074-1/"
},
{
"name": "openSUSE-SU-2019:1840",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2019-08/msg00005.html"
},
{
"name": "openSUSE-SU-2019:1909",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2019-08/msg00040.html"
},
{
"name": "openSUSE-SU-2019:1897",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2019-08/msg00037.html"
},
{
"name": "openSUSE-SU-2019:2015",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2019-08/msg00081.html"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2018-19857",
"datePublished": "2018-12-05T11:00:00",
"dateReserved": "2018-12-05T00:00:00",
"dateUpdated": "2024-08-05T11:44:20.649Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2013-7340
Vulnerability from cvelistv5
Published
2014-03-20 19:00
Modified
2024-09-16 22:20
Severity ?
EPSS score ?
Summary
VideoLAN VLC Media Player before 2.0.7 allows remote attackers to cause a denial of service (memory consumption) via a crafted playlist file.
References
| ▼ | URL | Tags |
|---|---|---|
| http://www.videolan.org/developers/vlc-branch/NEWS | x_refsource_CONFIRM |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T18:01:20.567Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.videolan.org/developers/vlc-branch/NEWS"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "VideoLAN VLC Media Player before 2.0.7 allows remote attackers to cause a denial of service (memory consumption) via a crafted playlist file."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2014-03-20T19:00:00Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.videolan.org/developers/vlc-branch/NEWS"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2013-7340",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "VideoLAN VLC Media Player before 2.0.7 allows remote attackers to cause a denial of service (memory consumption) via a crafted playlist file."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://www.videolan.org/developers/vlc-branch/NEWS",
"refsource": "CONFIRM",
"url": "http://www.videolan.org/developers/vlc-branch/NEWS"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2013-7340",
"datePublished": "2014-03-20T19:00:00Z",
"dateReserved": "2014-03-20T00:00:00Z",
"dateUpdated": "2024-09-16T22:20:05.242Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2010-1445
Vulnerability from cvelistv5
Published
2014-12-26 20:00
Modified
2024-08-07 01:21
Severity ?
EPSS score ?
Summary
Heap-based buffer overflow in VideoLAN VLC media player before 1.0.6 allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a crafted byte stream in an RTMP session.
References
| ▼ | URL | Tags |
|---|---|---|
| http://www.videolan.org/security/sa1003.html | x_refsource_CONFIRM | |
| http://openwall.com/lists/oss-security/2010/04/28/4 | mailing-list, x_refsource_MLIST |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T01:21:19.157Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.videolan.org/security/sa1003.html"
},
{
"name": "[oss-security] 20100428 Re: CVE request: VLC \u003c1.0.6 Multiple issues",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://openwall.com/lists/oss-security/2010/04/28/4"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2010-04-19T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Heap-based buffer overflow in VideoLAN VLC media player before 1.0.6 allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a crafted byte stream in an RTMP session."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2014-12-26T19:57:00",
"orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"shortName": "redhat"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.videolan.org/security/sa1003.html"
},
{
"name": "[oss-security] 20100428 Re: CVE request: VLC \u003c1.0.6 Multiple issues",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://openwall.com/lists/oss-security/2010/04/28/4"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "secalert@redhat.com",
"ID": "CVE-2010-1445",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Heap-based buffer overflow in VideoLAN VLC media player before 1.0.6 allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a crafted byte stream in an RTMP session."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://www.videolan.org/security/sa1003.html",
"refsource": "CONFIRM",
"url": "http://www.videolan.org/security/sa1003.html"
},
{
"name": "[oss-security] 20100428 Re: CVE request: VLC \u003c1.0.6 Multiple issues",
"refsource": "MLIST",
"url": "http://openwall.com/lists/oss-security/2010/04/28/4"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"assignerShortName": "redhat",
"cveId": "CVE-2010-1445",
"datePublished": "2014-12-26T20:00:00",
"dateReserved": "2010-04-15T00:00:00",
"dateUpdated": "2024-08-07T01:21:19.157Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2013-4388
Vulnerability from cvelistv5
Published
2013-10-11 22:00
Modified
2024-08-06 16:45
Severity ?
EPSS score ?
Summary
Buffer overflow in the mp4a packetizer (modules/packetizer/mpeg4audio.c) in VideoLAN VLC Media Player before 2.0.8 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via unspecified vectors.
References
| ▼ | URL | Tags |
|---|---|---|
| https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A18086 | vdb-entry, signature, x_refsource_OVAL | |
| http://secunia.com/advisories/59793 | third-party-advisory, x_refsource_SECUNIA | |
| http://www.videolan.org/developers/vlc-branch/NEWS | x_refsource_CONFIRM | |
| http://www.securityfocus.com/bid/62724 | vdb-entry, x_refsource_BID | |
| http://www.openwall.com/lists/oss-security/2013/10/01/2 | mailing-list, x_refsource_MLIST | |
| http://www.securitytracker.com/id/1029120 | vdb-entry, x_refsource_SECTRACK | |
| http://git.videolan.org/?p=vlc.git%3Ba=commitdiff%3Bh=9794ec1cd268c04c8bca13a5fae15df6594dff3e | x_refsource_CONFIRM |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T16:45:13.511Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "oval:org.mitre.oval:def:18086",
"tags": [
"vdb-entry",
"signature",
"x_refsource_OVAL",
"x_transferred"
],
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A18086"
},
{
"name": "59793",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/59793"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.videolan.org/developers/vlc-branch/NEWS"
},
{
"name": "62724",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/62724"
},
{
"name": "[oss-security] 20130930 Re: CVE request: VLC",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2013/10/01/2"
},
{
"name": "1029120",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://www.securitytracker.com/id/1029120"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://git.videolan.org/?p=vlc.git%3Ba=commitdiff%3Bh=9794ec1cd268c04c8bca13a5fae15df6594dff3e"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2013-08-24T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Buffer overflow in the mp4a packetizer (modules/packetizer/mpeg4audio.c) in VideoLAN VLC Media Player before 2.0.8 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via unspecified vectors."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-09-18T12:57:01",
"orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"shortName": "redhat"
},
"references": [
{
"name": "oval:org.mitre.oval:def:18086",
"tags": [
"vdb-entry",
"signature",
"x_refsource_OVAL"
],
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A18086"
},
{
"name": "59793",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/59793"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.videolan.org/developers/vlc-branch/NEWS"
},
{
"name": "62724",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/62724"
},
{
"name": "[oss-security] 20130930 Re: CVE request: VLC",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://www.openwall.com/lists/oss-security/2013/10/01/2"
},
{
"name": "1029120",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://www.securitytracker.com/id/1029120"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://git.videolan.org/?p=vlc.git%3Ba=commitdiff%3Bh=9794ec1cd268c04c8bca13a5fae15df6594dff3e"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "secalert@redhat.com",
"ID": "CVE-2013-4388",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Buffer overflow in the mp4a packetizer (modules/packetizer/mpeg4audio.c) in VideoLAN VLC Media Player before 2.0.8 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via unspecified vectors."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "oval:org.mitre.oval:def:18086",
"refsource": "OVAL",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A18086"
},
{
"name": "59793",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/59793"
},
{
"name": "http://www.videolan.org/developers/vlc-branch/NEWS",
"refsource": "CONFIRM",
"url": "http://www.videolan.org/developers/vlc-branch/NEWS"
},
{
"name": "62724",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/62724"
},
{
"name": "[oss-security] 20130930 Re: CVE request: VLC",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2013/10/01/2"
},
{
"name": "1029120",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1029120"
},
{
"name": "http://git.videolan.org/?p=vlc.git;a=commitdiff;h=9794ec1cd268c04c8bca13a5fae15df6594dff3e",
"refsource": "CONFIRM",
"url": "http://git.videolan.org/?p=vlc.git;a=commitdiff;h=9794ec1cd268c04c8bca13a5fae15df6594dff3e"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"assignerShortName": "redhat",
"cveId": "CVE-2013-4388",
"datePublished": "2013-10-11T22:00:00",
"dateReserved": "2013-06-12T00:00:00",
"dateUpdated": "2024-08-06T16:45:13.511Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2021-25804
Vulnerability from cvelistv5
Published
2021-07-26 16:26
Modified
2024-08-03 20:11
Severity ?
EPSS score ?
Summary
A NULL-pointer dereference in "Open" in avi.c of VideoLAN VLC Media Player 3.0.11 can a denial of service (DOS) in the application.
References
| ▼ | URL | Tags |
|---|---|---|
| https://code.videolan.org/videolan/vlc-3.0/-/commit/a7f577ec26d35bbd7b2a3cda89d1b41bde69de9c | x_refsource_MISC |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T20:11:28.465Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://code.videolan.org/videolan/vlc-3.0/-/commit/a7f577ec26d35bbd7b2a3cda89d1b41bde69de9c"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "A NULL-pointer dereference in \"Open\" in avi.c of VideoLAN VLC Media Player 3.0.11 can a denial of service (DOS) in the application."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2021-07-26T16:26:59",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://code.videolan.org/videolan/vlc-3.0/-/commit/a7f577ec26d35bbd7b2a3cda89d1b41bde69de9c"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2021-25804",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "A NULL-pointer dereference in \"Open\" in avi.c of VideoLAN VLC Media Player 3.0.11 can a denial of service (DOS) in the application."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://code.videolan.org/videolan/vlc-3.0/-/commit/a7f577ec26d35bbd7b2a3cda89d1b41bde69de9c",
"refsource": "MISC",
"url": "https://code.videolan.org/videolan/vlc-3.0/-/commit/a7f577ec26d35bbd7b2a3cda89d1b41bde69de9c"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2021-25804",
"datePublished": "2021-07-26T16:26:59",
"dateReserved": "2021-01-22T00:00:00",
"dateUpdated": "2024-08-03T20:11:28.465Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2008-5036
Vulnerability from cvelistv5
Published
2008-11-10 22:00
Modified
2024-08-07 10:40
Severity ?
EPSS score ?
Summary
Stack-based buffer overflow in VideoLAN VLC media player 0.9.x before 0.9.6 might allow user-assisted attackers to execute arbitrary code via an an invalid RealText (rt) subtitle file, related to the ParseRealText function in modules/demux/subtitle.c. NOTE: this issue was SPLIT from CVE-2008-5032 on 20081110.
References
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T10:40:17.328Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "[oss-security] 20081105 VideoLAN security advisory 0810",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2008/11/05/4"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://git.videolan.org/?p=vlc.git%3Ba=commitdiff%3Bh=e3cef651125701a2e33a8d75b815b3e39681a447"
},
{
"name": "20081106 [TKADV2008-011] VLC media player RealText Processing Stack Overflow Vulnerability",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://www.securityfocus.com/archive/1/498111/100/0/threaded"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.videolan.org/security/sa0810.html"
},
{
"name": "7051",
"tags": [
"exploit",
"x_refsource_EXPLOIT-DB",
"x_transferred"
],
"url": "https://www.exploit-db.com/exploits/7051"
},
{
"name": "vlcmediaplayer-realtext-bo(46376)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/46376"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://www.trapkit.de/advisories/TKADV2008-011.txt"
},
{
"name": "[oss-security] 20081105 CVE id request: vlc",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2008/11/05/5"
},
{
"name": "[oss-security] 20081110 Re: CVE id request: vlc",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2008/11/10/13"
},
{
"name": "32569",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/32569"
},
{
"name": "33315",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/33315"
},
{
"name": "oval:org.mitre.oval:def:14329",
"tags": [
"vdb-entry",
"signature",
"x_refsource_OVAL",
"x_transferred"
],
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A14329"
},
{
"name": "32125",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/32125"
},
{
"name": "GLSA-200812-24",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO",
"x_transferred"
],
"url": "http://security.gentoo.org/glsa/glsa-200812-24.xml"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2008-11-05T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Stack-based buffer overflow in VideoLAN VLC media player 0.9.x before 0.9.6 might allow user-assisted attackers to execute arbitrary code via an an invalid RealText (rt) subtitle file, related to the ParseRealText function in modules/demux/subtitle.c. NOTE: this issue was SPLIT from CVE-2008-5032 on 20081110."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-10-11T19:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "[oss-security] 20081105 VideoLAN security advisory 0810",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://www.openwall.com/lists/oss-security/2008/11/05/4"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://git.videolan.org/?p=vlc.git%3Ba=commitdiff%3Bh=e3cef651125701a2e33a8d75b815b3e39681a447"
},
{
"name": "20081106 [TKADV2008-011] VLC media player RealText Processing Stack Overflow Vulnerability",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://www.securityfocus.com/archive/1/498111/100/0/threaded"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.videolan.org/security/sa0810.html"
},
{
"name": "7051",
"tags": [
"exploit",
"x_refsource_EXPLOIT-DB"
],
"url": "https://www.exploit-db.com/exploits/7051"
},
{
"name": "vlcmediaplayer-realtext-bo(46376)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/46376"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://www.trapkit.de/advisories/TKADV2008-011.txt"
},
{
"name": "[oss-security] 20081105 CVE id request: vlc",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://www.openwall.com/lists/oss-security/2008/11/05/5"
},
{
"name": "[oss-security] 20081110 Re: CVE id request: vlc",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://www.openwall.com/lists/oss-security/2008/11/10/13"
},
{
"name": "32569",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/32569"
},
{
"name": "33315",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/33315"
},
{
"name": "oval:org.mitre.oval:def:14329",
"tags": [
"vdb-entry",
"signature",
"x_refsource_OVAL"
],
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A14329"
},
{
"name": "32125",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/32125"
},
{
"name": "GLSA-200812-24",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO"
],
"url": "http://security.gentoo.org/glsa/glsa-200812-24.xml"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2008-5036",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Stack-based buffer overflow in VideoLAN VLC media player 0.9.x before 0.9.6 might allow user-assisted attackers to execute arbitrary code via an an invalid RealText (rt) subtitle file, related to the ParseRealText function in modules/demux/subtitle.c. NOTE: this issue was SPLIT from CVE-2008-5032 on 20081110."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "[oss-security] 20081105 VideoLAN security advisory 0810",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2008/11/05/4"
},
{
"name": "http://git.videolan.org/?p=vlc.git;a=commitdiff;h=e3cef651125701a2e33a8d75b815b3e39681a447",
"refsource": "CONFIRM",
"url": "http://git.videolan.org/?p=vlc.git;a=commitdiff;h=e3cef651125701a2e33a8d75b815b3e39681a447"
},
{
"name": "20081106 [TKADV2008-011] VLC media player RealText Processing Stack Overflow Vulnerability",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/498111/100/0/threaded"
},
{
"name": "http://www.videolan.org/security/sa0810.html",
"refsource": "CONFIRM",
"url": "http://www.videolan.org/security/sa0810.html"
},
{
"name": "7051",
"refsource": "EXPLOIT-DB",
"url": "https://www.exploit-db.com/exploits/7051"
},
{
"name": "vlcmediaplayer-realtext-bo(46376)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/46376"
},
{
"name": "http://www.trapkit.de/advisories/TKADV2008-011.txt",
"refsource": "MISC",
"url": "http://www.trapkit.de/advisories/TKADV2008-011.txt"
},
{
"name": "[oss-security] 20081105 CVE id request: vlc",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2008/11/05/5"
},
{
"name": "[oss-security] 20081110 Re: CVE id request: vlc",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2008/11/10/13"
},
{
"name": "32569",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/32569"
},
{
"name": "33315",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/33315"
},
{
"name": "oval:org.mitre.oval:def:14329",
"refsource": "OVAL",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A14329"
},
{
"name": "32125",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/32125"
},
{
"name": "GLSA-200812-24",
"refsource": "GENTOO",
"url": "http://security.gentoo.org/glsa/glsa-200812-24.xml"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2008-5036",
"datePublished": "2008-11-10T22:00:00",
"dateReserved": "2008-11-10T00:00:00",
"dateUpdated": "2024-08-07T10:40:17.328Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2019-19721
Vulnerability from cvelistv5
Published
2020-05-15 17:28
Modified
2024-08-05 02:25
Severity ?
EPSS score ?
Summary
An off-by-one error in the DecodeBlock function in codec/sdl_image.c in VideoLAN VLC media player before 3.0.9 allows remote attackers to cause a denial of service (memory corruption) via a crafted image file. NOTE: this may be related to the SDL_Image product.
References
| ▼ | URL | Tags |
|---|---|---|
| https://www.videolan.org/security/ | x_refsource_MISC | |
| http://hg.libsdl.org/SDL_image/ | x_refsource_MISC | |
| https://bugs.gentoo.org/721940 | x_refsource_MISC | |
| https://git.videolan.org/?p=vlc/vlc-3.0.git%3Ba=commit%3Bh=72afe7ebd8305bf4f5360293b8621cde52ec506b | x_refsource_MISC |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T02:25:12.227Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.videolan.org/security/"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://hg.libsdl.org/SDL_image/"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://bugs.gentoo.org/721940"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://git.videolan.org/?p=vlc/vlc-3.0.git%3Ba=commit%3Bh=72afe7ebd8305bf4f5360293b8621cde52ec506b"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "An off-by-one error in the DecodeBlock function in codec/sdl_image.c in VideoLAN VLC media player before 3.0.9 allows remote attackers to cause a denial of service (memory corruption) via a crafted image file. NOTE: this may be related to the SDL_Image product."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2020-05-15T17:28:23",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.videolan.org/security/"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://hg.libsdl.org/SDL_image/"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://bugs.gentoo.org/721940"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://git.videolan.org/?p=vlc/vlc-3.0.git%3Ba=commit%3Bh=72afe7ebd8305bf4f5360293b8621cde52ec506b"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2019-19721",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "An off-by-one error in the DecodeBlock function in codec/sdl_image.c in VideoLAN VLC media player before 3.0.9 allows remote attackers to cause a denial of service (memory corruption) via a crafted image file. NOTE: this may be related to the SDL_Image product."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.videolan.org/security/",
"refsource": "MISC",
"url": "https://www.videolan.org/security/"
},
{
"name": "http://hg.libsdl.org/SDL_image/",
"refsource": "MISC",
"url": "http://hg.libsdl.org/SDL_image/"
},
{
"name": "https://bugs.gentoo.org/721940",
"refsource": "MISC",
"url": "https://bugs.gentoo.org/721940"
},
{
"name": "https://git.videolan.org/?p=vlc/vlc-3.0.git;a=commit;h=72afe7ebd8305bf4f5360293b8621cde52ec506b",
"refsource": "MISC",
"url": "https://git.videolan.org/?p=vlc/vlc-3.0.git;a=commit;h=72afe7ebd8305bf4f5360293b8621cde52ec506b"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2019-19721",
"datePublished": "2020-05-15T17:28:23",
"dateReserved": "2019-12-11T00:00:00",
"dateUpdated": "2024-08-05T02:25:12.227Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2013-3564
Vulnerability from cvelistv5
Published
2020-02-06 21:49
Modified
2024-08-06 16:14
Severity ?
EPSS score ?
Summary
The web interface in VideoLAN VLC media player before 2.0.7 has no access control which allows remote attackers to view directory listings via the 'dir' command or issue other commands without authenticating.
References
| ▼ | URL | Tags |
|---|---|---|
| https://www3.trustwave.com/spiderlabs/advisories/TWSL2013-007.txt | x_refsource_MISC |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T16:14:56.608Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www3.trustwave.com/spiderlabs/advisories/TWSL2013-007.txt"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2013-06-10T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "The web interface in VideoLAN VLC media player before 2.0.7 has no access control which allows remote attackers to view directory listings via the \u0027dir\u0027 command or issue other commands without authenticating."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2020-02-06T21:49:22",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www3.trustwave.com/spiderlabs/advisories/TWSL2013-007.txt"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2013-3564",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The web interface in VideoLAN VLC media player before 2.0.7 has no access control which allows remote attackers to view directory listings via the \u0027dir\u0027 command or issue other commands without authenticating."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www3.trustwave.com/spiderlabs/advisories/TWSL2013-007.txt",
"refsource": "MISC",
"url": "https://www3.trustwave.com/spiderlabs/advisories/TWSL2013-007.txt"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2013-3564",
"datePublished": "2020-02-06T21:49:22",
"dateReserved": "2013-05-21T00:00:00",
"dateUpdated": "2024-08-06T16:14:56.608Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2017-8311
Vulnerability from cvelistv5
Published
2017-05-23 21:00
Modified
2024-08-05 16:34
Severity ?
EPSS score ?
Summary
Potential heap based buffer overflow in ParseJSS in VideoLAN VLC before 2.2.5 due to skipping NULL terminator in an input string allows attackers to execute arbitrary code via a crafted subtitles file.
References
| ▼ | URL | Tags |
|---|---|---|
| https://security.gentoo.org/glsa/201707-10 | vendor-advisory, x_refsource_GENTOO | |
| https://www.exploit-db.com/exploits/44514/ | exploit, x_refsource_EXPLOIT-DB | |
| http://www.securityfocus.com/bid/98634 | vdb-entry, x_refsource_BID | |
| http://git.videolan.org/?p=vlc.git%3Ba=commitdiff%3Bh=775de716add17322f24b476439f903a829446eb6 | x_refsource_CONFIRM | |
| http://www.debian.org/security/2017/dsa-3899 | vendor-advisory, x_refsource_DEBIAN |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T16:34:22.584Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "GLSA-201707-10",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO",
"x_transferred"
],
"url": "https://security.gentoo.org/glsa/201707-10"
},
{
"name": "44514",
"tags": [
"exploit",
"x_refsource_EXPLOIT-DB",
"x_transferred"
],
"url": "https://www.exploit-db.com/exploits/44514/"
},
{
"name": "98634",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/98634"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://git.videolan.org/?p=vlc.git%3Ba=commitdiff%3Bh=775de716add17322f24b476439f903a829446eb6"
},
{
"name": "DSA-3899",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN",
"x_transferred"
],
"url": "http://www.debian.org/security/2017/dsa-3899"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "VLC",
"vendor": "VideoLAN",
"versions": [
{
"status": "affected",
"version": "\u003c2.2.5"
}
]
}
],
"datePublic": "2017-04-06T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Potential heap based buffer overflow in ParseJSS in VideoLAN VLC before 2.2.5 due to skipping NULL terminator in an input string allows attackers to execute arbitrary code via a crafted subtitles file."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Allows attacker to execute arbitrary code.",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-04-26T09:57:01",
"orgId": "897c38be-0345-43cd-b6cf-fe179e0c4f45",
"shortName": "checkpoint"
},
"references": [
{
"name": "GLSA-201707-10",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO"
],
"url": "https://security.gentoo.org/glsa/201707-10"
},
{
"name": "44514",
"tags": [
"exploit",
"x_refsource_EXPLOIT-DB"
],
"url": "https://www.exploit-db.com/exploits/44514/"
},
{
"name": "98634",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/98634"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://git.videolan.org/?p=vlc.git%3Ba=commitdiff%3Bh=775de716add17322f24b476439f903a829446eb6"
},
{
"name": "DSA-3899",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN"
],
"url": "http://www.debian.org/security/2017/dsa-3899"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@checkpoint.com",
"ID": "CVE-2017-8311",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "VLC",
"version": {
"version_data": [
{
"version_value": "\u003c2.2.5"
}
]
}
}
]
},
"vendor_name": "VideoLAN"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Potential heap based buffer overflow in ParseJSS in VideoLAN VLC before 2.2.5 due to skipping NULL terminator in an input string allows attackers to execute arbitrary code via a crafted subtitles file."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Allows attacker to execute arbitrary code."
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "GLSA-201707-10",
"refsource": "GENTOO",
"url": "https://security.gentoo.org/glsa/201707-10"
},
{
"name": "44514",
"refsource": "EXPLOIT-DB",
"url": "https://www.exploit-db.com/exploits/44514/"
},
{
"name": "98634",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/98634"
},
{
"name": "http://git.videolan.org/?p=vlc.git;a=commitdiff;h=775de716add17322f24b476439f903a829446eb6",
"refsource": "CONFIRM",
"url": "http://git.videolan.org/?p=vlc.git;a=commitdiff;h=775de716add17322f24b476439f903a829446eb6"
},
{
"name": "DSA-3899",
"refsource": "DEBIAN",
"url": "http://www.debian.org/security/2017/dsa-3899"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "897c38be-0345-43cd-b6cf-fe179e0c4f45",
"assignerShortName": "checkpoint",
"cveId": "CVE-2017-8311",
"datePublished": "2017-05-23T21:00:00",
"dateReserved": "2017-04-28T00:00:00",
"dateUpdated": "2024-08-05T16:34:22.584Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2017-8312
Vulnerability from cvelistv5
Published
2017-05-23 21:00
Modified
2024-08-05 16:34
Severity ?
EPSS score ?
Summary
Heap out-of-bound read in ParseJSS in VideoLAN VLC due to missing check of string length allows attackers to read heap uninitialized data via a crafted subtitles file.
References
| ▼ | URL | Tags |
|---|---|---|
| https://security.gentoo.org/glsa/201707-10 | vendor-advisory, x_refsource_GENTOO | |
| http://www.securityfocus.com/bid/98631 | vdb-entry, x_refsource_BID | |
| http://www.debian.org/security/2017/dsa-3899 | vendor-advisory, x_refsource_DEBIAN | |
| http://git.videolan.org/?p=vlc.git%3Ba=blobdiff%3Bf=modules/demux/subtitle.c%3Bh=5e4fcdb7f25b2819f5441156c7c0ea2a7d112ca3%3Bhp=2a75fbfb7c3f56b24b2e4498bbb8fe0aa2575974%3Bhb=611398fc8d32f3fe4331f60b220c52ba3557beaa%3Bhpb=075bc7169b05b004fa0250e4a4ce5516b05487a9 | x_refsource_CONFIRM |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T16:34:22.183Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "GLSA-201707-10",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO",
"x_transferred"
],
"url": "https://security.gentoo.org/glsa/201707-10"
},
{
"name": "98631",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/98631"
},
{
"name": "DSA-3899",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN",
"x_transferred"
],
"url": "http://www.debian.org/security/2017/dsa-3899"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://git.videolan.org/?p=vlc.git%3Ba=blobdiff%3Bf=modules/demux/subtitle.c%3Bh=5e4fcdb7f25b2819f5441156c7c0ea2a7d112ca3%3Bhp=2a75fbfb7c3f56b24b2e4498bbb8fe0aa2575974%3Bhb=611398fc8d32f3fe4331f60b220c52ba3557beaa%3Bhpb=075bc7169b05b004fa0250e4a4ce5516b05487a9"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "VLC",
"vendor": "VideoLAN",
"versions": [
{
"status": "affected",
"version": "All"
}
]
}
],
"datePublic": "2017-04-28T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Heap out-of-bound read in ParseJSS in VideoLAN VLC due to missing check of string length allows attackers to read heap uninitialized data via a crafted subtitles file."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Allows attacker to read heap uninitialized data (potentially beyond allocated data - depends on heap implementation).",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-11-03T18:57:01",
"orgId": "897c38be-0345-43cd-b6cf-fe179e0c4f45",
"shortName": "checkpoint"
},
"references": [
{
"name": "GLSA-201707-10",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO"
],
"url": "https://security.gentoo.org/glsa/201707-10"
},
{
"name": "98631",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/98631"
},
{
"name": "DSA-3899",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN"
],
"url": "http://www.debian.org/security/2017/dsa-3899"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://git.videolan.org/?p=vlc.git%3Ba=blobdiff%3Bf=modules/demux/subtitle.c%3Bh=5e4fcdb7f25b2819f5441156c7c0ea2a7d112ca3%3Bhp=2a75fbfb7c3f56b24b2e4498bbb8fe0aa2575974%3Bhb=611398fc8d32f3fe4331f60b220c52ba3557beaa%3Bhpb=075bc7169b05b004fa0250e4a4ce5516b05487a9"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@checkpoint.com",
"ID": "CVE-2017-8312",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "VLC",
"version": {
"version_data": [
{
"version_value": "All"
}
]
}
}
]
},
"vendor_name": "VideoLAN"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Heap out-of-bound read in ParseJSS in VideoLAN VLC due to missing check of string length allows attackers to read heap uninitialized data via a crafted subtitles file."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Allows attacker to read heap uninitialized data (potentially beyond allocated data - depends on heap implementation)."
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "GLSA-201707-10",
"refsource": "GENTOO",
"url": "https://security.gentoo.org/glsa/201707-10"
},
{
"name": "98631",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/98631"
},
{
"name": "DSA-3899",
"refsource": "DEBIAN",
"url": "http://www.debian.org/security/2017/dsa-3899"
},
{
"name": "http://git.videolan.org/?p=vlc.git;a=blobdiff;f=modules/demux/subtitle.c;h=5e4fcdb7f25b2819f5441156c7c0ea2a7d112ca3;hp=2a75fbfb7c3f56b24b2e4498bbb8fe0aa2575974;hb=611398fc8d32f3fe4331f60b220c52ba3557beaa;hpb=075bc7169b05b004fa0250e4a4ce5516b05487a9",
"refsource": "CONFIRM",
"url": "http://git.videolan.org/?p=vlc.git;a=blobdiff;f=modules/demux/subtitle.c;h=5e4fcdb7f25b2819f5441156c7c0ea2a7d112ca3;hp=2a75fbfb7c3f56b24b2e4498bbb8fe0aa2575974;hb=611398fc8d32f3fe4331f60b220c52ba3557beaa;hpb=075bc7169b05b004fa0250e4a4ce5516b05487a9"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "897c38be-0345-43cd-b6cf-fe179e0c4f45",
"assignerShortName": "checkpoint",
"cveId": "CVE-2017-8312",
"datePublished": "2017-05-23T21:00:00",
"dateReserved": "2017-04-28T00:00:00",
"dateUpdated": "2024-08-05T16:34:22.183Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2020-26664
Vulnerability from cvelistv5
Published
2021-01-08 17:40
Modified
2024-08-04 15:56
Severity ?
EPSS score ?
Summary
A vulnerability in EbmlTypeDispatcher::send in VideoLAN VLC media player 3.0.11 allows attackers to trigger a heap-based buffer overflow via a crafted .mkv file.
References
| ▼ | URL | Tags |
|---|---|---|
| http://vlc.com | x_refsource_MISC | |
| http://videolan.com | x_refsource_MISC | |
| https://gist.githubusercontent.com/henices/db11664dd45b9f322f8514d182aef5ea/raw/d56940c8bf211992bf4f3309a85bb2b69383e511/CVE-2020-26664.txt | x_refsource_MISC | |
| https://www.debian.org/security/2021/dsa-4834 | vendor-advisory, x_refsource_DEBIAN | |
| https://security.gentoo.org/glsa/202101-37 | vendor-advisory, x_refsource_GENTOO | |
| https://lists.debian.org/debian-lts-announce/2022/06/msg00012.html | mailing-list, x_refsource_MLIST |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T15:56:05.012Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://vlc.com"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://videolan.com"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://gist.githubusercontent.com/henices/db11664dd45b9f322f8514d182aef5ea/raw/d56940c8bf211992bf4f3309a85bb2b69383e511/CVE-2020-26664.txt"
},
{
"name": "DSA-4834",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN",
"x_transferred"
],
"url": "https://www.debian.org/security/2021/dsa-4834"
},
{
"name": "GLSA-202101-37",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO",
"x_transferred"
],
"url": "https://security.gentoo.org/glsa/202101-37"
},
{
"name": "[debian-lts-announce] 20220610 [SECURITY] [DLA 3050-1] vlc security update",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://lists.debian.org/debian-lts-announce/2022/06/msg00012.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "A vulnerability in EbmlTypeDispatcher::send in VideoLAN VLC media player 3.0.11 allows attackers to trigger a heap-based buffer overflow via a crafted .mkv file."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-06-10T18:06:15",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "http://vlc.com"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://videolan.com"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://gist.githubusercontent.com/henices/db11664dd45b9f322f8514d182aef5ea/raw/d56940c8bf211992bf4f3309a85bb2b69383e511/CVE-2020-26664.txt"
},
{
"name": "DSA-4834",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN"
],
"url": "https://www.debian.org/security/2021/dsa-4834"
},
{
"name": "GLSA-202101-37",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO"
],
"url": "https://security.gentoo.org/glsa/202101-37"
},
{
"name": "[debian-lts-announce] 20220610 [SECURITY] [DLA 3050-1] vlc security update",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "https://lists.debian.org/debian-lts-announce/2022/06/msg00012.html"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2020-26664",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "A vulnerability in EbmlTypeDispatcher::send in VideoLAN VLC media player 3.0.11 allows attackers to trigger a heap-based buffer overflow via a crafted .mkv file."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://vlc.com",
"refsource": "MISC",
"url": "http://vlc.com"
},
{
"name": "http://videolan.com",
"refsource": "MISC",
"url": "http://videolan.com"
},
{
"name": "https://gist.githubusercontent.com/henices/db11664dd45b9f322f8514d182aef5ea/raw/d56940c8bf211992bf4f3309a85bb2b69383e511/CVE-2020-26664.txt",
"refsource": "MISC",
"url": "https://gist.githubusercontent.com/henices/db11664dd45b9f322f8514d182aef5ea/raw/d56940c8bf211992bf4f3309a85bb2b69383e511/CVE-2020-26664.txt"
},
{
"name": "DSA-4834",
"refsource": "DEBIAN",
"url": "https://www.debian.org/security/2021/dsa-4834"
},
{
"name": "GLSA-202101-37",
"refsource": "GENTOO",
"url": "https://security.gentoo.org/glsa/202101-37"
},
{
"name": "[debian-lts-announce] 20220610 [SECURITY] [DLA 3050-1] vlc security update",
"refsource": "MLIST",
"url": "https://lists.debian.org/debian-lts-announce/2022/06/msg00012.html"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2020-26664",
"datePublished": "2021-01-08T17:40:41",
"dateReserved": "2020-10-07T00:00:00",
"dateUpdated": "2024-08-04T15:56:05.012Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2010-3907
Vulnerability from cvelistv5
Published
2011-01-03 19:26
Modified
2024-08-07 03:26
Severity ?
EPSS score ?
Summary
Multiple integer overflows in real.c in the Real demuxer plugin in VideoLAN VLC Media Player before 1.1.6 allow remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a zero i_subpackets value in a Real Media file, leading to a heap-based buffer overflow.
References
| ▼ | URL | Tags |
|---|---|---|
| http://git.videolan.org/?p=vlc.git%3Ba=commit%3Bh=6568965770f906d34d4aef83237842a5376adb55 | x_refsource_CONFIRM | |
| https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A13950 | vdb-entry, signature, x_refsource_OVAL | |
| http://www.vupen.com/english/advisories/2010/3345 | vdb-entry, x_refsource_VUPEN | |
| https://exchange.xforce.ibmcloud.com/vulnerabilities/64461 | vdb-entry, x_refsource_XF | |
| http://www.securityfocus.com/bid/45632 | vdb-entry, x_refsource_BID | |
| http://www.videolan.org/security/sa1007.html | x_refsource_CONFIRM | |
| http://www.cs.brown.edu/people/drosenbe/research.html | x_refsource_MISC |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T03:26:12.237Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://git.videolan.org/?p=vlc.git%3Ba=commit%3Bh=6568965770f906d34d4aef83237842a5376adb55"
},
{
"name": "oval:org.mitre.oval:def:13950",
"tags": [
"vdb-entry",
"signature",
"x_refsource_OVAL",
"x_transferred"
],
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A13950"
},
{
"name": "ADV-2010-3345",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2010/3345"
},
{
"name": "vlcmediaplayer-realdemuxer-code-exec(64461)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/64461"
},
{
"name": "45632",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/45632"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.videolan.org/security/sa1007.html"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://www.cs.brown.edu/people/drosenbe/research.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2010-12-29T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Multiple integer overflows in real.c in the Real demuxer plugin in VideoLAN VLC Media Player before 1.1.6 allow remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a zero i_subpackets value in a Real Media file, leading to a heap-based buffer overflow."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-09-18T12:57:01",
"orgId": "cc1ad9ee-3454-478d-9317-d3e869d708bc",
"shortName": "canonical"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://git.videolan.org/?p=vlc.git%3Ba=commit%3Bh=6568965770f906d34d4aef83237842a5376adb55"
},
{
"name": "oval:org.mitre.oval:def:13950",
"tags": [
"vdb-entry",
"signature",
"x_refsource_OVAL"
],
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A13950"
},
{
"name": "ADV-2010-3345",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2010/3345"
},
{
"name": "vlcmediaplayer-realdemuxer-code-exec(64461)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/64461"
},
{
"name": "45632",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/45632"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.videolan.org/security/sa1007.html"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://www.cs.brown.edu/people/drosenbe/research.html"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "security@ubuntu.com",
"ID": "CVE-2010-3907",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Multiple integer overflows in real.c in the Real demuxer plugin in VideoLAN VLC Media Player before 1.1.6 allow remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a zero i_subpackets value in a Real Media file, leading to a heap-based buffer overflow."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://git.videolan.org/?p=vlc.git;a=commit;h=6568965770f906d34d4aef83237842a5376adb55",
"refsource": "CONFIRM",
"url": "http://git.videolan.org/?p=vlc.git;a=commit;h=6568965770f906d34d4aef83237842a5376adb55"
},
{
"name": "oval:org.mitre.oval:def:13950",
"refsource": "OVAL",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A13950"
},
{
"name": "ADV-2010-3345",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2010/3345"
},
{
"name": "vlcmediaplayer-realdemuxer-code-exec(64461)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/64461"
},
{
"name": "45632",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/45632"
},
{
"name": "http://www.videolan.org/security/sa1007.html",
"refsource": "CONFIRM",
"url": "http://www.videolan.org/security/sa1007.html"
},
{
"name": "http://www.cs.brown.edu/people/drosenbe/research.html",
"refsource": "MISC",
"url": "http://www.cs.brown.edu/people/drosenbe/research.html"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "cc1ad9ee-3454-478d-9317-d3e869d708bc",
"assignerShortName": "canonical",
"cveId": "CVE-2010-3907",
"datePublished": "2011-01-03T19:26:00",
"dateReserved": "2010-10-12T00:00:00",
"dateUpdated": "2024-08-07T03:26:12.237Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2008-3732
Vulnerability from cvelistv5
Published
2008-08-20 16:00
Modified
2024-08-07 09:53
Severity ?
EPSS score ?
Summary
Integer overflow in the Open function in modules/demux/tta.c in VLC Media Player 0.8.6i allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a crafted TTA file, which triggers a heap-based buffer overflow. NOTE: some of these details are obtained from third party information.
References
| ▼ | URL | Tags |
|---|---|---|
| https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A14570 | vdb-entry, signature, x_refsource_OVAL | |
| https://www.exploit-db.com/exploits/6252 | exploit, x_refsource_EXPLOIT-DB | |
| http://www.securityfocus.com/bid/30718 | vdb-entry, x_refsource_BID | |
| http://secunia.com/advisories/31512 | third-party-advisory, x_refsource_SECUNIA | |
| http://www.orange-bat.com/adv/2008/adv.08.16.txt | x_refsource_MISC | |
| https://exchange.xforce.ibmcloud.com/vulnerabilities/44510 | vdb-entry, x_refsource_XF | |
| http://security.gentoo.org/glsa/glsa-200809-06.xml | vendor-advisory, x_refsource_GENTOO | |
| http://securityreason.com/securityalert/4170 | third-party-advisory, x_refsource_SREASON | |
| http://www.vupen.com/english/advisories/2008/2394 | vdb-entry, x_refsource_VUPEN |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T09:53:00.402Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "oval:org.mitre.oval:def:14570",
"tags": [
"vdb-entry",
"signature",
"x_refsource_OVAL",
"x_transferred"
],
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A14570"
},
{
"name": "6252",
"tags": [
"exploit",
"x_refsource_EXPLOIT-DB",
"x_transferred"
],
"url": "https://www.exploit-db.com/exploits/6252"
},
{
"name": "30718",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/30718"
},
{
"name": "31512",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/31512"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://www.orange-bat.com/adv/2008/adv.08.16.txt"
},
{
"name": "vlc-mediaplayer-open-bo(44510)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/44510"
},
{
"name": "GLSA-200809-06",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO",
"x_transferred"
],
"url": "http://security.gentoo.org/glsa/glsa-200809-06.xml"
},
{
"name": "4170",
"tags": [
"third-party-advisory",
"x_refsource_SREASON",
"x_transferred"
],
"url": "http://securityreason.com/securityalert/4170"
},
{
"name": "ADV-2008-2394",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2008/2394"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2008-08-16T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Integer overflow in the Open function in modules/demux/tta.c in VLC Media Player 0.8.6i allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a crafted TTA file, which triggers a heap-based buffer overflow. NOTE: some of these details are obtained from third party information."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-09-28T12:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "oval:org.mitre.oval:def:14570",
"tags": [
"vdb-entry",
"signature",
"x_refsource_OVAL"
],
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A14570"
},
{
"name": "6252",
"tags": [
"exploit",
"x_refsource_EXPLOIT-DB"
],
"url": "https://www.exploit-db.com/exploits/6252"
},
{
"name": "30718",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/30718"
},
{
"name": "31512",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/31512"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://www.orange-bat.com/adv/2008/adv.08.16.txt"
},
{
"name": "vlc-mediaplayer-open-bo(44510)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/44510"
},
{
"name": "GLSA-200809-06",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO"
],
"url": "http://security.gentoo.org/glsa/glsa-200809-06.xml"
},
{
"name": "4170",
"tags": [
"third-party-advisory",
"x_refsource_SREASON"
],
"url": "http://securityreason.com/securityalert/4170"
},
{
"name": "ADV-2008-2394",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2008/2394"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2008-3732",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Integer overflow in the Open function in modules/demux/tta.c in VLC Media Player 0.8.6i allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a crafted TTA file, which triggers a heap-based buffer overflow. NOTE: some of these details are obtained from third party information."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "oval:org.mitre.oval:def:14570",
"refsource": "OVAL",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A14570"
},
{
"name": "6252",
"refsource": "EXPLOIT-DB",
"url": "https://www.exploit-db.com/exploits/6252"
},
{
"name": "30718",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/30718"
},
{
"name": "31512",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/31512"
},
{
"name": "http://www.orange-bat.com/adv/2008/adv.08.16.txt",
"refsource": "MISC",
"url": "http://www.orange-bat.com/adv/2008/adv.08.16.txt"
},
{
"name": "vlc-mediaplayer-open-bo(44510)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/44510"
},
{
"name": "GLSA-200809-06",
"refsource": "GENTOO",
"url": "http://security.gentoo.org/glsa/glsa-200809-06.xml"
},
{
"name": "4170",
"refsource": "SREASON",
"url": "http://securityreason.com/securityalert/4170"
},
{
"name": "ADV-2008-2394",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2008/2394"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2008-3732",
"datePublished": "2008-08-20T16:00:00",
"dateReserved": "2008-08-20T00:00:00",
"dateUpdated": "2024-08-07T09:53:00.402Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2019-12874
Vulnerability from cvelistv5
Published
2019-06-18 17:53
Modified
2024-08-04 23:32
Severity ?
EPSS score ?
Summary
An issue was discovered in zlib_decompress_extra in modules/demux/mkv/util.cpp in VideoLAN VLC media player 3.x through 3.0.7. The Matroska demuxer, while parsing a malformed MKV file type, has a double free.
References
| ▼ | URL | Tags |
|---|---|---|
| http://git.videolan.org/?p=vlc.git%3Ba=commit%3Bh=81023659c7de5ac2637b4a879195efef50846102 | x_refsource_MISC | |
| http://www.securityfocus.com/bid/108882 | vdb-entry, x_refsource_BID | |
| https://usn.ubuntu.com/4074-1/ | vendor-advisory, x_refsource_UBUNTU | |
| http://lists.opensuse.org/opensuse-security-announce/2019-08/msg00005.html | vendor-advisory, x_refsource_SUSE | |
| http://lists.opensuse.org/opensuse-security-announce/2019-08/msg00040.html | vendor-advisory, x_refsource_SUSE | |
| http://lists.opensuse.org/opensuse-security-announce/2019-08/msg00037.html | vendor-advisory, x_refsource_SUSE | |
| https://security.gentoo.org/glsa/201908-23 | vendor-advisory, x_refsource_GENTOO | |
| http://lists.opensuse.org/opensuse-security-announce/2019-08/msg00081.html | vendor-advisory, x_refsource_SUSE |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T23:32:55.483Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://git.videolan.org/?p=vlc.git%3Ba=commit%3Bh=81023659c7de5ac2637b4a879195efef50846102"
},
{
"name": "108882",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/108882"
},
{
"name": "USN-4074-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU",
"x_transferred"
],
"url": "https://usn.ubuntu.com/4074-1/"
},
{
"name": "openSUSE-SU-2019:1840",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2019-08/msg00005.html"
},
{
"name": "openSUSE-SU-2019:1909",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2019-08/msg00040.html"
},
{
"name": "openSUSE-SU-2019:1897",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2019-08/msg00037.html"
},
{
"name": "GLSA-201908-23",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO",
"x_transferred"
],
"url": "https://security.gentoo.org/glsa/201908-23"
},
{
"name": "openSUSE-SU-2019:2015",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2019-08/msg00081.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "An issue was discovered in zlib_decompress_extra in modules/demux/mkv/util.cpp in VideoLAN VLC media player 3.x through 3.0.7. The Matroska demuxer, while parsing a malformed MKV file type, has a double free."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2019-08-26T20:06:12",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "http://git.videolan.org/?p=vlc.git%3Ba=commit%3Bh=81023659c7de5ac2637b4a879195efef50846102"
},
{
"name": "108882",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/108882"
},
{
"name": "USN-4074-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU"
],
"url": "https://usn.ubuntu.com/4074-1/"
},
{
"name": "openSUSE-SU-2019:1840",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2019-08/msg00005.html"
},
{
"name": "openSUSE-SU-2019:1909",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2019-08/msg00040.html"
},
{
"name": "openSUSE-SU-2019:1897",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2019-08/msg00037.html"
},
{
"name": "GLSA-201908-23",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO"
],
"url": "https://security.gentoo.org/glsa/201908-23"
},
{
"name": "openSUSE-SU-2019:2015",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2019-08/msg00081.html"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2019-12874",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "An issue was discovered in zlib_decompress_extra in modules/demux/mkv/util.cpp in VideoLAN VLC media player 3.x through 3.0.7. The Matroska demuxer, while parsing a malformed MKV file type, has a double free."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://git.videolan.org/?p=vlc.git;a=commit;h=81023659c7de5ac2637b4a879195efef50846102",
"refsource": "MISC",
"url": "http://git.videolan.org/?p=vlc.git;a=commit;h=81023659c7de5ac2637b4a879195efef50846102"
},
{
"name": "108882",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/108882"
},
{
"name": "USN-4074-1",
"refsource": "UBUNTU",
"url": "https://usn.ubuntu.com/4074-1/"
},
{
"name": "openSUSE-SU-2019:1840",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2019-08/msg00005.html"
},
{
"name": "openSUSE-SU-2019:1909",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2019-08/msg00040.html"
},
{
"name": "openSUSE-SU-2019:1897",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2019-08/msg00037.html"
},
{
"name": "GLSA-201908-23",
"refsource": "GENTOO",
"url": "https://security.gentoo.org/glsa/201908-23"
},
{
"name": "openSUSE-SU-2019:2015",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2019-08/msg00081.html"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2019-12874",
"datePublished": "2019-06-18T17:53:09",
"dateReserved": "2019-06-18T00:00:00",
"dateUpdated": "2024-08-04T23:32:55.483Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2010-3275
Vulnerability from cvelistv5
Published
2011-03-28 16:00
Modified
2024-08-07 03:03
Severity ?
EPSS score ?
Summary
libdirectx_plugin.dll in VideoLAN VLC Media Player before 1.1.8 allows remote attackers to execute arbitrary code via a crafted width in an AMV file, related to a "dangling pointer vulnerability."
References
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T03:03:18.922Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "1025250",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://securitytracker.com/id?1025250"
},
{
"name": "ADV-2011-0759",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2011/0759"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.videolan.org/vlc/releases/1.1.8.html"
},
{
"name": "43826",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/43826"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://www.metasploit.com/modules/exploit/windows/browser/vlc_amv"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://www.coresecurity.com/content/vlc-vulnerabilities-amv-nsv-files"
},
{
"name": "DSA-2211",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN",
"x_transferred"
],
"url": "http://www.debian.org/security/2011/dsa-2211"
},
{
"name": "17048",
"tags": [
"exploit",
"x_refsource_EXPLOIT-DB",
"x_transferred"
],
"url": "http://www.exploit-db.com/exploits/17048"
},
{
"name": "20110323 CORE-2011-0208: VLC Vulnerabilities handling .AMV and .NSV files",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://www.securityfocus.com/archive/1/517150/100/0/threaded"
},
{
"name": "71277",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://www.osvdb.org/71277"
},
{
"name": "vlcmediaplayer-amv-bo(66259)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/66259"
},
{
"name": "oval:org.mitre.oval:def:14718",
"tags": [
"vdb-entry",
"signature",
"x_refsource_OVAL",
"x_transferred"
],
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A14718"
},
{
"name": "8162",
"tags": [
"third-party-advisory",
"x_refsource_SREASON",
"x_transferred"
],
"url": "http://securityreason.com/securityalert/8162"
},
{
"name": "47012",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/47012"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2011-03-23T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "libdirectx_plugin.dll in VideoLAN VLC Media Player before 1.1.8 allows remote attackers to execute arbitrary code via a crafted width in an AMV file, related to a \"dangling pointer vulnerability.\""
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-10-10T18:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "1025250",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://securitytracker.com/id?1025250"
},
{
"name": "ADV-2011-0759",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2011/0759"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.videolan.org/vlc/releases/1.1.8.html"
},
{
"name": "43826",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/43826"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://www.metasploit.com/modules/exploit/windows/browser/vlc_amv"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://www.coresecurity.com/content/vlc-vulnerabilities-amv-nsv-files"
},
{
"name": "DSA-2211",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN"
],
"url": "http://www.debian.org/security/2011/dsa-2211"
},
{
"name": "17048",
"tags": [
"exploit",
"x_refsource_EXPLOIT-DB"
],
"url": "http://www.exploit-db.com/exploits/17048"
},
{
"name": "20110323 CORE-2011-0208: VLC Vulnerabilities handling .AMV and .NSV files",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://www.securityfocus.com/archive/1/517150/100/0/threaded"
},
{
"name": "71277",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://www.osvdb.org/71277"
},
{
"name": "vlcmediaplayer-amv-bo(66259)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/66259"
},
{
"name": "oval:org.mitre.oval:def:14718",
"tags": [
"vdb-entry",
"signature",
"x_refsource_OVAL"
],
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A14718"
},
{
"name": "8162",
"tags": [
"third-party-advisory",
"x_refsource_SREASON"
],
"url": "http://securityreason.com/securityalert/8162"
},
{
"name": "47012",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/47012"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2010-3275",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "libdirectx_plugin.dll in VideoLAN VLC Media Player before 1.1.8 allows remote attackers to execute arbitrary code via a crafted width in an AMV file, related to a \"dangling pointer vulnerability.\""
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "1025250",
"refsource": "SECTRACK",
"url": "http://securitytracker.com/id?1025250"
},
{
"name": "ADV-2011-0759",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2011/0759"
},
{
"name": "http://www.videolan.org/vlc/releases/1.1.8.html",
"refsource": "CONFIRM",
"url": "http://www.videolan.org/vlc/releases/1.1.8.html"
},
{
"name": "43826",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/43826"
},
{
"name": "http://www.metasploit.com/modules/exploit/windows/browser/vlc_amv",
"refsource": "MISC",
"url": "http://www.metasploit.com/modules/exploit/windows/browser/vlc_amv"
},
{
"name": "http://www.coresecurity.com/content/vlc-vulnerabilities-amv-nsv-files",
"refsource": "MISC",
"url": "http://www.coresecurity.com/content/vlc-vulnerabilities-amv-nsv-files"
},
{
"name": "DSA-2211",
"refsource": "DEBIAN",
"url": "http://www.debian.org/security/2011/dsa-2211"
},
{
"name": "17048",
"refsource": "EXPLOIT-DB",
"url": "http://www.exploit-db.com/exploits/17048"
},
{
"name": "20110323 CORE-2011-0208: VLC Vulnerabilities handling .AMV and .NSV files",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/517150/100/0/threaded"
},
{
"name": "71277",
"refsource": "OSVDB",
"url": "http://www.osvdb.org/71277"
},
{
"name": "vlcmediaplayer-amv-bo(66259)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/66259"
},
{
"name": "oval:org.mitre.oval:def:14718",
"refsource": "OVAL",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A14718"
},
{
"name": "8162",
"refsource": "SREASON",
"url": "http://securityreason.com/securityalert/8162"
},
{
"name": "47012",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/47012"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2010-3275",
"datePublished": "2011-03-28T16:00:00",
"dateReserved": "2010-09-09T00:00:00",
"dateUpdated": "2024-08-07T03:03:18.922Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2019-14776
Vulnerability from cvelistv5
Published
2019-08-29 18:45
Modified
2024-08-05 00:26
Severity ?
EPSS score ?
Summary
A heap-based buffer over-read exists in DemuxInit() in demux/asf/asf.c in VideoLAN VLC media player 3.0.7.1 via a crafted .mkv file.
References
| ▼ | URL | Tags |
|---|---|---|
| http://git.videolan.org/?p=vlc.git&a=search&h=refs/heads/master&st=commit&s=cve-2019 | x_refsource_CONFIRM | |
| https://www.debian.org/security/2019/dsa-4504 | vendor-advisory, x_refsource_DEBIAN | |
| https://seclists.org/bugtraq/2019/Aug/36 | mailing-list, x_refsource_BUGTRAQ | |
| https://www.videolan.org/security/sb-vlc308.html | x_refsource_CONFIRM | |
| https://security.gentoo.org/glsa/201909-02 | vendor-advisory, x_refsource_GENTOO | |
| https://usn.ubuntu.com/4131-1/ | vendor-advisory, x_refsource_UBUNTU | |
| http://lists.opensuse.org/opensuse-security-announce/2020-04/msg00036.html | vendor-advisory, x_refsource_SUSE | |
| http://lists.opensuse.org/opensuse-security-announce/2020-04/msg00046.html | vendor-advisory, x_refsource_SUSE |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T00:26:38.930Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://git.videolan.org/?p=vlc.git\u0026a=search\u0026h=refs/heads/master\u0026st=commit\u0026s=cve-2019"
},
{
"name": "DSA-4504",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN",
"x_transferred"
],
"url": "https://www.debian.org/security/2019/dsa-4504"
},
{
"name": "20190821 [SECURITY] [DSA 4504-1] vlc security update",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "https://seclists.org/bugtraq/2019/Aug/36"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://www.videolan.org/security/sb-vlc308.html"
},
{
"name": "GLSA-201909-02",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO",
"x_transferred"
],
"url": "https://security.gentoo.org/glsa/201909-02"
},
{
"name": "USN-4131-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU",
"x_transferred"
],
"url": "https://usn.ubuntu.com/4131-1/"
},
{
"name": "openSUSE-SU-2020:0545",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2020-04/msg00036.html"
},
{
"name": "openSUSE-SU-2020:0562",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2020-04/msg00046.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2019-08-14T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "A heap-based buffer over-read exists in DemuxInit() in demux/asf/asf.c in VideoLAN VLC media player 3.0.7.1 via a crafted .mkv file."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2020-04-29T11:06:10",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://git.videolan.org/?p=vlc.git\u0026a=search\u0026h=refs/heads/master\u0026st=commit\u0026s=cve-2019"
},
{
"name": "DSA-4504",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN"
],
"url": "https://www.debian.org/security/2019/dsa-4504"
},
{
"name": "20190821 [SECURITY] [DSA 4504-1] vlc security update",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "https://seclists.org/bugtraq/2019/Aug/36"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://www.videolan.org/security/sb-vlc308.html"
},
{
"name": "GLSA-201909-02",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO"
],
"url": "https://security.gentoo.org/glsa/201909-02"
},
{
"name": "USN-4131-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU"
],
"url": "https://usn.ubuntu.com/4131-1/"
},
{
"name": "openSUSE-SU-2020:0545",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2020-04/msg00036.html"
},
{
"name": "openSUSE-SU-2020:0562",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2020-04/msg00046.html"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2019-14776",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "A heap-based buffer over-read exists in DemuxInit() in demux/asf/asf.c in VideoLAN VLC media player 3.0.7.1 via a crafted .mkv file."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://git.videolan.org/?p=vlc.git\u0026a=search\u0026h=refs/heads/master\u0026st=commit\u0026s=cve-2019",
"refsource": "CONFIRM",
"url": "http://git.videolan.org/?p=vlc.git\u0026a=search\u0026h=refs/heads/master\u0026st=commit\u0026s=cve-2019"
},
{
"name": "DSA-4504",
"refsource": "DEBIAN",
"url": "https://www.debian.org/security/2019/dsa-4504"
},
{
"name": "20190821 [SECURITY] [DSA 4504-1] vlc security update",
"refsource": "BUGTRAQ",
"url": "https://seclists.org/bugtraq/2019/Aug/36"
},
{
"name": "https://www.videolan.org/security/sb-vlc308.html",
"refsource": "CONFIRM",
"url": "https://www.videolan.org/security/sb-vlc308.html"
},
{
"name": "GLSA-201909-02",
"refsource": "GENTOO",
"url": "https://security.gentoo.org/glsa/201909-02"
},
{
"name": "USN-4131-1",
"refsource": "UBUNTU",
"url": "https://usn.ubuntu.com/4131-1/"
},
{
"name": "openSUSE-SU-2020:0545",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2020-04/msg00036.html"
},
{
"name": "openSUSE-SU-2020:0562",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2020-04/msg00046.html"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2019-14776",
"datePublished": "2019-08-29T18:45:48",
"dateReserved": "2019-08-08T00:00:00",
"dateUpdated": "2024-08-05T00:26:38.930Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2018-11516
Vulnerability from cvelistv5
Published
2018-05-28 16:00
Modified
2024-08-05 08:10
Severity ?
EPSS score ?
Summary
The vlc_demux_chained_Delete function in input/demux_chained.c in VideoLAN VLC media player 3.0.1 allows remote attackers to cause a denial of service (heap corruption and application crash) or possibly have unspecified other impact via a crafted .swf file.
References
| ▼ | URL | Tags |
|---|---|---|
| http://www.securitytracker.com/id/1041312 | vdb-entry, x_refsource_SECTRACK | |
| http://code610.blogspot.com/2018/05/make-free-vlc.html | x_refsource_MISC | |
| http://www.videolan.org/security/sa1801.html | x_refsource_CONFIRM | |
| http://www.securityfocus.com/bid/104293 | vdb-entry, x_refsource_BID |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T08:10:14.588Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "1041312",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://www.securitytracker.com/id/1041312"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://code610.blogspot.com/2018/05/make-free-vlc.html"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.videolan.org/security/sa1801.html"
},
{
"name": "104293",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/104293"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2018-05-28T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "The vlc_demux_chained_Delete function in input/demux_chained.c in VideoLAN VLC media player 3.0.1 allows remote attackers to cause a denial of service (heap corruption and application crash) or possibly have unspecified other impact via a crafted .swf file."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-07-27T09:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "1041312",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://www.securitytracker.com/id/1041312"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://code610.blogspot.com/2018/05/make-free-vlc.html"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.videolan.org/security/sa1801.html"
},
{
"name": "104293",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/104293"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2018-11516",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The vlc_demux_chained_Delete function in input/demux_chained.c in VideoLAN VLC media player 3.0.1 allows remote attackers to cause a denial of service (heap corruption and application crash) or possibly have unspecified other impact via a crafted .swf file."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "1041312",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1041312"
},
{
"name": "http://code610.blogspot.com/2018/05/make-free-vlc.html",
"refsource": "MISC",
"url": "http://code610.blogspot.com/2018/05/make-free-vlc.html"
},
{
"name": "http://www.videolan.org/security/sa1801.html",
"refsource": "CONFIRM",
"url": "http://www.videolan.org/security/sa1801.html"
},
{
"name": "104293",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/104293"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2018-11516",
"datePublished": "2018-05-28T16:00:00",
"dateReserved": "2018-05-28T00:00:00",
"dateUpdated": "2024-08-05T08:10:14.588Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2008-5032
Vulnerability from cvelistv5
Published
2008-11-10 16:00
Modified
2024-08-07 10:40
Severity ?
EPSS score ?
Summary
Stack-based buffer overflow in VideoLAN VLC media player 0.5.0 through 0.9.5 might allow user-assisted attackers to execute arbitrary code via the header of an invalid CUE image file, related to modules/access/vcd/cdrom.c. NOTE: this identifier originally included an issue related to RealText, but that issue has been assigned a separate identifier, CVE-2008-5036.
References
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T10:40:17.355Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "[oss-security] 20081105 VideoLAN security advisory 0810",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2008/11/05/4"
},
{
"name": "vlcmediaplayer-cue-bo(46375)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/46375"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.videolan.org/security/sa0810.html"
},
{
"name": "20081106 [TKADV2008-012] VLC media player cue Processing Stack Overflow Vulnerability",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://www.securityfocus.com/archive/1/498112/100/0/threaded"
},
{
"name": "[oss-security] 20081105 CVE id request: vlc",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2008/11/05/5"
},
{
"name": "[oss-security] 20081110 Re: CVE id request: vlc",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2008/11/10/13"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://git.videolan.org/?p=vlc.git%3Ba=commitdiff%3Bh=5f63f1562d43f32331006c2c1a61742de031b84d"
},
{
"name": "oval:org.mitre.oval:def:14798",
"tags": [
"vdb-entry",
"signature",
"x_refsource_OVAL",
"x_transferred"
],
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A14798"
},
{
"name": "32569",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/32569"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://www.trapkit.de/advisories/TKADV2008-012.txt"
},
{
"name": "33315",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/33315"
},
{
"name": "32125",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/32125"
},
{
"name": "GLSA-200812-24",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO",
"x_transferred"
],
"url": "http://security.gentoo.org/glsa/glsa-200812-24.xml"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2008-11-05T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Stack-based buffer overflow in VideoLAN VLC media player 0.5.0 through 0.9.5 might allow user-assisted attackers to execute arbitrary code via the header of an invalid CUE image file, related to modules/access/vcd/cdrom.c. NOTE: this identifier originally included an issue related to RealText, but that issue has been assigned a separate identifier, CVE-2008-5036."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-10-11T19:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "[oss-security] 20081105 VideoLAN security advisory 0810",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://www.openwall.com/lists/oss-security/2008/11/05/4"
},
{
"name": "vlcmediaplayer-cue-bo(46375)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/46375"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.videolan.org/security/sa0810.html"
},
{
"name": "20081106 [TKADV2008-012] VLC media player cue Processing Stack Overflow Vulnerability",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://www.securityfocus.com/archive/1/498112/100/0/threaded"
},
{
"name": "[oss-security] 20081105 CVE id request: vlc",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://www.openwall.com/lists/oss-security/2008/11/05/5"
},
{
"name": "[oss-security] 20081110 Re: CVE id request: vlc",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://www.openwall.com/lists/oss-security/2008/11/10/13"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://git.videolan.org/?p=vlc.git%3Ba=commitdiff%3Bh=5f63f1562d43f32331006c2c1a61742de031b84d"
},
{
"name": "oval:org.mitre.oval:def:14798",
"tags": [
"vdb-entry",
"signature",
"x_refsource_OVAL"
],
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A14798"
},
{
"name": "32569",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/32569"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://www.trapkit.de/advisories/TKADV2008-012.txt"
},
{
"name": "33315",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/33315"
},
{
"name": "32125",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/32125"
},
{
"name": "GLSA-200812-24",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO"
],
"url": "http://security.gentoo.org/glsa/glsa-200812-24.xml"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2008-5032",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Stack-based buffer overflow in VideoLAN VLC media player 0.5.0 through 0.9.5 might allow user-assisted attackers to execute arbitrary code via the header of an invalid CUE image file, related to modules/access/vcd/cdrom.c. NOTE: this identifier originally included an issue related to RealText, but that issue has been assigned a separate identifier, CVE-2008-5036."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "[oss-security] 20081105 VideoLAN security advisory 0810",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2008/11/05/4"
},
{
"name": "vlcmediaplayer-cue-bo(46375)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/46375"
},
{
"name": "http://www.videolan.org/security/sa0810.html",
"refsource": "CONFIRM",
"url": "http://www.videolan.org/security/sa0810.html"
},
{
"name": "20081106 [TKADV2008-012] VLC media player cue Processing Stack Overflow Vulnerability",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/498112/100/0/threaded"
},
{
"name": "[oss-security] 20081105 CVE id request: vlc",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2008/11/05/5"
},
{
"name": "[oss-security] 20081110 Re: CVE id request: vlc",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2008/11/10/13"
},
{
"name": "http://git.videolan.org/?p=vlc.git;a=commitdiff;h=5f63f1562d43f32331006c2c1a61742de031b84d",
"refsource": "CONFIRM",
"url": "http://git.videolan.org/?p=vlc.git;a=commitdiff;h=5f63f1562d43f32331006c2c1a61742de031b84d"
},
{
"name": "oval:org.mitre.oval:def:14798",
"refsource": "OVAL",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A14798"
},
{
"name": "32569",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/32569"
},
{
"name": "http://www.trapkit.de/advisories/TKADV2008-012.txt",
"refsource": "MISC",
"url": "http://www.trapkit.de/advisories/TKADV2008-012.txt"
},
{
"name": "33315",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/33315"
},
{
"name": "32125",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/32125"
},
{
"name": "GLSA-200812-24",
"refsource": "GENTOO",
"url": "http://security.gentoo.org/glsa/glsa-200812-24.xml"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2008-5032",
"datePublished": "2008-11-10T16:00:00",
"dateReserved": "2008-11-10T00:00:00",
"dateUpdated": "2024-08-07T10:40:17.355Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2014-9598
Vulnerability from cvelistv5
Published
2015-01-21 11:00
Modified
2024-08-06 13:47
Severity ?
EPSS score ?
Summary
The picture_Release function in misc/picture.c in VideoLAN VLC media player 2.1.5 allows remote attackers to execute arbitrary code or cause a denial of service (write access violation) via a crafted M2V file.
References
| ▼ | URL | Tags |
|---|---|---|
| http://www.binarysniper.net/2015/01/vlc-media-player-215-memory-corruption.html | x_refsource_MISC | |
| https://trac.videolan.org/vlc/ticket/13390 | x_refsource_MISC | |
| http://seclists.org/fulldisclosure/2015/Jan/72 | mailing-list, x_refsource_FULLDISC | |
| https://security.gentoo.org/glsa/201603-08 | vendor-advisory, x_refsource_GENTOO | |
| https://trac.videolan.org/vlc/attachment/ticket/13390/windbglog.txt | x_refsource_MISC |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T13:47:41.656Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://www.binarysniper.net/2015/01/vlc-media-player-215-memory-corruption.html"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://trac.videolan.org/vlc/ticket/13390"
},
{
"name": "20150116 VLC Media Player 2.1.5 Memory Corruption Vulnerabilities (CVE-2014-9597, CVE-2014-9597)",
"tags": [
"mailing-list",
"x_refsource_FULLDISC",
"x_transferred"
],
"url": "http://seclists.org/fulldisclosure/2015/Jan/72"
},
{
"name": "GLSA-201603-08",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO",
"x_transferred"
],
"url": "https://security.gentoo.org/glsa/201603-08"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://trac.videolan.org/vlc/attachment/ticket/13390/windbglog.txt"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2015-01-16T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "The picture_Release function in misc/picture.c in VideoLAN VLC media player 2.1.5 allows remote attackers to execute arbitrary code or cause a denial of service (write access violation) via a crafted M2V file."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-06-30T16:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "http://www.binarysniper.net/2015/01/vlc-media-player-215-memory-corruption.html"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://trac.videolan.org/vlc/ticket/13390"
},
{
"name": "20150116 VLC Media Player 2.1.5 Memory Corruption Vulnerabilities (CVE-2014-9597, CVE-2014-9597)",
"tags": [
"mailing-list",
"x_refsource_FULLDISC"
],
"url": "http://seclists.org/fulldisclosure/2015/Jan/72"
},
{
"name": "GLSA-201603-08",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO"
],
"url": "https://security.gentoo.org/glsa/201603-08"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://trac.videolan.org/vlc/attachment/ticket/13390/windbglog.txt"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2014-9598",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The picture_Release function in misc/picture.c in VideoLAN VLC media player 2.1.5 allows remote attackers to execute arbitrary code or cause a denial of service (write access violation) via a crafted M2V file."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://www.binarysniper.net/2015/01/vlc-media-player-215-memory-corruption.html",
"refsource": "MISC",
"url": "http://www.binarysniper.net/2015/01/vlc-media-player-215-memory-corruption.html"
},
{
"name": "https://trac.videolan.org/vlc/ticket/13390",
"refsource": "MISC",
"url": "https://trac.videolan.org/vlc/ticket/13390"
},
{
"name": "20150116 VLC Media Player 2.1.5 Memory Corruption Vulnerabilities (CVE-2014-9597, CVE-2014-9597)",
"refsource": "FULLDISC",
"url": "http://seclists.org/fulldisclosure/2015/Jan/72"
},
{
"name": "GLSA-201603-08",
"refsource": "GENTOO",
"url": "https://security.gentoo.org/glsa/201603-08"
},
{
"name": "https://trac.videolan.org/vlc/attachment/ticket/13390/windbglog.txt",
"refsource": "MISC",
"url": "https://trac.videolan.org/vlc/attachment/ticket/13390/windbglog.txt"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2014-9598",
"datePublished": "2015-01-21T11:00:00",
"dateReserved": "2015-01-15T00:00:00",
"dateUpdated": "2024-08-06T13:47:41.656Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2013-6283
Vulnerability from cvelistv5
Published
2013-10-25 23:00
Modified
2024-08-06 17:39
Severity ?
EPSS score ?
Summary
VideoLAN VLC Media Player 2.0.8 and earlier allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a long string in a URL in a m3u file.
References
| ▼ | URL | Tags |
|---|---|---|
| http://www.exploit-db.com/exploits/27700 | exploit, x_refsource_EXPLOIT-DB | |
| http://www.osvdb.org/96603 | vdb-entry, x_refsource_OSVDB | |
| https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A19318 | vdb-entry, signature, x_refsource_OVAL |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T17:39:01.091Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "27700",
"tags": [
"exploit",
"x_refsource_EXPLOIT-DB",
"x_transferred"
],
"url": "http://www.exploit-db.com/exploits/27700"
},
{
"name": "96603",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://www.osvdb.org/96603"
},
{
"name": "oval:org.mitre.oval:def:19318",
"tags": [
"vdb-entry",
"signature",
"x_refsource_OVAL",
"x_transferred"
],
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A19318"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2013-08-19T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "VideoLAN VLC Media Player 2.0.8 and earlier allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a long string in a URL in a m3u file."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-09-18T12:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "27700",
"tags": [
"exploit",
"x_refsource_EXPLOIT-DB"
],
"url": "http://www.exploit-db.com/exploits/27700"
},
{
"name": "96603",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://www.osvdb.org/96603"
},
{
"name": "oval:org.mitre.oval:def:19318",
"tags": [
"vdb-entry",
"signature",
"x_refsource_OVAL"
],
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A19318"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2013-6283",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "VideoLAN VLC Media Player 2.0.8 and earlier allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a long string in a URL in a m3u file."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "27700",
"refsource": "EXPLOIT-DB",
"url": "http://www.exploit-db.com/exploits/27700"
},
{
"name": "96603",
"refsource": "OSVDB",
"url": "http://www.osvdb.org/96603"
},
{
"name": "oval:org.mitre.oval:def:19318",
"refsource": "OVAL",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A19318"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2013-6283",
"datePublished": "2013-10-25T23:00:00",
"dateReserved": "2013-10-25T00:00:00",
"dateUpdated": "2024-08-06T17:39:01.091Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2017-8310
Vulnerability from cvelistv5
Published
2017-05-23 21:00
Modified
2024-08-05 16:34
Severity ?
EPSS score ?
Summary
Heap out-of-bound read in CreateHtmlSubtitle in VideoLAN VLC 2.2.x due to missing check of string termination allows attackers to read data beyond allocated memory and potentially crash the process (causing a denial of service) via a crafted subtitles file.
References
| ▼ | URL | Tags |
|---|---|---|
| https://security.gentoo.org/glsa/201707-10 | vendor-advisory, x_refsource_GENTOO | |
| http://www.securityfocus.com/bid/98638 | vdb-entry, x_refsource_BID | |
| http://git.videolan.org/?p=vlc/vlc-2.2.git%3Ba=blobdiff%3Bf=modules/codec/subsdec.c%3Bh=addd8c71f30d53558fffd19059b374be45cf0f8e%3Bhp=1b4276e299a2a6668047231d29ac705ae93076ba%3Bhb=7cac839692ab79dbfe5e4ebd4c4e37d9a8b1b328%3Bhpb=3477dba3d506de8d95bccef2c6b67861188f6c29 | x_refsource_CONFIRM | |
| http://www.debian.org/security/2017/dsa-3899 | vendor-advisory, x_refsource_DEBIAN |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T16:34:21.655Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "GLSA-201707-10",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO",
"x_transferred"
],
"url": "https://security.gentoo.org/glsa/201707-10"
},
{
"name": "98638",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/98638"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://git.videolan.org/?p=vlc/vlc-2.2.git%3Ba=blobdiff%3Bf=modules/codec/subsdec.c%3Bh=addd8c71f30d53558fffd19059b374be45cf0f8e%3Bhp=1b4276e299a2a6668047231d29ac705ae93076ba%3Bhb=7cac839692ab79dbfe5e4ebd4c4e37d9a8b1b328%3Bhpb=3477dba3d506de8d95bccef2c6b67861188f6c29"
},
{
"name": "DSA-3899",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN",
"x_transferred"
],
"url": "http://www.debian.org/security/2017/dsa-3899"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "VLC",
"vendor": "VideoLAN",
"versions": [
{
"status": "affected",
"version": "2.2.*"
}
]
}
],
"datePublic": "2017-04-06T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Heap out-of-bound read in CreateHtmlSubtitle in VideoLAN VLC 2.2.x due to missing check of string termination allows attackers to read data beyond allocated memory and potentially crash the process (causing a denial of service) via a crafted subtitles file."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Allows attacker to read data beyond allocated memory and potentially crash the process (causing a denial of service)",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-11-03T18:57:01",
"orgId": "897c38be-0345-43cd-b6cf-fe179e0c4f45",
"shortName": "checkpoint"
},
"references": [
{
"name": "GLSA-201707-10",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO"
],
"url": "https://security.gentoo.org/glsa/201707-10"
},
{
"name": "98638",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/98638"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://git.videolan.org/?p=vlc/vlc-2.2.git%3Ba=blobdiff%3Bf=modules/codec/subsdec.c%3Bh=addd8c71f30d53558fffd19059b374be45cf0f8e%3Bhp=1b4276e299a2a6668047231d29ac705ae93076ba%3Bhb=7cac839692ab79dbfe5e4ebd4c4e37d9a8b1b328%3Bhpb=3477dba3d506de8d95bccef2c6b67861188f6c29"
},
{
"name": "DSA-3899",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN"
],
"url": "http://www.debian.org/security/2017/dsa-3899"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@checkpoint.com",
"ID": "CVE-2017-8310",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "VLC",
"version": {
"version_data": [
{
"version_value": "2.2.*"
}
]
}
}
]
},
"vendor_name": "VideoLAN"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Heap out-of-bound read in CreateHtmlSubtitle in VideoLAN VLC 2.2.x due to missing check of string termination allows attackers to read data beyond allocated memory and potentially crash the process (causing a denial of service) via a crafted subtitles file."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Allows attacker to read data beyond allocated memory and potentially crash the process (causing a denial of service)"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "GLSA-201707-10",
"refsource": "GENTOO",
"url": "https://security.gentoo.org/glsa/201707-10"
},
{
"name": "98638",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/98638"
},
{
"name": "http://git.videolan.org/?p=vlc/vlc-2.2.git;a=blobdiff;f=modules/codec/subsdec.c;h=addd8c71f30d53558fffd19059b374be45cf0f8e;hp=1b4276e299a2a6668047231d29ac705ae93076ba;hb=7cac839692ab79dbfe5e4ebd4c4e37d9a8b1b328;hpb=3477dba3d506de8d95bccef2c6b67861188f6c29",
"refsource": "CONFIRM",
"url": "http://git.videolan.org/?p=vlc/vlc-2.2.git;a=blobdiff;f=modules/codec/subsdec.c;h=addd8c71f30d53558fffd19059b374be45cf0f8e;hp=1b4276e299a2a6668047231d29ac705ae93076ba;hb=7cac839692ab79dbfe5e4ebd4c4e37d9a8b1b328;hpb=3477dba3d506de8d95bccef2c6b67861188f6c29"
},
{
"name": "DSA-3899",
"refsource": "DEBIAN",
"url": "http://www.debian.org/security/2017/dsa-3899"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "897c38be-0345-43cd-b6cf-fe179e0c4f45",
"assignerShortName": "checkpoint",
"cveId": "CVE-2017-8310",
"datePublished": "2017-05-23T21:00:00",
"dateReserved": "2017-04-28T00:00:00",
"dateUpdated": "2024-08-05T16:34:21.655Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2014-3441
Vulnerability from cvelistv5
Published
2014-05-14 19:00
Modified
2024-08-06 10:43
Severity ?
EPSS score ?
Summary
codec\libpng_plugin.dll in VideoLAN VLC Media Player 2.1.3 allows remote attackers to cause a denial of service (crash) via a crafted .png file, as demonstrated by a png in a .wave file.
References
| ▼ | URL | Tags |
|---|---|---|
| http://packetstormsecurity.com/files/126564/VLC-Player-2.1.3-Memory-Corruption.html | x_refsource_MISC | |
| http://www.securityfocus.com/bid/67315 | vdb-entry, x_refsource_BID |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T10:43:06.247Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://packetstormsecurity.com/files/126564/VLC-Player-2.1.3-Memory-Corruption.html"
},
{
"name": "67315",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/67315"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2014-05-09T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "codec\\libpng_plugin.dll in VideoLAN VLC Media Player 2.1.3 allows remote attackers to cause a denial of service (crash) via a crafted .png file, as demonstrated by a png in a .wave file."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2014-05-14T18:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "http://packetstormsecurity.com/files/126564/VLC-Player-2.1.3-Memory-Corruption.html"
},
{
"name": "67315",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/67315"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2014-3441",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "codec\\libpng_plugin.dll in VideoLAN VLC Media Player 2.1.3 allows remote attackers to cause a denial of service (crash) via a crafted .png file, as demonstrated by a png in a .wave file."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://packetstormsecurity.com/files/126564/VLC-Player-2.1.3-Memory-Corruption.html",
"refsource": "MISC",
"url": "http://packetstormsecurity.com/files/126564/VLC-Player-2.1.3-Memory-Corruption.html"
},
{
"name": "67315",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/67315"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2014-3441",
"datePublished": "2014-05-14T19:00:00",
"dateReserved": "2014-05-09T00:00:00",
"dateUpdated": "2024-08-06T10:43:06.247Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2019-14777
Vulnerability from cvelistv5
Published
2019-08-29 18:53
Modified
2024-08-05 00:26
Severity ?
EPSS score ?
Summary
The Control function of demux/mkv/mkv.cpp in VideoLAN VLC media player 3.0.7.1 has a use-after-free.
References
| ▼ | URL | Tags |
|---|---|---|
| http://git.videolan.org/?p=vlc.git&a=search&h=refs/heads/master&st=commit&s=cve-2019 | x_refsource_CONFIRM | |
| https://www.debian.org/security/2019/dsa-4504 | vendor-advisory, x_refsource_DEBIAN | |
| https://seclists.org/bugtraq/2019/Aug/36 | mailing-list, x_refsource_BUGTRAQ | |
| https://www.videolan.org/security/sb-vlc308.html | x_refsource_CONFIRM | |
| https://security.gentoo.org/glsa/201909-02 | vendor-advisory, x_refsource_GENTOO | |
| https://usn.ubuntu.com/4131-1/ | vendor-advisory, x_refsource_UBUNTU | |
| http://lists.opensuse.org/opensuse-security-announce/2020-04/msg00036.html | vendor-advisory, x_refsource_SUSE | |
| http://lists.opensuse.org/opensuse-security-announce/2020-04/msg00046.html | vendor-advisory, x_refsource_SUSE |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T00:26:39.056Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://git.videolan.org/?p=vlc.git\u0026a=search\u0026h=refs/heads/master\u0026st=commit\u0026s=cve-2019"
},
{
"name": "DSA-4504",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN",
"x_transferred"
],
"url": "https://www.debian.org/security/2019/dsa-4504"
},
{
"name": "20190821 [SECURITY] [DSA 4504-1] vlc security update",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "https://seclists.org/bugtraq/2019/Aug/36"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://www.videolan.org/security/sb-vlc308.html"
},
{
"name": "GLSA-201909-02",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO",
"x_transferred"
],
"url": "https://security.gentoo.org/glsa/201909-02"
},
{
"name": "USN-4131-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU",
"x_transferred"
],
"url": "https://usn.ubuntu.com/4131-1/"
},
{
"name": "openSUSE-SU-2020:0545",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2020-04/msg00036.html"
},
{
"name": "openSUSE-SU-2020:0562",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2020-04/msg00046.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2019-08-14T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "The Control function of demux/mkv/mkv.cpp in VideoLAN VLC media player 3.0.7.1 has a use-after-free."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2020-04-29T11:06:06",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://git.videolan.org/?p=vlc.git\u0026a=search\u0026h=refs/heads/master\u0026st=commit\u0026s=cve-2019"
},
{
"name": "DSA-4504",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN"
],
"url": "https://www.debian.org/security/2019/dsa-4504"
},
{
"name": "20190821 [SECURITY] [DSA 4504-1] vlc security update",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "https://seclists.org/bugtraq/2019/Aug/36"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://www.videolan.org/security/sb-vlc308.html"
},
{
"name": "GLSA-201909-02",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO"
],
"url": "https://security.gentoo.org/glsa/201909-02"
},
{
"name": "USN-4131-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU"
],
"url": "https://usn.ubuntu.com/4131-1/"
},
{
"name": "openSUSE-SU-2020:0545",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2020-04/msg00036.html"
},
{
"name": "openSUSE-SU-2020:0562",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2020-04/msg00046.html"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2019-14777",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The Control function of demux/mkv/mkv.cpp in VideoLAN VLC media player 3.0.7.1 has a use-after-free."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://git.videolan.org/?p=vlc.git\u0026a=search\u0026h=refs/heads/master\u0026st=commit\u0026s=cve-2019",
"refsource": "CONFIRM",
"url": "http://git.videolan.org/?p=vlc.git\u0026a=search\u0026h=refs/heads/master\u0026st=commit\u0026s=cve-2019"
},
{
"name": "DSA-4504",
"refsource": "DEBIAN",
"url": "https://www.debian.org/security/2019/dsa-4504"
},
{
"name": "20190821 [SECURITY] [DSA 4504-1] vlc security update",
"refsource": "BUGTRAQ",
"url": "https://seclists.org/bugtraq/2019/Aug/36"
},
{
"name": "https://www.videolan.org/security/sb-vlc308.html",
"refsource": "CONFIRM",
"url": "https://www.videolan.org/security/sb-vlc308.html"
},
{
"name": "GLSA-201909-02",
"refsource": "GENTOO",
"url": "https://security.gentoo.org/glsa/201909-02"
},
{
"name": "USN-4131-1",
"refsource": "UBUNTU",
"url": "https://usn.ubuntu.com/4131-1/"
},
{
"name": "openSUSE-SU-2020:0545",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2020-04/msg00036.html"
},
{
"name": "openSUSE-SU-2020:0562",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2020-04/msg00046.html"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2019-14777",
"datePublished": "2019-08-29T18:53:08",
"dateReserved": "2019-08-08T00:00:00",
"dateUpdated": "2024-08-05T00:26:39.056Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2013-1868
Vulnerability from cvelistv5
Published
2013-07-10 19:00
Modified
2024-08-06 15:20
Severity ?
EPSS score ?
Summary
Multiple buffer overflows in VideoLAN VLC media player 2.0.4 and earlier allow remote attackers to cause a denial of service (crash) and execute arbitrary code via vectors related to the (1) freetype renderer and (2) HTML subtitle parser.
References
| ▼ | URL | Tags |
|---|---|---|
| http://secunia.com/advisories/59793 | third-party-advisory, x_refsource_SECUNIA | |
| http://marc.info/?l=oss-security&m=136367945627336&w=2 | mailing-list, x_refsource_MLIST | |
| http://www.videolan.org/security/sa1301.html | x_refsource_CONFIRM | |
| http://www.securityfocus.com/bid/57079 | vdb-entry, x_refsource_BID | |
| https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A17226 | vdb-entry, signature, x_refsource_OVAL |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T15:20:35.188Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "59793",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/59793"
},
{
"name": "[oss-security] 20130319 Re: CVE Request: VLC Buffer overflows",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://marc.info/?l=oss-security\u0026m=136367945627336\u0026w=2"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.videolan.org/security/sa1301.html"
},
{
"name": "57079",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/57079"
},
{
"name": "oval:org.mitre.oval:def:17226",
"tags": [
"vdb-entry",
"signature",
"x_refsource_OVAL",
"x_transferred"
],
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A17226"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2013-03-17T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Multiple buffer overflows in VideoLAN VLC media player 2.0.4 and earlier allow remote attackers to cause a denial of service (crash) and execute arbitrary code via vectors related to the (1) freetype renderer and (2) HTML subtitle parser."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-09-18T12:57:01",
"orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"shortName": "redhat"
},
"references": [
{
"name": "59793",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/59793"
},
{
"name": "[oss-security] 20130319 Re: CVE Request: VLC Buffer overflows",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://marc.info/?l=oss-security\u0026m=136367945627336\u0026w=2"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.videolan.org/security/sa1301.html"
},
{
"name": "57079",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/57079"
},
{
"name": "oval:org.mitre.oval:def:17226",
"tags": [
"vdb-entry",
"signature",
"x_refsource_OVAL"
],
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A17226"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "secalert@redhat.com",
"ID": "CVE-2013-1868",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Multiple buffer overflows in VideoLAN VLC media player 2.0.4 and earlier allow remote attackers to cause a denial of service (crash) and execute arbitrary code via vectors related to the (1) freetype renderer and (2) HTML subtitle parser."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "59793",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/59793"
},
{
"name": "[oss-security] 20130319 Re: CVE Request: VLC Buffer overflows",
"refsource": "MLIST",
"url": "http://marc.info/?l=oss-security\u0026m=136367945627336\u0026w=2"
},
{
"name": "http://www.videolan.org/security/sa1301.html",
"refsource": "CONFIRM",
"url": "http://www.videolan.org/security/sa1301.html"
},
{
"name": "57079",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/57079"
},
{
"name": "oval:org.mitre.oval:def:17226",
"refsource": "OVAL",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A17226"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"assignerShortName": "redhat",
"cveId": "CVE-2013-1868",
"datePublished": "2013-07-10T19:00:00",
"dateReserved": "2013-02-19T00:00:00",
"dateUpdated": "2024-08-06T15:20:35.188Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2019-14498
Vulnerability from cvelistv5
Published
2019-08-29 17:35
Modified
2024-08-05 00:19
Severity ?
EPSS score ?
Summary
A divide-by-zero error exists in the Control function of demux/caf.c in VideoLAN VLC media player 3.0.7.1. As a result, an FPE can be triggered via a crafted CAF file.
References
| ▼ | URL | Tags |
|---|---|---|
| http://git.videolan.org/?p=vlc.git&a=search&h=refs/heads/master&st=commit&s=cve-2019 | x_refsource_CONFIRM | |
| https://www.debian.org/security/2019/dsa-4504 | vendor-advisory, x_refsource_DEBIAN | |
| https://seclists.org/bugtraq/2019/Aug/36 | mailing-list, x_refsource_BUGTRAQ | |
| https://www.videolan.org/security/sb-vlc308.html | x_refsource_CONFIRM | |
| https://security.gentoo.org/glsa/201909-02 | vendor-advisory, x_refsource_GENTOO | |
| https://usn.ubuntu.com/4131-1/ | vendor-advisory, x_refsource_UBUNTU | |
| http://lists.opensuse.org/opensuse-security-announce/2020-04/msg00036.html | vendor-advisory, x_refsource_SUSE | |
| http://lists.opensuse.org/opensuse-security-announce/2020-04/msg00046.html | vendor-advisory, x_refsource_SUSE |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T00:19:41.193Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://git.videolan.org/?p=vlc.git\u0026a=search\u0026h=refs/heads/master\u0026st=commit\u0026s=cve-2019"
},
{
"name": "DSA-4504",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN",
"x_transferred"
],
"url": "https://www.debian.org/security/2019/dsa-4504"
},
{
"name": "20190821 [SECURITY] [DSA 4504-1] vlc security update",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "https://seclists.org/bugtraq/2019/Aug/36"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://www.videolan.org/security/sb-vlc308.html"
},
{
"name": "GLSA-201909-02",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO",
"x_transferred"
],
"url": "https://security.gentoo.org/glsa/201909-02"
},
{
"name": "USN-4131-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU",
"x_transferred"
],
"url": "https://usn.ubuntu.com/4131-1/"
},
{
"name": "openSUSE-SU-2020:0545",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2020-04/msg00036.html"
},
{
"name": "openSUSE-SU-2020:0562",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2020-04/msg00046.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2019-08-14T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "A divide-by-zero error exists in the Control function of demux/caf.c in VideoLAN VLC media player 3.0.7.1. As a result, an FPE can be triggered via a crafted CAF file."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2020-04-29T11:06:09",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://git.videolan.org/?p=vlc.git\u0026a=search\u0026h=refs/heads/master\u0026st=commit\u0026s=cve-2019"
},
{
"name": "DSA-4504",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN"
],
"url": "https://www.debian.org/security/2019/dsa-4504"
},
{
"name": "20190821 [SECURITY] [DSA 4504-1] vlc security update",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "https://seclists.org/bugtraq/2019/Aug/36"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://www.videolan.org/security/sb-vlc308.html"
},
{
"name": "GLSA-201909-02",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO"
],
"url": "https://security.gentoo.org/glsa/201909-02"
},
{
"name": "USN-4131-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU"
],
"url": "https://usn.ubuntu.com/4131-1/"
},
{
"name": "openSUSE-SU-2020:0545",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2020-04/msg00036.html"
},
{
"name": "openSUSE-SU-2020:0562",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2020-04/msg00046.html"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2019-14498",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "A divide-by-zero error exists in the Control function of demux/caf.c in VideoLAN VLC media player 3.0.7.1. As a result, an FPE can be triggered via a crafted CAF file."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://git.videolan.org/?p=vlc.git\u0026a=search\u0026h=refs/heads/master\u0026st=commit\u0026s=cve-2019",
"refsource": "CONFIRM",
"url": "http://git.videolan.org/?p=vlc.git\u0026a=search\u0026h=refs/heads/master\u0026st=commit\u0026s=cve-2019"
},
{
"name": "DSA-4504",
"refsource": "DEBIAN",
"url": "https://www.debian.org/security/2019/dsa-4504"
},
{
"name": "20190821 [SECURITY] [DSA 4504-1] vlc security update",
"refsource": "BUGTRAQ",
"url": "https://seclists.org/bugtraq/2019/Aug/36"
},
{
"name": "https://www.videolan.org/security/sb-vlc308.html",
"refsource": "CONFIRM",
"url": "https://www.videolan.org/security/sb-vlc308.html"
},
{
"name": "GLSA-201909-02",
"refsource": "GENTOO",
"url": "https://security.gentoo.org/glsa/201909-02"
},
{
"name": "USN-4131-1",
"refsource": "UBUNTU",
"url": "https://usn.ubuntu.com/4131-1/"
},
{
"name": "openSUSE-SU-2020:0545",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2020-04/msg00036.html"
},
{
"name": "openSUSE-SU-2020:0562",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2020-04/msg00046.html"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2019-14498",
"datePublished": "2019-08-29T17:35:50",
"dateReserved": "2019-08-01T00:00:00",
"dateUpdated": "2024-08-05T00:19:41.193Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2011-2194
Vulnerability from cvelistv5
Published
2011-06-24 20:00
Modified
2024-08-06 22:53
Severity ?
EPSS score ?
Summary
Integer overflow in the XSPF playlist parser in VideoLAN VLC media player 0.8.5 through 1.1.9 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via unspecified vectors that trigger a heap-based buffer overflow.
References
| ▼ | URL | Tags |
|---|---|---|
| http://www.debian.org/security/2011/dsa-2257 | vendor-advisory, x_refsource_DEBIAN | |
| https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A14774 | vdb-entry, signature, x_refsource_OVAL | |
| http://secunia.com/advisories/44892 | third-party-advisory, x_refsource_SECUNIA | |
| http://www.securityfocus.com/bid/48171 | vdb-entry, x_refsource_BID | |
| http://www.videolan.org/security/sa1104.html | x_refsource_CONFIRM |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T22:53:17.480Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "DSA-2257",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN",
"x_transferred"
],
"url": "http://www.debian.org/security/2011/dsa-2257"
},
{
"name": "oval:org.mitre.oval:def:14774",
"tags": [
"vdb-entry",
"signature",
"x_refsource_OVAL",
"x_transferred"
],
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A14774"
},
{
"name": "44892",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/44892"
},
{
"name": "48171",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/48171"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.videolan.org/security/sa1104.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2011-06-07T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Integer overflow in the XSPF playlist parser in VideoLAN VLC media player 0.8.5 through 1.1.9 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via unspecified vectors that trigger a heap-based buffer overflow."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-09-18T12:57:01",
"orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"shortName": "redhat"
},
"references": [
{
"name": "DSA-2257",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN"
],
"url": "http://www.debian.org/security/2011/dsa-2257"
},
{
"name": "oval:org.mitre.oval:def:14774",
"tags": [
"vdb-entry",
"signature",
"x_refsource_OVAL"
],
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A14774"
},
{
"name": "44892",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/44892"
},
{
"name": "48171",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/48171"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.videolan.org/security/sa1104.html"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "secalert@redhat.com",
"ID": "CVE-2011-2194",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Integer overflow in the XSPF playlist parser in VideoLAN VLC media player 0.8.5 through 1.1.9 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via unspecified vectors that trigger a heap-based buffer overflow."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "DSA-2257",
"refsource": "DEBIAN",
"url": "http://www.debian.org/security/2011/dsa-2257"
},
{
"name": "oval:org.mitre.oval:def:14774",
"refsource": "OVAL",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A14774"
},
{
"name": "44892",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/44892"
},
{
"name": "48171",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/48171"
},
{
"name": "http://www.videolan.org/security/sa1104.html",
"refsource": "CONFIRM",
"url": "http://www.videolan.org/security/sa1104.html"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"assignerShortName": "redhat",
"cveId": "CVE-2011-2194",
"datePublished": "2011-06-24T20:00:00",
"dateReserved": "2011-05-31T00:00:00",
"dateUpdated": "2024-08-06T22:53:17.480Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2011-1931
Vulnerability from cvelistv5
Published
2011-07-07 21:00
Modified
2024-08-06 22:46
Severity ?
EPSS score ?
Summary
sp5xdec.c in the Sunplus SP5X JPEG decoder in libavcodec in FFmpeg before 0.6.3 and libav through 0.6.2, as used in VideoLAN VLC media player 1.1.9 and earlier and other products, performs a write operation outside the bounds of an unspecified array, which allows remote attackers to cause a denial of service (memory corruption) or possibly execute arbitrary code via a malformed AMV file.
References
| ▼ | URL | Tags |
|---|---|---|
| http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=624339 | x_refsource_CONFIRM | |
| http://www.securityfocus.com/archive/1/517706 | mailing-list, x_refsource_BUGTRAQ | |
| http://git.videolan.org/?p=ffmpeg.git%3Ba=commit%3Bh=89f903b3d5ec38c9c5d90fba7e626fa0eda61a32 | x_refsource_CONFIRM | |
| http://securityreason.com/securityalert/8299 | third-party-advisory, x_refsource_SREASON | |
| http://www.securityfocus.com/bid/47602 | vdb-entry, x_refsource_BID |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T22:46:00.718Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=624339"
},
{
"name": "20110427 NGS00068 Patch Notification: LibAVCodec AMV Out of Array Write",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://www.securityfocus.com/archive/1/517706"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://git.videolan.org/?p=ffmpeg.git%3Ba=commit%3Bh=89f903b3d5ec38c9c5d90fba7e626fa0eda61a32"
},
{
"name": "8299",
"tags": [
"third-party-advisory",
"x_refsource_SREASON",
"x_transferred"
],
"url": "http://securityreason.com/securityalert/8299"
},
{
"name": "47602",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/47602"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2011-04-27T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "sp5xdec.c in the Sunplus SP5X JPEG decoder in libavcodec in FFmpeg before 0.6.3 and libav through 0.6.2, as used in VideoLAN VLC media player 1.1.9 and earlier and other products, performs a write operation outside the bounds of an unspecified array, which allows remote attackers to cause a denial of service (memory corruption) or possibly execute arbitrary code via a malformed AMV file."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2011-09-22T09:00:00",
"orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"shortName": "redhat"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=624339"
},
{
"name": "20110427 NGS00068 Patch Notification: LibAVCodec AMV Out of Array Write",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://www.securityfocus.com/archive/1/517706"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://git.videolan.org/?p=ffmpeg.git%3Ba=commit%3Bh=89f903b3d5ec38c9c5d90fba7e626fa0eda61a32"
},
{
"name": "8299",
"tags": [
"third-party-advisory",
"x_refsource_SREASON"
],
"url": "http://securityreason.com/securityalert/8299"
},
{
"name": "47602",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/47602"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "secalert@redhat.com",
"ID": "CVE-2011-1931",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "sp5xdec.c in the Sunplus SP5X JPEG decoder in libavcodec in FFmpeg before 0.6.3 and libav through 0.6.2, as used in VideoLAN VLC media player 1.1.9 and earlier and other products, performs a write operation outside the bounds of an unspecified array, which allows remote attackers to cause a denial of service (memory corruption) or possibly execute arbitrary code via a malformed AMV file."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=624339",
"refsource": "CONFIRM",
"url": "http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=624339"
},
{
"name": "20110427 NGS00068 Patch Notification: LibAVCodec AMV Out of Array Write",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/517706"
},
{
"name": "http://git.videolan.org/?p=ffmpeg.git;a=commit;h=89f903b3d5ec38c9c5d90fba7e626fa0eda61a32",
"refsource": "CONFIRM",
"url": "http://git.videolan.org/?p=ffmpeg.git;a=commit;h=89f903b3d5ec38c9c5d90fba7e626fa0eda61a32"
},
{
"name": "8299",
"refsource": "SREASON",
"url": "http://securityreason.com/securityalert/8299"
},
{
"name": "47602",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/47602"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"assignerShortName": "redhat",
"cveId": "CVE-2011-1931",
"datePublished": "2011-07-07T21:00:00",
"dateReserved": "2011-05-09T00:00:00",
"dateUpdated": "2024-08-06T22:46:00.718Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2011-1087
Vulnerability from cvelistv5
Published
2011-05-03 19:00
Modified
2024-08-06 22:14
Severity ?
EPSS score ?
Summary
Buffer overflow in VideoLAN VLC media player 1.0.5 allows user-assisted remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via a crafted .mp3 file that is played during bookmark creation.
References
| ▼ | URL | Tags |
|---|---|---|
| http://openwall.com/lists/oss-security/2011/03/03/9 | mailing-list, x_refsource_MLIST | |
| http://openwall.com/lists/oss-security/2011/03/03/8 | mailing-list, x_refsource_MLIST | |
| http://secunia.com/advisories/38853 | third-party-advisory, x_refsource_SECUNIA | |
| http://openwall.com/lists/oss-security/2011/03/02/3 | mailing-list, x_refsource_MLIST | |
| http://www.securityfocus.com/bid/38569 | vdb-entry, x_refsource_BID | |
| http://www.zeroscience.mk/en/vulnerabilities/ZSL-2010-4931.php | x_refsource_MISC | |
| https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A14532 | vdb-entry, signature, x_refsource_OVAL | |
| http://www.osvdb.org/62728 | vdb-entry, x_refsource_OSVDB | |
| http://openwall.com/lists/oss-security/2011/03/28/7 | mailing-list, x_refsource_MLIST |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T22:14:27.701Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "[oss-security] 20110303 Re: CVE request: VLC bookmark buffer overflow",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://openwall.com/lists/oss-security/2011/03/03/9"
},
{
"name": "[oss-security] 20110303 Re: CVE request: VLC bookmark buffer overflow",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://openwall.com/lists/oss-security/2011/03/03/8"
},
{
"name": "38853",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/38853"
},
{
"name": "[oss-security] 20110302 CVE request: VLC bookmark buffer overflow",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://openwall.com/lists/oss-security/2011/03/02/3"
},
{
"name": "38569",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/38569"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://www.zeroscience.mk/en/vulnerabilities/ZSL-2010-4931.php"
},
{
"name": "oval:org.mitre.oval:def:14532",
"tags": [
"vdb-entry",
"signature",
"x_refsource_OVAL",
"x_transferred"
],
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A14532"
},
{
"name": "62728",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://www.osvdb.org/62728"
},
{
"name": "[oss-security] 20110328 Re: CVE request: VLC bookmark buffer overflow",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://openwall.com/lists/oss-security/2011/03/28/7"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2010-03-05T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Buffer overflow in VideoLAN VLC media player 1.0.5 allows user-assisted remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via a crafted .mp3 file that is played during bookmark creation."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-09-18T12:57:01",
"orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"shortName": "redhat"
},
"references": [
{
"name": "[oss-security] 20110303 Re: CVE request: VLC bookmark buffer overflow",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://openwall.com/lists/oss-security/2011/03/03/9"
},
{
"name": "[oss-security] 20110303 Re: CVE request: VLC bookmark buffer overflow",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://openwall.com/lists/oss-security/2011/03/03/8"
},
{
"name": "38853",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/38853"
},
{
"name": "[oss-security] 20110302 CVE request: VLC bookmark buffer overflow",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://openwall.com/lists/oss-security/2011/03/02/3"
},
{
"name": "38569",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/38569"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://www.zeroscience.mk/en/vulnerabilities/ZSL-2010-4931.php"
},
{
"name": "oval:org.mitre.oval:def:14532",
"tags": [
"vdb-entry",
"signature",
"x_refsource_OVAL"
],
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A14532"
},
{
"name": "62728",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://www.osvdb.org/62728"
},
{
"name": "[oss-security] 20110328 Re: CVE request: VLC bookmark buffer overflow",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://openwall.com/lists/oss-security/2011/03/28/7"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "secalert@redhat.com",
"ID": "CVE-2011-1087",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Buffer overflow in VideoLAN VLC media player 1.0.5 allows user-assisted remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via a crafted .mp3 file that is played during bookmark creation."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "[oss-security] 20110303 Re: CVE request: VLC bookmark buffer overflow",
"refsource": "MLIST",
"url": "http://openwall.com/lists/oss-security/2011/03/03/9"
},
{
"name": "[oss-security] 20110303 Re: CVE request: VLC bookmark buffer overflow",
"refsource": "MLIST",
"url": "http://openwall.com/lists/oss-security/2011/03/03/8"
},
{
"name": "38853",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/38853"
},
{
"name": "[oss-security] 20110302 CVE request: VLC bookmark buffer overflow",
"refsource": "MLIST",
"url": "http://openwall.com/lists/oss-security/2011/03/02/3"
},
{
"name": "38569",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/38569"
},
{
"name": "http://www.zeroscience.mk/en/vulnerabilities/ZSL-2010-4931.php",
"refsource": "MISC",
"url": "http://www.zeroscience.mk/en/vulnerabilities/ZSL-2010-4931.php"
},
{
"name": "oval:org.mitre.oval:def:14532",
"refsource": "OVAL",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A14532"
},
{
"name": "62728",
"refsource": "OSVDB",
"url": "http://www.osvdb.org/62728"
},
{
"name": "[oss-security] 20110328 Re: CVE request: VLC bookmark buffer overflow",
"refsource": "MLIST",
"url": "http://openwall.com/lists/oss-security/2011/03/28/7"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"assignerShortName": "redhat",
"cveId": "CVE-2011-1087",
"datePublished": "2011-05-03T19:00:00",
"dateReserved": "2011-02-24T00:00:00",
"dateUpdated": "2024-08-06T22:14:27.701Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2008-0295
Vulnerability from cvelistv5
Published
2008-01-16 21:00
Modified
2024-08-07 07:39
Severity ?
EPSS score ?
Summary
Heap-based buffer overflow in modules/access/rtsp/real_sdpplin.c in the Xine library, as used in VideoLAN VLC Media Player 0.8.6d and earlier, allows user-assisted remote attackers to cause a denial of service (crash) or execute arbitrary code via long Session Description Protocol (SDP) data.
References
| ▼ | URL | Tags |
|---|---|---|
| http://www.vupen.com/english/advisories/2008/0105 | vdb-entry, x_refsource_VUPEN | |
| http://secunia.com/advisories/29284 | third-party-advisory, x_refsource_SECUNIA | |
| http://www.debian.org/security/2008/dsa-1543 | vendor-advisory, x_refsource_DEBIAN | |
| http://www.securityfocus.com/bid/27221 | vdb-entry, x_refsource_BID | |
| http://secunia.com/advisories/28383 | third-party-advisory, x_refsource_SECUNIA | |
| http://aluigi.altervista.org/adv/vlcxhof-adv.txt | x_refsource_MISC | |
| https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A14776 | vdb-entry, signature, x_refsource_OVAL | |
| http://secunia.com/advisories/29766 | third-party-advisory, x_refsource_SECUNIA | |
| http://www.gentoo.org/security/en/glsa/glsa-200803-13.xml | vendor-advisory, x_refsource_GENTOO |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T07:39:34.898Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "ADV-2008-0105",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2008/0105"
},
{
"name": "29284",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/29284"
},
{
"name": "DSA-1543",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN",
"x_transferred"
],
"url": "http://www.debian.org/security/2008/dsa-1543"
},
{
"name": "27221",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/27221"
},
{
"name": "28383",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/28383"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://aluigi.altervista.org/adv/vlcxhof-adv.txt"
},
{
"name": "oval:org.mitre.oval:def:14776",
"tags": [
"vdb-entry",
"signature",
"x_refsource_OVAL",
"x_transferred"
],
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A14776"
},
{
"name": "29766",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/29766"
},
{
"name": "GLSA-200803-13",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO",
"x_transferred"
],
"url": "http://www.gentoo.org/security/en/glsa/glsa-200803-13.xml"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2008-01-08T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Heap-based buffer overflow in modules/access/rtsp/real_sdpplin.c in the Xine library, as used in VideoLAN VLC Media Player 0.8.6d and earlier, allows user-assisted remote attackers to cause a denial of service (crash) or execute arbitrary code via long Session Description Protocol (SDP) data."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-09-28T12:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "ADV-2008-0105",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2008/0105"
},
{
"name": "29284",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/29284"
},
{
"name": "DSA-1543",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN"
],
"url": "http://www.debian.org/security/2008/dsa-1543"
},
{
"name": "27221",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/27221"
},
{
"name": "28383",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/28383"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://aluigi.altervista.org/adv/vlcxhof-adv.txt"
},
{
"name": "oval:org.mitre.oval:def:14776",
"tags": [
"vdb-entry",
"signature",
"x_refsource_OVAL"
],
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A14776"
},
{
"name": "29766",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/29766"
},
{
"name": "GLSA-200803-13",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO"
],
"url": "http://www.gentoo.org/security/en/glsa/glsa-200803-13.xml"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2008-0295",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Heap-based buffer overflow in modules/access/rtsp/real_sdpplin.c in the Xine library, as used in VideoLAN VLC Media Player 0.8.6d and earlier, allows user-assisted remote attackers to cause a denial of service (crash) or execute arbitrary code via long Session Description Protocol (SDP) data."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "ADV-2008-0105",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2008/0105"
},
{
"name": "29284",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/29284"
},
{
"name": "DSA-1543",
"refsource": "DEBIAN",
"url": "http://www.debian.org/security/2008/dsa-1543"
},
{
"name": "27221",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/27221"
},
{
"name": "28383",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/28383"
},
{
"name": "http://aluigi.altervista.org/adv/vlcxhof-adv.txt",
"refsource": "MISC",
"url": "http://aluigi.altervista.org/adv/vlcxhof-adv.txt"
},
{
"name": "oval:org.mitre.oval:def:14776",
"refsource": "OVAL",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A14776"
},
{
"name": "29766",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/29766"
},
{
"name": "GLSA-200803-13",
"refsource": "GENTOO",
"url": "http://www.gentoo.org/security/en/glsa/glsa-200803-13.xml"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2008-0295",
"datePublished": "2008-01-16T21:00:00",
"dateReserved": "2008-01-16T00:00:00",
"dateUpdated": "2024-08-07T07:39:34.898Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2013-3245
Vulnerability from cvelistv5
Published
2013-07-10 19:00
Modified
2024-09-16 16:58
Severity ?
EPSS score ?
Summary
plugins/demux/libmkv_plugin.dll in VideoLAN VLC Media Player 2.0.7, and possibly other versions, allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a crafted MKV file, possibly involving an integer overflow and out-of-bounds read or heap-based buffer overflow, or an uncaught exception. NOTE: the vendor disputes the severity and claimed vulnerability type of this issue, stating "This PoC crashes VLC, indeed, but does nothing more... this is not an integer overflow error, but an uncaught exception and I doubt that it is exploitable. This uncaught exception makes VLC abort, not execute random code, on my Linux 64bits machine." A PoC posted by the original researcher shows signs of an attacker-controlled out-of-bounds read, but the affected instruction does not involve a register that directly influences control flow
References
| ▼ | URL | Tags |
|---|---|---|
| http://www.jbkempf.com/blog/post/2013/More-lies-from-Secunia | x_refsource_MISC | |
| http://www.securityfocus.com/bid/61032 | vdb-entry, x_refsource_BID | |
| http://seclists.org/fulldisclosure/2013/Jul/71 | mailing-list, x_refsource_FULLDISC | |
| http://secunia.com/advisories/52956 | third-party-advisory, x_refsource_SECUNIA | |
| http://seclists.org/fulldisclosure/2013/Jul/77 | mailing-list, x_refsource_FULLDISC | |
| http://seclists.org/fulldisclosure/2013/Jul/79 | mailing-list, x_refsource_FULLDISC | |
| http://secunia.com/blog/372/ | x_refsource_MISC |
{
"containers": {
"adp": [
{
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 6.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2013-3245",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-04-22T20:20:26.210080Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-125",
"description": "CWE-125 Out-of-bounds Read",
"lang": "en",
"type": "CWE"
}
]
},
{
"descriptions": [
{
"cweId": "CWE-122",
"description": "CWE-122 Heap-based Buffer Overflow",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-06-04T19:01:45.432Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "ADP Container"
},
{
"providerMetadata": {
"dateUpdated": "2024-08-06T16:00:10.117Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://www.jbkempf.com/blog/post/2013/More-lies-from-Secunia"
},
{
"name": "61032",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/61032"
},
{
"name": "20130710 VLC media player MKV Parsing POC",
"tags": [
"mailing-list",
"x_refsource_FULLDISC",
"x_transferred"
],
"url": "http://seclists.org/fulldisclosure/2013/Jul/71"
},
{
"name": "52956",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/52956"
},
{
"name": "20130710 Re: VLC media player MKV Parsing POC",
"tags": [
"mailing-list",
"x_refsource_FULLDISC",
"x_transferred"
],
"url": "http://seclists.org/fulldisclosure/2013/Jul/77"
},
{
"name": "20130710 Re: VLC media player MKV Parsing POC",
"tags": [
"mailing-list",
"x_refsource_FULLDISC",
"x_transferred"
],
"url": "http://seclists.org/fulldisclosure/2013/Jul/79"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://secunia.com/blog/372/"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "plugins/demux/libmkv_plugin.dll in VideoLAN VLC Media Player 2.0.7, and possibly other versions, allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a crafted MKV file, possibly involving an integer overflow and out-of-bounds read or heap-based buffer overflow, or an uncaught exception. NOTE: the vendor disputes the severity and claimed vulnerability type of this issue, stating \"This PoC crashes VLC, indeed, but does nothing more... this is not an integer overflow error, but an uncaught exception and I doubt that it is exploitable. This uncaught exception makes VLC abort, not execute random code, on my Linux 64bits machine.\" A PoC posted by the original researcher shows signs of an attacker-controlled out-of-bounds read, but the affected instruction does not involve a register that directly influences control flow"
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2013-07-10T19:00:00Z",
"orgId": "44d08088-2bea-4760-83a6-1e9be26b15ab",
"shortName": "flexera"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "http://www.jbkempf.com/blog/post/2013/More-lies-from-Secunia"
},
{
"name": "61032",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/61032"
},
{
"name": "20130710 VLC media player MKV Parsing POC",
"tags": [
"mailing-list",
"x_refsource_FULLDISC"
],
"url": "http://seclists.org/fulldisclosure/2013/Jul/71"
},
{
"name": "52956",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/52956"
},
{
"name": "20130710 Re: VLC media player MKV Parsing POC",
"tags": [
"mailing-list",
"x_refsource_FULLDISC"
],
"url": "http://seclists.org/fulldisclosure/2013/Jul/77"
},
{
"name": "20130710 Re: VLC media player MKV Parsing POC",
"tags": [
"mailing-list",
"x_refsource_FULLDISC"
],
"url": "http://seclists.org/fulldisclosure/2013/Jul/79"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://secunia.com/blog/372/"
}
],
"tags": [
"disputed"
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "PSIRT-CNA@flexerasoftware.com",
"ID": "CVE-2013-3245",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** DISPUTED ** plugins/demux/libmkv_plugin.dll in VideoLAN VLC Media Player 2.0.7, and possibly other versions, allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a crafted MKV file, possibly involving an integer overflow and out-of-bounds read or heap-based buffer overflow, or an uncaught exception. NOTE: the vendor disputes the severity and claimed vulnerability type of this issue, stating \"This PoC crashes VLC, indeed, but does nothing more... this is not an integer overflow error, but an uncaught exception and I doubt that it is exploitable. This uncaught exception makes VLC abort, not execute random code, on my Linux 64bits machine.\" A PoC posted by the original researcher shows signs of an attacker-controlled out-of-bounds read, but the affected instruction does not involve a register that directly influences control flow."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://www.jbkempf.com/blog/post/2013/More-lies-from-Secunia",
"refsource": "MISC",
"url": "http://www.jbkempf.com/blog/post/2013/More-lies-from-Secunia"
},
{
"name": "61032",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/61032"
},
{
"name": "20130710 VLC media player MKV Parsing POC",
"refsource": "FULLDISC",
"url": "http://seclists.org/fulldisclosure/2013/Jul/71"
},
{
"name": "52956",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/52956"
},
{
"name": "20130710 Re: VLC media player MKV Parsing POC",
"refsource": "FULLDISC",
"url": "http://seclists.org/fulldisclosure/2013/Jul/77"
},
{
"name": "20130710 Re: VLC media player MKV Parsing POC",
"refsource": "FULLDISC",
"url": "http://seclists.org/fulldisclosure/2013/Jul/79"
},
{
"name": "http://secunia.com/blog/372/",
"refsource": "MISC",
"url": "http://secunia.com/blog/372/"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "44d08088-2bea-4760-83a6-1e9be26b15ab",
"assignerShortName": "flexera",
"cveId": "CVE-2013-3245",
"datePublished": "2013-07-10T19:00:00Z",
"dateReserved": "2013-04-22T00:00:00Z",
"dateUpdated": "2024-09-16T16:58:28.941Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2011-3623
Vulnerability from cvelistv5
Published
2014-12-26 20:00
Modified
2024-08-06 23:37
Severity ?
EPSS score ?
Summary
Multiple stack-based buffer overflows in VideoLAN VLC media player before 1.0.2 allow remote attackers to execute arbitrary code via (1) a crafted ASF file, related to the ASF_ObjectDumpDebug function in modules/demux/asf/libasf.c; (2) a crafted AVI file, related to the AVI_ChunkDumpDebug_level function in modules/demux/avi/libavi.c; or (3) a crafted MP4 file, related to the __MP4_BoxDumpStructure function in modules/demux/mp4/libmp4.c.
References
| ▼ | URL | Tags |
|---|---|---|
| http://www.videolan.org/security/sa0901.html | x_refsource_CONFIRM | |
| https://bugs.gentoo.org/show_bug.cgi?id=285370 | x_refsource_CONFIRM | |
| http://git.videolan.org/?p=vlc.git%3Ba=commit%3Bh=c5b02d011b8c634d041167f4d2936b55eca4d18d | x_refsource_CONFIRM | |
| http://git.videolan.org/?p=vlc.git%3Ba=commit%3Bh=861e374d03e6c60c7d3c98428c632fe3b9e371b2 | x_refsource_CONFIRM | |
| http://openwall.com/lists/oss-security/2011/10/18/10 | mailing-list, x_refsource_MLIST | |
| http://git.videolan.org/?p=vlc.git%3Ba=commit%3Bh=dfe7084e8cc64e9b7a87cd37065b59cba2064823 | x_refsource_CONFIRM |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T23:37:48.620Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.videolan.org/security/sa0901.html"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://bugs.gentoo.org/show_bug.cgi?id=285370"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://git.videolan.org/?p=vlc.git%3Ba=commit%3Bh=c5b02d011b8c634d041167f4d2936b55eca4d18d"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://git.videolan.org/?p=vlc.git%3Ba=commit%3Bh=861e374d03e6c60c7d3c98428c632fe3b9e371b2"
},
{
"name": "[oss-security] 20111018 Re: CVE requests: \u003cmedia-video/vlc-1.0.2: Multiple stack-based buffer overflows in ASF, AVI, MP4 demuxers and https://bugs.gentoo.org/show_bug.cgi?id=279340",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://openwall.com/lists/oss-security/2011/10/18/10"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://git.videolan.org/?p=vlc.git%3Ba=commit%3Bh=dfe7084e8cc64e9b7a87cd37065b59cba2064823"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2009-09-15T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Multiple stack-based buffer overflows in VideoLAN VLC media player before 1.0.2 allow remote attackers to execute arbitrary code via (1) a crafted ASF file, related to the ASF_ObjectDumpDebug function in modules/demux/asf/libasf.c; (2) a crafted AVI file, related to the AVI_ChunkDumpDebug_level function in modules/demux/avi/libavi.c; or (3) a crafted MP4 file, related to the __MP4_BoxDumpStructure function in modules/demux/mp4/libmp4.c."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2014-12-26T19:57:00",
"orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"shortName": "redhat"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.videolan.org/security/sa0901.html"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://bugs.gentoo.org/show_bug.cgi?id=285370"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://git.videolan.org/?p=vlc.git%3Ba=commit%3Bh=c5b02d011b8c634d041167f4d2936b55eca4d18d"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://git.videolan.org/?p=vlc.git%3Ba=commit%3Bh=861e374d03e6c60c7d3c98428c632fe3b9e371b2"
},
{
"name": "[oss-security] 20111018 Re: CVE requests: \u003cmedia-video/vlc-1.0.2: Multiple stack-based buffer overflows in ASF, AVI, MP4 demuxers and https://bugs.gentoo.org/show_bug.cgi?id=279340",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://openwall.com/lists/oss-security/2011/10/18/10"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://git.videolan.org/?p=vlc.git%3Ba=commit%3Bh=dfe7084e8cc64e9b7a87cd37065b59cba2064823"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "secalert@redhat.com",
"ID": "CVE-2011-3623",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Multiple stack-based buffer overflows in VideoLAN VLC media player before 1.0.2 allow remote attackers to execute arbitrary code via (1) a crafted ASF file, related to the ASF_ObjectDumpDebug function in modules/demux/asf/libasf.c; (2) a crafted AVI file, related to the AVI_ChunkDumpDebug_level function in modules/demux/avi/libavi.c; or (3) a crafted MP4 file, related to the __MP4_BoxDumpStructure function in modules/demux/mp4/libmp4.c."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://www.videolan.org/security/sa0901.html",
"refsource": "CONFIRM",
"url": "http://www.videolan.org/security/sa0901.html"
},
{
"name": "https://bugs.gentoo.org/show_bug.cgi?id=285370",
"refsource": "CONFIRM",
"url": "https://bugs.gentoo.org/show_bug.cgi?id=285370"
},
{
"name": "http://git.videolan.org/?p=vlc.git;a=commit;h=c5b02d011b8c634d041167f4d2936b55eca4d18d",
"refsource": "CONFIRM",
"url": "http://git.videolan.org/?p=vlc.git;a=commit;h=c5b02d011b8c634d041167f4d2936b55eca4d18d"
},
{
"name": "http://git.videolan.org/?p=vlc.git;a=commit;h=861e374d03e6c60c7d3c98428c632fe3b9e371b2",
"refsource": "CONFIRM",
"url": "http://git.videolan.org/?p=vlc.git;a=commit;h=861e374d03e6c60c7d3c98428c632fe3b9e371b2"
},
{
"name": "[oss-security] 20111018 Re: CVE requests: \u003cmedia-video/vlc-1.0.2: Multiple stack-based buffer overflows in ASF, AVI, MP4 demuxers and https://bugs.gentoo.org/show_bug.cgi?id=279340",
"refsource": "MLIST",
"url": "http://openwall.com/lists/oss-security/2011/10/18/10"
},
{
"name": "http://git.videolan.org/?p=vlc.git;a=commit;h=dfe7084e8cc64e9b7a87cd37065b59cba2064823",
"refsource": "CONFIRM",
"url": "http://git.videolan.org/?p=vlc.git;a=commit;h=dfe7084e8cc64e9b7a87cd37065b59cba2064823"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"assignerShortName": "redhat",
"cveId": "CVE-2011-3623",
"datePublished": "2014-12-26T20:00:00",
"dateReserved": "2011-09-21T00:00:00",
"dateUpdated": "2024-08-06T23:37:48.620Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2011-0522
Vulnerability from cvelistv5
Published
2011-02-07 20:19
Modified
2024-08-06 21:58
Severity ?
EPSS score ?
Summary
The StripTags function in (1) the USF decoder (modules/codec/subtitles/subsdec.c) and (2) the Text decoder (modules/codec/subtitles/subsusf.c) in VideoLAN VLC Media Player 1.1 before 1.1.6-rc allows remote attackers to execute arbitrary code via a subtitle with an opening "<" without a closing ">" in an MKV file, which triggers heap memory corruption, as demonstrated using refined-australia-blu720p-sample.mkv.
References
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T21:58:24.552Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "46008",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/46008"
},
{
"name": "vlcmediaplayer-usf-bo(65029)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/65029"
},
{
"name": "oval:org.mitre.oval:def:12414",
"tags": [
"vdb-entry",
"signature",
"x_refsource_OVAL",
"x_transferred"
],
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A12414"
},
{
"name": "8064",
"tags": [
"third-party-advisory",
"x_refsource_SREASON",
"x_transferred"
],
"url": "http://securityreason.com/securityalert/8064"
},
{
"name": "[oss-security] 20110125 Re: CVE Request: VLC Subtitle StripTags heap corruption",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2011/01/25/9"
},
{
"name": "16108",
"tags": [
"exploit",
"x_refsource_EXPLOIT-DB",
"x_transferred"
],
"url": "http://www.exploit-db.com/exploits/16108"
},
{
"name": "[oss-security] 20110125 CVE Request: VLC Subtitle StripTags heap corruption",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2011/01/25/7"
},
{
"name": "[vlc-devel] 20110117 Security: Subtitle StripTags heap corruption, potentially exploitable. Patch included",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://mailman.videolan.org/pipermail/vlc-devel/2011-January/078614.html"
},
{
"name": "ADV-2011-0225",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2011/0225"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://git.videolan.org/gitweb.cgi?p=vlc/vlc-1.1.git%3Ba=tag%3Bh=bb16813ddb61a53113c71bccc525559405785452"
},
{
"name": "[vlc-devel] 20110116 Security: Subtitle StripTags heap corruption, potentially exploitable. Patch included",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://mailman.videolan.org/pipermail/vlc-devel/2011-January/078607.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2011-01-16T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "The StripTags function in (1) the USF decoder (modules/codec/subtitles/subsdec.c) and (2) the Text decoder (modules/codec/subtitles/subsusf.c) in VideoLAN VLC Media Player 1.1 before 1.1.6-rc allows remote attackers to execute arbitrary code via a subtitle with an opening \"\u003c\" without a closing \"\u003e\" in an MKV file, which triggers heap memory corruption, as demonstrated using refined-australia-blu720p-sample.mkv."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-09-18T12:57:01",
"orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"shortName": "redhat"
},
"references": [
{
"name": "46008",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/46008"
},
{
"name": "vlcmediaplayer-usf-bo(65029)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/65029"
},
{
"name": "oval:org.mitre.oval:def:12414",
"tags": [
"vdb-entry",
"signature",
"x_refsource_OVAL"
],
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A12414"
},
{
"name": "8064",
"tags": [
"third-party-advisory",
"x_refsource_SREASON"
],
"url": "http://securityreason.com/securityalert/8064"
},
{
"name": "[oss-security] 20110125 Re: CVE Request: VLC Subtitle StripTags heap corruption",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://www.openwall.com/lists/oss-security/2011/01/25/9"
},
{
"name": "16108",
"tags": [
"exploit",
"x_refsource_EXPLOIT-DB"
],
"url": "http://www.exploit-db.com/exploits/16108"
},
{
"name": "[oss-security] 20110125 CVE Request: VLC Subtitle StripTags heap corruption",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://www.openwall.com/lists/oss-security/2011/01/25/7"
},
{
"name": "[vlc-devel] 20110117 Security: Subtitle StripTags heap corruption, potentially exploitable. Patch included",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://mailman.videolan.org/pipermail/vlc-devel/2011-January/078614.html"
},
{
"name": "ADV-2011-0225",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2011/0225"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://git.videolan.org/gitweb.cgi?p=vlc/vlc-1.1.git%3Ba=tag%3Bh=bb16813ddb61a53113c71bccc525559405785452"
},
{
"name": "[vlc-devel] 20110116 Security: Subtitle StripTags heap corruption, potentially exploitable. Patch included",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://mailman.videolan.org/pipermail/vlc-devel/2011-January/078607.html"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "secalert@redhat.com",
"ID": "CVE-2011-0522",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The StripTags function in (1) the USF decoder (modules/codec/subtitles/subsdec.c) and (2) the Text decoder (modules/codec/subtitles/subsusf.c) in VideoLAN VLC Media Player 1.1 before 1.1.6-rc allows remote attackers to execute arbitrary code via a subtitle with an opening \"\u003c\" without a closing \"\u003e\" in an MKV file, which triggers heap memory corruption, as demonstrated using refined-australia-blu720p-sample.mkv."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "46008",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/46008"
},
{
"name": "vlcmediaplayer-usf-bo(65029)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/65029"
},
{
"name": "oval:org.mitre.oval:def:12414",
"refsource": "OVAL",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A12414"
},
{
"name": "8064",
"refsource": "SREASON",
"url": "http://securityreason.com/securityalert/8064"
},
{
"name": "[oss-security] 20110125 Re: CVE Request: VLC Subtitle StripTags heap corruption",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2011/01/25/9"
},
{
"name": "16108",
"refsource": "EXPLOIT-DB",
"url": "http://www.exploit-db.com/exploits/16108"
},
{
"name": "[oss-security] 20110125 CVE Request: VLC Subtitle StripTags heap corruption",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2011/01/25/7"
},
{
"name": "[vlc-devel] 20110117 Security: Subtitle StripTags heap corruption, potentially exploitable. Patch included",
"refsource": "MLIST",
"url": "http://mailman.videolan.org/pipermail/vlc-devel/2011-January/078614.html"
},
{
"name": "ADV-2011-0225",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2011/0225"
},
{
"name": "http://git.videolan.org/gitweb.cgi?p=vlc/vlc-1.1.git;a=tag;h=bb16813ddb61a53113c71bccc525559405785452",
"refsource": "CONFIRM",
"url": "http://git.videolan.org/gitweb.cgi?p=vlc/vlc-1.1.git;a=tag;h=bb16813ddb61a53113c71bccc525559405785452"
},
{
"name": "[vlc-devel] 20110116 Security: Subtitle StripTags heap corruption, potentially exploitable. Patch included",
"refsource": "MLIST",
"url": "http://mailman.videolan.org/pipermail/vlc-devel/2011-January/078607.html"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"assignerShortName": "redhat",
"cveId": "CVE-2011-0522",
"datePublished": "2011-02-07T20:19:00",
"dateReserved": "2011-01-20T00:00:00",
"dateUpdated": "2024-08-06T21:58:24.552Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2012-2396
Vulnerability from cvelistv5
Published
2012-04-19 21:00
Modified
2024-08-06 19:34
Severity ?
EPSS score ?
Summary
VideoLAN VLC media player 2.0.1 allows remote attackers to cause a denial of service (divide-by-zero error and application crash) via a crafted MP4 file.
References
| ▼ | URL | Tags |
|---|---|---|
| https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A15615 | vdb-entry, signature, x_refsource_OVAL | |
| https://exchange.xforce.ibmcloud.com/vulnerabilities/75038 | vdb-entry, x_refsource_XF | |
| http://www.exploit-db.com/exploits/18757/ | exploit, x_refsource_EXPLOIT-DB |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T19:34:25.263Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "oval:org.mitre.oval:def:15615",
"tags": [
"vdb-entry",
"signature",
"x_refsource_OVAL",
"x_transferred"
],
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A15615"
},
{
"name": "vlc-mp4-dos(75038)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/75038"
},
{
"name": "18757",
"tags": [
"exploit",
"x_refsource_EXPLOIT-DB",
"x_transferred"
],
"url": "http://www.exploit-db.com/exploits/18757/"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2012-04-19T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "VideoLAN VLC media player 2.0.1 allows remote attackers to cause a denial of service (divide-by-zero error and application crash) via a crafted MP4 file."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-12-12T17:57:02",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "oval:org.mitre.oval:def:15615",
"tags": [
"vdb-entry",
"signature",
"x_refsource_OVAL"
],
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A15615"
},
{
"name": "vlc-mp4-dos(75038)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/75038"
},
{
"name": "18757",
"tags": [
"exploit",
"x_refsource_EXPLOIT-DB"
],
"url": "http://www.exploit-db.com/exploits/18757/"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2012-2396",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "VideoLAN VLC media player 2.0.1 allows remote attackers to cause a denial of service (divide-by-zero error and application crash) via a crafted MP4 file."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "oval:org.mitre.oval:def:15615",
"refsource": "OVAL",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A15615"
},
{
"name": "vlc-mp4-dos(75038)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/75038"
},
{
"name": "18757",
"refsource": "EXPLOIT-DB",
"url": "http://www.exploit-db.com/exploits/18757/"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2012-2396",
"datePublished": "2012-04-19T21:00:00",
"dateReserved": "2012-04-19T00:00:00",
"dateUpdated": "2024-08-06T19:34:25.263Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2007-0017
Vulnerability from cvelistv5
Published
2007-01-03 02:00
Modified
2024-08-07 12:03
Severity ?
EPSS score ?
Summary
Multiple format string vulnerabilities in (1) the cdio_log_handler function in modules/access/cdda/access.c in the CDDA (libcdda_plugin) plugin, and the (2) cdio_log_handler and (3) vcd_log_handler functions in modules/access/vcdx/access.c in the VCDX (libvcdx_plugin) plugin, in VideoLAN VLC 0.7.0 through 0.8.6 allow user-assisted remote attackers to execute arbitrary code via format string specifiers in an invalid URI, as demonstrated by a udp://-- URI in an M3U file.
References
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T12:03:36.539Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "21852",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/21852"
},
{
"name": "ADV-2007-0026",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2007/0026"
},
{
"name": "23971",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/23971"
},
{
"name": "vlcmediaplayer-udp-format-string(31226)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/31226"
},
{
"name": "31163",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://osvdb.org/31163"
},
{
"name": "SUSE-SA:2007:013",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://www.novell.com/linux/security/advisories/2007_13_xine.html"
},
{
"name": "1017464",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://securitytracker.com/id?1017464"
},
{
"name": "23829",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/23829"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.videolan.org/patches/vlc-0.8.6-MOAB-02-01-2007.patch"
},
{
"name": "23592",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/23592"
},
{
"name": "23910",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/23910"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://applefun.blogspot.com/2007/01/moab-02-01-2007-vlc-media-player-udp.html"
},
{
"name": "GLSA-200701-24",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO",
"x_transferred"
],
"url": "http://security.gentoo.org/glsa/glsa-200701-24.xml"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://projects.info-pull.com/moab/MOAB-02-01-2007.html"
},
{
"name": "oval:org.mitre.oval:def:14313",
"tags": [
"vdb-entry",
"signature",
"x_refsource_OVAL",
"x_transferred"
],
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A14313"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.videolan.org/sa0701.html"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://trac.videolan.org/vlc/changeset/18481"
},
{
"name": "[vlc-devel] 20070102 Security hole in VLC media player for Mac...",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://www.via.ecp.fr/via/ml/vlc-devel/2007-01/msg00005.html"
},
{
"name": "DSA-1252",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN",
"x_transferred"
],
"url": "http://www.debian.org/security/2007/dsa-1252"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://landonf.bikemonkey.org/code/macosx/MOAB_Day_2.20070103045559.6753.timor.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2007-01-02T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Multiple format string vulnerabilities in (1) the cdio_log_handler function in modules/access/cdda/access.c in the CDDA (libcdda_plugin) plugin, and the (2) cdio_log_handler and (3) vcd_log_handler functions in modules/access/vcdx/access.c in the VCDX (libvcdx_plugin) plugin, in VideoLAN VLC 0.7.0 through 0.8.6 allow user-assisted remote attackers to execute arbitrary code via format string specifiers in an invalid URI, as demonstrated by a udp://-- URI in an M3U file."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-10-10T00:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "21852",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/21852"
},
{
"name": "ADV-2007-0026",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2007/0026"
},
{
"name": "23971",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/23971"
},
{
"name": "vlcmediaplayer-udp-format-string(31226)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/31226"
},
{
"name": "31163",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://osvdb.org/31163"
},
{
"name": "SUSE-SA:2007:013",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://www.novell.com/linux/security/advisories/2007_13_xine.html"
},
{
"name": "1017464",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://securitytracker.com/id?1017464"
},
{
"name": "23829",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/23829"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.videolan.org/patches/vlc-0.8.6-MOAB-02-01-2007.patch"
},
{
"name": "23592",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/23592"
},
{
"name": "23910",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/23910"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://applefun.blogspot.com/2007/01/moab-02-01-2007-vlc-media-player-udp.html"
},
{
"name": "GLSA-200701-24",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO"
],
"url": "http://security.gentoo.org/glsa/glsa-200701-24.xml"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://projects.info-pull.com/moab/MOAB-02-01-2007.html"
},
{
"name": "oval:org.mitre.oval:def:14313",
"tags": [
"vdb-entry",
"signature",
"x_refsource_OVAL"
],
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A14313"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.videolan.org/sa0701.html"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://trac.videolan.org/vlc/changeset/18481"
},
{
"name": "[vlc-devel] 20070102 Security hole in VLC media player for Mac...",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://www.via.ecp.fr/via/ml/vlc-devel/2007-01/msg00005.html"
},
{
"name": "DSA-1252",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN"
],
"url": "http://www.debian.org/security/2007/dsa-1252"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://landonf.bikemonkey.org/code/macosx/MOAB_Day_2.20070103045559.6753.timor.html"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2007-0017",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Multiple format string vulnerabilities in (1) the cdio_log_handler function in modules/access/cdda/access.c in the CDDA (libcdda_plugin) plugin, and the (2) cdio_log_handler and (3) vcd_log_handler functions in modules/access/vcdx/access.c in the VCDX (libvcdx_plugin) plugin, in VideoLAN VLC 0.7.0 through 0.8.6 allow user-assisted remote attackers to execute arbitrary code via format string specifiers in an invalid URI, as demonstrated by a udp://-- URI in an M3U file."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "21852",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/21852"
},
{
"name": "ADV-2007-0026",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2007/0026"
},
{
"name": "23971",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/23971"
},
{
"name": "vlcmediaplayer-udp-format-string(31226)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/31226"
},
{
"name": "31163",
"refsource": "OSVDB",
"url": "http://osvdb.org/31163"
},
{
"name": "SUSE-SA:2007:013",
"refsource": "SUSE",
"url": "http://www.novell.com/linux/security/advisories/2007_13_xine.html"
},
{
"name": "1017464",
"refsource": "SECTRACK",
"url": "http://securitytracker.com/id?1017464"
},
{
"name": "23829",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/23829"
},
{
"name": "http://www.videolan.org/patches/vlc-0.8.6-MOAB-02-01-2007.patch",
"refsource": "CONFIRM",
"url": "http://www.videolan.org/patches/vlc-0.8.6-MOAB-02-01-2007.patch"
},
{
"name": "23592",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/23592"
},
{
"name": "23910",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/23910"
},
{
"name": "http://applefun.blogspot.com/2007/01/moab-02-01-2007-vlc-media-player-udp.html",
"refsource": "MISC",
"url": "http://applefun.blogspot.com/2007/01/moab-02-01-2007-vlc-media-player-udp.html"
},
{
"name": "GLSA-200701-24",
"refsource": "GENTOO",
"url": "http://security.gentoo.org/glsa/glsa-200701-24.xml"
},
{
"name": "http://projects.info-pull.com/moab/MOAB-02-01-2007.html",
"refsource": "MISC",
"url": "http://projects.info-pull.com/moab/MOAB-02-01-2007.html"
},
{
"name": "oval:org.mitre.oval:def:14313",
"refsource": "OVAL",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A14313"
},
{
"name": "http://www.videolan.org/sa0701.html",
"refsource": "CONFIRM",
"url": "http://www.videolan.org/sa0701.html"
},
{
"name": "http://trac.videolan.org/vlc/changeset/18481",
"refsource": "CONFIRM",
"url": "http://trac.videolan.org/vlc/changeset/18481"
},
{
"name": "[vlc-devel] 20070102 Security hole in VLC media player for Mac...",
"refsource": "MLIST",
"url": "http://www.via.ecp.fr/via/ml/vlc-devel/2007-01/msg00005.html"
},
{
"name": "DSA-1252",
"refsource": "DEBIAN",
"url": "http://www.debian.org/security/2007/dsa-1252"
},
{
"name": "http://landonf.bikemonkey.org/code/macosx/MOAB_Day_2.20070103045559.6753.timor.html",
"refsource": "MISC",
"url": "http://landonf.bikemonkey.org/code/macosx/MOAB_Day_2.20070103045559.6753.timor.html"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2007-0017",
"datePublished": "2007-01-03T02:00:00",
"dateReserved": "2007-01-02T00:00:00",
"dateUpdated": "2024-08-07T12:03:36.539Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2019-14438
Vulnerability from cvelistv5
Published
2019-08-29 17:33
Modified
2024-08-05 00:19
Severity ?
EPSS score ?
Summary
A heap-based buffer over-read in xiph_PackHeaders() in modules/demux/xiph.h in VideoLAN VLC media player 3.0.7.1 allows remote attackers to trigger a heap-based buffer over-read via a crafted .ogg file.
References
| ▼ | URL | Tags |
|---|---|---|
| http://git.videolan.org/?p=vlc.git&a=search&h=refs%2Fheads%2Fmaster&st=commit&s=cve-2019 | x_refsource_CONFIRM | |
| https://www.debian.org/security/2019/dsa-4504 | vendor-advisory, x_refsource_DEBIAN | |
| https://seclists.org/bugtraq/2019/Aug/36 | mailing-list, x_refsource_BUGTRAQ | |
| https://www.videolan.org/security/sb-vlc308.html | x_refsource_CONFIRM | |
| https://security.gentoo.org/glsa/201909-02 | vendor-advisory, x_refsource_GENTOO | |
| https://usn.ubuntu.com/4131-1/ | vendor-advisory, x_refsource_UBUNTU | |
| http://lists.opensuse.org/opensuse-security-announce/2020-04/msg00036.html | vendor-advisory, x_refsource_SUSE | |
| http://lists.opensuse.org/opensuse-security-announce/2020-04/msg00046.html | vendor-advisory, x_refsource_SUSE |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T00:19:41.375Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://git.videolan.org/?p=vlc.git\u0026a=search\u0026h=refs%2Fheads%2Fmaster\u0026st=commit\u0026s=cve-2019"
},
{
"name": "DSA-4504",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN",
"x_transferred"
],
"url": "https://www.debian.org/security/2019/dsa-4504"
},
{
"name": "20190821 [SECURITY] [DSA 4504-1] vlc security update",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "https://seclists.org/bugtraq/2019/Aug/36"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://www.videolan.org/security/sb-vlc308.html"
},
{
"name": "GLSA-201909-02",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO",
"x_transferred"
],
"url": "https://security.gentoo.org/glsa/201909-02"
},
{
"name": "USN-4131-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU",
"x_transferred"
],
"url": "https://usn.ubuntu.com/4131-1/"
},
{
"name": "openSUSE-SU-2020:0545",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2020-04/msg00036.html"
},
{
"name": "openSUSE-SU-2020:0562",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2020-04/msg00046.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2019-08-14T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "A heap-based buffer over-read in xiph_PackHeaders() in modules/demux/xiph.h in VideoLAN VLC media player 3.0.7.1 allows remote attackers to trigger a heap-based buffer over-read via a crafted .ogg file."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2020-04-29T11:06:10",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://git.videolan.org/?p=vlc.git\u0026a=search\u0026h=refs%2Fheads%2Fmaster\u0026st=commit\u0026s=cve-2019"
},
{
"name": "DSA-4504",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN"
],
"url": "https://www.debian.org/security/2019/dsa-4504"
},
{
"name": "20190821 [SECURITY] [DSA 4504-1] vlc security update",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "https://seclists.org/bugtraq/2019/Aug/36"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://www.videolan.org/security/sb-vlc308.html"
},
{
"name": "GLSA-201909-02",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO"
],
"url": "https://security.gentoo.org/glsa/201909-02"
},
{
"name": "USN-4131-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU"
],
"url": "https://usn.ubuntu.com/4131-1/"
},
{
"name": "openSUSE-SU-2020:0545",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2020-04/msg00036.html"
},
{
"name": "openSUSE-SU-2020:0562",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2020-04/msg00046.html"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2019-14438",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "A heap-based buffer over-read in xiph_PackHeaders() in modules/demux/xiph.h in VideoLAN VLC media player 3.0.7.1 allows remote attackers to trigger a heap-based buffer over-read via a crafted .ogg file."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://git.videolan.org/?p=vlc.git\u0026a=search\u0026h=refs%2Fheads%2Fmaster\u0026st=commit\u0026s=cve-2019",
"refsource": "CONFIRM",
"url": "http://git.videolan.org/?p=vlc.git\u0026a=search\u0026h=refs%2Fheads%2Fmaster\u0026st=commit\u0026s=cve-2019"
},
{
"name": "DSA-4504",
"refsource": "DEBIAN",
"url": "https://www.debian.org/security/2019/dsa-4504"
},
{
"name": "20190821 [SECURITY] [DSA 4504-1] vlc security update",
"refsource": "BUGTRAQ",
"url": "https://seclists.org/bugtraq/2019/Aug/36"
},
{
"name": "https://www.videolan.org/security/sb-vlc308.html",
"refsource": "CONFIRM",
"url": "https://www.videolan.org/security/sb-vlc308.html"
},
{
"name": "GLSA-201909-02",
"refsource": "GENTOO",
"url": "https://security.gentoo.org/glsa/201909-02"
},
{
"name": "USN-4131-1",
"refsource": "UBUNTU",
"url": "https://usn.ubuntu.com/4131-1/"
},
{
"name": "openSUSE-SU-2020:0545",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2020-04/msg00036.html"
},
{
"name": "openSUSE-SU-2020:0562",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2020-04/msg00046.html"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2019-14438",
"datePublished": "2019-08-29T17:33:21",
"dateReserved": "2019-07-29T00:00:00",
"dateUpdated": "2024-08-05T00:19:41.375Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2017-8313
Vulnerability from cvelistv5
Published
2017-05-23 21:00
Modified
2024-08-05 16:34
Severity ?
EPSS score ?
Summary
Heap out-of-bound read in ParseJSS in VideoLAN VLC before 2.2.5 due to missing check of string termination allows attackers to read data beyond allocated memory and potentially crash the process via a crafted subtitles file.
References
| ▼ | URL | Tags |
|---|---|---|
| https://security.gentoo.org/glsa/201707-10 | vendor-advisory, x_refsource_GENTOO | |
| http://www.securityfocus.com/bid/98633 | vdb-entry, x_refsource_BID | |
| http://www.debian.org/security/2017/dsa-3899 | vendor-advisory, x_refsource_DEBIAN | |
| http://git.videolan.org/?p=vlc/vlc-2.2.git%3Ba=commitdiff%3Bh=05b653355ce303ada3b5e0e645ae717fea39186c | x_refsource_CONFIRM |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T16:34:22.885Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "GLSA-201707-10",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO",
"x_transferred"
],
"url": "https://security.gentoo.org/glsa/201707-10"
},
{
"name": "98633",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/98633"
},
{
"name": "DSA-3899",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN",
"x_transferred"
],
"url": "http://www.debian.org/security/2017/dsa-3899"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://git.videolan.org/?p=vlc/vlc-2.2.git%3Ba=commitdiff%3Bh=05b653355ce303ada3b5e0e645ae717fea39186c"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "VLC",
"vendor": "VideoLAN",
"versions": [
{
"status": "affected",
"version": "\u003c 2.2.5"
}
]
}
],
"datePublic": "2017-04-06T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Heap out-of-bound read in ParseJSS in VideoLAN VLC before 2.2.5 due to missing check of string termination allows attackers to read data beyond allocated memory and potentially crash the process via a crafted subtitles file."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Allows attacker to read data beyond allocated memory and potentially crash the process (causing a denial of service).",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-11-03T18:57:01",
"orgId": "897c38be-0345-43cd-b6cf-fe179e0c4f45",
"shortName": "checkpoint"
},
"references": [
{
"name": "GLSA-201707-10",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO"
],
"url": "https://security.gentoo.org/glsa/201707-10"
},
{
"name": "98633",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/98633"
},
{
"name": "DSA-3899",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN"
],
"url": "http://www.debian.org/security/2017/dsa-3899"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://git.videolan.org/?p=vlc/vlc-2.2.git%3Ba=commitdiff%3Bh=05b653355ce303ada3b5e0e645ae717fea39186c"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@checkpoint.com",
"ID": "CVE-2017-8313",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "VLC",
"version": {
"version_data": [
{
"version_value": "\u003c 2.2.5"
}
]
}
}
]
},
"vendor_name": "VideoLAN"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Heap out-of-bound read in ParseJSS in VideoLAN VLC before 2.2.5 due to missing check of string termination allows attackers to read data beyond allocated memory and potentially crash the process via a crafted subtitles file."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Allows attacker to read data beyond allocated memory and potentially crash the process (causing a denial of service)."
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "GLSA-201707-10",
"refsource": "GENTOO",
"url": "https://security.gentoo.org/glsa/201707-10"
},
{
"name": "98633",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/98633"
},
{
"name": "DSA-3899",
"refsource": "DEBIAN",
"url": "http://www.debian.org/security/2017/dsa-3899"
},
{
"name": "http://git.videolan.org/?p=vlc/vlc-2.2.git;a=commitdiff;h=05b653355ce303ada3b5e0e645ae717fea39186c",
"refsource": "CONFIRM",
"url": "http://git.videolan.org/?p=vlc/vlc-2.2.git;a=commitdiff;h=05b653355ce303ada3b5e0e645ae717fea39186c"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "897c38be-0345-43cd-b6cf-fe179e0c4f45",
"assignerShortName": "checkpoint",
"cveId": "CVE-2017-8313",
"datePublished": "2017-05-23T21:00:00",
"dateReserved": "2017-04-28T00:00:00",
"dateUpdated": "2024-08-05T16:34:22.885Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2012-3377
Vulnerability from cvelistv5
Published
2012-07-12 21:00
Modified
2024-08-06 20:05
Severity ?
EPSS score ?
Summary
Heap-based buffer overflow in the Ogg_DecodePacket function in the OGG demuxer (modules/demux/ogg.c) in VideoLAN VLC media player before 2.0.2 allows remote attackers to cause a denial of service (application crash) and possibly execute arbitrary code via a crafted OGG file.
References
| ▼ | URL | Tags |
|---|---|---|
| http://www.openwall.com/lists/oss-security/2012/07/06/2 | mailing-list, x_refsource_MLIST | |
| http://www.securitytracker.com/id?1027224 | vdb-entry, x_refsource_SECTRACK | |
| https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A15299 | vdb-entry, signature, x_refsource_OVAL | |
| http://secunia.com/advisories/49835 | third-party-advisory, x_refsource_SECUNIA | |
| http://www.securityfocus.com/bid/54345 | vdb-entry, x_refsource_BID | |
| http://www.openwall.com/lists/oss-security/2012/07/06/1 | mailing-list, x_refsource_MLIST | |
| http://git.videolan.org/?p=vlc/vlc-2.0.git%3Ba=commitdiff%3Bh=16e9e126333fb7acb47d363366fee3deadc8331e | x_refsource_CONFIRM |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T20:05:12.049Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "[oss-security] 20120706 Re: CVE request: VLC / Asterisk",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2012/07/06/2"
},
{
"name": "1027224",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://www.securitytracker.com/id?1027224"
},
{
"name": "oval:org.mitre.oval:def:15299",
"tags": [
"vdb-entry",
"signature",
"x_refsource_OVAL",
"x_transferred"
],
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A15299"
},
{
"name": "49835",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/49835"
},
{
"name": "54345",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/54345"
},
{
"name": "[oss-security] 20120706 CVE request: VLC / Asterisk",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2012/07/06/1"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://git.videolan.org/?p=vlc/vlc-2.0.git%3Ba=commitdiff%3Bh=16e9e126333fb7acb47d363366fee3deadc8331e"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2012-07-06T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Heap-based buffer overflow in the Ogg_DecodePacket function in the OGG demuxer (modules/demux/ogg.c) in VideoLAN VLC media player before 2.0.2 allows remote attackers to cause a denial of service (application crash) and possibly execute arbitrary code via a crafted OGG file."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-09-18T12:57:01",
"orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"shortName": "redhat"
},
"references": [
{
"name": "[oss-security] 20120706 Re: CVE request: VLC / Asterisk",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://www.openwall.com/lists/oss-security/2012/07/06/2"
},
{
"name": "1027224",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://www.securitytracker.com/id?1027224"
},
{
"name": "oval:org.mitre.oval:def:15299",
"tags": [
"vdb-entry",
"signature",
"x_refsource_OVAL"
],
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A15299"
},
{
"name": "49835",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/49835"
},
{
"name": "54345",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/54345"
},
{
"name": "[oss-security] 20120706 CVE request: VLC / Asterisk",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://www.openwall.com/lists/oss-security/2012/07/06/1"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://git.videolan.org/?p=vlc/vlc-2.0.git%3Ba=commitdiff%3Bh=16e9e126333fb7acb47d363366fee3deadc8331e"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "secalert@redhat.com",
"ID": "CVE-2012-3377",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Heap-based buffer overflow in the Ogg_DecodePacket function in the OGG demuxer (modules/demux/ogg.c) in VideoLAN VLC media player before 2.0.2 allows remote attackers to cause a denial of service (application crash) and possibly execute arbitrary code via a crafted OGG file."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "[oss-security] 20120706 Re: CVE request: VLC / Asterisk",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2012/07/06/2"
},
{
"name": "1027224",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id?1027224"
},
{
"name": "oval:org.mitre.oval:def:15299",
"refsource": "OVAL",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A15299"
},
{
"name": "49835",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/49835"
},
{
"name": "54345",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/54345"
},
{
"name": "[oss-security] 20120706 CVE request: VLC / Asterisk",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2012/07/06/1"
},
{
"name": "http://git.videolan.org/?p=vlc/vlc-2.0.git;a=commitdiff;h=16e9e126333fb7acb47d363366fee3deadc8331e",
"refsource": "CONFIRM",
"url": "http://git.videolan.org/?p=vlc/vlc-2.0.git;a=commitdiff;h=16e9e126333fb7acb47d363366fee3deadc8331e"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"assignerShortName": "redhat",
"cveId": "CVE-2012-3377",
"datePublished": "2012-07-12T21:00:00",
"dateReserved": "2012-06-14T00:00:00",
"dateUpdated": "2024-08-06T20:05:12.049Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2013-6934
Vulnerability from cvelistv5
Published
2014-01-23 21:00
Modified
2024-08-06 17:53
Severity ?
EPSS score ?
Summary
The parseRTSPRequestString function in Live Networks Live555 Streaming Media 2013.11.26, as used in VideoLAN VLC Media Player, allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a space character at the beginning of an RTSP message, which triggers an integer underflow, infinite loop, and buffer overflow. NOTE: this vulnerability exists because of an incomplete fix for CVE-2013-6933.
References
| ▼ | URL | Tags |
|---|---|---|
| http://www.securityfocus.com/bid/65139 | vdb-entry, x_refsource_BID | |
| http://www.live555.com/liveMedia/public/changelog.txt | x_refsource_CONFIRM | |
| http://isecpartners.github.io/fuzzing/vulnerabilities/2013/12/30/vlc-vulnerability.html | x_refsource_MISC |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T17:53:45.351Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "65139",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/65139"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.live555.com/liveMedia/public/changelog.txt"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://isecpartners.github.io/fuzzing/vulnerabilities/2013/12/30/vlc-vulnerability.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2013-11-29T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "The parseRTSPRequestString function in Live Networks Live555 Streaming Media 2013.11.26, as used in VideoLAN VLC Media Player, allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a space character at the beginning of an RTSP message, which triggers an integer underflow, infinite loop, and buffer overflow. NOTE: this vulnerability exists because of an incomplete fix for CVE-2013-6933."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2016-12-29T18:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "65139",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/65139"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.live555.com/liveMedia/public/changelog.txt"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://isecpartners.github.io/fuzzing/vulnerabilities/2013/12/30/vlc-vulnerability.html"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2013-6934",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The parseRTSPRequestString function in Live Networks Live555 Streaming Media 2013.11.26, as used in VideoLAN VLC Media Player, allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a space character at the beginning of an RTSP message, which triggers an integer underflow, infinite loop, and buffer overflow. NOTE: this vulnerability exists because of an incomplete fix for CVE-2013-6933."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "65139",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/65139"
},
{
"name": "http://www.live555.com/liveMedia/public/changelog.txt",
"refsource": "CONFIRM",
"url": "http://www.live555.com/liveMedia/public/changelog.txt"
},
{
"name": "http://isecpartners.github.io/fuzzing/vulnerabilities/2013/12/30/vlc-vulnerability.html",
"refsource": "MISC",
"url": "http://isecpartners.github.io/fuzzing/vulnerabilities/2013/12/30/vlc-vulnerability.html"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2013-6934",
"datePublished": "2014-01-23T21:00:00",
"dateReserved": "2013-12-03T00:00:00",
"dateUpdated": "2024-08-06T17:53:45.351Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2023-46814
Vulnerability from cvelistv5
Published
2023-11-22 00:00
Modified
2024-08-29 19:59
Severity ?
EPSS score ?
Summary
A binary hijacking vulnerability exists within the VideoLAN VLC media player before 3.0.19 on Windows. The uninstaller attempts to execute code with elevated privileges out of a standard user writable location. Standard users may use this to gain arbitrary code execution as SYSTEM.
References
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T20:53:21.940Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://www.videolan.org/security/sb-vlc3019.html"
}
],
"title": "CVE Program Container"
},
{
"affected": [
{
"cpes": [
"cpe:2.3:a:videolan:vlc_media_player:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "vlc_media_player",
"vendor": "videolan",
"versions": [
{
"lessThan": "3.0.19",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
}
],
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-46814",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2023-11-22T15:15:48.707628Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-08-29T19:59:01.503Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "A binary hijacking vulnerability exists within the VideoLAN VLC media player before 3.0.19 on Windows. The uninstaller attempts to execute code with elevated privileges out of a standard user writable location. Standard users may use this to gain arbitrary code execution as SYSTEM."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-11-22T04:43:34.625769",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"url": "https://www.videolan.org/security/sb-vlc3019.html"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2023-46814",
"datePublished": "2023-11-22T00:00:00",
"dateReserved": "2023-10-27T00:00:00",
"dateUpdated": "2024-08-29T19:59:01.503Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2008-2430
Vulnerability from cvelistv5
Published
2008-07-07 23:00
Modified
2024-08-07 08:58
Severity ?
EPSS score ?
Summary
Integer overflow in the Open function in modules/demux/wav.c in VLC Media Player 0.8.6h on Windows allows remote attackers to execute arbitrary code via a large fmt chunk in a WAV file.
References
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T08:58:02.620Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "31317",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/31317"
},
{
"name": "3976",
"tags": [
"third-party-advisory",
"x_refsource_SREASON",
"x_transferred"
],
"url": "http://securityreason.com/securityalert/3976"
},
{
"name": "1020429",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://www.securitytracker.com/id?1020429"
},
{
"name": "GLSA-200807-13",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO",
"x_transferred"
],
"url": "http://security.gentoo.org/glsa/glsa-200807-13.xml"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.videolan.org/developers/vlc/NEWS"
},
{
"name": "oval:org.mitre.oval:def:14344",
"tags": [
"vdb-entry",
"signature",
"x_refsource_OVAL",
"x_transferred"
],
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A14344"
},
{
"name": "ADV-2008-1995",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2008/1995/references"
},
{
"name": "oval:org.mitre.oval:def:14769",
"tags": [
"vdb-entry",
"signature",
"x_refsource_OVAL",
"x_transferred"
],
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A14769"
},
{
"name": "20080702 Secunia Research: VLC Media Player WAV Processing Integer Overflow",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://www.securityfocus.com/archive/1/493849/100/0/threaded"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://secunia.com/secunia_research/2008-29/advisory/"
},
{
"name": "30601",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/30601"
},
{
"name": "30058",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/30058"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2008-07-02T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Integer overflow in the Open function in modules/demux/wav.c in VLC Media Player 0.8.6h on Windows allows remote attackers to execute arbitrary code via a large fmt chunk in a WAV file."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-10-11T19:57:01",
"orgId": "44d08088-2bea-4760-83a6-1e9be26b15ab",
"shortName": "flexera"
},
"references": [
{
"name": "31317",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/31317"
},
{
"name": "3976",
"tags": [
"third-party-advisory",
"x_refsource_SREASON"
],
"url": "http://securityreason.com/securityalert/3976"
},
{
"name": "1020429",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://www.securitytracker.com/id?1020429"
},
{
"name": "GLSA-200807-13",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO"
],
"url": "http://security.gentoo.org/glsa/glsa-200807-13.xml"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.videolan.org/developers/vlc/NEWS"
},
{
"name": "oval:org.mitre.oval:def:14344",
"tags": [
"vdb-entry",
"signature",
"x_refsource_OVAL"
],
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A14344"
},
{
"name": "ADV-2008-1995",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2008/1995/references"
},
{
"name": "oval:org.mitre.oval:def:14769",
"tags": [
"vdb-entry",
"signature",
"x_refsource_OVAL"
],
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A14769"
},
{
"name": "20080702 Secunia Research: VLC Media Player WAV Processing Integer Overflow",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://www.securityfocus.com/archive/1/493849/100/0/threaded"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://secunia.com/secunia_research/2008-29/advisory/"
},
{
"name": "30601",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/30601"
},
{
"name": "30058",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/30058"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "PSIRT-CNA@flexerasoftware.com",
"ID": "CVE-2008-2430",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Integer overflow in the Open function in modules/demux/wav.c in VLC Media Player 0.8.6h on Windows allows remote attackers to execute arbitrary code via a large fmt chunk in a WAV file."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "31317",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/31317"
},
{
"name": "3976",
"refsource": "SREASON",
"url": "http://securityreason.com/securityalert/3976"
},
{
"name": "1020429",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id?1020429"
},
{
"name": "GLSA-200807-13",
"refsource": "GENTOO",
"url": "http://security.gentoo.org/glsa/glsa-200807-13.xml"
},
{
"name": "http://www.videolan.org/developers/vlc/NEWS",
"refsource": "CONFIRM",
"url": "http://www.videolan.org/developers/vlc/NEWS"
},
{
"name": "oval:org.mitre.oval:def:14344",
"refsource": "OVAL",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A14344"
},
{
"name": "ADV-2008-1995",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2008/1995/references"
},
{
"name": "oval:org.mitre.oval:def:14769",
"refsource": "OVAL",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A14769"
},
{
"name": "20080702 Secunia Research: VLC Media Player WAV Processing Integer Overflow",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/493849/100/0/threaded"
},
{
"name": "http://secunia.com/secunia_research/2008-29/advisory/",
"refsource": "MISC",
"url": "http://secunia.com/secunia_research/2008-29/advisory/"
},
{
"name": "30601",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/30601"
},
{
"name": "30058",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/30058"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "44d08088-2bea-4760-83a6-1e9be26b15ab",
"assignerShortName": "flexera",
"cveId": "CVE-2008-2430",
"datePublished": "2008-07-07T23:00:00",
"dateReserved": "2008-05-27T00:00:00",
"dateUpdated": "2024-08-07T08:58:02.620Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2012-0904
Vulnerability from cvelistv5
Published
2012-01-20 17:00
Modified
2024-08-06 18:38
Severity ?
EPSS score ?
Summary
VLC media player 1.1.11 allows remote attackers to cause a denial of service (crash) via a long string in an amr file.
References
| ▼ | URL | Tags |
|---|---|---|
| https://exchange.xforce.ibmcloud.com/vulnerabilities/72085 | vdb-entry, x_refsource_XF | |
| http://archives.neohapsis.com/archives/bugtraq/2012-01/0033.html | mailing-list, x_refsource_BUGTRAQ | |
| http://www.exploit-db.com/exploits/18309 | exploit, x_refsource_EXPLOIT-DB | |
| https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A14327 | vdb-entry, signature, x_refsource_OVAL | |
| http://www.securityfocus.com/bid/51255 | vdb-entry, x_refsource_BID |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T18:38:15.022Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "vlcmediaplayer-amr-dos(72085)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/72085"
},
{
"name": "20120104 VLC media player v1.1.11 (.amr) Local Crash PoC",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://archives.neohapsis.com/archives/bugtraq/2012-01/0033.html"
},
{
"name": "18309",
"tags": [
"exploit",
"x_refsource_EXPLOIT-DB",
"x_transferred"
],
"url": "http://www.exploit-db.com/exploits/18309"
},
{
"name": "oval:org.mitre.oval:def:14327",
"tags": [
"vdb-entry",
"signature",
"x_refsource_OVAL",
"x_transferred"
],
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A14327"
},
{
"name": "51255",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/51255"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2012-01-04T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "VLC media player 1.1.11 allows remote attackers to cause a denial of service (crash) via a long string in an amr file."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-09-18T12:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "vlcmediaplayer-amr-dos(72085)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/72085"
},
{
"name": "20120104 VLC media player v1.1.11 (.amr) Local Crash PoC",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://archives.neohapsis.com/archives/bugtraq/2012-01/0033.html"
},
{
"name": "18309",
"tags": [
"exploit",
"x_refsource_EXPLOIT-DB"
],
"url": "http://www.exploit-db.com/exploits/18309"
},
{
"name": "oval:org.mitre.oval:def:14327",
"tags": [
"vdb-entry",
"signature",
"x_refsource_OVAL"
],
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A14327"
},
{
"name": "51255",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/51255"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2012-0904",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "VLC media player 1.1.11 allows remote attackers to cause a denial of service (crash) via a long string in an amr file."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "vlcmediaplayer-amr-dos(72085)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/72085"
},
{
"name": "20120104 VLC media player v1.1.11 (.amr) Local Crash PoC",
"refsource": "BUGTRAQ",
"url": "http://archives.neohapsis.com/archives/bugtraq/2012-01/0033.html"
},
{
"name": "18309",
"refsource": "EXPLOIT-DB",
"url": "http://www.exploit-db.com/exploits/18309"
},
{
"name": "oval:org.mitre.oval:def:14327",
"refsource": "OVAL",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A14327"
},
{
"name": "51255",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/51255"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2012-0904",
"datePublished": "2012-01-20T17:00:00",
"dateReserved": "2012-01-20T00:00:00",
"dateUpdated": "2024-08-06T18:38:15.022Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2010-3276
Vulnerability from cvelistv5
Published
2011-03-28 16:00
Modified
2024-08-07 03:03
Severity ?
EPSS score ?
Summary
libdirectx_plugin.dll in VideoLAN VLC Media Player before 1.1.8 allows remote attackers to execute arbitrary code via a crafted width in an NSV file.
References
| ▼ | URL | Tags |
|---|---|---|
| http://securitytracker.com/id?1025250 | vdb-entry, x_refsource_SECTRACK | |
| https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A14873 | vdb-entry, signature, x_refsource_OVAL | |
| http://www.vupen.com/english/advisories/2011/0759 | vdb-entry, x_refsource_VUPEN | |
| http://www.videolan.org/vlc/releases/1.1.8.html | x_refsource_CONFIRM | |
| http://secunia.com/advisories/43826 | third-party-advisory, x_refsource_SECUNIA | |
| http://www.coresecurity.com/content/vlc-vulnerabilities-amv-nsv-files | x_refsource_MISC | |
| http://www.debian.org/security/2011/dsa-2211 | vendor-advisory, x_refsource_DEBIAN | |
| http://www.securityfocus.com/archive/1/517150/100/0/threaded | mailing-list, x_refsource_BUGTRAQ | |
| https://exchange.xforce.ibmcloud.com/vulnerabilities/66260 | vdb-entry, x_refsource_XF | |
| http://securityreason.com/securityalert/8162 | third-party-advisory, x_refsource_SREASON | |
| http://www.osvdb.org/71278 | vdb-entry, x_refsource_OSVDB | |
| http://www.securityfocus.com/bid/47012 | vdb-entry, x_refsource_BID |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T03:03:18.763Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "1025250",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://securitytracker.com/id?1025250"
},
{
"name": "oval:org.mitre.oval:def:14873",
"tags": [
"vdb-entry",
"signature",
"x_refsource_OVAL",
"x_transferred"
],
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A14873"
},
{
"name": "ADV-2011-0759",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2011/0759"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.videolan.org/vlc/releases/1.1.8.html"
},
{
"name": "43826",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/43826"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://www.coresecurity.com/content/vlc-vulnerabilities-amv-nsv-files"
},
{
"name": "DSA-2211",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN",
"x_transferred"
],
"url": "http://www.debian.org/security/2011/dsa-2211"
},
{
"name": "20110323 CORE-2011-0208: VLC Vulnerabilities handling .AMV and .NSV files",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://www.securityfocus.com/archive/1/517150/100/0/threaded"
},
{
"name": "vlcmediaplayer-nsv-bo(66260)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/66260"
},
{
"name": "8162",
"tags": [
"third-party-advisory",
"x_refsource_SREASON",
"x_transferred"
],
"url": "http://securityreason.com/securityalert/8162"
},
{
"name": "71278",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://www.osvdb.org/71278"
},
{
"name": "47012",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/47012"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2011-03-23T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "libdirectx_plugin.dll in VideoLAN VLC Media Player before 1.1.8 allows remote attackers to execute arbitrary code via a crafted width in an NSV file."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-10-10T18:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "1025250",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://securitytracker.com/id?1025250"
},
{
"name": "oval:org.mitre.oval:def:14873",
"tags": [
"vdb-entry",
"signature",
"x_refsource_OVAL"
],
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A14873"
},
{
"name": "ADV-2011-0759",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2011/0759"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.videolan.org/vlc/releases/1.1.8.html"
},
{
"name": "43826",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/43826"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://www.coresecurity.com/content/vlc-vulnerabilities-amv-nsv-files"
},
{
"name": "DSA-2211",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN"
],
"url": "http://www.debian.org/security/2011/dsa-2211"
},
{
"name": "20110323 CORE-2011-0208: VLC Vulnerabilities handling .AMV and .NSV files",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://www.securityfocus.com/archive/1/517150/100/0/threaded"
},
{
"name": "vlcmediaplayer-nsv-bo(66260)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/66260"
},
{
"name": "8162",
"tags": [
"third-party-advisory",
"x_refsource_SREASON"
],
"url": "http://securityreason.com/securityalert/8162"
},
{
"name": "71278",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://www.osvdb.org/71278"
},
{
"name": "47012",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/47012"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2010-3276",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "libdirectx_plugin.dll in VideoLAN VLC Media Player before 1.1.8 allows remote attackers to execute arbitrary code via a crafted width in an NSV file."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "1025250",
"refsource": "SECTRACK",
"url": "http://securitytracker.com/id?1025250"
},
{
"name": "oval:org.mitre.oval:def:14873",
"refsource": "OVAL",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A14873"
},
{
"name": "ADV-2011-0759",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2011/0759"
},
{
"name": "http://www.videolan.org/vlc/releases/1.1.8.html",
"refsource": "CONFIRM",
"url": "http://www.videolan.org/vlc/releases/1.1.8.html"
},
{
"name": "43826",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/43826"
},
{
"name": "http://www.coresecurity.com/content/vlc-vulnerabilities-amv-nsv-files",
"refsource": "MISC",
"url": "http://www.coresecurity.com/content/vlc-vulnerabilities-amv-nsv-files"
},
{
"name": "DSA-2211",
"refsource": "DEBIAN",
"url": "http://www.debian.org/security/2011/dsa-2211"
},
{
"name": "20110323 CORE-2011-0208: VLC Vulnerabilities handling .AMV and .NSV files",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/517150/100/0/threaded"
},
{
"name": "vlcmediaplayer-nsv-bo(66260)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/66260"
},
{
"name": "8162",
"refsource": "SREASON",
"url": "http://securityreason.com/securityalert/8162"
},
{
"name": "71278",
"refsource": "OSVDB",
"url": "http://www.osvdb.org/71278"
},
{
"name": "47012",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/47012"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2010-3276",
"datePublished": "2011-03-28T16:00:00",
"dateReserved": "2010-09-09T00:00:00",
"dateUpdated": "2024-08-07T03:03:18.763Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2014-1684
Vulnerability from cvelistv5
Published
2014-03-03 16:00
Modified
2024-08-06 09:50
Severity ?
EPSS score ?
Summary
The ASF_ReadObject_file_properties function in modules/demux/asf/libasf.c in the ASF Demuxer in VideoLAN VLC Media Player before 2.1.3 allows remote attackers to cause a denial of service (divide-by-zero error and crash) via a zero minimum and maximum data packet size in an ASF file.
References
| ▼ | URL | Tags |
|---|---|---|
| http://git.videolan.org/gitweb.cgi/vlc.git/?p=vlc.git%3Ba=commitdiff%3Bh=98787d0843612271e99d62bee0dfd8197f0cf404 | x_refsource_CONFIRM | |
| https://trac.videolan.org/vlc/ticket/10482 | x_refsource_CONFIRM | |
| http://www.elsherei.com/?p=269 | x_refsource_MISC | |
| https://security.gentoo.org/glsa/201603-08 | vendor-advisory, x_refsource_GENTOO |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T09:50:10.598Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://git.videolan.org/gitweb.cgi/vlc.git/?p=vlc.git%3Ba=commitdiff%3Bh=98787d0843612271e99d62bee0dfd8197f0cf404"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://trac.videolan.org/vlc/ticket/10482"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://www.elsherei.com/?p=269"
},
{
"name": "GLSA-201603-08",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO",
"x_transferred"
],
"url": "https://security.gentoo.org/glsa/201603-08"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2014-02-25T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "The ASF_ReadObject_file_properties function in modules/demux/asf/libasf.c in the ASF Demuxer in VideoLAN VLC Media Player before 2.1.3 allows remote attackers to cause a denial of service (divide-by-zero error and crash) via a zero minimum and maximum data packet size in an ASF file."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-06-30T16:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://git.videolan.org/gitweb.cgi/vlc.git/?p=vlc.git%3Ba=commitdiff%3Bh=98787d0843612271e99d62bee0dfd8197f0cf404"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://trac.videolan.org/vlc/ticket/10482"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://www.elsherei.com/?p=269"
},
{
"name": "GLSA-201603-08",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO"
],
"url": "https://security.gentoo.org/glsa/201603-08"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2014-1684",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The ASF_ReadObject_file_properties function in modules/demux/asf/libasf.c in the ASF Demuxer in VideoLAN VLC Media Player before 2.1.3 allows remote attackers to cause a denial of service (divide-by-zero error and crash) via a zero minimum and maximum data packet size in an ASF file."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://git.videolan.org/gitweb.cgi/vlc.git/?p=vlc.git;a=commitdiff;h=98787d0843612271e99d62bee0dfd8197f0cf404",
"refsource": "CONFIRM",
"url": "http://git.videolan.org/gitweb.cgi/vlc.git/?p=vlc.git;a=commitdiff;h=98787d0843612271e99d62bee0dfd8197f0cf404"
},
{
"name": "https://trac.videolan.org/vlc/ticket/10482",
"refsource": "CONFIRM",
"url": "https://trac.videolan.org/vlc/ticket/10482"
},
{
"name": "http://www.elsherei.com/?p=269",
"refsource": "MISC",
"url": "http://www.elsherei.com/?p=269"
},
{
"name": "GLSA-201603-08",
"refsource": "GENTOO",
"url": "https://security.gentoo.org/glsa/201603-08"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2014-1684",
"datePublished": "2014-03-03T16:00:00",
"dateReserved": "2014-01-28T00:00:00",
"dateUpdated": "2024-08-06T09:50:10.598Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2023-47360
Vulnerability from cvelistv5
Published
2023-11-07 00:00
Modified
2024-08-02 21:09
Severity ?
EPSS score ?
Summary
Videolan VLC prior to version 3.0.20 contains an Integer underflow that leads to an incorrect packet length.
References
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T21:09:36.640Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://0xariana.github.io/blog/real_bugs/vlc/mms"
},
{
"name": "[debian-lts-announce] 20231130 [SECURITY] [DLA 3679-1] vlc security update",
"tags": [
"mailing-list",
"x_transferred"
],
"url": "https://lists.debian.org/debian-lts-announce/2023/11/msg00034.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Videolan VLC prior to version 3.0.20 contains an Integer underflow that leads to an incorrect packet length."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-12-01T01:06:18.916046",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"url": "https://0xariana.github.io/blog/real_bugs/vlc/mms"
},
{
"name": "[debian-lts-announce] 20231130 [SECURITY] [DLA 3679-1] vlc security update",
"tags": [
"mailing-list"
],
"url": "https://lists.debian.org/debian-lts-announce/2023/11/msg00034.html"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2023-47360",
"datePublished": "2023-11-07T00:00:00",
"dateReserved": "2023-11-06T00:00:00",
"dateUpdated": "2024-08-02T21:09:36.640Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2008-0296
Vulnerability from cvelistv5
Published
2008-01-16 21:00
Modified
2024-08-07 07:39
Severity ?
EPSS score ?
Summary
Heap-based buffer overflow in the libaccess_realrtsp plugin in VideoLAN VLC Media Player 0.8.6d and earlier on Windows might allow remote RTSP servers to cause a denial of service (application crash) or execute arbitrary code via a long string.
References
| ▼ | URL | Tags |
|---|---|---|
| http://www.vupen.com/english/advisories/2008/0105 | vdb-entry, x_refsource_VUPEN | |
| http://secunia.com/advisories/29284 | third-party-advisory, x_refsource_SECUNIA | |
| http://www.debian.org/security/2008/dsa-1543 | vendor-advisory, x_refsource_DEBIAN | |
| http://aluigi.altervista.org/adv/vlcxhof-adv.txt | x_refsource_MISC | |
| https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A14597 | vdb-entry, signature, x_refsource_OVAL | |
| http://secunia.com/advisories/29766 | third-party-advisory, x_refsource_SECUNIA | |
| http://www.gentoo.org/security/en/glsa/glsa-200803-13.xml | vendor-advisory, x_refsource_GENTOO |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T07:39:34.172Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "ADV-2008-0105",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2008/0105"
},
{
"name": "29284",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/29284"
},
{
"name": "DSA-1543",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN",
"x_transferred"
],
"url": "http://www.debian.org/security/2008/dsa-1543"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://aluigi.altervista.org/adv/vlcxhof-adv.txt"
},
{
"name": "oval:org.mitre.oval:def:14597",
"tags": [
"vdb-entry",
"signature",
"x_refsource_OVAL",
"x_transferred"
],
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A14597"
},
{
"name": "29766",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/29766"
},
{
"name": "GLSA-200803-13",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO",
"x_transferred"
],
"url": "http://www.gentoo.org/security/en/glsa/glsa-200803-13.xml"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2008-01-08T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Heap-based buffer overflow in the libaccess_realrtsp plugin in VideoLAN VLC Media Player 0.8.6d and earlier on Windows might allow remote RTSP servers to cause a denial of service (application crash) or execute arbitrary code via a long string."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-09-28T12:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "ADV-2008-0105",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2008/0105"
},
{
"name": "29284",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/29284"
},
{
"name": "DSA-1543",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN"
],
"url": "http://www.debian.org/security/2008/dsa-1543"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://aluigi.altervista.org/adv/vlcxhof-adv.txt"
},
{
"name": "oval:org.mitre.oval:def:14597",
"tags": [
"vdb-entry",
"signature",
"x_refsource_OVAL"
],
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A14597"
},
{
"name": "29766",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/29766"
},
{
"name": "GLSA-200803-13",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO"
],
"url": "http://www.gentoo.org/security/en/glsa/glsa-200803-13.xml"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2008-0296",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Heap-based buffer overflow in the libaccess_realrtsp plugin in VideoLAN VLC Media Player 0.8.6d and earlier on Windows might allow remote RTSP servers to cause a denial of service (application crash) or execute arbitrary code via a long string."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "ADV-2008-0105",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2008/0105"
},
{
"name": "29284",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/29284"
},
{
"name": "DSA-1543",
"refsource": "DEBIAN",
"url": "http://www.debian.org/security/2008/dsa-1543"
},
{
"name": "http://aluigi.altervista.org/adv/vlcxhof-adv.txt",
"refsource": "MISC",
"url": "http://aluigi.altervista.org/adv/vlcxhof-adv.txt"
},
{
"name": "oval:org.mitre.oval:def:14597",
"refsource": "OVAL",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A14597"
},
{
"name": "29766",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/29766"
},
{
"name": "GLSA-200803-13",
"refsource": "GENTOO",
"url": "http://www.gentoo.org/security/en/glsa/glsa-200803-13.xml"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2008-0296",
"datePublished": "2008-01-16T21:00:00",
"dateReserved": "2008-01-16T00:00:00",
"dateUpdated": "2024-08-07T07:39:34.172Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2011-1684
Vulnerability from cvelistv5
Published
2011-05-03 20:00
Modified
2024-08-06 22:37
Severity ?
EPSS score ?
Summary
Heap-based buffer overflow in the MP4_ReadBox_skcr function in libmp4.c in the MP4 demultiplexer in VideoLAN VLC media player 1.x before 1.1.9 allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a crafted MP4 file.
References
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T22:37:25.317Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "oval:org.mitre.oval:def:14741",
"tags": [
"vdb-entry",
"signature",
"x_refsource_OVAL",
"x_transferred"
],
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A14741"
},
{
"name": "ADV-2011-0954",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2011/0954"
},
{
"name": "43890",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/43890"
},
{
"name": "[oss-security] 20110412 CVE id request: vlc",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://openwall.com/lists/oss-security/2011/04/11/17"
},
{
"name": "44022",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/44022"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://git.videolan.org/?p=vlc.git%3Ba=commit%3Bh=5637ca8141bf39f263ecdb62035d2cb45c740821"
},
{
"name": "ADV-2011-0916",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2011/0916"
},
{
"name": "DSA-2218",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN",
"x_transferred"
],
"url": "http://www.debian.org/security/2011/dsa-2218"
},
{
"name": "[oss-security] 20110413 Re: CVE id request: vlc",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://openwall.com/lists/oss-security/2011/04/13/17"
},
{
"name": "vlcmediaplayer-mp4readboxskcr-bo(66664)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/66664"
},
{
"name": "47293",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/47293"
},
{
"name": "1025373",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://securitytracker.com/id?1025373"
},
{
"name": "[oss-security] 20110413 Re: CVE id request: vlc",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://openwall.com/lists/oss-security/2011/04/13/14"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.videolan.org/security/sa1103.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2011-04-12T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Heap-based buffer overflow in the MP4_ReadBox_skcr function in libmp4.c in the MP4 demultiplexer in VideoLAN VLC media player 1.x before 1.1.9 allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a crafted MP4 file."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-09-18T12:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "oval:org.mitre.oval:def:14741",
"tags": [
"vdb-entry",
"signature",
"x_refsource_OVAL"
],
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A14741"
},
{
"name": "ADV-2011-0954",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2011/0954"
},
{
"name": "43890",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/43890"
},
{
"name": "[oss-security] 20110412 CVE id request: vlc",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://openwall.com/lists/oss-security/2011/04/11/17"
},
{
"name": "44022",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/44022"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://git.videolan.org/?p=vlc.git%3Ba=commit%3Bh=5637ca8141bf39f263ecdb62035d2cb45c740821"
},
{
"name": "ADV-2011-0916",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2011/0916"
},
{
"name": "DSA-2218",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN"
],
"url": "http://www.debian.org/security/2011/dsa-2218"
},
{
"name": "[oss-security] 20110413 Re: CVE id request: vlc",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://openwall.com/lists/oss-security/2011/04/13/17"
},
{
"name": "vlcmediaplayer-mp4readboxskcr-bo(66664)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/66664"
},
{
"name": "47293",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/47293"
},
{
"name": "1025373",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://securitytracker.com/id?1025373"
},
{
"name": "[oss-security] 20110413 Re: CVE id request: vlc",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://openwall.com/lists/oss-security/2011/04/13/14"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.videolan.org/security/sa1103.html"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2011-1684",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Heap-based buffer overflow in the MP4_ReadBox_skcr function in libmp4.c in the MP4 demultiplexer in VideoLAN VLC media player 1.x before 1.1.9 allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a crafted MP4 file."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "oval:org.mitre.oval:def:14741",
"refsource": "OVAL",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A14741"
},
{
"name": "ADV-2011-0954",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2011/0954"
},
{
"name": "43890",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/43890"
},
{
"name": "[oss-security] 20110412 CVE id request: vlc",
"refsource": "MLIST",
"url": "http://openwall.com/lists/oss-security/2011/04/11/17"
},
{
"name": "44022",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/44022"
},
{
"name": "http://git.videolan.org/?p=vlc.git;a=commit;h=5637ca8141bf39f263ecdb62035d2cb45c740821",
"refsource": "CONFIRM",
"url": "http://git.videolan.org/?p=vlc.git;a=commit;h=5637ca8141bf39f263ecdb62035d2cb45c740821"
},
{
"name": "ADV-2011-0916",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2011/0916"
},
{
"name": "DSA-2218",
"refsource": "DEBIAN",
"url": "http://www.debian.org/security/2011/dsa-2218"
},
{
"name": "[oss-security] 20110413 Re: CVE id request: vlc",
"refsource": "MLIST",
"url": "http://openwall.com/lists/oss-security/2011/04/13/17"
},
{
"name": "vlcmediaplayer-mp4readboxskcr-bo(66664)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/66664"
},
{
"name": "47293",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/47293"
},
{
"name": "1025373",
"refsource": "SECTRACK",
"url": "http://securitytracker.com/id?1025373"
},
{
"name": "[oss-security] 20110413 Re: CVE id request: vlc",
"refsource": "MLIST",
"url": "http://openwall.com/lists/oss-security/2011/04/13/14"
},
{
"name": "http://www.videolan.org/security/sa1103.html",
"refsource": "CONFIRM",
"url": "http://www.videolan.org/security/sa1103.html"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2011-1684",
"datePublished": "2011-05-03T20:00:00",
"dateReserved": "2011-04-13T00:00:00",
"dateUpdated": "2024-08-06T22:37:25.317Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2014-9626
Vulnerability from cvelistv5
Published
2020-01-24 21:57
Modified
2024-08-06 13:47
Severity ?
EPSS score ?
Summary
Integer underflow in the MP4_ReadBox_String function in modules/demux/mp4/libmp4.c in VideoLAN VLC media player before 2.1.6 allows remote attackers to cause a denial of service or possibly have unspecified other impact via a box size less than 7.
References
| ▼ | URL | Tags |
|---|---|---|
| http://openwall.com/lists/oss-security/2015/01/20/5 | x_refsource_MISC | |
| https://github.com/videolan/vlc/commit/2e7c7091a61aa5d07e7997b393d821e91f593c39 | x_refsource_MISC | |
| https://www.videolan.org/security/sa1501.html | x_refsource_CONFIRM |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T13:47:41.741Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://openwall.com/lists/oss-security/2015/01/20/5"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/videolan/vlc/commit/2e7c7091a61aa5d07e7997b393d821e91f593c39"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://www.videolan.org/security/sa1501.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2014-12-05T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Integer underflow in the MP4_ReadBox_String function in modules/demux/mp4/libmp4.c in VideoLAN VLC media player before 2.1.6 allows remote attackers to cause a denial of service or possibly have unspecified other impact via a box size less than 7."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2020-01-24T21:57:25",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "http://openwall.com/lists/oss-security/2015/01/20/5"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/videolan/vlc/commit/2e7c7091a61aa5d07e7997b393d821e91f593c39"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://www.videolan.org/security/sa1501.html"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2014-9626",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Integer underflow in the MP4_ReadBox_String function in modules/demux/mp4/libmp4.c in VideoLAN VLC media player before 2.1.6 allows remote attackers to cause a denial of service or possibly have unspecified other impact via a box size less than 7."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://openwall.com/lists/oss-security/2015/01/20/5",
"refsource": "MISC",
"url": "http://openwall.com/lists/oss-security/2015/01/20/5"
},
{
"name": "https://github.com/videolan/vlc/commit/2e7c7091a61aa5d07e7997b393d821e91f593c39",
"refsource": "MISC",
"url": "https://github.com/videolan/vlc/commit/2e7c7091a61aa5d07e7997b393d821e91f593c39"
},
{
"name": "https://www.videolan.org/security/sa1501.html",
"refsource": "CONFIRM",
"url": "https://www.videolan.org/security/sa1501.html"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2014-9626",
"datePublished": "2020-01-24T21:57:25",
"dateReserved": "2015-01-20T00:00:00",
"dateUpdated": "2024-08-06T13:47:41.741Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2015-5949
Vulnerability from cvelistv5
Published
2015-08-25 17:00
Modified
2024-08-06 07:06
Severity ?
EPSS score ?
Summary
VideoLAN VLC media player 2.2.1 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a crafted 3GP file, which triggers the freeing of arbitrary pointers.
References
| ▼ | URL | Tags |
|---|---|---|
| https://git.videolan.org/?p=vlc/vlc-2.2.git%3Ba=commitdiff%3Bh=ce91452460a75d7424b165c4dc8db98114c3cbd9%3Bhp=9e12195d3e4316278af1fa4bcb6a705ff27456fd | x_refsource_CONFIRM | |
| http://www.debian.org/security/2015/dsa-3342 | vendor-advisory, x_refsource_DEBIAN | |
| https://security.gentoo.org/glsa/201603-08 | vendor-advisory, x_refsource_GENTOO | |
| http://www.openwall.com/lists/oss-security/2015/08/20/8 | mailing-list, x_refsource_MLIST | |
| http://www.securityfocus.com/archive/1/536287/100/0/threaded | mailing-list, x_refsource_BUGTRAQ | |
| https://www.ocert.org/advisories/ocert-2015-009.html | x_refsource_MISC | |
| http://lists.opensuse.org/opensuse-security-announce/2016-02/msg00040.html | vendor-advisory, x_refsource_SUSE | |
| http://www.openwall.com/lists/oss-security/2015/08/20/3 | mailing-list, x_refsource_MLIST | |
| http://packetstormsecurity.com/files/133266/VLC-2.2.1-Arbitrary-Pointer-Dereference.html | x_refsource_MISC |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T07:06:35.102Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://git.videolan.org/?p=vlc/vlc-2.2.git%3Ba=commitdiff%3Bh=ce91452460a75d7424b165c4dc8db98114c3cbd9%3Bhp=9e12195d3e4316278af1fa4bcb6a705ff27456fd"
},
{
"name": "DSA-3342",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN",
"x_transferred"
],
"url": "http://www.debian.org/security/2015/dsa-3342"
},
{
"name": "GLSA-201603-08",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO",
"x_transferred"
],
"url": "https://security.gentoo.org/glsa/201603-08"
},
{
"name": "[oss-security] 20150820 Re: [oCERT-2015-009] VLC arbitrary pointer dereference",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2015/08/20/8"
},
{
"name": "20150820 [oCERT-2015-009] VLC arbitrary pointer dereference",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://www.securityfocus.com/archive/1/536287/100/0/threaded"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.ocert.org/advisories/ocert-2015-009.html"
},
{
"name": "openSUSE-SU-2016:0476",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-02/msg00040.html"
},
{
"name": "[oss-security] 20150820 [oCERT-2015-009] VLC arbitrary pointer dereference",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2015/08/20/3"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://packetstormsecurity.com/files/133266/VLC-2.2.1-Arbitrary-Pointer-Dereference.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2015-08-03T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "VideoLAN VLC media player 2.2.1 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a crafted 3GP file, which triggers the freeing of arbitrary pointers."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-10-09T18:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://git.videolan.org/?p=vlc/vlc-2.2.git%3Ba=commitdiff%3Bh=ce91452460a75d7424b165c4dc8db98114c3cbd9%3Bhp=9e12195d3e4316278af1fa4bcb6a705ff27456fd"
},
{
"name": "DSA-3342",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN"
],
"url": "http://www.debian.org/security/2015/dsa-3342"
},
{
"name": "GLSA-201603-08",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO"
],
"url": "https://security.gentoo.org/glsa/201603-08"
},
{
"name": "[oss-security] 20150820 Re: [oCERT-2015-009] VLC arbitrary pointer dereference",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://www.openwall.com/lists/oss-security/2015/08/20/8"
},
{
"name": "20150820 [oCERT-2015-009] VLC arbitrary pointer dereference",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://www.securityfocus.com/archive/1/536287/100/0/threaded"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.ocert.org/advisories/ocert-2015-009.html"
},
{
"name": "openSUSE-SU-2016:0476",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-02/msg00040.html"
},
{
"name": "[oss-security] 20150820 [oCERT-2015-009] VLC arbitrary pointer dereference",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://www.openwall.com/lists/oss-security/2015/08/20/3"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://packetstormsecurity.com/files/133266/VLC-2.2.1-Arbitrary-Pointer-Dereference.html"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2015-5949",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "VideoLAN VLC media player 2.2.1 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a crafted 3GP file, which triggers the freeing of arbitrary pointers."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://git.videolan.org/?p=vlc/vlc-2.2.git;a=commitdiff;h=ce91452460a75d7424b165c4dc8db98114c3cbd9;hp=9e12195d3e4316278af1fa4bcb6a705ff27456fd",
"refsource": "CONFIRM",
"url": "https://git.videolan.org/?p=vlc/vlc-2.2.git;a=commitdiff;h=ce91452460a75d7424b165c4dc8db98114c3cbd9;hp=9e12195d3e4316278af1fa4bcb6a705ff27456fd"
},
{
"name": "DSA-3342",
"refsource": "DEBIAN",
"url": "http://www.debian.org/security/2015/dsa-3342"
},
{
"name": "GLSA-201603-08",
"refsource": "GENTOO",
"url": "https://security.gentoo.org/glsa/201603-08"
},
{
"name": "[oss-security] 20150820 Re: [oCERT-2015-009] VLC arbitrary pointer dereference",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2015/08/20/8"
},
{
"name": "20150820 [oCERT-2015-009] VLC arbitrary pointer dereference",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/536287/100/0/threaded"
},
{
"name": "https://www.ocert.org/advisories/ocert-2015-009.html",
"refsource": "MISC",
"url": "https://www.ocert.org/advisories/ocert-2015-009.html"
},
{
"name": "openSUSE-SU-2016:0476",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-02/msg00040.html"
},
{
"name": "[oss-security] 20150820 [oCERT-2015-009] VLC arbitrary pointer dereference",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2015/08/20/3"
},
{
"name": "http://packetstormsecurity.com/files/133266/VLC-2.2.1-Arbitrary-Pointer-Dereference.html",
"refsource": "MISC",
"url": "http://packetstormsecurity.com/files/133266/VLC-2.2.1-Arbitrary-Pointer-Dereference.html"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2015-5949",
"datePublished": "2015-08-25T17:00:00",
"dateReserved": "2015-08-06T00:00:00",
"dateUpdated": "2024-08-06T07:06:35.102Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2010-0364
Vulnerability from cvelistv5
Published
2010-01-21 20:00
Modified
2024-08-07 00:45
Severity ?
EPSS score ?
Summary
Stack-based buffer overflow in VideoLAN VLC Media Player 0.8.6 allows user-assisted remote attackers to execute arbitrary code via an ogg file with a crafted Advanced SubStation Alpha Subtitle (.ass) file, probably involving the Dialogue field.
References
| ▼ | URL | Tags |
|---|---|---|
| https://exchange.xforce.ibmcloud.com/vulnerabilities/55717 | vdb-entry, x_refsource_XF | |
| http://www.securityfocus.com/bid/37832 | vdb-entry, x_refsource_BID | |
| https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A14342 | vdb-entry, signature, x_refsource_OVAL | |
| http://www.exploit-db.com/exploits/11174 | exploit, x_refsource_EXPLOIT-DB |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T00:45:12.153Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "vlcmediaplayer-asas-bo(55717)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/55717"
},
{
"name": "37832",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/37832"
},
{
"name": "oval:org.mitre.oval:def:14342",
"tags": [
"vdb-entry",
"signature",
"x_refsource_OVAL",
"x_transferred"
],
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A14342"
},
{
"name": "11174",
"tags": [
"exploit",
"x_refsource_EXPLOIT-DB",
"x_transferred"
],
"url": "http://www.exploit-db.com/exploits/11174"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2010-01-17T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Stack-based buffer overflow in VideoLAN VLC Media Player 0.8.6 allows user-assisted remote attackers to execute arbitrary code via an ogg file with a crafted Advanced SubStation Alpha Subtitle (.ass) file, probably involving the Dialogue field."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-09-18T12:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "vlcmediaplayer-asas-bo(55717)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/55717"
},
{
"name": "37832",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/37832"
},
{
"name": "oval:org.mitre.oval:def:14342",
"tags": [
"vdb-entry",
"signature",
"x_refsource_OVAL"
],
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A14342"
},
{
"name": "11174",
"tags": [
"exploit",
"x_refsource_EXPLOIT-DB"
],
"url": "http://www.exploit-db.com/exploits/11174"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2010-0364",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Stack-based buffer overflow in VideoLAN VLC Media Player 0.8.6 allows user-assisted remote attackers to execute arbitrary code via an ogg file with a crafted Advanced SubStation Alpha Subtitle (.ass) file, probably involving the Dialogue field."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "vlcmediaplayer-asas-bo(55717)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/55717"
},
{
"name": "37832",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/37832"
},
{
"name": "oval:org.mitre.oval:def:14342",
"refsource": "OVAL",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A14342"
},
{
"name": "11174",
"refsource": "EXPLOIT-DB",
"url": "http://www.exploit-db.com/exploits/11174"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2010-0364",
"datePublished": "2010-01-21T20:00:00",
"dateReserved": "2010-01-21T00:00:00",
"dateUpdated": "2024-08-07T00:45:12.153Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2018-11529
Vulnerability from cvelistv5
Published
2018-07-11 16:00
Modified
2024-08-05 08:10
Severity ?
EPSS score ?
Summary
VideoLAN VLC media player 2.2.x is prone to a use after free vulnerability which an attacker can leverage to execute arbitrary code via crafted MKV files. Failed exploit attempts will likely result in denial of service conditions.
References
| ▼ | URL | Tags |
|---|---|---|
| http://www.securitytracker.com/id/1041311 | vdb-entry, x_refsource_SECTRACK | |
| http://seclists.org/fulldisclosure/2018/Jul/28 | mailing-list, x_refsource_FULLDISC | |
| https://www.exploit-db.com/exploits/45626/ | exploit, x_refsource_EXPLOIT-DB | |
| https://www.debian.org/security/2018/dsa-4251 | vendor-advisory, x_refsource_DEBIAN |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T08:10:14.622Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "1041311",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://www.securitytracker.com/id/1041311"
},
{
"name": "20180710 VLC media player 2.2.8 Arbitrary Code Execution PoC",
"tags": [
"mailing-list",
"x_refsource_FULLDISC",
"x_transferred"
],
"url": "http://seclists.org/fulldisclosure/2018/Jul/28"
},
{
"name": "45626",
"tags": [
"exploit",
"x_refsource_EXPLOIT-DB",
"x_transferred"
],
"url": "https://www.exploit-db.com/exploits/45626/"
},
{
"name": "DSA-4251",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN",
"x_transferred"
],
"url": "https://www.debian.org/security/2018/dsa-4251"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2018-07-09T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "VideoLAN VLC media player 2.2.x is prone to a use after free vulnerability which an attacker can leverage to execute arbitrary code via crafted MKV files. Failed exploit attempts will likely result in denial of service conditions."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-10-18T09:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "1041311",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://www.securitytracker.com/id/1041311"
},
{
"name": "20180710 VLC media player 2.2.8 Arbitrary Code Execution PoC",
"tags": [
"mailing-list",
"x_refsource_FULLDISC"
],
"url": "http://seclists.org/fulldisclosure/2018/Jul/28"
},
{
"name": "45626",
"tags": [
"exploit",
"x_refsource_EXPLOIT-DB"
],
"url": "https://www.exploit-db.com/exploits/45626/"
},
{
"name": "DSA-4251",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN"
],
"url": "https://www.debian.org/security/2018/dsa-4251"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2018-11529",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "VideoLAN VLC media player 2.2.x is prone to a use after free vulnerability which an attacker can leverage to execute arbitrary code via crafted MKV files. Failed exploit attempts will likely result in denial of service conditions."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "1041311",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1041311"
},
{
"name": "20180710 VLC media player 2.2.8 Arbitrary Code Execution PoC",
"refsource": "FULLDISC",
"url": "http://seclists.org/fulldisclosure/2018/Jul/28"
},
{
"name": "45626",
"refsource": "EXPLOIT-DB",
"url": "https://www.exploit-db.com/exploits/45626/"
},
{
"name": "DSA-4251",
"refsource": "DEBIAN",
"url": "https://www.debian.org/security/2018/dsa-4251"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2018-11529",
"datePublished": "2018-07-11T16:00:00",
"dateReserved": "2018-05-29T00:00:00",
"dateUpdated": "2024-08-05T08:10:14.622Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2008-5276
Vulnerability from cvelistv5
Published
2008-12-03 17:00
Modified
2024-08-07 10:49
Severity ?
EPSS score ?
Summary
Integer overflow in the ReadRealIndex function in real.c in the Real demuxer plugin in VideoLAN VLC media player 0.9.0 through 0.9.7 allows remote attackers to execute arbitrary code via a malformed RealMedia (.rm) file that triggers a heap-based buffer overflow.
References
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T10:49:11.896Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://www.trapkit.de/advisories/TKADV2008-013.txt"
},
{
"name": "20081130 [TKADV2008-013] VLC media player RealMedia Processing Integer Overflow Vulnerability",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://www.securityfocus.com/archive/1/498768/100/0/threaded"
},
{
"name": "oval:org.mitre.oval:def:14793",
"tags": [
"vdb-entry",
"signature",
"x_refsource_OVAL",
"x_transferred"
],
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A14793"
},
{
"name": "50333",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://www.osvdb.org/50333"
},
{
"name": "ADV-2008-3287",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2008/3287"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://git.videolan.org/?p=vlc.git%3Ba=commitdiff%3Bh=d19de4e9f2211cbe5bde00726b66c47a424f4e07"
},
{
"name": "32942",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/32942"
},
{
"name": "32545",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/32545"
},
{
"name": "4680",
"tags": [
"third-party-advisory",
"x_refsource_SREASON",
"x_transferred"
],
"url": "http://securityreason.com/securityalert/4680"
},
{
"name": "33315",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/33315"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.videolan.org/security/sa0811.html"
},
{
"name": "GLSA-200812-24",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO",
"x_transferred"
],
"url": "http://security.gentoo.org/glsa/glsa-200812-24.xml"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2008-11-30T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Integer overflow in the ReadRealIndex function in real.c in the Real demuxer plugin in VideoLAN VLC media player 0.9.0 through 0.9.7 allows remote attackers to execute arbitrary code via a malformed RealMedia (.rm) file that triggers a heap-based buffer overflow."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-10-11T19:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "http://www.trapkit.de/advisories/TKADV2008-013.txt"
},
{
"name": "20081130 [TKADV2008-013] VLC media player RealMedia Processing Integer Overflow Vulnerability",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://www.securityfocus.com/archive/1/498768/100/0/threaded"
},
{
"name": "oval:org.mitre.oval:def:14793",
"tags": [
"vdb-entry",
"signature",
"x_refsource_OVAL"
],
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A14793"
},
{
"name": "50333",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://www.osvdb.org/50333"
},
{
"name": "ADV-2008-3287",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2008/3287"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://git.videolan.org/?p=vlc.git%3Ba=commitdiff%3Bh=d19de4e9f2211cbe5bde00726b66c47a424f4e07"
},
{
"name": "32942",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/32942"
},
{
"name": "32545",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/32545"
},
{
"name": "4680",
"tags": [
"third-party-advisory",
"x_refsource_SREASON"
],
"url": "http://securityreason.com/securityalert/4680"
},
{
"name": "33315",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/33315"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.videolan.org/security/sa0811.html"
},
{
"name": "GLSA-200812-24",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO"
],
"url": "http://security.gentoo.org/glsa/glsa-200812-24.xml"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2008-5276",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Integer overflow in the ReadRealIndex function in real.c in the Real demuxer plugin in VideoLAN VLC media player 0.9.0 through 0.9.7 allows remote attackers to execute arbitrary code via a malformed RealMedia (.rm) file that triggers a heap-based buffer overflow."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://www.trapkit.de/advisories/TKADV2008-013.txt",
"refsource": "MISC",
"url": "http://www.trapkit.de/advisories/TKADV2008-013.txt"
},
{
"name": "20081130 [TKADV2008-013] VLC media player RealMedia Processing Integer Overflow Vulnerability",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/498768/100/0/threaded"
},
{
"name": "oval:org.mitre.oval:def:14793",
"refsource": "OVAL",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A14793"
},
{
"name": "50333",
"refsource": "OSVDB",
"url": "http://www.osvdb.org/50333"
},
{
"name": "ADV-2008-3287",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2008/3287"
},
{
"name": "http://git.videolan.org/?p=vlc.git;a=commitdiff;h=d19de4e9f2211cbe5bde00726b66c47a424f4e07",
"refsource": "CONFIRM",
"url": "http://git.videolan.org/?p=vlc.git;a=commitdiff;h=d19de4e9f2211cbe5bde00726b66c47a424f4e07"
},
{
"name": "32942",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/32942"
},
{
"name": "32545",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/32545"
},
{
"name": "4680",
"refsource": "SREASON",
"url": "http://securityreason.com/securityalert/4680"
},
{
"name": "33315",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/33315"
},
{
"name": "http://www.videolan.org/security/sa0811.html",
"refsource": "CONFIRM",
"url": "http://www.videolan.org/security/sa0811.html"
},
{
"name": "GLSA-200812-24",
"refsource": "GENTOO",
"url": "http://security.gentoo.org/glsa/glsa-200812-24.xml"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2008-5276",
"datePublished": "2008-12-03T17:00:00",
"dateReserved": "2008-11-28T00:00:00",
"dateUpdated": "2024-08-07T10:49:11.896Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2010-1443
Vulnerability from cvelistv5
Published
2014-12-26 20:00
Modified
2024-08-07 01:21
Severity ?
EPSS score ?
Summary
The parse_track_node function in modules/demux/playlist/xspf.c in the XSPF playlist parser in VideoLAN VLC media player before 1.0.6 allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) via an empty location element in an XML Shareable Playlist Format (XSPF) document.
References
| ▼ | URL | Tags |
|---|---|---|
| http://www.videolan.org/security/sa1003.html | x_refsource_CONFIRM | |
| http://openwall.com/lists/oss-security/2010/04/28/4 | mailing-list, x_refsource_MLIST | |
| http://git.videolan.org/?p=vlc/vlc-1.1.git%3Ba=commit%3Bh=8902488ba529c0cf4c903a8a84ff20b5737cc753 | x_refsource_CONFIRM |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T01:21:19.109Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.videolan.org/security/sa1003.html"
},
{
"name": "[oss-security] 20100428 Re: CVE request: VLC \u003c1.0.6 Multiple issues",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://openwall.com/lists/oss-security/2010/04/28/4"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://git.videolan.org/?p=vlc/vlc-1.1.git%3Ba=commit%3Bh=8902488ba529c0cf4c903a8a84ff20b5737cc753"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2010-04-19T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "The parse_track_node function in modules/demux/playlist/xspf.c in the XSPF playlist parser in VideoLAN VLC media player before 1.0.6 allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) via an empty location element in an XML Shareable Playlist Format (XSPF) document."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2014-12-26T19:57:00",
"orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"shortName": "redhat"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.videolan.org/security/sa1003.html"
},
{
"name": "[oss-security] 20100428 Re: CVE request: VLC \u003c1.0.6 Multiple issues",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://openwall.com/lists/oss-security/2010/04/28/4"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://git.videolan.org/?p=vlc/vlc-1.1.git%3Ba=commit%3Bh=8902488ba529c0cf4c903a8a84ff20b5737cc753"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "secalert@redhat.com",
"ID": "CVE-2010-1443",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The parse_track_node function in modules/demux/playlist/xspf.c in the XSPF playlist parser in VideoLAN VLC media player before 1.0.6 allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) via an empty location element in an XML Shareable Playlist Format (XSPF) document."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://www.videolan.org/security/sa1003.html",
"refsource": "CONFIRM",
"url": "http://www.videolan.org/security/sa1003.html"
},
{
"name": "[oss-security] 20100428 Re: CVE request: VLC \u003c1.0.6 Multiple issues",
"refsource": "MLIST",
"url": "http://openwall.com/lists/oss-security/2010/04/28/4"
},
{
"name": "http://git.videolan.org/?p=vlc/vlc-1.1.git;a=commit;h=8902488ba529c0cf4c903a8a84ff20b5737cc753",
"refsource": "CONFIRM",
"url": "http://git.videolan.org/?p=vlc/vlc-1.1.git;a=commit;h=8902488ba529c0cf4c903a8a84ff20b5737cc753"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"assignerShortName": "redhat",
"cveId": "CVE-2010-1443",
"datePublished": "2014-12-26T20:00:00",
"dateReserved": "2010-04-15T00:00:00",
"dateUpdated": "2024-08-07T01:21:19.109Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2019-5459
Vulnerability from cvelistv5
Published
2019-07-30 20:24
Modified
2024-08-04 19:54
Severity ?
EPSS score ?
Summary
An Integer underflow in VLC Media Player versions < 3.0.7 leads to an out-of-band read.
References
| ▼ | URL | Tags |
|---|---|---|
| https://hackerone.com/reports/502816 | x_refsource_MISC | |
| http://lists.opensuse.org/opensuse-security-announce/2019-08/msg00005.html | vendor-advisory, x_refsource_SUSE | |
| http://lists.opensuse.org/opensuse-security-announce/2019-08/msg00040.html | vendor-advisory, x_refsource_SUSE | |
| http://lists.opensuse.org/opensuse-security-announce/2019-08/msg00037.html | vendor-advisory, x_refsource_SUSE | |
| http://lists.opensuse.org/opensuse-security-announce/2019-08/msg00081.html | vendor-advisory, x_refsource_SUSE |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T19:54:53.560Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://hackerone.com/reports/502816"
},
{
"name": "openSUSE-SU-2019:1840",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2019-08/msg00005.html"
},
{
"name": "openSUSE-SU-2019:1909",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2019-08/msg00040.html"
},
{
"name": "openSUSE-SU-2019:1897",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2019-08/msg00037.html"
},
{
"name": "openSUSE-SU-2019:2015",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2019-08/msg00081.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "VLC",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "Fixed in 3.0.7"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "An Integer underflow in VLC Media Player versions \u003c 3.0.7 leads to an out-of-band read."
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-191",
"description": "Integer Underflow (CWE-191)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2019-08-26T20:06:12",
"orgId": "36234546-b8fa-4601-9d6f-f4e334aa8ea1",
"shortName": "hackerone"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://hackerone.com/reports/502816"
},
{
"name": "openSUSE-SU-2019:1840",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2019-08/msg00005.html"
},
{
"name": "openSUSE-SU-2019:1909",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2019-08/msg00040.html"
},
{
"name": "openSUSE-SU-2019:1897",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2019-08/msg00037.html"
},
{
"name": "openSUSE-SU-2019:2015",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2019-08/msg00081.html"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "support@hackerone.com",
"ID": "CVE-2019-5459",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "VLC",
"version": {
"version_data": [
{
"version_value": "Fixed in 3.0.7"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "An Integer underflow in VLC Media Player versions \u003c 3.0.7 leads to an out-of-band read."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Integer Underflow (CWE-191)"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://hackerone.com/reports/502816",
"refsource": "MISC",
"url": "https://hackerone.com/reports/502816"
},
{
"name": "openSUSE-SU-2019:1840",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2019-08/msg00005.html"
},
{
"name": "openSUSE-SU-2019:1909",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2019-08/msg00040.html"
},
{
"name": "openSUSE-SU-2019:1897",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2019-08/msg00037.html"
},
{
"name": "openSUSE-SU-2019:2015",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2019-08/msg00081.html"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "36234546-b8fa-4601-9d6f-f4e334aa8ea1",
"assignerShortName": "hackerone",
"cveId": "CVE-2019-5459",
"datePublished": "2019-07-30T20:24:06",
"dateReserved": "2019-01-04T00:00:00",
"dateUpdated": "2024-08-04T19:54:53.560Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2007-0256
Vulnerability from cvelistv5
Published
2007-01-16 23:00
Modified
2024-08-07 12:12
Severity ?
EPSS score ?
Summary
VideoLAN VLC 0.8.6a allows remote attackers to cause a denial of service (application crash) via a crafted .wmv file.
References
| ▼ | URL | Tags |
|---|---|---|
| http://www.securityfocus.com/bid/22003 | vdb-entry, x_refsource_BID | |
| http://osvdb.org/39022 | vdb-entry, x_refsource_OSVDB | |
| https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A14698 | vdb-entry, signature, x_refsource_OVAL | |
| http://downloads.securityfocus.com/vulnerabilities/exploits/22003.py | x_refsource_MISC | |
| http://wiki.videolan.org/Changelog/0.8.6b | x_refsource_CONFIRM | |
| https://exchange.xforce.ibmcloud.com/vulnerabilities/31515 | vdb-entry, x_refsource_XF |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T12:12:17.739Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "22003",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/22003"
},
{
"name": "39022",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://osvdb.org/39022"
},
{
"name": "oval:org.mitre.oval:def:14698",
"tags": [
"vdb-entry",
"signature",
"x_refsource_OVAL",
"x_transferred"
],
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A14698"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://downloads.securityfocus.com/vulnerabilities/exploits/22003.py"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://wiki.videolan.org/Changelog/0.8.6b"
},
{
"name": "vlcmediaplayer-wmv-dos(31515)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/31515"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2007-01-11T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "VideoLAN VLC 0.8.6a allows remote attackers to cause a denial of service (application crash) via a crafted .wmv file."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-10-10T00:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "22003",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/22003"
},
{
"name": "39022",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://osvdb.org/39022"
},
{
"name": "oval:org.mitre.oval:def:14698",
"tags": [
"vdb-entry",
"signature",
"x_refsource_OVAL"
],
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A14698"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://downloads.securityfocus.com/vulnerabilities/exploits/22003.py"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://wiki.videolan.org/Changelog/0.8.6b"
},
{
"name": "vlcmediaplayer-wmv-dos(31515)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/31515"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2007-0256",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "VideoLAN VLC 0.8.6a allows remote attackers to cause a denial of service (application crash) via a crafted .wmv file."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "22003",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/22003"
},
{
"name": "39022",
"refsource": "OSVDB",
"url": "http://osvdb.org/39022"
},
{
"name": "oval:org.mitre.oval:def:14698",
"refsource": "OVAL",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A14698"
},
{
"name": "http://downloads.securityfocus.com/vulnerabilities/exploits/22003.py",
"refsource": "MISC",
"url": "http://downloads.securityfocus.com/vulnerabilities/exploits/22003.py"
},
{
"name": "http://wiki.videolan.org/Changelog/0.8.6b",
"refsource": "CONFIRM",
"url": "http://wiki.videolan.org/Changelog/0.8.6b"
},
{
"name": "vlcmediaplayer-wmv-dos(31515)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/31515"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2007-0256",
"datePublished": "2007-01-16T23:00:00",
"dateReserved": "2007-01-16T00:00:00",
"dateUpdated": "2024-08-07T12:12:17.739Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
Vulnerability from fkie_nvd
Published
2013-07-10 19:55
Modified
2024-11-21 01:53
Severity ?
Summary
plugins/demux/libmkv_plugin.dll in VideoLAN VLC Media Player 2.0.7, and possibly other versions, allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a crafted MKV file, possibly involving an integer overflow and out-of-bounds read or heap-based buffer overflow, or an uncaught exception. NOTE: the vendor disputes the severity and claimed vulnerability type of this issue, stating "This PoC crashes VLC, indeed, but does nothing more... this is not an integer overflow error, but an uncaught exception and I doubt that it is exploitable. This uncaught exception makes VLC abort, not execute random code, on my Linux 64bits machine." A PoC posted by the original researcher shows signs of an attacker-controlled out-of-bounds read, but the affected instruction does not involve a register that directly influences control flow
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| videolan | vlc_media_player | 2.0.7 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:videolan:vlc_media_player:2.0.7:*:*:*:*:*:*:*",
"matchCriteriaId": "0716C113-BD32-4459-BA81-10E89128FE91",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [
{
"sourceIdentifier": "PSIRT-CNA@flexerasoftware.com",
"tags": [
"disputed"
]
}
],
"descriptions": [
{
"lang": "en",
"value": "plugins/demux/libmkv_plugin.dll in VideoLAN VLC Media Player 2.0.7, and possibly other versions, allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a crafted MKV file, possibly involving an integer overflow and out-of-bounds read or heap-based buffer overflow, or an uncaught exception. NOTE: the vendor disputes the severity and claimed vulnerability type of this issue, stating \"This PoC crashes VLC, indeed, but does nothing more... this is not an integer overflow error, but an uncaught exception and I doubt that it is exploitable. This uncaught exception makes VLC abort, not execute random code, on my Linux 64bits machine.\" A PoC posted by the original researcher shows signs of an attacker-controlled out-of-bounds read, but the affected instruction does not involve a register that directly influences control flow"
},
{
"lang": "es",
"value": "**EN DISPUTA** plugins/demux/libmkv_plugin.dll en VideoLAN VLC Media Player v2.0.7, y posiblemente otras versiones, permite a atacantes remotos provocar una denegaci\u00f3n de servicio (ca\u00edda) y posiblemente ejecutar c\u00f3digo arbitrario a trav\u00e9s de un archivo MKV especialmente dise\u00f1ado, posiblemente provocando un desbordamiento de entero y fuera de los l\u00edmites de lectura o desbordamiento de b\u00fafer basado en memoria din\u00e1mica, o una excepci\u00f3n no capturada. NOTA: el vendedor se afirm\u00f3 que, \"este PoC bloquea VLC, en efecto, pero no hace nada m\u00e1s ... esto no es un error de desbordamiento de entero, sino una excepci\u00f3n no capturada y dudo que sea explotable. Esta excepci\u00f3n no capturada hace que VLC se interrumpa, pero no ejecuta c\u00f3digo arbitrario, en mi m\u00e1quina Linux 64bits \". Un prueba de concepto publicado por el investigador original muestra signos de una lectura fuera de los l\u00edmites controlada, aunque la instrucci\u00f3n afectada no implica un registro que influya directamente en el flujo de control."
}
],
"id": "CVE-2013-3245",
"lastModified": "2024-11-21T01:53:15.800",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 6.8,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 6.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L",
"version": "3.1"
},
"exploitabilityScore": 2.8,
"impactScore": 3.4,
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary"
}
]
},
"published": "2013-07-10T19:55:04.797",
"references": [
{
"source": "PSIRT-CNA@flexerasoftware.com",
"tags": [
"Exploit"
],
"url": "http://seclists.org/fulldisclosure/2013/Jul/71"
},
{
"source": "PSIRT-CNA@flexerasoftware.com",
"url": "http://seclists.org/fulldisclosure/2013/Jul/77"
},
{
"source": "PSIRT-CNA@flexerasoftware.com",
"url": "http://seclists.org/fulldisclosure/2013/Jul/79"
},
{
"source": "PSIRT-CNA@flexerasoftware.com",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/52956"
},
{
"source": "PSIRT-CNA@flexerasoftware.com",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/blog/372/"
},
{
"source": "PSIRT-CNA@flexerasoftware.com",
"url": "http://www.jbkempf.com/blog/post/2013/More-lies-from-Secunia"
},
{
"source": "PSIRT-CNA@flexerasoftware.com",
"url": "http://www.securityfocus.com/bid/61032"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit"
],
"url": "http://seclists.org/fulldisclosure/2013/Jul/71"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://seclists.org/fulldisclosure/2013/Jul/77"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://seclists.org/fulldisclosure/2013/Jul/79"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/52956"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/blog/372/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.jbkempf.com/blog/post/2013/More-lies-from-Secunia"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/bid/61032"
}
],
"sourceIdentifier": "PSIRT-CNA@flexerasoftware.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-119"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
},
{
"description": [
{
"lang": "en",
"value": "CWE-122"
},
{
"lang": "en",
"value": "CWE-125"
}
],
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary"
}
]
}
Vulnerability from fkie_nvd
Published
2011-07-27 02:55
Modified
2024-11-21 01:28
Severity ?
Summary
Heap-based buffer overflow in the DemuxAudioSipr function in real.c in the RealMedia demuxer in VideoLAN VLC media player 1.1.x before 1.1.11 allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a crafted Real Media file.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| videolan | vlc_media_player | 1.1.0 | |
| videolan | vlc_media_player | 1.1.1 | |
| videolan | vlc_media_player | 1.1.2 | |
| videolan | vlc_media_player | 1.1.3 | |
| videolan | vlc_media_player | 1.1.4 | |
| videolan | vlc_media_player | 1.1.4.1 | |
| videolan | vlc_media_player | 1.1.5 | |
| videolan | vlc_media_player | 1.1.6 | |
| videolan | vlc_media_player | 1.1.6.1 | |
| videolan | vlc_media_player | 1.1.7 | |
| videolan | vlc_media_player | 1.1.8 | |
| videolan | vlc_media_player | 1.1.9 | |
| videolan | vlc_media_player | 1.1.10 | |
| videolan | vlc_media_player | 1.1.10.1 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:videolan:vlc_media_player:1.1.0:*:*:*:*:*:*:*",
"matchCriteriaId": "0042DAC1-A91B-40A6-A379-9C345CF13E4B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:videolan:vlc_media_player:1.1.1:*:*:*:*:*:*:*",
"matchCriteriaId": "8D13741F-8A82-44F6-8D73-98451A180529",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:videolan:vlc_media_player:1.1.2:*:*:*:*:*:*:*",
"matchCriteriaId": "E52C6189-71F1-4A3A-BC08-94087AE1FCE6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:videolan:vlc_media_player:1.1.3:*:*:*:*:*:*:*",
"matchCriteriaId": "591C6696-07C0-463A-B986-AD4FA6985AC1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:videolan:vlc_media_player:1.1.4:*:*:*:*:*:*:*",
"matchCriteriaId": "8342E310-43DE-46C0-85D9-E1D1F9F554E8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:videolan:vlc_media_player:1.1.4.1:*:*:*:*:*:*:*",
"matchCriteriaId": "FAFBBE61-2E34-4CD2-96D2-89A85E66C9AF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:videolan:vlc_media_player:1.1.5:*:*:*:*:*:*:*",
"matchCriteriaId": "E74E71F3-984E-4CF3-900A-F80E7103D3C5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:videolan:vlc_media_player:1.1.6:*:*:*:*:*:*:*",
"matchCriteriaId": "B8596527-4778-4CCD-ABBB-90CA434D91E1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:videolan:vlc_media_player:1.1.6.1:*:*:*:*:*:*:*",
"matchCriteriaId": "7CA6D5F5-8EB7-4DA7-BD6C-CAF45052DCB1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:videolan:vlc_media_player:1.1.7:*:*:*:*:*:*:*",
"matchCriteriaId": "6DF8ED57-EE37-4B1D-B094-B3CA22E45127",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:videolan:vlc_media_player:1.1.8:*:*:*:*:*:*:*",
"matchCriteriaId": "E42A1C4B-91EE-417B-A254-9D0E93FCF3B6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:videolan:vlc_media_player:1.1.9:*:*:*:*:*:*:*",
"matchCriteriaId": "4A0D56A0-6217-4DCF-807A-A17349D63D6B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:videolan:vlc_media_player:1.1.10:*:*:*:*:*:*:*",
"matchCriteriaId": "AC9CA897-FAD0-41AF-97B0-1F44D8C89CF7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:videolan:vlc_media_player:1.1.10.1:*:*:*:*:*:*:*",
"matchCriteriaId": "7CA6FC57-C7FA-4F6E-8B39-083EE477D4DB",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Heap-based buffer overflow in the DemuxAudioSipr function in real.c in the RealMedia demuxer in VideoLAN VLC media player 1.1.x before 1.1.11 allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a crafted Real Media file."
},
{
"lang": "es",
"value": "Desbordamiento de buffer de memoria din\u00e1mica en la funci\u00f3n DemuxAudioSipr de real.c de RealMedia demuxer del reproductor multimedia VideoLAN VLC 1.1.x anteriores a 1.1.11 permite a atacantes remotos provocar una denegaci\u00f3n de servicio o posiblemente ejecutar c\u00f3digo arbitrario a trav\u00e9s de un archivo Real Media modificado."
}
],
"id": "CVE-2011-2587",
"lastModified": "2024-11-21T01:28:32.107",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 6.8,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
]
},
"published": "2011-07-27T02:55:02.227",
"references": [
{
"source": "PSIRT-CNA@flexerasoftware.com",
"url": "http://git.videolan.org/?p=vlc.git%3Ba=commit%3Bh=1bce40644cddee93b4b1877a94a6ce345f32852c"
},
{
"source": "PSIRT-CNA@flexerasoftware.com",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/45066"
},
{
"source": "PSIRT-CNA@flexerasoftware.com",
"url": "http://www.securityfocus.com/bid/48664"
},
{
"source": "PSIRT-CNA@flexerasoftware.com",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://www.videolan.org/security/sa1105.html"
},
{
"source": "PSIRT-CNA@flexerasoftware.com",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/68531"
},
{
"source": "PSIRT-CNA@flexerasoftware.com",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A14851"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://git.videolan.org/?p=vlc.git%3Ba=commit%3Bh=1bce40644cddee93b4b1877a94a6ce345f32852c"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/45066"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/bid/48664"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://www.videolan.org/security/sa1105.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/68531"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A14851"
}
],
"sourceIdentifier": "PSIRT-CNA@flexerasoftware.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-119"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2013-07-10 19:55
Modified
2024-11-21 01:50
Severity ?
Summary
The ASF Demuxer (modules/demux/asf/asf.c) in VideoLAN VLC media player 2.0.5 and earlier allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a crafted ASF movie that triggers an out-of-bounds read.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| videolan | vlc_media_player | * | |
| videolan | vlc_media_player | 2.0.0 | |
| videolan | vlc_media_player | 2.0.1 | |
| videolan | vlc_media_player | 2.0.2 | |
| videolan | vlc_media_player | 2.0.3 | |
| videolan | vlc_media_player | 2.0.4 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:videolan:vlc_media_player:*:*:*:*:*:*:*:*",
"matchCriteriaId": "1C07CB4E-6D28-47EE-A9D8-A220B5F8D678",
"versionEndIncluding": "2.0.5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:videolan:vlc_media_player:2.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "1928547F-4689-43CD-9C66-7097AE360669",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:videolan:vlc_media_player:2.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "A3FD4FB1-A4E7-4712-B864-0F85D957E81D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:videolan:vlc_media_player:2.0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "2A6AE8D3-46C9-441B-886C-63D9A28DB918",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:videolan:vlc_media_player:2.0.3:*:*:*:*:*:*:*",
"matchCriteriaId": "99D5CFF3-0643-4AFD-B5D9-7C7C3B18C29B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:videolan:vlc_media_player:2.0.4:*:*:*:*:*:*:*",
"matchCriteriaId": "8F2132F9-D49A-468F-94F0-BBEC3C4D4E24",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "The ASF Demuxer (modules/demux/asf/asf.c) in VideoLAN VLC media player 2.0.5 and earlier allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a crafted ASF movie that triggers an out-of-bounds read."
},
{
"lang": "es",
"value": "El ASF Demuxer (modules/demux/asf/asf.c) en VideoLAN VLC media player v2.0.5 y anteriores permite a atacantes remotos provocar una denegaci\u00f3n de servicio (ca\u00edda) y posiblemente ejecutar c\u00f3digo arbitrario a trav\u00e9s de un fichero ASF especialmente dise\u00f1ado que genera una lectura fuera de los l\u00edmites."
}
],
"id": "CVE-2013-1954",
"lastModified": "2024-11-21T01:50:44.540",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 6.8,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
]
},
"published": "2013-07-10T19:55:04.650",
"references": [
{
"source": "secalert@redhat.com",
"url": "http://git.videolan.org/?p=vlc.git%3Ba=commitdiff%3Bh=b31ce523331aa3a6e620b68cdfe3f161d519631e"
},
{
"source": "secalert@redhat.com",
"url": "http://marc.info/?l=oss-security\u0026m=136593191416152\u0026w=2"
},
{
"source": "secalert@redhat.com",
"url": "http://marc.info/?l=oss-security\u0026m=136610343501731\u0026w=2"
},
{
"source": "secalert@redhat.com",
"url": "http://secunia.com/advisories/59793"
},
{
"source": "secalert@redhat.com",
"tags": [
"Exploit"
],
"url": "http://trac.videolan.org/vlc/ticket/8024"
},
{
"source": "secalert@redhat.com",
"url": "http://www.osvdb.org/89598"
},
{
"source": "secalert@redhat.com",
"url": "http://www.securityfocus.com/bid/57333"
},
{
"source": "secalert@redhat.com",
"tags": [
"Vendor Advisory"
],
"url": "http://www.videolan.org/security/sa1302.html"
},
{
"source": "secalert@redhat.com",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A17023"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://git.videolan.org/?p=vlc.git%3Ba=commitdiff%3Bh=b31ce523331aa3a6e620b68cdfe3f161d519631e"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://marc.info/?l=oss-security\u0026m=136593191416152\u0026w=2"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://marc.info/?l=oss-security\u0026m=136610343501731\u0026w=2"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://secunia.com/advisories/59793"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit"
],
"url": "http://trac.videolan.org/vlc/ticket/8024"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.osvdb.org/89598"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/bid/57333"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://www.videolan.org/security/sa1302.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A17023"
}
],
"sourceIdentifier": "secalert@redhat.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-119"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2011-05-03 19:55
Modified
2024-11-21 01:25
Severity ?
Summary
Buffer overflow in VideoLAN VLC media player 1.0.5 allows user-assisted remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via a crafted .mp3 file that is played during bookmark creation.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| videolan | vlc_media_player | 1.0.5 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:videolan:vlc_media_player:1.0.5:*:*:*:*:*:*:*",
"matchCriteriaId": "CEAD1ED9-4FA1-47D9-87A0-9D6B4C6771DE",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Buffer overflow in VideoLAN VLC media player 1.0.5 allows user-assisted remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via a crafted .mp3 file that is played during bookmark creation."
},
{
"lang": "es",
"value": "Desbordamiento de b\u00fafer en VideoLAN VLC media player v1.0.5 permite provocar, a atacantes remotos asistidos por un usuario local, una denegaci\u00f3n de servicio (por corrupci\u00f3n de memoria y bloqueo de la aplicaci\u00f3n) o posiblemente ejecutar c\u00f3digo arbitrario a trav\u00e9s de un archivo mp3 debidamente modificado que se reproduce durante la creaci\u00f3n de un marcador.\r\n"
}
],
"id": "CVE-2011-1087",
"lastModified": "2024-11-21T01:25:29.570",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "HIGH",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "COMPLETE",
"baseScore": 7.6,
"confidentialityImpact": "COMPLETE",
"integrityImpact": "COMPLETE",
"vectorString": "AV:N/AC:H/Au:N/C:C/I:C/A:C",
"version": "2.0"
},
"exploitabilityScore": 4.9,
"impactScore": 10.0,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
]
},
"published": "2011-05-03T19:55:03.653",
"references": [
{
"source": "secalert@redhat.com",
"url": "http://openwall.com/lists/oss-security/2011/03/02/3"
},
{
"source": "secalert@redhat.com",
"url": "http://openwall.com/lists/oss-security/2011/03/03/8"
},
{
"source": "secalert@redhat.com",
"url": "http://openwall.com/lists/oss-security/2011/03/03/9"
},
{
"source": "secalert@redhat.com",
"url": "http://openwall.com/lists/oss-security/2011/03/28/7"
},
{
"source": "secalert@redhat.com",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/38853"
},
{
"source": "secalert@redhat.com",
"url": "http://www.osvdb.org/62728"
},
{
"source": "secalert@redhat.com",
"tags": [
"Exploit"
],
"url": "http://www.securityfocus.com/bid/38569"
},
{
"source": "secalert@redhat.com",
"tags": [
"Exploit"
],
"url": "http://www.zeroscience.mk/en/vulnerabilities/ZSL-2010-4931.php"
},
{
"source": "secalert@redhat.com",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A14532"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://openwall.com/lists/oss-security/2011/03/02/3"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://openwall.com/lists/oss-security/2011/03/03/8"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://openwall.com/lists/oss-security/2011/03/03/9"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://openwall.com/lists/oss-security/2011/03/28/7"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/38853"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.osvdb.org/62728"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit"
],
"url": "http://www.securityfocus.com/bid/38569"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit"
],
"url": "http://www.zeroscience.mk/en/vulnerabilities/ZSL-2010-4931.php"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A14532"
}
],
"sourceIdentifier": "secalert@redhat.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-119"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2016-04-18 15:59
Modified
2024-11-21 02:50
Severity ?
Summary
Buffer overflow in the AStreamPeekStream function in input/stream.c in VideoLAN VLC media player before 2.2.0 allows remote attackers to cause a denial of service (crash) via a crafted wav file, related to "seek across EOF."
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| videolan | vlc_media_player | * | |
| canonical | ubuntu_linux | 14.04 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:videolan:vlc_media_player:*:*:*:*:*:*:*:*",
"matchCriteriaId": "264503F7-BC8A-44D9-9BFF-A6C72FAAF091",
"versionEndIncluding": "2.1.6",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:canonical:ubuntu_linux:14.04:*:*:*:lts:*:*:*",
"matchCriteriaId": "B5A6F2F3-4894-4392-8296-3B8DD2679084",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Buffer overflow in the AStreamPeekStream function in input/stream.c in VideoLAN VLC media player before 2.2.0 allows remote attackers to cause a denial of service (crash) via a crafted wav file, related to \"seek across EOF.\""
},
{
"lang": "es",
"value": "Desbordamiento de buffer en la funci\u00f3n AStreamPeekStream en input/stream.c en VideoLAN VLC media player en versiones anteriores a 2.2.0 permite a atacantes remotos provocar una denegaci\u00f3n de servicio (ca\u00edda) a trav\u00e9s de un archivo wav manipulado, relacionado con \"buscar a trav\u00e9s de EOF\"."
}
],
"id": "CVE-2016-3941",
"lastModified": "2024-11-21T02:50:59.547",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 4.3,
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:M/Au:N/C:N/I:N/A:P",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
"version": "3.0"
},
"exploitabilityScore": 1.8,
"impactScore": 3.6,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2016-04-18T15:59:01.190",
"references": [
{
"source": "cve@mitre.org",
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00045.html"
},
{
"source": "cve@mitre.org",
"url": "http://www.securitytracker.com/id/1035456"
},
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "https://bugs.launchpad.net/ubuntu/+source/vlc/+bug/1533633"
},
{
"source": "cve@mitre.org",
"tags": [
"Exploit"
],
"url": "https://mailman.videolan.org/pipermail/vlc-commits/2015-January/028938.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00045.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securitytracker.com/id/1035456"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://bugs.launchpad.net/ubuntu/+source/vlc/+bug/1533633"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit"
],
"url": "https://mailman.videolan.org/pipermail/vlc-commits/2015-January/028938.html"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-119"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2020-01-24 22:15
Modified
2024-11-21 02:21
Severity ?
Summary
The MP4_ReadBox_String function in modules/demux/mp4/libmp4.c in VideoLAN VLC media player before 2.1.6 performs an incorrect cast operation from a 64-bit integer to a 32-bit integer, which allows remote attackers to cause a denial of service or possibly have unspecified other impact via a large box size.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| cve@mitre.org | http://openwall.com/lists/oss-security/2015/01/20/5 | Mailing List, Patch, Third Party Advisory | |
| cve@mitre.org | https://github.com/videolan/vlc/commit/2e7c7091a61aa5d07e7997b393d821e91f593c39 | Patch, Third Party Advisory | |
| cve@mitre.org | https://www.videolan.org/security/sa1501.html | Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://openwall.com/lists/oss-security/2015/01/20/5 | Mailing List, Patch, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://github.com/videolan/vlc/commit/2e7c7091a61aa5d07e7997b393d821e91f593c39 | Patch, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://www.videolan.org/security/sa1501.html | Vendor Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| videolan | vlc_media_player | * |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:videolan:vlc_media_player:*:*:*:*:*:*:*:*",
"matchCriteriaId": "6E9B8F06-93FB-4A2B-B550-A30BD8F1C5D6",
"versionEndExcluding": "2.1.6",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "The MP4_ReadBox_String function in modules/demux/mp4/libmp4.c in VideoLAN VLC media player before 2.1.6 performs an incorrect cast operation from a 64-bit integer to a 32-bit integer, which allows remote attackers to cause a denial of service or possibly have unspecified other impact via a large box size."
},
{
"lang": "es",
"value": "La funci\u00f3n MP4_ReadBox_String en el archivo modules/demux/mp4/libmp4.c en el reproductor multimedia VLC de VideoLAN versiones anteriores a 2.1.6, realiza una operaci\u00f3n de conversi\u00f3n incorrecta de un entero de 64 bits a un entero de 32 bits, lo que permite a atacantes remotos causar una denegaci\u00f3n de servicio o posiblemente tener otro impacto no especificado por medio de un tama\u00f1o de caja grande."
}
],
"id": "CVE-2014-9627",
"lastModified": "2024-11-21T02:21:16.923",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 6.8,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 1.8,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2020-01-24T22:15:12.440",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Mailing List",
"Patch",
"Third Party Advisory"
],
"url": "http://openwall.com/lists/oss-security/2015/01/20/5"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch",
"Third Party Advisory"
],
"url": "https://github.com/videolan/vlc/commit/2e7c7091a61aa5d07e7997b393d821e91f593c39"
},
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "https://www.videolan.org/security/sa1501.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Mailing List",
"Patch",
"Third Party Advisory"
],
"url": "http://openwall.com/lists/oss-security/2015/01/20/5"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Third Party Advisory"
],
"url": "https://github.com/videolan/vlc/commit/2e7c7091a61aa5d07e7997b393d821e91f593c39"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://www.videolan.org/security/sa1501.html"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-704"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2009-03-23 16:30
Modified
2024-11-21 01:01
Severity ?
Summary
requests/status.xml in VLC 0.9.8a allows remote attackers to cause a denial of service (stack consumption and crash) via a long input argument in an in_play action.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| videolan | vlc_media_player | 0.9.8a |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:videolan:vlc_media_player:0.9.8a:*:*:*:*:*:*:*",
"matchCriteriaId": "A218DA63-4334-4C9F-BB47-44CC00630613",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "requests/status.xml in VLC 0.9.8a allows remote attackers to cause a denial of service (stack consumption and crash) via a long input argument in an in_play action."
},
{
"lang": "es",
"value": "El archivo requests/status.xml en VLC versi\u00f3n 0.9.8a, permite a los atacantes remotos causar una denegaci\u00f3n de servicio (consumo de pila y bloqueo) por medio de un argumento de entrada largo en una acci\u00f3n in_play."
}
],
"id": "CVE-2009-1045",
"lastModified": "2024-11-21T01:01:31.917",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 5.0,
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2009-03-23T16:30:01.547",
"references": [
{
"source": "cve@mitre.org",
"url": "http://bugs.gentoo.org/show_bug.cgi?id=262708"
},
{
"source": "cve@mitre.org",
"url": "http://www.openwall.com/lists/oss-security/2009/03/17/4"
},
{
"source": "cve@mitre.org",
"tags": [
"Exploit"
],
"url": "http://www.securityfocus.com/bid/34126"
},
{
"source": "cve@mitre.org",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/49249"
},
{
"source": "cve@mitre.org",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A14357"
},
{
"source": "cve@mitre.org",
"url": "https://www.exploit-db.com/exploits/8213"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://bugs.gentoo.org/show_bug.cgi?id=262708"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.openwall.com/lists/oss-security/2009/03/17/4"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit"
],
"url": "http://www.securityfocus.com/bid/34126"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/49249"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A14357"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://www.exploit-db.com/exploits/8213"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-20"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2008-10-22 18:00
Modified
2024-11-21 00:52
Severity ?
Summary
Multiple integer overflows in ty.c in the TY demux plugin (aka the TiVo demuxer) in VideoLAN VLC media player, probably 0.9.4, might allow remote attackers to execute arbitrary code via a crafted .ty file, a different vulnerability than CVE-2008-4654.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| videolan | vlc_media_player | 0.9.0 | |
| videolan | vlc_media_player | 0.9.1 | |
| videolan | vlc_media_player | 0.9.2 | |
| videolan | vlc_media_player | 0.9.3 | |
| videolan | vlc_media_player | 0.9.4 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:videolan:vlc_media_player:0.9.0:*:*:*:*:*:*:*",
"matchCriteriaId": "C13FF305-2547-4E85-9007-0A89F5E34BD4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:videolan:vlc_media_player:0.9.1:*:*:*:*:*:*:*",
"matchCriteriaId": "3E93836E-E9D1-4180-A589-43602647741C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:videolan:vlc_media_player:0.9.2:*:*:*:*:*:*:*",
"matchCriteriaId": "B3B32073-DBD5-4344-8498-A132B99807A8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:videolan:vlc_media_player:0.9.3:*:*:*:*:*:*:*",
"matchCriteriaId": "5330E5C4-BF18-498A-9AE2-1C57E2494AAF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:videolan:vlc_media_player:0.9.4:*:*:*:*:*:*:*",
"matchCriteriaId": "86D31A16-94EE-45D6-8C54-4F27D466A29E",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Multiple integer overflows in ty.c in the TY demux plugin (aka the TiVo demuxer) in VideoLAN VLC media player, probably 0.9.4, might allow remote attackers to execute arbitrary code via a crafted .ty file, a different vulnerability than CVE-2008-4654."
},
{
"lang": "es",
"value": "M\u00faltiples desbordamientos de enteros en el archivo ty.c en el plugin TY demux (tambi\u00e9n se conoce como TiVo demuxer) en reproductor multimedia VideoLAN VLC, probablemente versi\u00f3n 0.9.4, podr\u00eda permitir a los atacantes remotos ejecutar c\u00f3digo arbitrario por medio de un archivo .ty dise\u00f1ado, una vulnerabilidad diferente de CVE-2008-4654."
}
],
"id": "CVE-2008-4686",
"lastModified": "2024-11-21T00:52:17.310",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "COMPLETE",
"baseScore": 9.3,
"confidentialityImpact": "COMPLETE",
"integrityImpact": "COMPLETE",
"vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 10.0,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
]
},
"published": "2008-10-22T18:00:01.177",
"references": [
{
"source": "cve@mitre.org",
"url": "http://git.videolan.org/?p=vlc.git%3Ba=commitdiff%3Bh=d859e6b9537af2d7326276f70de25a840f554dc3"
},
{
"source": "cve@mitre.org",
"url": "http://www.openwall.com/lists/oss-security/2008/10/19/2"
},
{
"source": "cve@mitre.org",
"url": "http://www.openwall.com/lists/oss-security/2008/10/22/6"
},
{
"source": "cve@mitre.org",
"url": "http://www.securityfocus.com/bid/31867"
},
{
"source": "cve@mitre.org",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A14630"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://git.videolan.org/?p=vlc.git%3Ba=commitdiff%3Bh=d859e6b9537af2d7326276f70de25a840f554dc3"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.openwall.com/lists/oss-security/2008/10/19/2"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.openwall.com/lists/oss-security/2008/10/22/6"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/bid/31867"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A14630"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-189"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2007-06-27 22:30
Modified
2024-11-21 00:33
Severity ?
Summary
Integer overflow in the __status_Update function in stats.c VideoLAN VLC Media Player before 0.8.6c allows remote attackers to cause a denial of service (crash) via a WAV file with a large sample rate.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| videolan | vlc_media_player | * |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:videolan:vlc_media_player:*:*:*:*:*:*:*:*",
"matchCriteriaId": "2F8F90CE-B1A4-4409-8FF3-65AB5B9A5A82",
"versionEndIncluding": "0.8.6b",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Integer overflow in the __status_Update function in stats.c VideoLAN VLC Media Player before 0.8.6c allows remote attackers to cause a denial of service (crash) via a WAV file with a large sample rate."
},
{
"lang": "es",
"value": "Desbordamiento de entero en la funci\u00f3n the __status_Update en stats.c de VideoLAN VLC Media Player anterior a 0.8.6c permite a atacantes remotos provocar una denegaci\u00f3n de servicio (ca\u00edda) mediante un fichero WAV con una tasa de muestreo grande."
}
],
"id": "CVE-2007-3467",
"lastModified": "2024-11-21T00:33:18.760",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "COMPLETE",
"baseScore": 7.8,
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:C",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 6.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2007-06-27T22:30:00.000",
"references": [
{
"source": "cve@mitre.org",
"url": "http://osvdb.org/42189"
},
{
"source": "cve@mitre.org",
"url": "http://secunia.com/advisories/25980"
},
{
"source": "cve@mitre.org",
"url": "http://www.debian.org/security/2007/dsa-1332"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch"
],
"url": "http://www.isecpartners.com/advisories/2007-001-vlc.txt"
},
{
"source": "cve@mitre.org",
"url": "http://www.securityfocus.com/archive/1/471933/100/0/threaded"
},
{
"source": "cve@mitre.org",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A14863"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://osvdb.org/42189"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://secunia.com/advisories/25980"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.debian.org/security/2007/dsa-1332"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch"
],
"url": "http://www.isecpartners.com/advisories/2007-001-vlc.txt"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/archive/1/471933/100/0/threaded"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A14863"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-Other"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2010-08-20 18:00
Modified
2024-11-21 01:17
Severity ?
Summary
The ReadMetaFromId3v2 function in taglib.cpp in the TagLib plugin in VideoLAN VLC media player 0.9.0 through 1.1.2 does not properly process ID3v2 tags, which allows remote attackers to cause a denial of service (application crash) via a crafted media file.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| videolan | vlc_media_player | 0.9.0 | |
| videolan | vlc_media_player | 0.9.1 | |
| videolan | vlc_media_player | 0.9.2 | |
| videolan | vlc_media_player | 0.9.3 | |
| videolan | vlc_media_player | 0.9.4 | |
| videolan | vlc_media_player | 0.9.5 | |
| videolan | vlc_media_player | 0.9.6 | |
| videolan | vlc_media_player | 0.9.7 | |
| videolan | vlc_media_player | 0.9.8a | |
| videolan | vlc_media_player | 0.9.9 | |
| videolan | vlc_media_player | 0.9.9a | |
| videolan | vlc_media_player | 0.9.10 | |
| videolan | vlc_media_player | 1.0.0 | |
| videolan | vlc_media_player | 1.0.1 | |
| videolan | vlc_media_player | 1.0.2 | |
| videolan | vlc_media_player | 1.0.3 | |
| videolan | vlc_media_player | 1.0.4 | |
| videolan | vlc_media_player | 1.0.5 | |
| videolan | vlc_media_player | 1.0.6 | |
| videolan | vlc_media_player | 1.1.0 | |
| videolan | vlc_media_player | 1.1.1 | |
| videolan | vlc_media_player | 1.1.2 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:videolan:vlc_media_player:0.9.0:*:*:*:*:*:*:*",
"matchCriteriaId": "C13FF305-2547-4E85-9007-0A89F5E34BD4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:videolan:vlc_media_player:0.9.1:*:*:*:*:*:*:*",
"matchCriteriaId": "3E93836E-E9D1-4180-A589-43602647741C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:videolan:vlc_media_player:0.9.2:*:*:*:*:*:*:*",
"matchCriteriaId": "B3B32073-DBD5-4344-8498-A132B99807A8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:videolan:vlc_media_player:0.9.3:*:*:*:*:*:*:*",
"matchCriteriaId": "5330E5C4-BF18-498A-9AE2-1C57E2494AAF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:videolan:vlc_media_player:0.9.4:*:*:*:*:*:*:*",
"matchCriteriaId": "86D31A16-94EE-45D6-8C54-4F27D466A29E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:videolan:vlc_media_player:0.9.5:*:*:*:*:*:*:*",
"matchCriteriaId": "117C896C-1C61-440E-B0F4-A871828CD095",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:videolan:vlc_media_player:0.9.6:*:*:*:*:*:*:*",
"matchCriteriaId": "53C17E1A-2E3A-4765-92DE-55CFEE5E4CB0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:videolan:vlc_media_player:0.9.7:*:*:*:*:*:*:*",
"matchCriteriaId": "117878B7-E04F-400E-8E63-FFC5420978A8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:videolan:vlc_media_player:0.9.8a:*:*:*:*:*:*:*",
"matchCriteriaId": "A218DA63-4334-4C9F-BB47-44CC00630613",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:videolan:vlc_media_player:0.9.9:*:*:*:*:*:*:*",
"matchCriteriaId": "3CD809FD-E893-4921-83CE-D34008670F8F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:videolan:vlc_media_player:0.9.9a:*:*:*:*:*:*:*",
"matchCriteriaId": "9F8A163E-3578-4BF5-A278-A267D9B9CE82",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:videolan:vlc_media_player:0.9.10:*:*:*:*:*:*:*",
"matchCriteriaId": "8F60ACBF-E7C6-4184-9B91-8ED3840A7BEA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:videolan:vlc_media_player:1.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "D1925D17-564A-4D8C-87FB-D3C731FA0612",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:videolan:vlc_media_player:1.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "70BD6170-AD0D-4E95-8998-8B5CE8F0E3AF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:videolan:vlc_media_player:1.0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "9B06DCD7-56C5-4B25-936E-07D766109FB8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:videolan:vlc_media_player:1.0.3:*:*:*:*:*:*:*",
"matchCriteriaId": "29AD31C5-B119-44EF-8627-2C480860BAD2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:videolan:vlc_media_player:1.0.4:*:*:*:*:*:*:*",
"matchCriteriaId": "692C36B2-2A55-44EA-B80E-D7EDE384BA7D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:videolan:vlc_media_player:1.0.5:*:*:*:*:*:*:*",
"matchCriteriaId": "CEAD1ED9-4FA1-47D9-87A0-9D6B4C6771DE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:videolan:vlc_media_player:1.0.6:*:*:*:*:*:*:*",
"matchCriteriaId": "B8E2A762-C13C-4BDD-AD86-7A52609D693D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:videolan:vlc_media_player:1.1.0:*:*:*:*:*:*:*",
"matchCriteriaId": "0042DAC1-A91B-40A6-A379-9C345CF13E4B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:videolan:vlc_media_player:1.1.1:*:*:*:*:*:*:*",
"matchCriteriaId": "8D13741F-8A82-44F6-8D73-98451A180529",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:videolan:vlc_media_player:1.1.2:*:*:*:*:*:*:*",
"matchCriteriaId": "E52C6189-71F1-4A3A-BC08-94087AE1FCE6",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "The ReadMetaFromId3v2 function in taglib.cpp in the TagLib plugin in VideoLAN VLC media player 0.9.0 through 1.1.2 does not properly process ID3v2 tags, which allows remote attackers to cause a denial of service (application crash) via a crafted media file."
},
{
"lang": "es",
"value": "La funci\u00f3n ReadMetaFromId3v2 en taglib.cpp en el plugin TagLib en VideoLAN VLC media player v0.9.0 hasta v1.1.2 no procesa adecuadamente las etiquetas ID3v2, lo que permite a atacantes remotos provocar una denegaci\u00f3n de servicio (ca\u00edda de aplicaci\u00f3n) a trav\u00e9s de un archivo media manipulado."
}
],
"id": "CVE-2010-2937",
"lastModified": "2024-11-21T01:17:41.597",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 5.0,
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2010-08-20T18:00:02.437",
"references": [
{
"source": "secalert@redhat.com",
"url": "http://git.videolan.org/?p=vlc/vlc-1.0.git%3Ba=commit%3Bh=22a22e356c9d93993086810b2e25b59b55925b3a"
},
{
"source": "secalert@redhat.com",
"url": "http://git.videolan.org/?p=vlc/vlc-1.1.git%3Ba=commit%3Bh=24918843e57c7962e28fcb01845adce82bed6516"
},
{
"source": "secalert@redhat.com",
"url": "http://www.securityfocus.com/bid/42386"
},
{
"source": "secalert@redhat.com",
"tags": [
"Vendor Advisory"
],
"url": "http://www.videolan.org/security/sa1004.html"
},
{
"source": "secalert@redhat.com",
"url": "http://www.vupen.com/english/advisories/2010/2087"
},
{
"source": "secalert@redhat.com",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A14676"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://git.videolan.org/?p=vlc/vlc-1.0.git%3Ba=commit%3Bh=22a22e356c9d93993086810b2e25b59b55925b3a"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://git.videolan.org/?p=vlc/vlc-1.1.git%3Ba=commit%3Bh=24918843e57c7962e28fcb01845adce82bed6516"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/bid/42386"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://www.videolan.org/security/sa1004.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.vupen.com/english/advisories/2010/2087"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A14676"
}
],
"sourceIdentifier": "secalert@redhat.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-20"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2016-06-08 15:00
Modified
2024-11-21 02:53
Severity ?
Summary
Buffer overflow in the DecodeAdpcmImaQT function in modules/codec/adpcm.c in VideoLAN VLC media player before 2.2.4 allows remote attackers to cause a denial of service (crash) or possibly execute arbitrary code via a crafted QuickTime IMA file.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| debian | debian_linux | 8.0 | |
| videolan | vlc_media_player | * |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*",
"matchCriteriaId": "C11E6FB0-C8C0-4527-9AA0-CB9B316F8F43",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:videolan:vlc_media_player:*:*:*:*:*:*:*:*",
"matchCriteriaId": "9E227D41-42AB-4D3D-BA7E-B833A5C8F9DC",
"versionEndIncluding": "2.2.3",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Buffer overflow in the DecodeAdpcmImaQT function in modules/codec/adpcm.c in VideoLAN VLC media player before 2.2.4 allows remote attackers to cause a denial of service (crash) or possibly execute arbitrary code via a crafted QuickTime IMA file."
},
{
"lang": "es",
"value": "Desbordamiento de buffer en la funci\u00f3n DecodeAdpcmImaQT en modules/codec/adpcm.c en VideoLAN VLC media player en versiones anteriores a 2.2.4 permite a atacantes remotos provocar una denegaci\u00f3n de servicio (ca\u00edda) o posiblemente ejecutar c\u00f3digo arbitrario a trav\u00e9s de un archivo QuickTime IMA manipulado."
}
],
"id": "CVE-2016-5108",
"lastModified": "2024-11-21T02:53:38.790",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
},
"exploitabilityScore": 3.9,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2016-06-08T15:00:04.113",
"references": [
{
"source": "cve@mitre.org",
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00045.html"
},
{
"source": "cve@mitre.org",
"url": "http://www.debian.org/security/2016/dsa-3598"
},
{
"source": "cve@mitre.org",
"url": "http://www.securityfocus.com/bid/90924"
},
{
"source": "cve@mitre.org",
"url": "http://www.securitytracker.com/id/1036009"
},
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "http://www.videolan.org/security/sa1601.html"
},
{
"source": "cve@mitre.org",
"url": "https://security.gentoo.org/glsa/201701-39"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00045.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.debian.org/security/2016/dsa-3598"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/bid/90924"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securitytracker.com/id/1036009"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://www.videolan.org/security/sa1601.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://security.gentoo.org/glsa/201701-39"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-119"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2007-06-21 18:30
Modified
2024-11-21 00:32
Severity ?
Summary
Multiple format string vulnerabilities in plugins in VideoLAN VLC Media Player before 0.8.6c allow remote attackers to cause a denial of service (crash) or execute arbitrary code via format string specifiers in (1) an Ogg/Vorbis file, (2) an Ogg/Theora file, (3) a CDDB entry for a CD Digital Audio (CDDA) file, or (4) Service Announce Protocol (SAP) multicast packets.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| videolan | vlc_media_player | 0.8.6a | |
| videolan | vlc_media_player | 0.8.6b |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:videolan:vlc_media_player:0.8.6a:*:*:*:*:*:*:*",
"matchCriteriaId": "06BB94C4-9315-48FB-8859-425993D42973",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:videolan:vlc_media_player:0.8.6b:*:*:*:*:*:*:*",
"matchCriteriaId": "97E4572E-337D-43F3-81AE-54E496F04E49",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Multiple format string vulnerabilities in plugins in VideoLAN VLC Media Player before 0.8.6c allow remote attackers to cause a denial of service (crash) or execute arbitrary code via format string specifiers in (1) an Ogg/Vorbis file, (2) an Ogg/Theora file, (3) a CDDB entry for a CD Digital Audio (CDDA) file, or (4) Service Announce Protocol (SAP) multicast packets."
},
{
"lang": "es",
"value": "M\u00faltiples vulnerabilidades de formato de cadena en las extensiones del VideoLAN VLC Media Player anterior al 0.8.6c permiten a atacantes remotos provocar una denegaci\u00f3n de servicio (ca\u00edda) o ejecutar c\u00f3digo de su elecci\u00f3n a trav\u00e9s de especificadores de formato de cadena en el fichero (1) Ogg/Vorbis, (2) Ogg/Theora (3) la entrada CDDB para un fichero CD Digital Audio (CDDA) o (4) paquetes de env\u00edo m\u00faltiple (multicast) Service Announce Protocol (SAP)."
}
],
"id": "CVE-2007-3316",
"lastModified": "2024-11-21T00:32:56.167",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "COMPLETE",
"baseScore": 9.3,
"confidentialityImpact": "COMPLETE",
"integrityImpact": "COMPLETE",
"vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 10.0,
"obtainAllPrivilege": true,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
]
},
"published": "2007-06-21T18:30:00.000",
"references": [
{
"source": "cve@mitre.org",
"url": "http://osvdb.org/37379"
},
{
"source": "cve@mitre.org",
"url": "http://osvdb.org/37380"
},
{
"source": "cve@mitre.org",
"url": "http://osvdb.org/37381"
},
{
"source": "cve@mitre.org",
"url": "http://osvdb.org/37382"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/25753"
},
{
"source": "cve@mitre.org",
"url": "http://secunia.com/advisories/25980"
},
{
"source": "cve@mitre.org",
"url": "http://secunia.com/advisories/26269"
},
{
"source": "cve@mitre.org",
"url": "http://security.gentoo.org/glsa/glsa-200707-12.xml"
},
{
"source": "cve@mitre.org",
"url": "http://www.debian.org/security/2007/dsa-1332"
},
{
"source": "cve@mitre.org",
"url": "http://www.isecpartners.com/advisories/2007-001-vlc.txt"
},
{
"source": "cve@mitre.org",
"tags": [
"US Government Resource"
],
"url": "http://www.kb.cert.org/vuls/id/200928"
},
{
"source": "cve@mitre.org",
"url": "http://www.securityfocus.com/archive/1/471933/100/0/threaded"
},
{
"source": "cve@mitre.org",
"url": "http://www.securityfocus.com/bid/24555"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch"
],
"url": "http://www.videolan.org/sa0702.html"
},
{
"source": "cve@mitre.org",
"url": "http://www.vupen.com/english/advisories/2007/2262"
},
{
"source": "cve@mitre.org",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A14600"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://osvdb.org/37379"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://osvdb.org/37380"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://osvdb.org/37381"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://osvdb.org/37382"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/25753"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://secunia.com/advisories/25980"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://secunia.com/advisories/26269"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://security.gentoo.org/glsa/glsa-200707-12.xml"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.debian.org/security/2007/dsa-1332"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.isecpartners.com/advisories/2007-001-vlc.txt"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"US Government Resource"
],
"url": "http://www.kb.cert.org/vuls/id/200928"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/archive/1/471933/100/0/threaded"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/bid/24555"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch"
],
"url": "http://www.videolan.org/sa0702.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.vupen.com/english/advisories/2007/2262"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A14600"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-Other"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2019-08-29 18:15
Modified
2024-11-21 04:26
Severity ?
Summary
A heap-based buffer over-read in xiph_PackHeaders() in modules/demux/xiph.h in VideoLAN VLC media player 3.0.7.1 allows remote attackers to trigger a heap-based buffer over-read via a crafted .ogg file.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| videolan | vlc_media_player | 3.0.7.1 | |
| debian | debian_linux | 9.0 | |
| debian | debian_linux | 10.0 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:videolan:vlc_media_player:3.0.7.1:*:*:*:*:*:*:*",
"matchCriteriaId": "E70E115F-4E34-4944-BFB6-F523B54FC328",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*",
"matchCriteriaId": "DEECE5FC-CACF-4496-A3E7-164736409252",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:debian:debian_linux:10.0:*:*:*:*:*:*:*",
"matchCriteriaId": "07B237A9-69A3-4A9C-9DA0-4E06BD37AE73",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "A heap-based buffer over-read in xiph_PackHeaders() in modules/demux/xiph.h in VideoLAN VLC media player 3.0.7.1 allows remote attackers to trigger a heap-based buffer over-read via a crafted .ogg file."
},
{
"lang": "es",
"value": "Una lectura excesiva del b\u00fafer en la regi\u00f3n heap de la memoria en la funci\u00f3n xiph_PackHeaders() en el archivo modules/demux/xiph.h en VideoLAN VLC media player versi\u00f3n 3.0.7.1, permite a atacantes remotos activar una lectura excesiva del b\u00fafer en la regi\u00f3n heap de la memoria por medio de un archivo .ogg dise\u00f1ado."
}
],
"id": "CVE-2019-14438",
"lastModified": "2024-11-21T04:26:44.797",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 6.8,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.0"
},
"exploitabilityScore": 1.8,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2019-08-29T18:15:12.203",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Patch"
],
"url": "http://git.videolan.org/?p=vlc.git\u0026a=search\u0026h=refs%2Fheads%2Fmaster\u0026st=commit\u0026s=cve-2019"
},
{
"source": "cve@mitre.org",
"url": "http://lists.opensuse.org/opensuse-security-announce/2020-04/msg00036.html"
},
{
"source": "cve@mitre.org",
"url": "http://lists.opensuse.org/opensuse-security-announce/2020-04/msg00046.html"
},
{
"source": "cve@mitre.org",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "https://seclists.org/bugtraq/2019/Aug/36"
},
{
"source": "cve@mitre.org",
"url": "https://security.gentoo.org/glsa/201909-02"
},
{
"source": "cve@mitre.org",
"url": "https://usn.ubuntu.com/4131-1/"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
],
"url": "https://www.debian.org/security/2019/dsa-4504"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "https://www.videolan.org/security/sb-vlc308.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch"
],
"url": "http://git.videolan.org/?p=vlc.git\u0026a=search\u0026h=refs%2Fheads%2Fmaster\u0026st=commit\u0026s=cve-2019"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://lists.opensuse.org/opensuse-security-announce/2020-04/msg00036.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://lists.opensuse.org/opensuse-security-announce/2020-04/msg00046.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "https://seclists.org/bugtraq/2019/Aug/36"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://security.gentoo.org/glsa/201909-02"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://usn.ubuntu.com/4131-1/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://www.debian.org/security/2019/dsa-4504"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "https://www.videolan.org/security/sb-vlc308.html"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-125"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2019-08-29 19:15
Modified
2024-11-21 04:26
Severity ?
Summary
The Control function of demux/asf/asf.c in VideoLAN VLC media player 3.0.7.1 has a use-after-free.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| videolan | vlc_media_player | 3.0.7.1 | |
| debian | debian_linux | 9.0 | |
| debian | debian_linux | 10.0 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:videolan:vlc_media_player:3.0.7.1:*:*:*:*:*:*:*",
"matchCriteriaId": "E70E115F-4E34-4944-BFB6-F523B54FC328",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*",
"matchCriteriaId": "DEECE5FC-CACF-4496-A3E7-164736409252",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:debian:debian_linux:10.0:*:*:*:*:*:*:*",
"matchCriteriaId": "07B237A9-69A3-4A9C-9DA0-4E06BD37AE73",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "The Control function of demux/asf/asf.c in VideoLAN VLC media player 3.0.7.1 has a use-after-free."
},
{
"lang": "es",
"value": "La funci\u00f3n Control del archivo demux/asf/asf.c en VideoLAN VLC media player versi\u00f3n 3.0.7.1, presenta un uso de la memoria previamente liberada."
}
],
"id": "CVE-2019-14533",
"lastModified": "2024-11-21T04:26:55.193",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 6.8,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.0"
},
"exploitabilityScore": 1.8,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2019-08-29T19:15:13.287",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Patch",
"Third Party Advisory"
],
"url": "http://git.videolan.org/?p=vlc.git\u0026a=search\u0026h=refs/heads/master\u0026st=commit\u0026s=cve-2019"
},
{
"source": "cve@mitre.org",
"url": "http://lists.opensuse.org/opensuse-security-announce/2020-04/msg00036.html"
},
{
"source": "cve@mitre.org",
"url": "http://lists.opensuse.org/opensuse-security-announce/2020-04/msg00046.html"
},
{
"source": "cve@mitre.org",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "https://seclists.org/bugtraq/2019/Aug/36"
},
{
"source": "cve@mitre.org",
"url": "https://security.gentoo.org/glsa/201909-02"
},
{
"source": "cve@mitre.org",
"url": "https://usn.ubuntu.com/4131-1/"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
],
"url": "https://www.debian.org/security/2019/dsa-4504"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "https://www.videolan.org/security/sb-vlc308.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Third Party Advisory"
],
"url": "http://git.videolan.org/?p=vlc.git\u0026a=search\u0026h=refs/heads/master\u0026st=commit\u0026s=cve-2019"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://lists.opensuse.org/opensuse-security-announce/2020-04/msg00036.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://lists.opensuse.org/opensuse-security-announce/2020-04/msg00046.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "https://seclists.org/bugtraq/2019/Aug/36"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://security.gentoo.org/glsa/201909-02"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://usn.ubuntu.com/4131-1/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://www.debian.org/security/2019/dsa-4504"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "https://www.videolan.org/security/sb-vlc308.html"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-416"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2013-10-25 23:55
Modified
2024-11-21 01:58
Severity ?
Summary
VideoLAN VLC Media Player 2.0.8 and earlier allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a long string in a URL in a m3u file.
References
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:videolan:vlc_media_player:*:*:*:*:*:*:*:*",
"matchCriteriaId": "5F5BF374-BB8D-4940-BEBD-39BCBB87ABA3",
"versionEndIncluding": "2.0.8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:videolan:vlc_media_player:1.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "D1925D17-564A-4D8C-87FB-D3C731FA0612",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:videolan:vlc_media_player:1.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "70BD6170-AD0D-4E95-8998-8B5CE8F0E3AF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:videolan:vlc_media_player:1.0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "9B06DCD7-56C5-4B25-936E-07D766109FB8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:videolan:vlc_media_player:1.0.3:*:*:*:*:*:*:*",
"matchCriteriaId": "29AD31C5-B119-44EF-8627-2C480860BAD2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:videolan:vlc_media_player:1.0.4:*:*:*:*:*:*:*",
"matchCriteriaId": "692C36B2-2A55-44EA-B80E-D7EDE384BA7D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:videolan:vlc_media_player:1.0.5:*:*:*:*:*:*:*",
"matchCriteriaId": "CEAD1ED9-4FA1-47D9-87A0-9D6B4C6771DE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:videolan:vlc_media_player:1.0.6:*:*:*:*:*:*:*",
"matchCriteriaId": "B8E2A762-C13C-4BDD-AD86-7A52609D693D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:videolan:vlc_media_player:1.1.0:*:*:*:*:*:*:*",
"matchCriteriaId": "0042DAC1-A91B-40A6-A379-9C345CF13E4B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:videolan:vlc_media_player:1.1.1:*:*:*:*:*:*:*",
"matchCriteriaId": "8D13741F-8A82-44F6-8D73-98451A180529",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:videolan:vlc_media_player:1.1.2:*:*:*:*:*:*:*",
"matchCriteriaId": "E52C6189-71F1-4A3A-BC08-94087AE1FCE6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:videolan:vlc_media_player:1.1.3:*:*:*:*:*:*:*",
"matchCriteriaId": "591C6696-07C0-463A-B986-AD4FA6985AC1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:videolan:vlc_media_player:1.1.4:*:*:*:*:*:*:*",
"matchCriteriaId": "8342E310-43DE-46C0-85D9-E1D1F9F554E8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:videolan:vlc_media_player:1.1.4.1:*:*:*:*:*:*:*",
"matchCriteriaId": "FAFBBE61-2E34-4CD2-96D2-89A85E66C9AF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:videolan:vlc_media_player:1.1.5:*:*:*:*:*:*:*",
"matchCriteriaId": "E74E71F3-984E-4CF3-900A-F80E7103D3C5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:videolan:vlc_media_player:1.1.6:*:*:*:*:*:*:*",
"matchCriteriaId": "B8596527-4778-4CCD-ABBB-90CA434D91E1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:videolan:vlc_media_player:1.1.6.1:*:*:*:*:*:*:*",
"matchCriteriaId": "7CA6D5F5-8EB7-4DA7-BD6C-CAF45052DCB1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:videolan:vlc_media_player:1.1.7:*:*:*:*:*:*:*",
"matchCriteriaId": "6DF8ED57-EE37-4B1D-B094-B3CA22E45127",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:videolan:vlc_media_player:1.1.8:*:*:*:*:*:*:*",
"matchCriteriaId": "E42A1C4B-91EE-417B-A254-9D0E93FCF3B6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:videolan:vlc_media_player:1.1.9:*:*:*:*:*:*:*",
"matchCriteriaId": "4A0D56A0-6217-4DCF-807A-A17349D63D6B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:videolan:vlc_media_player:1.1.10:*:*:*:*:*:*:*",
"matchCriteriaId": "AC9CA897-FAD0-41AF-97B0-1F44D8C89CF7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:videolan:vlc_media_player:1.1.10.1:*:*:*:*:*:*:*",
"matchCriteriaId": "7CA6FC57-C7FA-4F6E-8B39-083EE477D4DB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:videolan:vlc_media_player:1.1.11:*:*:*:*:*:*:*",
"matchCriteriaId": "D442FC10-1527-4736-AE94-8B65F3601F70",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:videolan:vlc_media_player:1.1.12:*:*:*:*:*:*:*",
"matchCriteriaId": "2AA85720-8DE1-49C8-8A23-1739FBF42B86",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:videolan:vlc_media_player:1.1.13:*:*:*:*:*:*:*",
"matchCriteriaId": "F1161807-F82D-4B4B-BF1A-27FEBD7F8715",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:videolan:vlc_media_player:2.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "1928547F-4689-43CD-9C66-7097AE360669",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:videolan:vlc_media_player:2.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "A3FD4FB1-A4E7-4712-B864-0F85D957E81D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:videolan:vlc_media_player:2.0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "2A6AE8D3-46C9-441B-886C-63D9A28DB918",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:videolan:vlc_media_player:2.0.3:*:*:*:*:*:*:*",
"matchCriteriaId": "99D5CFF3-0643-4AFD-B5D9-7C7C3B18C29B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:videolan:vlc_media_player:2.0.4:*:*:*:*:*:*:*",
"matchCriteriaId": "8F2132F9-D49A-468F-94F0-BBEC3C4D4E24",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:videolan:vlc_media_player:2.0.5:*:*:*:*:*:*:*",
"matchCriteriaId": "E695AC57-C61E-4EE7-A5F1-94B086C03130",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:videolan:vlc_media_player:2.0.6:*:*:*:*:*:*:*",
"matchCriteriaId": "3FB8545D-A954-4366-B807-6521356AAC18",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:videolan:vlc_media_player:2.0.7:*:*:*:*:*:*:*",
"matchCriteriaId": "0716C113-BD32-4459-BA81-10E89128FE91",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "VideoLAN VLC Media Player 2.0.8 and earlier allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a long string in a URL in a m3u file."
},
{
"lang": "es",
"value": "VideoLAN VLC Media Player 2.0.8 y versiones anteriores permite a atacantes remotos provocar una denegaci\u00f3n de servicio (cuelgue) y posiblemente ejecutar c\u00f3digo arbitrario a trav\u00e9s de una cadena larga con la URL de un archivo m3u."
}
],
"id": "CVE-2013-6283",
"lastModified": "2024-11-21T01:58:57.097",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2013-10-25T23:55:04.503",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Exploit"
],
"url": "http://www.exploit-db.com/exploits/27700"
},
{
"source": "cve@mitre.org",
"url": "http://www.osvdb.org/96603"
},
{
"source": "cve@mitre.org",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A19318"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit"
],
"url": "http://www.exploit-db.com/exploits/27700"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.osvdb.org/96603"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A19318"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-20"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2023-11-07 16:15
Modified
2024-11-21 08:30
Severity ?
Summary
Videolan VLC prior to version 3.0.20 contains an Integer underflow that leads to an incorrect packet length.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| videolan | vlc_media_player | * |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:videolan:vlc_media_player:*:*:*:*:*:*:*:*",
"matchCriteriaId": "0FEB882C-531D-4002-9CAB-98A0C6EDC382",
"versionEndExcluding": "3.0.20",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Videolan VLC prior to version 3.0.20 contains an Integer underflow that leads to an incorrect packet length."
},
{
"lang": "es",
"value": "Videolan VLC anterior a la versi\u00f3n 3.0.20 contiene un desbordamiento insuficiente de enteros que conduce a una longitud de paquete incorrecta."
}
],
"id": "CVE-2023-47360",
"lastModified": "2024-11-21T08:30:11.827",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 3.6,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2023-11-07T16:15:29.190",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Third Party Advisory"
],
"url": "https://0xariana.github.io/blog/real_bugs/vlc/mms"
},
{
"source": "cve@mitre.org",
"url": "https://lists.debian.org/debian-lts-announce/2023/11/msg00034.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Third Party Advisory"
],
"url": "https://0xariana.github.io/blog/real_bugs/vlc/mms"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://lists.debian.org/debian-lts-announce/2023/11/msg00034.html"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-191"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2017-05-29 19:29
Modified
2024-11-21 03:35
Severity ?
Summary
plugins\codec\libflac_plugin.dll in VideoLAN VLC media player 2.2.4 allows remote attackers to cause a denial of service (heap corruption and application crash) or possibly have unspecified other impact via a crafted FLAC file.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| cve@mitre.org | http://code610.blogspot.com/2017/04/multiple-crashes-in-vlc-224.html | Exploit, Third Party Advisory | |
| cve@mitre.org | http://www.securityfocus.com/bid/98747 | Third Party Advisory, VDB Entry | |
| cve@mitre.org | https://www.debian.org/security/2017/dsa-4045 | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://code610.blogspot.com/2017/04/multiple-crashes-in-vlc-224.html | Exploit, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.securityfocus.com/bid/98747 | Third Party Advisory, VDB Entry | |
| af854a3a-2127-422b-91ae-364da2661108 | https://www.debian.org/security/2017/dsa-4045 |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| videolan | vlc_media_player | * |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:videolan:vlc_media_player:*:*:*:*:*:*:*:*",
"matchCriteriaId": "60281829-AD27-4A95-B1A4-3D6008627406",
"versionEndIncluding": "2.2.4",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "plugins\\codec\\libflac_plugin.dll in VideoLAN VLC media player 2.2.4 allows remote attackers to cause a denial of service (heap corruption and application crash) or possibly have unspecified other impact via a crafted FLAC file."
},
{
"lang": "es",
"value": "Plugins/codec/libflac_plugin.dll en VideoLAN VLC media player 2.2.4 permitir\u00eda un atacante remoto causar una denegaci\u00f3n de servicio (corrupci\u00f3n de memoria din\u00e1mica -heap- y fallo de aplicaci\u00f3n) o posiblemente tener otro impacto no especificado a trav\u00e9s de un archivo FLAC especialmente dise\u00f1ado."
}
],
"id": "CVE-2017-9300",
"lastModified": "2024-11-21T03:35:47.387",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 6.8,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.0"
},
"exploitabilityScore": 1.8,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2017-05-29T19:29:00.360",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Third Party Advisory"
],
"url": "http://code610.blogspot.com/2017/04/multiple-crashes-in-vlc-224.html"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securityfocus.com/bid/98747"
},
{
"source": "cve@mitre.org",
"url": "https://www.debian.org/security/2017/dsa-4045"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Third Party Advisory"
],
"url": "http://code610.blogspot.com/2017/04/multiple-crashes-in-vlc-224.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securityfocus.com/bid/98747"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://www.debian.org/security/2017/dsa-4045"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-119"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2019-07-14 21:15
Modified
2024-11-21 04:25
Severity ?
Summary
An Integer Underflow in MP4_EIA608_Convert() in modules/demux/mp4/mp4.c in VideoLAN VLC media player through 3.0.7.1 allows remote attackers to cause a denial of service (heap-based buffer overflow and crash) or possibly have unspecified other impact via a crafted .mp4 file.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| videolan | vlc_media_player | * | |
| debian | debian_linux | 9.0 | |
| debian | debian_linux | 10.0 | |
| canonical | ubuntu_linux | 18.04 | |
| canonical | ubuntu_linux | 19.04 | |
| opensuse | backports_sle | 15.0 | |
| opensuse | backports_sle | 15.0 | |
| opensuse | leap | 15.0 | |
| opensuse | leap | 15.1 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:videolan:vlc_media_player:*:*:*:*:*:*:*:*",
"matchCriteriaId": "8B6831CB-FA3F-4B29-BBEB-901A7ED3A41C",
"versionEndIncluding": "3.0.7.1",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*",
"matchCriteriaId": "DEECE5FC-CACF-4496-A3E7-164736409252",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:debian:debian_linux:10.0:*:*:*:*:*:*:*",
"matchCriteriaId": "07B237A9-69A3-4A9C-9DA0-4E06BD37AE73",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:canonical:ubuntu_linux:18.04:*:*:*:lts:*:*:*",
"matchCriteriaId": "23A7C53F-B80F-4E6A-AFA9-58EEA84BE11D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:canonical:ubuntu_linux:19.04:*:*:*:*:*:*:*",
"matchCriteriaId": "CD783B0C-9246-47D9-A937-6144FE8BFF0F",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:opensuse:backports_sle:15.0:-:*:*:*:*:*:*",
"matchCriteriaId": "D83DA865-E4A6-4FBF-AA1B-A969EBA6B2AD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:opensuse:backports_sle:15.0:sp1:*:*:*:*:*:*",
"matchCriteriaId": "40513095-7E6E-46B3-B604-C926F1BA3568",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:opensuse:leap:15.0:*:*:*:*:*:*:*",
"matchCriteriaId": "F1E78106-58E6-4D59-990F-75DA575BFAD9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:opensuse:leap:15.1:*:*:*:*:*:*:*",
"matchCriteriaId": "B620311B-34A3-48A6-82DF-6F078D7A4493",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "An Integer Underflow in MP4_EIA608_Convert() in modules/demux/mp4/mp4.c in VideoLAN VLC media player through 3.0.7.1 allows remote attackers to cause a denial of service (heap-based buffer overflow and crash) or possibly have unspecified other impact via a crafted .mp4 file."
},
{
"lang": "es",
"value": "Un desbordamiento inferior de enteros en MP4_EIA608_Convert() en modules/demux/mp4/mp4.c en VideoLAN VLC media player hasta la versi\u00f3n 3.0.7.1 permitir\u00eda un atacante remoto causar una denegaci\u00f3n de servicio (desbordamiento de buffer basado en memoria din\u00e1mica y ca\u00edda) o posiblemente tener otro impacto no especificado mediante un archivo .mp4 especialmente dise\u00f1ado."
}
],
"id": "CVE-2019-13602",
"lastModified": "2024-11-21T04:25:19.237",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 6.8,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 1.8,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2019-07-14T21:15:11.217",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2019-08/msg00005.html"
},
{
"source": "cve@mitre.org",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2019-08/msg00037.html"
},
{
"source": "cve@mitre.org",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2019-08/msg00040.html"
},
{
"source": "cve@mitre.org",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2019-08/msg00081.html"
},
{
"source": "cve@mitre.org",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2020-04/msg00036.html"
},
{
"source": "cve@mitre.org",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2020-04/msg00046.html"
},
{
"source": "cve@mitre.org",
"tags": [
"Broken Link"
],
"url": "http://www.securityfocus.com/bid/109158"
},
{
"source": "cve@mitre.org",
"url": "https://git.videolan.org/?p=vlc.git%3Ba=commit%3Bh=8e8e0d72447f8378244f5b4a3dcde036dbeb1491"
},
{
"source": "cve@mitre.org",
"url": "https://git.videolan.org/?p=vlc.git%3Ba=commit%3Bh=b2b157076d9e94df34502dd8df0787deb940e938"
},
{
"source": "cve@mitre.org",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "https://seclists.org/bugtraq/2019/Aug/36"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
],
"url": "https://security.gentoo.org/glsa/201909-02"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
],
"url": "https://usn.ubuntu.com/4074-1/"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
],
"url": "https://www.debian.org/security/2019/dsa-4504"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2019-08/msg00005.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2019-08/msg00037.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2019-08/msg00040.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2019-08/msg00081.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2020-04/msg00036.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2020-04/msg00046.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Broken Link"
],
"url": "http://www.securityfocus.com/bid/109158"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://git.videolan.org/?p=vlc.git%3Ba=commit%3Bh=8e8e0d72447f8378244f5b4a3dcde036dbeb1491"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://git.videolan.org/?p=vlc.git%3Ba=commit%3Bh=b2b157076d9e94df34502dd8df0787deb940e938"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "https://seclists.org/bugtraq/2019/Aug/36"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://security.gentoo.org/glsa/201909-02"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://usn.ubuntu.com/4074-1/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://www.debian.org/security/2019/dsa-4504"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-191"
},
{
"lang": "en",
"value": "CWE-787"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2013-10-11 22:55
Modified
2024-11-21 01:55
Severity ?
Summary
Buffer overflow in the mp4a packetizer (modules/packetizer/mpeg4audio.c) in VideoLAN VLC Media Player before 2.0.8 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via unspecified vectors.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| videolan | vlc_media_player | * | |
| videolan | vlc_media_player | 2.0.0 | |
| videolan | vlc_media_player | 2.0.1 | |
| videolan | vlc_media_player | 2.0.2 | |
| videolan | vlc_media_player | 2.0.3 | |
| videolan | vlc_media_player | 2.0.4 | |
| videolan | vlc_media_player | 2.0.5 | |
| videolan | vlc_media_player | 2.0.6 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:videolan:vlc_media_player:*:*:*:*:*:*:*:*",
"matchCriteriaId": "53C10490-69EB-4117-B7E6-17A6032250AB",
"versionEndIncluding": "2.0.7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:videolan:vlc_media_player:2.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "1928547F-4689-43CD-9C66-7097AE360669",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:videolan:vlc_media_player:2.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "A3FD4FB1-A4E7-4712-B864-0F85D957E81D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:videolan:vlc_media_player:2.0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "2A6AE8D3-46C9-441B-886C-63D9A28DB918",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:videolan:vlc_media_player:2.0.3:*:*:*:*:*:*:*",
"matchCriteriaId": "99D5CFF3-0643-4AFD-B5D9-7C7C3B18C29B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:videolan:vlc_media_player:2.0.4:*:*:*:*:*:*:*",
"matchCriteriaId": "8F2132F9-D49A-468F-94F0-BBEC3C4D4E24",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:videolan:vlc_media_player:2.0.5:*:*:*:*:*:*:*",
"matchCriteriaId": "E695AC57-C61E-4EE7-A5F1-94B086C03130",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:videolan:vlc_media_player:2.0.6:*:*:*:*:*:*:*",
"matchCriteriaId": "3FB8545D-A954-4366-B807-6521356AAC18",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Buffer overflow in the mp4a packetizer (modules/packetizer/mpeg4audio.c) in VideoLAN VLC Media Player before 2.0.8 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via unspecified vectors."
},
{
"lang": "es",
"value": "Desbordamiento de buffer en el empaquetador mp4a (modules/packetizer/mpeg4audio.c) en VideoLAN VLC Media Player anterior a la versi\u00f3n 2.0.8 permite a atacantes remotos provocar una denegaci\u00f3n de servicio (cuelgue) y posiblemente ejecutar c\u00f3digo arbitrario a trav\u00e9s de vectores sin especificar."
}
],
"id": "CVE-2013-4388",
"lastModified": "2024-11-21T01:55:28.333",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 6.8,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
]
},
"published": "2013-10-11T22:55:40.363",
"references": [
{
"source": "secalert@redhat.com",
"url": "http://git.videolan.org/?p=vlc.git%3Ba=commitdiff%3Bh=9794ec1cd268c04c8bca13a5fae15df6594dff3e"
},
{
"source": "secalert@redhat.com",
"url": "http://secunia.com/advisories/59793"
},
{
"source": "secalert@redhat.com",
"url": "http://www.openwall.com/lists/oss-security/2013/10/01/2"
},
{
"source": "secalert@redhat.com",
"url": "http://www.securityfocus.com/bid/62724"
},
{
"source": "secalert@redhat.com",
"url": "http://www.securitytracker.com/id/1029120"
},
{
"source": "secalert@redhat.com",
"url": "http://www.videolan.org/developers/vlc-branch/NEWS"
},
{
"source": "secalert@redhat.com",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A18086"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://git.videolan.org/?p=vlc.git%3Ba=commitdiff%3Bh=9794ec1cd268c04c8bca13a5fae15df6594dff3e"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://secunia.com/advisories/59793"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.openwall.com/lists/oss-security/2013/10/01/2"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/bid/62724"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securitytracker.com/id/1029120"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.videolan.org/developers/vlc-branch/NEWS"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A18086"
}
],
"sourceIdentifier": "secalert@redhat.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-119"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2017-05-23 21:29
Modified
2024-11-21 03:33
Severity ?
Summary
Potential heap based buffer overflow in ParseJSS in VideoLAN VLC before 2.2.5 due to skipping NULL terminator in an input string allows attackers to execute arbitrary code via a crafted subtitles file.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| videolan | vlc_media_player | * |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:videolan:vlc_media_player:*:*:*:*:*:*:*:*",
"matchCriteriaId": "60281829-AD27-4A95-B1A4-3D6008627406",
"versionEndIncluding": "2.2.4",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Potential heap based buffer overflow in ParseJSS in VideoLAN VLC before 2.2.5 due to skipping NULL terminator in an input string allows attackers to execute arbitrary code via a crafted subtitles file."
},
{
"lang": "es",
"value": "Potencial desbordamiento de b\u00fafer en la regi\u00f3n heap de la memoria en ParseJSS en VLC anterior a versi\u00f3n 2.2.5 de VideoLAN, debido a una omisi\u00f3n del terminador NULL en una cadena de entrada permite a los atacantes ejecutar c\u00f3digo arbitrario por medio de un archivo de subt\u00edtulos especialmente dise\u00f1ado."
}
],
"id": "CVE-2017-8311",
"lastModified": "2024-11-21T03:33:45.023",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 6.8,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.0"
},
"exploitabilityScore": 1.8,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2017-05-23T21:29:00.227",
"references": [
{
"source": "cve@checkpoint.com",
"url": "http://git.videolan.org/?p=vlc.git%3Ba=commitdiff%3Bh=775de716add17322f24b476439f903a829446eb6"
},
{
"source": "cve@checkpoint.com",
"url": "http://www.debian.org/security/2017/dsa-3899"
},
{
"source": "cve@checkpoint.com",
"url": "http://www.securityfocus.com/bid/98634"
},
{
"source": "cve@checkpoint.com",
"url": "https://security.gentoo.org/glsa/201707-10"
},
{
"source": "cve@checkpoint.com",
"url": "https://www.exploit-db.com/exploits/44514/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://git.videolan.org/?p=vlc.git%3Ba=commitdiff%3Bh=775de716add17322f24b476439f903a829446eb6"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.debian.org/security/2017/dsa-3899"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/bid/98634"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://security.gentoo.org/glsa/201707-10"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://www.exploit-db.com/exploits/44514/"
}
],
"sourceIdentifier": "cve@checkpoint.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-119"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2019-07-16 17:15
Modified
2024-11-21 04:25
Severity ?
Summary
libebml before 1.3.6, as used in the MKV module in VideoLAN VLC Media Player binaries before 3.0.3, has a heap-based buffer over-read in EbmlElement::FindNextElement.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| videolan | vlc_media_player | * |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:videolan:vlc_media_player:*:*:*:*:*:*:*:*",
"matchCriteriaId": "648F4064-187A-4895-A959-EC37ADFB0DC7",
"versionEndExcluding": "3.0.3",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "libebml before 1.3.6, as used in the MKV module in VideoLAN VLC Media Player binaries before 3.0.3, has a heap-based buffer over-read in EbmlElement::FindNextElement."
},
{
"lang": "es",
"value": "libebml en versiones anteriores a la 1.3.6, tal como se usa en el m\u00f3dulo MKV en los binarios de VideoLAN VLC Media Player en versiones anteriores a la 3.0.3, tiene una sobrelectura de b\u00fafer basada en memoria din\u00e1mica (heap) en EbmlElement :: FindNextElement."
}
],
"id": "CVE-2019-13615",
"lastModified": "2024-11-21T04:25:21.860",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 4.3,
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:M/Au:N/C:N/I:N/A:P",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
"version": "3.0"
},
"exploitabilityScore": 1.8,
"impactScore": 3.6,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2019-07-16T17:15:12.580",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securityfocus.com/bid/109304"
},
{
"source": "cve@mitre.org",
"url": "https://github.com/Matroska-Org/libebml/commit/05beb69ba60acce09f73ed491bb76f332849c3a0"
},
{
"source": "cve@mitre.org",
"url": "https://github.com/Matroska-Org/libebml/commit/b66ca475be967547af9a3784e720fbbacd381be6"
},
{
"source": "cve@mitre.org",
"url": "https://github.com/Matroska-Org/libebml/compare/release-1.3.5...release-1.3.6"
},
{
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Issue Tracking",
"Vendor Advisory"
],
"url": "https://trac.videolan.org/vlc/ticket/22474"
},
{
"source": "cve@mitre.org",
"url": "https://usn.ubuntu.com/4073-1/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securityfocus.com/bid/109304"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://github.com/Matroska-Org/libebml/commit/05beb69ba60acce09f73ed491bb76f332849c3a0"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://github.com/Matroska-Org/libebml/commit/b66ca475be967547af9a3784e720fbbacd381be6"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://github.com/Matroska-Org/libebml/compare/release-1.3.5...release-1.3.6"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Issue Tracking",
"Vendor Advisory"
],
"url": "https://trac.videolan.org/vlc/ticket/22474"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://usn.ubuntu.com/4073-1/"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-125"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2019-06-13 16:29
Modified
2024-11-21 04:44
Severity ?
Summary
A Buffer Overflow in VLC Media Player < 3.0.7 causes a crash which can possibly be further developed into a remote code execution exploit.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| videolan | vlc_media_player | * |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:videolan:vlc_media_player:*:*:*:*:*:*:*:*",
"matchCriteriaId": "288A8608-A671-415D-9BEC-C85098C8C51B",
"versionEndExcluding": "3.0.7",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "A Buffer Overflow in VLC Media Player \u003c 3.0.7 causes a crash which can possibly be further developed into a remote code execution exploit."
},
{
"lang": "es",
"value": "Una desbordamiento en el buffer en VLC Media Player Player \u003c 3.0.7 causa un bloqueo el cual, puede ser posiblemente m\u00e1s desarrollado hacia una explotaci\u00f3n en la ejecuci\u00f3n del c\u00f3digo remoto"
}
],
"id": "CVE-2019-5439",
"lastModified": "2024-11-21T04:44:56.310",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 4.3,
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:M/Au:N/C:N/I:N/A:P",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
"version": "3.0"
},
"exploitabilityScore": 2.8,
"impactScore": 3.6,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2019-06-13T16:29:01.733",
"references": [
{
"source": "support@hackerone.com",
"url": "http://lists.opensuse.org/opensuse-security-announce/2019-08/msg00005.html"
},
{
"source": "support@hackerone.com",
"url": "http://lists.opensuse.org/opensuse-security-announce/2019-08/msg00037.html"
},
{
"source": "support@hackerone.com",
"url": "http://lists.opensuse.org/opensuse-security-announce/2019-08/msg00040.html"
},
{
"source": "support@hackerone.com",
"url": "http://lists.opensuse.org/opensuse-security-announce/2019-08/msg00081.html"
},
{
"source": "support@hackerone.com",
"url": "http://www.securityfocus.com/bid/108769"
},
{
"source": "support@hackerone.com",
"tags": [
"Third Party Advisory"
],
"url": "https://hackerone.com/reports/484398"
},
{
"source": "support@hackerone.com",
"url": "https://security.gentoo.org/glsa/201908-23"
},
{
"source": "support@hackerone.com",
"url": "https://usn.ubuntu.com/4074-1/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://lists.opensuse.org/opensuse-security-announce/2019-08/msg00005.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://lists.opensuse.org/opensuse-security-announce/2019-08/msg00037.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://lists.opensuse.org/opensuse-security-announce/2019-08/msg00040.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://lists.opensuse.org/opensuse-security-announce/2019-08/msg00081.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/bid/108769"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://hackerone.com/reports/484398"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://security.gentoo.org/glsa/201908-23"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://usn.ubuntu.com/4074-1/"
}
],
"sourceIdentifier": "support@hackerone.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-120"
}
],
"source": "support@hackerone.com",
"type": "Secondary"
},
{
"description": [
{
"lang": "en",
"value": "CWE-119"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2020-01-24 22:15
Modified
2024-11-21 02:21
Severity ?
Summary
The rtp_packetize_xiph_config function in modules/stream_out/rtpfmt.c in VideoLAN VLC media player before 2.1.6 uses a stack-allocation approach with a size determined by arbitrary input data, which allows remote attackers to cause a denial of service (memory corruption) or possibly have unspecified other impact via a crafted length value.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| cve@mitre.org | http://openwall.com/lists/oss-security/2015/01/20/5 | Mailing List, Patch, Third Party Advisory | |
| cve@mitre.org | https://github.com/videolan/vlc/commit/204291467724867b79735c0ee3aeb0dbc2200f97 | Patch, Third Party Advisory | |
| cve@mitre.org | https://www.videolan.org/security/sa1501.html | Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://openwall.com/lists/oss-security/2015/01/20/5 | Mailing List, Patch, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://github.com/videolan/vlc/commit/204291467724867b79735c0ee3aeb0dbc2200f97 | Patch, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://www.videolan.org/security/sa1501.html | Vendor Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| videolan | vlc_media_player | * |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:videolan:vlc_media_player:*:*:*:*:*:*:*:*",
"matchCriteriaId": "6E9B8F06-93FB-4A2B-B550-A30BD8F1C5D6",
"versionEndExcluding": "2.1.6",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "The rtp_packetize_xiph_config function in modules/stream_out/rtpfmt.c in VideoLAN VLC media player before 2.1.6 uses a stack-allocation approach with a size determined by arbitrary input data, which allows remote attackers to cause a denial of service (memory corruption) or possibly have unspecified other impact via a crafted length value."
},
{
"lang": "es",
"value": "La funci\u00f3n rtp_packetize_xiph_config en el archivo modules/stream_out/rtpfmt.c en el reproductor multimedia VLC de VideoLAN versiones anteriores a 2.1.6, utiliza un enfoque de asignaci\u00f3n de pila con un tama\u00f1o determinado por datos de entrada arbitrarios, que permite a atacantes remotos causar una denegaci\u00f3n de servicio (corrupci\u00f3n de memoria) posiblemente tenga otro impacto no especificado por medio de un valor de longitud dise\u00f1ado."
}
],
"id": "CVE-2014-9630",
"lastModified": "2024-11-21T02:21:17.367",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 6.8,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 1.8,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2020-01-24T22:15:12.660",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Mailing List",
"Patch",
"Third Party Advisory"
],
"url": "http://openwall.com/lists/oss-security/2015/01/20/5"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch",
"Third Party Advisory"
],
"url": "https://github.com/videolan/vlc/commit/204291467724867b79735c0ee3aeb0dbc2200f97"
},
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "https://www.videolan.org/security/sa1501.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Mailing List",
"Patch",
"Third Party Advisory"
],
"url": "http://openwall.com/lists/oss-security/2015/01/20/5"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Third Party Advisory"
],
"url": "https://github.com/videolan/vlc/commit/204291467724867b79735c0ee3aeb0dbc2200f97"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://www.videolan.org/security/sa1501.html"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-119"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2017-06-30 13:29
Modified
2024-11-21 03:06
Severity ?
Summary
avcodec 2.2.x, as used in VideoLAN VLC media player 2.2.7-x before 2017-06-29, allows out-of-bounds heap memory write due to calling memcpy() with a wrong size, leading to a denial of service (application crash) or possibly code execution.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| videolan | vlc_media_player | 2.2.0 | |
| videolan | vlc_media_player | 2.2.1 | |
| videolan | vlc_media_player | 2.2.2 | |
| videolan | vlc_media_player | 2.2.3 | |
| videolan | vlc_media_player | 2.2.4 | |
| videolan | vlc_media_player | 2.2.5 | |
| videolan | vlc_media_player | 2.2.5.1 | |
| videolan | vlc_media_player | 2.2.6 | |
| videolan | vlc_media_player | 2.2.7 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:videolan:vlc_media_player:2.2.0:*:*:*:*:*:*:*",
"matchCriteriaId": "ECBAF91B-1BC9-4029-ADFC-506FAA3F6C93",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:videolan:vlc_media_player:2.2.1:*:*:*:*:*:*:*",
"matchCriteriaId": "3D0E28DE-2CAC-42CD-A8DF-2659AA135772",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:videolan:vlc_media_player:2.2.2:*:*:*:*:*:*:*",
"matchCriteriaId": "B4F39D96-FC35-4063-BB22-2A4CA6C788D8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:videolan:vlc_media_player:2.2.3:*:*:*:*:*:*:*",
"matchCriteriaId": "2EF54451-B67D-4003-991F-8D306C5ED782",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:videolan:vlc_media_player:2.2.4:*:*:*:*:*:*:*",
"matchCriteriaId": "38860D21-A9DB-49CD-A8CD-3323F98D111F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:videolan:vlc_media_player:2.2.5:*:*:*:*:*:*:*",
"matchCriteriaId": "F4EC0BA2-715C-4DAD-974D-EFBD3BA51944",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:videolan:vlc_media_player:2.2.5.1:*:*:*:*:*:*:*",
"matchCriteriaId": "86CAC2D1-DD94-4ED2-B8B1-DCE63422852B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:videolan:vlc_media_player:2.2.6:*:*:*:*:*:*:*",
"matchCriteriaId": "42B8A2D0-D22A-4196-9013-D3F60CD27C24",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:videolan:vlc_media_player:2.2.7:*:*:*:*:*:*:*",
"matchCriteriaId": "BA1B9AAA-11B1-4215-95B9-92236B81AC99",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "avcodec 2.2.x, as used in VideoLAN VLC media player 2.2.7-x before 2017-06-29, allows out-of-bounds heap memory write due to calling memcpy() with a wrong size, leading to a denial of service (application crash) or possibly code execution."
},
{
"lang": "es",
"value": "avcodec 2.2.x, tal y como se emplea en el reproductor multimedia VideoLAN VLC en versiones 2.2.7-x anteriores a la 2017-06-29, permite una escritura en la memoria din\u00e1mica (heap) fuera de l\u00edmites debido a que se llama a memcpy() con un tama\u00f1o err\u00f3neo. Esto conduce a una denegaci\u00f3n de servicio (cierre inesperado de la aplicaci\u00f3n) o a una posible ejecuci\u00f3n de c\u00f3digo."
}
],
"id": "CVE-2017-10699",
"lastModified": "2024-11-21T03:06:18.663",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": true,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
},
"exploitabilityScore": 3.9,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2017-06-30T13:29:00.347",
"references": [
{
"source": "cve@mitre.org",
"url": "http://www.securitytracker.com/id/1038816"
},
{
"source": "cve@mitre.org",
"tags": [
"Issue Tracking",
"Vendor Advisory"
],
"url": "https://trac.videolan.org/vlc/ticket/18467"
},
{
"source": "cve@mitre.org",
"url": "https://www.debian.org/security/2017/dsa-4045"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securitytracker.com/id/1038816"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Issue Tracking",
"Vendor Advisory"
],
"url": "https://trac.videolan.org/vlc/ticket/18467"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://www.debian.org/security/2017/dsa-4045"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-787"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2014-12-26 20:59
Modified
2024-11-21 01:14
Severity ?
Summary
Heap-based buffer overflow in VideoLAN VLC media player before 1.0.6 allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a crafted byte stream in an RTMP session.
References
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:videolan:vlc_media_player:*:*:*:*:*:*:*:*",
"matchCriteriaId": "573B6617-9109-43AA-BD92-B211B6AB7BC4",
"versionEndIncluding": "1.0.5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:videolan:vlc_media_player:0.5.0:*:*:*:*:*:*:*",
"matchCriteriaId": "12602EC1-07DE-4A40-9897-E7E6A23D4B42",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:videolan:vlc_media_player:0.5.1:*:*:*:*:*:*:*",
"matchCriteriaId": "6726FF43-2330-444C-86F0-FB774F8470C8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:videolan:vlc_media_player:0.5.2:*:*:*:*:*:*:*",
"matchCriteriaId": "90D485D0-BBF8-4A0F-91A1-52835EF876A1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:videolan:vlc_media_player:0.5.3:*:*:*:*:*:*:*",
"matchCriteriaId": "DC23A94C-3611-41BA-9043-22C477B8020B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:videolan:vlc_media_player:0.6.0:*:*:*:*:*:*:*",
"matchCriteriaId": "01118457-9068-48F7-B2A4-BABB354E1449",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:videolan:vlc_media_player:0.6.1:*:*:*:*:*:*:*",
"matchCriteriaId": "EB851F73-D444-4316-9AA0-4556068ADED2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:videolan:vlc_media_player:0.6.2:*:*:*:*:*:*:*",
"matchCriteriaId": "6221A983-B4AC-4646-A939-FAA021EE7F20",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:videolan:vlc_media_player:0.7.0:*:*:*:*:*:*:*",
"matchCriteriaId": "F1707178-C378-4098-8C97-CBFB5DD8B4ED",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:videolan:vlc_media_player:0.7.1:*:*:*:*:*:*:*",
"matchCriteriaId": "08AD173D-10D1-4145-88E9-20053ADA7A6D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:videolan:vlc_media_player:0.7.2:*:*:*:*:*:*:*",
"matchCriteriaId": "46904EED-974A-4900-B676-DE298CB3ADE1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:videolan:vlc_media_player:0.8.0:*:*:*:*:*:*:*",
"matchCriteriaId": "4384C436-12AF-4051-B074-893BE6B4C7F2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:videolan:vlc_media_player:0.8.1:*:*:*:*:*:*:*",
"matchCriteriaId": "7EC2CEE6-A2E1-437A-947F-608EB7987758",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:videolan:vlc_media_player:0.8.2:*:*:*:*:*:*:*",
"matchCriteriaId": "C30A98A2-675A-4913-A425-2B9F8F06CEA8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:videolan:vlc_media_player:0.8.4:*:*:*:*:*:*:*",
"matchCriteriaId": "C6A360E5-501E-4A97-94A0-620FC5B2627A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:videolan:vlc_media_player:0.8.4a:*:*:*:*:*:*:*",
"matchCriteriaId": "8E9742E3-756B-418F-8F9F-D86BD37080DC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:videolan:vlc_media_player:0.8.5:*:*:*:*:*:*:*",
"matchCriteriaId": "D2845107-7D0C-4F72-AF0C-0E059E923826",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:videolan:vlc_media_player:0.8.6:*:*:*:*:*:*:*",
"matchCriteriaId": "18B68706-5A1F-479F-8A38-F93D98481F9C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:videolan:vlc_media_player:0.8.6a:*:*:*:*:*:*:*",
"matchCriteriaId": "06BB94C4-9315-48FB-8859-425993D42973",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:videolan:vlc_media_player:0.8.6b:*:*:*:*:*:*:*",
"matchCriteriaId": "97E4572E-337D-43F3-81AE-54E496F04E49",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:videolan:vlc_media_player:0.8.6c:*:*:*:*:*:*:*",
"matchCriteriaId": "DDB2DD0B-7D95-4391-8881-4A22F4AA1778",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:videolan:vlc_media_player:0.8.6d:*:*:*:*:*:*:*",
"matchCriteriaId": "AAFBA7B6-0227-4E0F-AF95-FC02FE84654D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:videolan:vlc_media_player:0.8.6e:*:*:*:*:*:*:*",
"matchCriteriaId": "9D387A08-1B84-46BB-87E2-51E3E9567B8B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:videolan:vlc_media_player:0.8.6f:*:*:*:*:*:*:*",
"matchCriteriaId": "8D26B400-DAF1-4602-9AF7-ECF97919529A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:videolan:vlc_media_player:0.8.6g:*:*:*:*:*:*:*",
"matchCriteriaId": "2150E50E-C00A-407B-9D14-444124D6AD01",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:videolan:vlc_media_player:0.8.6h:*:*:*:*:*:*:*",
"matchCriteriaId": "725D145D-C3F6-4810-96D8-E8AC871093F0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:videolan:vlc_media_player:0.8.6i:*:*:*:*:*:*:*",
"matchCriteriaId": "FD824C10-CB0B-4988-99E9-1B8A2B52C5A3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:videolan:vlc_media_player:0.8.1337:*:*:*:*:*:*:*",
"matchCriteriaId": "714D8595-BFA8-48CE-8563-1CCFF959F8AE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:videolan:vlc_media_player:0.9.0:*:*:*:*:*:*:*",
"matchCriteriaId": "C13FF305-2547-4E85-9007-0A89F5E34BD4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:videolan:vlc_media_player:0.9.1:*:*:*:*:*:*:*",
"matchCriteriaId": "3E93836E-E9D1-4180-A589-43602647741C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:videolan:vlc_media_player:0.9.2:*:*:*:*:*:*:*",
"matchCriteriaId": "B3B32073-DBD5-4344-8498-A132B99807A8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:videolan:vlc_media_player:0.9.3:*:*:*:*:*:*:*",
"matchCriteriaId": "5330E5C4-BF18-498A-9AE2-1C57E2494AAF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:videolan:vlc_media_player:0.9.4:*:*:*:*:*:*:*",
"matchCriteriaId": "86D31A16-94EE-45D6-8C54-4F27D466A29E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:videolan:vlc_media_player:0.9.5:*:*:*:*:*:*:*",
"matchCriteriaId": "117C896C-1C61-440E-B0F4-A871828CD095",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:videolan:vlc_media_player:0.9.6:*:*:*:*:*:*:*",
"matchCriteriaId": "53C17E1A-2E3A-4765-92DE-55CFEE5E4CB0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:videolan:vlc_media_player:0.9.8a:*:*:*:*:*:*:*",
"matchCriteriaId": "A218DA63-4334-4C9F-BB47-44CC00630613",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:videolan:vlc_media_player:0.9.9:*:*:*:*:*:*:*",
"matchCriteriaId": "3CD809FD-E893-4921-83CE-D34008670F8F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:videolan:vlc_media_player:0.9.9a:*:*:*:*:*:*:*",
"matchCriteriaId": "9F8A163E-3578-4BF5-A278-A267D9B9CE82",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:videolan:vlc_media_player:0.9.10:*:*:*:*:*:*:*",
"matchCriteriaId": "8F60ACBF-E7C6-4184-9B91-8ED3840A7BEA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:videolan:vlc_media_player:1.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "D1925D17-564A-4D8C-87FB-D3C731FA0612",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:videolan:vlc_media_player:1.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "70BD6170-AD0D-4E95-8998-8B5CE8F0E3AF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:videolan:vlc_media_player:1.0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "9B06DCD7-56C5-4B25-936E-07D766109FB8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:videolan:vlc_media_player:1.0.3:*:*:*:*:*:*:*",
"matchCriteriaId": "29AD31C5-B119-44EF-8627-2C480860BAD2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:videolan:vlc_media_player:1.0.4:*:*:*:*:*:*:*",
"matchCriteriaId": "692C36B2-2A55-44EA-B80E-D7EDE384BA7D",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Heap-based buffer overflow in VideoLAN VLC media player before 1.0.6 allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a crafted byte stream in an RTMP session."
},
{
"lang": "es",
"value": "Desbordamiento de buffer basado en memoria din\u00e1mica en el reproductor multimedia VideoLAN VLC anterior a 1.0.6 permite a atacantes remotos causar una denegaci\u00f3n de servicio (ca\u00edda de la aplicaci\u00f3n) o la posibilidad de ejecutar c\u00f3digo arbitrario a trav\u00e9s de un flujo de bytes modificados en una sesi\u00f3n RTMP"
}
],
"id": "CVE-2010-1445",
"lastModified": "2024-11-21T01:14:26.527",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2014-12-26T20:59:06.497",
"references": [
{
"source": "secalert@redhat.com",
"url": "http://openwall.com/lists/oss-security/2010/04/28/4"
},
{
"source": "secalert@redhat.com",
"tags": [
"Vendor Advisory"
],
"url": "http://www.videolan.org/security/sa1003.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://openwall.com/lists/oss-security/2010/04/28/4"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://www.videolan.org/security/sa1003.html"
}
],
"sourceIdentifier": "secalert@redhat.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-119"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2012-01-20 17:55
Modified
2024-11-21 01:35
Severity ?
Summary
VLC media player 1.1.11 allows remote attackers to cause a denial of service (crash) via a long string in an amr file.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| videolan | vlc_media_player | 1.1.11 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:videolan:vlc_media_player:1.1.11:*:*:*:*:*:*:*",
"matchCriteriaId": "D442FC10-1527-4736-AE94-8B65F3601F70",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "VLC media player 1.1.11 allows remote attackers to cause a denial of service (crash) via a long string in an amr file."
},
{
"lang": "es",
"value": "VLC media player v1.1.11, permite a atacantes remotos provocar una denegaci\u00f3n de servicio (ca\u00edda) a trav\u00e9s de una larga cadena en un archivo arm."
}
],
"id": "CVE-2012-0904",
"lastModified": "2024-11-21T01:35:56.377",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 4.3,
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:M/Au:N/C:N/I:N/A:P",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
]
},
"published": "2012-01-20T17:55:02.720",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Exploit"
],
"url": "http://archives.neohapsis.com/archives/bugtraq/2012-01/0033.html"
},
{
"source": "cve@mitre.org",
"tags": [
"Exploit"
],
"url": "http://www.exploit-db.com/exploits/18309"
},
{
"source": "cve@mitre.org",
"tags": [
"Exploit"
],
"url": "http://www.securityfocus.com/bid/51255"
},
{
"source": "cve@mitre.org",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/72085"
},
{
"source": "cve@mitre.org",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A14327"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit"
],
"url": "http://archives.neohapsis.com/archives/bugtraq/2012-01/0033.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit"
],
"url": "http://www.exploit-db.com/exploits/18309"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit"
],
"url": "http://www.securityfocus.com/bid/51255"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/72085"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A14327"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-399"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2008-11-10 22:18
Modified
2024-11-21 00:53
Severity ?
Summary
Stack-based buffer overflow in VideoLAN VLC media player 0.9.x before 0.9.6 might allow user-assisted attackers to execute arbitrary code via an an invalid RealText (rt) subtitle file, related to the ParseRealText function in modules/demux/subtitle.c. NOTE: this issue was SPLIT from CVE-2008-5032 on 20081110.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| videolan | vlc_media_player | 0.9 | |
| videolan | vlc_media_player | 0.9.0 | |
| videolan | vlc_media_player | 0.9.1 | |
| videolan | vlc_media_player | 0.9.2 | |
| videolan | vlc_media_player | 0.9.3 | |
| videolan | vlc_media_player | 0.9.4 | |
| videolan | vlc_media_player | 0.9.5 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:videolan:vlc_media_player:0.9:*:*:*:*:*:*:*",
"matchCriteriaId": "2989A186-A580-47FE-A8B0-87FD0861D325",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:videolan:vlc_media_player:0.9.0:*:*:*:*:*:*:*",
"matchCriteriaId": "C13FF305-2547-4E85-9007-0A89F5E34BD4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:videolan:vlc_media_player:0.9.1:*:*:*:*:*:*:*",
"matchCriteriaId": "3E93836E-E9D1-4180-A589-43602647741C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:videolan:vlc_media_player:0.9.2:*:*:*:*:*:*:*",
"matchCriteriaId": "B3B32073-DBD5-4344-8498-A132B99807A8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:videolan:vlc_media_player:0.9.3:*:*:*:*:*:*:*",
"matchCriteriaId": "5330E5C4-BF18-498A-9AE2-1C57E2494AAF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:videolan:vlc_media_player:0.9.4:*:*:*:*:*:*:*",
"matchCriteriaId": "86D31A16-94EE-45D6-8C54-4F27D466A29E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:videolan:vlc_media_player:0.9.5:*:*:*:*:*:*:*",
"matchCriteriaId": "117C896C-1C61-440E-B0F4-A871828CD095",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Stack-based buffer overflow in VideoLAN VLC media player 0.9.x before 0.9.6 might allow user-assisted attackers to execute arbitrary code via an an invalid RealText (rt) subtitle file, related to the ParseRealText function in modules/demux/subtitle.c. NOTE: this issue was SPLIT from CVE-2008-5032 on 20081110."
},
{
"lang": "es",
"value": "Desbordamiento de b\u00fafer basado en pila en VideoLAN VLC media player v0.9.x anteriores a v0.9.6 permite a atacantes remotos asistidos por el usuario ejecutar c\u00f3digo de su elecci\u00f3n a trav\u00e9s de un fichero de subt\u00edtulo de RealText (rt), relativo a la funci\u00f3n ParseRealText en /modules/demux/subtitle.c. NOTA: Este problema es una parte de CVE-2008-5032 en 20081110."
}
],
"id": "CVE-2008-5036",
"lastModified": "2024-11-21T00:53:08.243",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "COMPLETE",
"baseScore": 9.3,
"confidentialityImpact": "COMPLETE",
"integrityImpact": "COMPLETE",
"vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 10.0,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
]
},
"published": "2008-11-10T22:18:34.490",
"references": [
{
"source": "cve@mitre.org",
"url": "http://git.videolan.org/?p=vlc.git%3Ba=commitdiff%3Bh=e3cef651125701a2e33a8d75b815b3e39681a447"
},
{
"source": "cve@mitre.org",
"url": "http://secunia.com/advisories/32569"
},
{
"source": "cve@mitre.org",
"url": "http://secunia.com/advisories/33315"
},
{
"source": "cve@mitre.org",
"url": "http://security.gentoo.org/glsa/glsa-200812-24.xml"
},
{
"source": "cve@mitre.org",
"url": "http://www.openwall.com/lists/oss-security/2008/11/05/4"
},
{
"source": "cve@mitre.org",
"url": "http://www.openwall.com/lists/oss-security/2008/11/05/5"
},
{
"source": "cve@mitre.org",
"url": "http://www.openwall.com/lists/oss-security/2008/11/10/13"
},
{
"source": "cve@mitre.org",
"url": "http://www.securityfocus.com/archive/1/498111/100/0/threaded"
},
{
"source": "cve@mitre.org",
"url": "http://www.securityfocus.com/bid/32125"
},
{
"source": "cve@mitre.org",
"tags": [
"Exploit"
],
"url": "http://www.trapkit.de/advisories/TKADV2008-011.txt"
},
{
"source": "cve@mitre.org",
"url": "http://www.videolan.org/security/sa0810.html"
},
{
"source": "cve@mitre.org",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/46376"
},
{
"source": "cve@mitre.org",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A14329"
},
{
"source": "cve@mitre.org",
"url": "https://www.exploit-db.com/exploits/7051"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://git.videolan.org/?p=vlc.git%3Ba=commitdiff%3Bh=e3cef651125701a2e33a8d75b815b3e39681a447"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://secunia.com/advisories/32569"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://secunia.com/advisories/33315"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://security.gentoo.org/glsa/glsa-200812-24.xml"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.openwall.com/lists/oss-security/2008/11/05/4"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.openwall.com/lists/oss-security/2008/11/05/5"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.openwall.com/lists/oss-security/2008/11/10/13"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/archive/1/498111/100/0/threaded"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/bid/32125"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit"
],
"url": "http://www.trapkit.de/advisories/TKADV2008-011.txt"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.videolan.org/security/sa0810.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/46376"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A14329"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://www.exploit-db.com/exploits/7051"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-119"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2010-01-21 20:30
Modified
2024-11-21 01:12
Severity ?
Summary
Stack-based buffer overflow in VideoLAN VLC Media Player 0.8.6 allows user-assisted remote attackers to execute arbitrary code via an ogg file with a crafted Advanced SubStation Alpha Subtitle (.ass) file, probably involving the Dialogue field.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| videolan | vlc_media_player | 0.8.6 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:videolan:vlc_media_player:0.8.6:*:*:*:*:*:*:*",
"matchCriteriaId": "18B68706-5A1F-479F-8A38-F93D98481F9C",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Stack-based buffer overflow in VideoLAN VLC Media Player 0.8.6 allows user-assisted remote attackers to execute arbitrary code via an ogg file with a crafted Advanced SubStation Alpha Subtitle (.ass) file, probably involving the Dialogue field."
},
{
"lang": "es",
"value": "Desbordamiento de b\u00fafer basado en pila en VideoLAN VLC Media Player 0.8.6 permite a atacantes remotos asistidos por el usuario, ejecutar c\u00f3digo de su elecci\u00f3n mediante un fichero ogg con un fichero Advanced SubStation Alpha Subtitle (.ass) manipulado, probablemente en relaci\u00f3n con el campo Dialogue."
}
],
"id": "CVE-2010-0364",
"lastModified": "2024-11-21T01:12:03.820",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "COMPLETE",
"baseScore": 9.3,
"confidentialityImpact": "COMPLETE",
"integrityImpact": "COMPLETE",
"vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 10.0,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
]
},
"published": "2010-01-21T20:30:00.430",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Exploit"
],
"url": "http://www.exploit-db.com/exploits/11174"
},
{
"source": "cve@mitre.org",
"tags": [
"Exploit"
],
"url": "http://www.securityfocus.com/bid/37832"
},
{
"source": "cve@mitre.org",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/55717"
},
{
"source": "cve@mitre.org",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A14342"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit"
],
"url": "http://www.exploit-db.com/exploits/11174"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit"
],
"url": "http://www.securityfocus.com/bid/37832"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/55717"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A14342"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-119"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2014-03-03 16:55
Modified
2024-11-21 02:04
Severity ?
Summary
The ASF_ReadObject_file_properties function in modules/demux/asf/libasf.c in the ASF Demuxer in VideoLAN VLC Media Player before 2.1.3 allows remote attackers to cause a denial of service (divide-by-zero error and crash) via a zero minimum and maximum data packet size in an ASF file.
References
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:videolan:vlc_media_player:*:*:*:*:*:*:*:*",
"matchCriteriaId": "09D32CDD-F68C-4202-BF38-31CE8E52914B",
"versionEndIncluding": "2.1.2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:videolan:vlc_media_player:1.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "D1925D17-564A-4D8C-87FB-D3C731FA0612",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:videolan:vlc_media_player:1.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "70BD6170-AD0D-4E95-8998-8B5CE8F0E3AF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:videolan:vlc_media_player:1.0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "9B06DCD7-56C5-4B25-936E-07D766109FB8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:videolan:vlc_media_player:1.0.3:*:*:*:*:*:*:*",
"matchCriteriaId": "29AD31C5-B119-44EF-8627-2C480860BAD2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:videolan:vlc_media_player:1.0.4:*:*:*:*:*:*:*",
"matchCriteriaId": "692C36B2-2A55-44EA-B80E-D7EDE384BA7D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:videolan:vlc_media_player:1.0.5:*:*:*:*:*:*:*",
"matchCriteriaId": "CEAD1ED9-4FA1-47D9-87A0-9D6B4C6771DE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:videolan:vlc_media_player:1.0.6:*:*:*:*:*:*:*",
"matchCriteriaId": "B8E2A762-C13C-4BDD-AD86-7A52609D693D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:videolan:vlc_media_player:1.1.0:*:*:*:*:*:*:*",
"matchCriteriaId": "0042DAC1-A91B-40A6-A379-9C345CF13E4B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:videolan:vlc_media_player:1.1.1:*:*:*:*:*:*:*",
"matchCriteriaId": "8D13741F-8A82-44F6-8D73-98451A180529",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:videolan:vlc_media_player:1.1.2:*:*:*:*:*:*:*",
"matchCriteriaId": "E52C6189-71F1-4A3A-BC08-94087AE1FCE6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:videolan:vlc_media_player:1.1.3:*:*:*:*:*:*:*",
"matchCriteriaId": "591C6696-07C0-463A-B986-AD4FA6985AC1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:videolan:vlc_media_player:1.1.4:*:*:*:*:*:*:*",
"matchCriteriaId": "8342E310-43DE-46C0-85D9-E1D1F9F554E8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:videolan:vlc_media_player:1.1.4.1:*:*:*:*:*:*:*",
"matchCriteriaId": "FAFBBE61-2E34-4CD2-96D2-89A85E66C9AF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:videolan:vlc_media_player:1.1.5:*:*:*:*:*:*:*",
"matchCriteriaId": "E74E71F3-984E-4CF3-900A-F80E7103D3C5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:videolan:vlc_media_player:1.1.6:*:*:*:*:*:*:*",
"matchCriteriaId": "B8596527-4778-4CCD-ABBB-90CA434D91E1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:videolan:vlc_media_player:1.1.6.1:*:*:*:*:*:*:*",
"matchCriteriaId": "7CA6D5F5-8EB7-4DA7-BD6C-CAF45052DCB1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:videolan:vlc_media_player:1.1.7:*:*:*:*:*:*:*",
"matchCriteriaId": "6DF8ED57-EE37-4B1D-B094-B3CA22E45127",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:videolan:vlc_media_player:1.1.8:*:*:*:*:*:*:*",
"matchCriteriaId": "E42A1C4B-91EE-417B-A254-9D0E93FCF3B6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:videolan:vlc_media_player:1.1.9:*:*:*:*:*:*:*",
"matchCriteriaId": "4A0D56A0-6217-4DCF-807A-A17349D63D6B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:videolan:vlc_media_player:1.1.10:*:*:*:*:*:*:*",
"matchCriteriaId": "AC9CA897-FAD0-41AF-97B0-1F44D8C89CF7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:videolan:vlc_media_player:1.1.10.1:*:*:*:*:*:*:*",
"matchCriteriaId": "7CA6FC57-C7FA-4F6E-8B39-083EE477D4DB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:videolan:vlc_media_player:1.1.11:*:*:*:*:*:*:*",
"matchCriteriaId": "D442FC10-1527-4736-AE94-8B65F3601F70",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:videolan:vlc_media_player:1.1.12:*:*:*:*:*:*:*",
"matchCriteriaId": "2AA85720-8DE1-49C8-8A23-1739FBF42B86",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:videolan:vlc_media_player:1.1.13:*:*:*:*:*:*:*",
"matchCriteriaId": "F1161807-F82D-4B4B-BF1A-27FEBD7F8715",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:videolan:vlc_media_player:2.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "1928547F-4689-43CD-9C66-7097AE360669",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:videolan:vlc_media_player:2.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "A3FD4FB1-A4E7-4712-B864-0F85D957E81D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:videolan:vlc_media_player:2.0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "2A6AE8D3-46C9-441B-886C-63D9A28DB918",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:videolan:vlc_media_player:2.0.3:*:*:*:*:*:*:*",
"matchCriteriaId": "99D5CFF3-0643-4AFD-B5D9-7C7C3B18C29B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:videolan:vlc_media_player:2.0.4:*:*:*:*:*:*:*",
"matchCriteriaId": "8F2132F9-D49A-468F-94F0-BBEC3C4D4E24",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:videolan:vlc_media_player:2.0.5:*:*:*:*:*:*:*",
"matchCriteriaId": "E695AC57-C61E-4EE7-A5F1-94B086C03130",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:videolan:vlc_media_player:2.0.6:*:*:*:*:*:*:*",
"matchCriteriaId": "3FB8545D-A954-4366-B807-6521356AAC18",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:videolan:vlc_media_player:2.0.7:*:*:*:*:*:*:*",
"matchCriteriaId": "0716C113-BD32-4459-BA81-10E89128FE91",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:videolan:vlc_media_player:2.0.8:*:*:*:*:*:*:*",
"matchCriteriaId": "D51EE394-663F-4692-AC6D-CA1E9D5BAFC0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:videolan:vlc_media_player:2.0.9:*:*:*:*:*:*:*",
"matchCriteriaId": "72F82B8F-25FC-443C-8A96-A73A1E4FA4EA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:videolan:vlc_media_player:2.1.0:*:*:*:*:*:*:*",
"matchCriteriaId": "ACF50CC5-95CE-42EF-9606-5DF4C5CA5893",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:videolan:vlc_media_player:2.1.1:*:*:*:*:*:*:*",
"matchCriteriaId": "86A44FE9-FA19-4CB8-8E85-0034951B4C12",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "The ASF_ReadObject_file_properties function in modules/demux/asf/libasf.c in the ASF Demuxer in VideoLAN VLC Media Player before 2.1.3 allows remote attackers to cause a denial of service (divide-by-zero error and crash) via a zero minimum and maximum data packet size in an ASF file."
},
{
"lang": "es",
"value": "La funci\u00f3n ASF_ReadObject_file_properties en modules/demux/asf/libasf.c en el Demuxer ASF en VideoLAN VLC Media Player anterior a 2.1.3 permite a atacantes remotos causar una denegaci\u00f3n de servicio (error de divisi\u00f3n por cero y ca\u00edda) a trav\u00e9s de un tama\u00f1o m\u00ednimo y m\u00e1ximo de cero del paquete de datos en un archivo ASF."
}
],
"id": "CVE-2014-1684",
"lastModified": "2024-11-21T02:04:49.487",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 4.3,
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:M/Au:N/C:N/I:N/A:P",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2014-03-03T16:55:04.287",
"references": [
{
"source": "cve@mitre.org",
"url": "http://git.videolan.org/gitweb.cgi/vlc.git/?p=vlc.git%3Ba=commitdiff%3Bh=98787d0843612271e99d62bee0dfd8197f0cf404"
},
{
"source": "cve@mitre.org",
"tags": [
"Exploit"
],
"url": "http://www.elsherei.com/?p=269"
},
{
"source": "cve@mitre.org",
"url": "https://security.gentoo.org/glsa/201603-08"
},
{
"source": "cve@mitre.org",
"tags": [
"Exploit"
],
"url": "https://trac.videolan.org/vlc/ticket/10482"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://git.videolan.org/gitweb.cgi/vlc.git/?p=vlc.git%3Ba=commitdiff%3Bh=98787d0843612271e99d62bee0dfd8197f0cf404"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit"
],
"url": "http://www.elsherei.com/?p=269"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://security.gentoo.org/glsa/201603-08"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit"
],
"url": "https://trac.videolan.org/vlc/ticket/10482"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-189"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2014-12-26 20:59
Modified
2024-11-21 01:15
Severity ?
Summary
Integer underflow in the real_get_rdt_chunk function in real.c, as used in modules/access/rtsp/real.c in VideoLAN VLC media player before 1.0.1 and stream/realrtsp/real.c in MPlayer before r29447, allows remote attackers to execute arbitrary code via a crafted length value in an RDT chunk header.
References
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:videolan:vlc_media_player:*:*:*:*:*:*:*:*",
"matchCriteriaId": "0594C8EB-509C-4D11-BEAC-9A6327641065",
"versionEndIncluding": "1.0.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:videolan:vlc_media_player:0.5.0:*:*:*:*:*:*:*",
"matchCriteriaId": "12602EC1-07DE-4A40-9897-E7E6A23D4B42",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:videolan:vlc_media_player:0.5.1:*:*:*:*:*:*:*",
"matchCriteriaId": "6726FF43-2330-444C-86F0-FB774F8470C8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:videolan:vlc_media_player:0.5.2:*:*:*:*:*:*:*",
"matchCriteriaId": "90D485D0-BBF8-4A0F-91A1-52835EF876A1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:videolan:vlc_media_player:0.5.3:*:*:*:*:*:*:*",
"matchCriteriaId": "DC23A94C-3611-41BA-9043-22C477B8020B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:videolan:vlc_media_player:0.6.0:*:*:*:*:*:*:*",
"matchCriteriaId": "01118457-9068-48F7-B2A4-BABB354E1449",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:videolan:vlc_media_player:0.6.1:*:*:*:*:*:*:*",
"matchCriteriaId": "EB851F73-D444-4316-9AA0-4556068ADED2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:videolan:vlc_media_player:0.6.2:*:*:*:*:*:*:*",
"matchCriteriaId": "6221A983-B4AC-4646-A939-FAA021EE7F20",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:videolan:vlc_media_player:0.7.0:*:*:*:*:*:*:*",
"matchCriteriaId": "F1707178-C378-4098-8C97-CBFB5DD8B4ED",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:videolan:vlc_media_player:0.7.1:*:*:*:*:*:*:*",
"matchCriteriaId": "08AD173D-10D1-4145-88E9-20053ADA7A6D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:videolan:vlc_media_player:0.7.2:*:*:*:*:*:*:*",
"matchCriteriaId": "46904EED-974A-4900-B676-DE298CB3ADE1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:videolan:vlc_media_player:0.8.0:*:*:*:*:*:*:*",
"matchCriteriaId": "4384C436-12AF-4051-B074-893BE6B4C7F2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:videolan:vlc_media_player:0.8.1:*:*:*:*:*:*:*",
"matchCriteriaId": "7EC2CEE6-A2E1-437A-947F-608EB7987758",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:videolan:vlc_media_player:0.8.2:*:*:*:*:*:*:*",
"matchCriteriaId": "C30A98A2-675A-4913-A425-2B9F8F06CEA8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:videolan:vlc_media_player:0.8.4:*:*:*:*:*:*:*",
"matchCriteriaId": "C6A360E5-501E-4A97-94A0-620FC5B2627A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:videolan:vlc_media_player:0.8.4a:*:*:*:*:*:*:*",
"matchCriteriaId": "8E9742E3-756B-418F-8F9F-D86BD37080DC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:videolan:vlc_media_player:0.8.5:*:*:*:*:*:*:*",
"matchCriteriaId": "D2845107-7D0C-4F72-AF0C-0E059E923826",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:videolan:vlc_media_player:0.8.6:*:*:*:*:*:*:*",
"matchCriteriaId": "18B68706-5A1F-479F-8A38-F93D98481F9C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:videolan:vlc_media_player:0.8.6a:*:*:*:*:*:*:*",
"matchCriteriaId": "06BB94C4-9315-48FB-8859-425993D42973",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:videolan:vlc_media_player:0.8.6b:*:*:*:*:*:*:*",
"matchCriteriaId": "97E4572E-337D-43F3-81AE-54E496F04E49",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:videolan:vlc_media_player:0.8.6c:*:*:*:*:*:*:*",
"matchCriteriaId": "DDB2DD0B-7D95-4391-8881-4A22F4AA1778",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:videolan:vlc_media_player:0.8.6d:*:*:*:*:*:*:*",
"matchCriteriaId": "AAFBA7B6-0227-4E0F-AF95-FC02FE84654D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:videolan:vlc_media_player:0.8.6e:*:*:*:*:*:*:*",
"matchCriteriaId": "9D387A08-1B84-46BB-87E2-51E3E9567B8B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:videolan:vlc_media_player:0.8.6f:*:*:*:*:*:*:*",
"matchCriteriaId": "8D26B400-DAF1-4602-9AF7-ECF97919529A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:videolan:vlc_media_player:0.8.6g:*:*:*:*:*:*:*",
"matchCriteriaId": "2150E50E-C00A-407B-9D14-444124D6AD01",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:videolan:vlc_media_player:0.8.6h:*:*:*:*:*:*:*",
"matchCriteriaId": "725D145D-C3F6-4810-96D8-E8AC871093F0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:videolan:vlc_media_player:0.8.6i:*:*:*:*:*:*:*",
"matchCriteriaId": "FD824C10-CB0B-4988-99E9-1B8A2B52C5A3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:videolan:vlc_media_player:0.8.1337:*:*:*:*:*:*:*",
"matchCriteriaId": "714D8595-BFA8-48CE-8563-1CCFF959F8AE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:videolan:vlc_media_player:0.9.0:*:*:*:*:*:*:*",
"matchCriteriaId": "C13FF305-2547-4E85-9007-0A89F5E34BD4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:videolan:vlc_media_player:0.9.1:*:*:*:*:*:*:*",
"matchCriteriaId": "3E93836E-E9D1-4180-A589-43602647741C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:videolan:vlc_media_player:0.9.2:*:*:*:*:*:*:*",
"matchCriteriaId": "B3B32073-DBD5-4344-8498-A132B99807A8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:videolan:vlc_media_player:0.9.3:*:*:*:*:*:*:*",
"matchCriteriaId": "5330E5C4-BF18-498A-9AE2-1C57E2494AAF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:videolan:vlc_media_player:0.9.4:*:*:*:*:*:*:*",
"matchCriteriaId": "86D31A16-94EE-45D6-8C54-4F27D466A29E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:videolan:vlc_media_player:0.9.5:*:*:*:*:*:*:*",
"matchCriteriaId": "117C896C-1C61-440E-B0F4-A871828CD095",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:videolan:vlc_media_player:0.9.6:*:*:*:*:*:*:*",
"matchCriteriaId": "53C17E1A-2E3A-4765-92DE-55CFEE5E4CB0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:videolan:vlc_media_player:0.9.8a:*:*:*:*:*:*:*",
"matchCriteriaId": "A218DA63-4334-4C9F-BB47-44CC00630613",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:videolan:vlc_media_player:0.9.9:*:*:*:*:*:*:*",
"matchCriteriaId": "3CD809FD-E893-4921-83CE-D34008670F8F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:videolan:vlc_media_player:0.9.9a:*:*:*:*:*:*:*",
"matchCriteriaId": "9F8A163E-3578-4BF5-A278-A267D9B9CE82",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:videolan:vlc_media_player:0.9.10:*:*:*:*:*:*:*",
"matchCriteriaId": "8F60ACBF-E7C6-4184-9B91-8ED3840A7BEA",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Integer underflow in the real_get_rdt_chunk function in real.c, as used in modules/access/rtsp/real.c in VideoLAN VLC media player before 1.0.1 and stream/realrtsp/real.c in MPlayer before r29447, allows remote attackers to execute arbitrary code via a crafted length value in an RDT chunk header."
},
{
"lang": "es",
"value": "Desbordamiento de enteros en la funci\u00f3n real_get_rdt_chunk en real.c, utilizado en modules/access/rtsp/real.c del reproductor multimedia VideoLAN VLC anterior a 1.0.1 y en stream/realrtsp/real.c en MPlayer anterior a r29447, permite a atacantes remotos ejecutar c\u00f3digo arbitrario a trav\u00e9s del valor longitud modificado en la cabecera RDT"
}
],
"id": "CVE-2010-2062",
"lastModified": "2024-11-21T01:15:49.317",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2014-12-26T20:59:07.403",
"references": [
{
"source": "secalert@redhat.com",
"url": "http://git.videolan.org/?p=vlc.git%3Ba=commit%3Bh=dc74600c97eb834c08674676e209afa842053aca"
},
{
"source": "secalert@redhat.com",
"url": "http://openwall.com/lists/oss-security/2010/06/04/4"
},
{
"source": "secalert@redhat.com",
"tags": [
"Exploit"
],
"url": "http://seclists.org/fulldisclosure/2009/Jul/418"
},
{
"source": "secalert@redhat.com",
"tags": [
"Exploit"
],
"url": "https://dzcore.wordpress.com/2009/07/27/dzc-2009-001-the-movie-player-and-vlc-media-player-real-data-transport-parsing-integer-underflow/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://git.videolan.org/?p=vlc.git%3Ba=commit%3Bh=dc74600c97eb834c08674676e209afa842053aca"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://openwall.com/lists/oss-security/2010/06/04/4"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit"
],
"url": "http://seclists.org/fulldisclosure/2009/Jul/418"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit"
],
"url": "https://dzcore.wordpress.com/2009/07/27/dzc-2009-001-the-movie-player-and-vlc-media-player-real-data-transport-parsing-integer-underflow/"
}
],
"sourceIdentifier": "secalert@redhat.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-189"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2011-02-07 21:00
Modified
2024-11-21 01:24
Severity ?
Summary
The StripTags function in (1) the USF decoder (modules/codec/subtitles/subsdec.c) and (2) the Text decoder (modules/codec/subtitles/subsusf.c) in VideoLAN VLC Media Player 1.1 before 1.1.6-rc allows remote attackers to execute arbitrary code via a subtitle with an opening "<" without a closing ">" in an MKV file, which triggers heap memory corruption, as demonstrated using refined-australia-blu720p-sample.mkv.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| videolan | vlc_media_player | 1.1.0 | |
| videolan | vlc_media_player | 1.1.1 | |
| videolan | vlc_media_player | 1.1.2 | |
| videolan | vlc_media_player | 1.1.3 | |
| videolan | vlc_media_player | 1.1.4 | |
| videolan | vlc_media_player | 1.1.5 | |
| videolan | vlc_media_player | 1.1.6 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:videolan:vlc_media_player:1.1.0:*:*:*:*:*:*:*",
"matchCriteriaId": "0042DAC1-A91B-40A6-A379-9C345CF13E4B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:videolan:vlc_media_player:1.1.1:*:*:*:*:*:*:*",
"matchCriteriaId": "8D13741F-8A82-44F6-8D73-98451A180529",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:videolan:vlc_media_player:1.1.2:*:*:*:*:*:*:*",
"matchCriteriaId": "E52C6189-71F1-4A3A-BC08-94087AE1FCE6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:videolan:vlc_media_player:1.1.3:*:*:*:*:*:*:*",
"matchCriteriaId": "591C6696-07C0-463A-B986-AD4FA6985AC1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:videolan:vlc_media_player:1.1.4:*:*:*:*:*:*:*",
"matchCriteriaId": "8342E310-43DE-46C0-85D9-E1D1F9F554E8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:videolan:vlc_media_player:1.1.5:*:*:*:*:*:*:*",
"matchCriteriaId": "E74E71F3-984E-4CF3-900A-F80E7103D3C5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:videolan:vlc_media_player:1.1.6:*:*:*:*:*:*:*",
"matchCriteriaId": "B8596527-4778-4CCD-ABBB-90CA434D91E1",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "The StripTags function in (1) the USF decoder (modules/codec/subtitles/subsdec.c) and (2) the Text decoder (modules/codec/subtitles/subsusf.c) in VideoLAN VLC Media Player 1.1 before 1.1.6-rc allows remote attackers to execute arbitrary code via a subtitle with an opening \"\u003c\" without a closing \"\u003e\" in an MKV file, which triggers heap memory corruption, as demonstrated using refined-australia-blu720p-sample.mkv."
},
{
"lang": "es",
"value": "La funci\u00f3n StripTags en (1) el decodificador USF (modules/codec/subtitles/subsdec.c) y (2) el decodificador de texto (modules/codec/subtitles/subsusf.c) en VideoLAN VLC Media Player 1.1 antes de v1.1.6- rc permite a atacantes remotos ejecutar c\u00f3digo arbitrario a trav\u00e9s de un subt\u00edtulo con una abertura \"\u003c\" sin cierre \"\u003e\" en un fichero MKV, que provoca da\u00f1os en la memoria din\u00e1mica, como lo demuestra el uso refined-australia-blu720p-sample.mkv."
}
],
"id": "CVE-2011-0522",
"lastModified": "2024-11-21T01:24:12.657",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 6.8,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
]
},
"published": "2011-02-07T21:00:15.477",
"references": [
{
"source": "secalert@redhat.com",
"url": "http://git.videolan.org/gitweb.cgi?p=vlc/vlc-1.1.git%3Ba=tag%3Bh=bb16813ddb61a53113c71bccc525559405785452"
},
{
"source": "secalert@redhat.com",
"tags": [
"Patch"
],
"url": "http://mailman.videolan.org/pipermail/vlc-devel/2011-January/078607.html"
},
{
"source": "secalert@redhat.com",
"url": "http://mailman.videolan.org/pipermail/vlc-devel/2011-January/078614.html"
},
{
"source": "secalert@redhat.com",
"url": "http://securityreason.com/securityalert/8064"
},
{
"source": "secalert@redhat.com",
"tags": [
"Exploit"
],
"url": "http://www.exploit-db.com/exploits/16108"
},
{
"source": "secalert@redhat.com",
"tags": [
"Patch"
],
"url": "http://www.openwall.com/lists/oss-security/2011/01/25/7"
},
{
"source": "secalert@redhat.com",
"tags": [
"Patch"
],
"url": "http://www.openwall.com/lists/oss-security/2011/01/25/9"
},
{
"source": "secalert@redhat.com",
"tags": [
"Exploit"
],
"url": "http://www.securityfocus.com/bid/46008"
},
{
"source": "secalert@redhat.com",
"tags": [
"Vendor Advisory"
],
"url": "http://www.vupen.com/english/advisories/2011/0225"
},
{
"source": "secalert@redhat.com",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/65029"
},
{
"source": "secalert@redhat.com",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A12414"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://git.videolan.org/gitweb.cgi?p=vlc/vlc-1.1.git%3Ba=tag%3Bh=bb16813ddb61a53113c71bccc525559405785452"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch"
],
"url": "http://mailman.videolan.org/pipermail/vlc-devel/2011-January/078607.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://mailman.videolan.org/pipermail/vlc-devel/2011-January/078614.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://securityreason.com/securityalert/8064"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit"
],
"url": "http://www.exploit-db.com/exploits/16108"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch"
],
"url": "http://www.openwall.com/lists/oss-security/2011/01/25/7"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch"
],
"url": "http://www.openwall.com/lists/oss-security/2011/01/25/9"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit"
],
"url": "http://www.securityfocus.com/bid/46008"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://www.vupen.com/english/advisories/2011/0225"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/65029"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A12414"
}
],
"sourceIdentifier": "secalert@redhat.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-119"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2020-01-24 22:15
Modified
2024-11-21 02:21
Severity ?
Summary
The GetUpdateFile function in misc/update.c in the Updater in VideoLAN VLC media player before 2.1.6 performs an incorrect cast operation from a 64-bit integer to a 32-bit integer, which allows remote attackers to conduct buffer overflow attacks and execute arbitrary code via a crafted update status file, aka an "integer truncation" vulnerability.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| cve@mitre.org | http://openwall.com/lists/oss-security/2015/01/20/5 | Mailing List, Third Party Advisory | |
| cve@mitre.org | https://github.com/videolan/vlc/commit/fbe2837bc80f155c001781041a54c58b5524fc14 | Patch, Third Party Advisory | |
| cve@mitre.org | https://www.videolan.org/security/sa1501.html | Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://openwall.com/lists/oss-security/2015/01/20/5 | Mailing List, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://github.com/videolan/vlc/commit/fbe2837bc80f155c001781041a54c58b5524fc14 | Patch, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://www.videolan.org/security/sa1501.html | Vendor Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| videolan | vlc_media_player | * |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:videolan:vlc_media_player:*:*:*:*:*:*:*:*",
"matchCriteriaId": "6E9B8F06-93FB-4A2B-B550-A30BD8F1C5D6",
"versionEndExcluding": "2.1.6",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "The GetUpdateFile function in misc/update.c in the Updater in VideoLAN VLC media player before 2.1.6 performs an incorrect cast operation from a 64-bit integer to a 32-bit integer, which allows remote attackers to conduct buffer overflow attacks and execute arbitrary code via a crafted update status file, aka an \"integer truncation\" vulnerability."
},
{
"lang": "es",
"value": "La funci\u00f3n GetUpdateFile en el archivo misc/update.c en el Updater en el reproductor multimedia VLC de VideoLAN versiones anteriores a 2.1.6, realiza una operaci\u00f3n de conversi\u00f3n incorrecta de un entero de 64 bits a un entero de 32 bits, lo que permite a atacantes remotos llevar a cabo ataques de desbordamiento de b\u00fafer y ejecutar c\u00f3digo arbitrario por medio de un archivo de estado de actualizaci\u00f3n dise\u00f1ado, tambi\u00e9n se conoce como vulnerabilidad de tipo \"integer truncation\"."
}
],
"id": "CVE-2014-9625",
"lastModified": "2024-11-21T02:21:16.617",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 6.8,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 1.8,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2020-01-24T22:15:12.333",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "http://openwall.com/lists/oss-security/2015/01/20/5"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch",
"Third Party Advisory"
],
"url": "https://github.com/videolan/vlc/commit/fbe2837bc80f155c001781041a54c58b5524fc14"
},
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "https://www.videolan.org/security/sa1501.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "http://openwall.com/lists/oss-security/2015/01/20/5"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Third Party Advisory"
],
"url": "https://github.com/videolan/vlc/commit/fbe2837bc80f155c001781041a54c58b5524fc14"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://www.videolan.org/security/sa1501.html"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-120"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2019-06-18 18:15
Modified
2024-11-21 04:23
Severity ?
Summary
An issue was discovered in zlib_decompress_extra in modules/demux/mkv/util.cpp in VideoLAN VLC media player 3.x through 3.0.7. The Matroska demuxer, while parsing a malformed MKV file type, has a double free.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| videolan | vlc_media_player | * |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:videolan:vlc_media_player:*:*:*:*:*:*:*:*",
"matchCriteriaId": "8FEE589D-9D4E-42BE-B543-68940AE44A05",
"versionEndIncluding": "3.0.7",
"versionStartIncluding": "3.0.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "An issue was discovered in zlib_decompress_extra in modules/demux/mkv/util.cpp in VideoLAN VLC media player 3.x through 3.0.7. The Matroska demuxer, while parsing a malformed MKV file type, has a double free."
},
{
"lang": "es",
"value": "Se descubri\u00f3 un problema en zlib_decompress_extra en m\u00f3dulos / demux / mkv / util.cpp en el reproductor de medios VideoLAN VLC 3.x a 3.0.7. El demuxer de Matroska, mientras analiza un tipo de archivo MKV con formato incorrecto, tiene un doble libre."
}
],
"id": "CVE-2019-12874",
"lastModified": "2024-11-21T04:23:45.157",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
},
"exploitabilityScore": 3.9,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2019-06-18T18:15:11.107",
"references": [
{
"source": "cve@mitre.org",
"url": "http://git.videolan.org/?p=vlc.git%3Ba=commit%3Bh=81023659c7de5ac2637b4a879195efef50846102"
},
{
"source": "cve@mitre.org",
"url": "http://lists.opensuse.org/opensuse-security-announce/2019-08/msg00005.html"
},
{
"source": "cve@mitre.org",
"url": "http://lists.opensuse.org/opensuse-security-announce/2019-08/msg00037.html"
},
{
"source": "cve@mitre.org",
"url": "http://lists.opensuse.org/opensuse-security-announce/2019-08/msg00040.html"
},
{
"source": "cve@mitre.org",
"url": "http://lists.opensuse.org/opensuse-security-announce/2019-08/msg00081.html"
},
{
"source": "cve@mitre.org",
"url": "http://www.securityfocus.com/bid/108882"
},
{
"source": "cve@mitre.org",
"url": "https://security.gentoo.org/glsa/201908-23"
},
{
"source": "cve@mitre.org",
"url": "https://usn.ubuntu.com/4074-1/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://git.videolan.org/?p=vlc.git%3Ba=commit%3Bh=81023659c7de5ac2637b4a879195efef50846102"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://lists.opensuse.org/opensuse-security-announce/2019-08/msg00005.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://lists.opensuse.org/opensuse-security-announce/2019-08/msg00037.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://lists.opensuse.org/opensuse-security-announce/2019-08/msg00040.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://lists.opensuse.org/opensuse-security-announce/2019-08/msg00081.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/bid/108882"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://security.gentoo.org/glsa/201908-23"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://usn.ubuntu.com/4074-1/"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-415"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2022-12-06 16:15
Modified
2024-11-21 07:23
Severity ?
Summary
An integer overflow in the VNC module in VideoLAN VLC Media Player through 3.0.17.4 allows attackers, by tricking a user into opening a crafted playlist or connecting to a rogue VNC server, to crash VLC or execute code under some conditions.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| cve@mitre.org | https://twitter.com/0xMitsurugi | Third Party Advisory | |
| cve@mitre.org | https://www.debian.org/security/2022/dsa-5297 | Third Party Advisory | |
| cve@mitre.org | https://www.synacktiv.com/sites/default/files/2022-11/vlc_vnc_int_overflow-CVE-2022-41325.pdf | Exploit, Patch, Third Party Advisory | |
| cve@mitre.org | https://www.videolan.org/security/sb-vlc3018.html | Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://twitter.com/0xMitsurugi | Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://www.debian.org/security/2022/dsa-5297 | Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://www.synacktiv.com/sites/default/files/2022-11/vlc_vnc_int_overflow-CVE-2022-41325.pdf | Exploit, Patch, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://www.videolan.org/security/sb-vlc3018.html | Vendor Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| videolan | vlc_media_player | * | |
| debian | debian_linux | 11.0 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:videolan:vlc_media_player:*:*:*:*:*:*:*:*",
"matchCriteriaId": "0A1B9D3B-39FF-4F91-8926-2673A3A3F7CB",
"versionEndIncluding": "3.0.17.4",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:debian:debian_linux:11.0:*:*:*:*:*:*:*",
"matchCriteriaId": "FA6FEEC2-9F11-4643-8827-749718254FED",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "An integer overflow in the VNC module in VideoLAN VLC Media Player through 3.0.17.4 allows attackers, by tricking a user into opening a crafted playlist or connecting to a rogue VNC server, to crash VLC or execute code under some conditions."
},
{
"lang": "es",
"value": "Un desbordamiento de enteros en el m\u00f3dulo VNC en VideoLAN VLC Media Player hasta la versi\u00f3n 3.0.17.4 permite a los atacantes, al enga\u00f1ar a un usuario para que abra una lista de reproducci\u00f3n manipulada se conecte a un servidor VNC fraudulento, bloquear VLC o ejecutar c\u00f3digo bajo algunas condiciones."
}
],
"id": "CVE-2022-41325",
"lastModified": "2024-11-21T07:23:03.263",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 1.8,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2022-12-06T16:15:11.173",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
],
"url": "https://twitter.com/0xMitsurugi"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
],
"url": "https://www.debian.org/security/2022/dsa-5297"
},
{
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Patch",
"Third Party Advisory"
],
"url": "https://www.synacktiv.com/sites/default/files/2022-11/vlc_vnc_int_overflow-CVE-2022-41325.pdf"
},
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "https://www.videolan.org/security/sb-vlc3018.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://twitter.com/0xMitsurugi"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://www.debian.org/security/2022/dsa-5297"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Patch",
"Third Party Advisory"
],
"url": "https://www.synacktiv.com/sites/default/files/2022-11/vlc_vnc_int_overflow-CVE-2022-41325.pdf"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://www.videolan.org/security/sb-vlc3018.html"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-190"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2008-02-26 19:44
Modified
2024-11-21 00:43
Severity ?
Summary
The MP4 demuxer (mp4.c) for VLC media player 0.8.6d and earlier, as used in Miro Player 1.1 and earlier, allows remote attackers to overwrite arbitrary memory and execute arbitrary code via a malformed MP4 file.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| miro | miro_player | * | |
| videolan | vlc_media_player | * |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:miro:miro_player:*:*:*:*:*:*:*:*",
"matchCriteriaId": "D3716EED-983F-4088-8CF0-18EF18D4A9B6",
"versionEndIncluding": "1.1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:videolan:vlc_media_player:*:*:*:*:*:*:*:*",
"matchCriteriaId": "A14F15BC-28B2-4DCF-86CC-8213DD66402C",
"versionEndIncluding": "0.8.6d",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "The MP4 demuxer (mp4.c) for VLC media player 0.8.6d and earlier, as used in Miro Player 1.1 and earlier, allows remote attackers to overwrite arbitrary memory and execute arbitrary code via a malformed MP4 file."
},
{
"lang": "es",
"value": "El demultiplexor MP4 (mp4.c) para el reproductor multimedia VLC versi\u00f3n 0.8.6d y anterior, tal y como es usado en Miro Player versi\u00f3n 1.1 y anteriores, permite a los atacantes remotos sobrescribir la memoria arbitraria y ejecutar c\u00f3digo arbitrario por medio de un archivo MP4 malformado."
}
],
"id": "CVE-2008-0984",
"lastModified": "2024-11-21T00:43:22.393",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "COMPLETE",
"baseScore": 9.3,
"confidentialityImpact": "COMPLETE",
"integrityImpact": "COMPLETE",
"vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 10.0,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
]
},
"published": "2008-02-26T19:44:00.000",
"references": [
{
"source": "cve@mitre.org",
"url": "http://lists.grok.org.uk/pipermail/full-disclosure/2008-February/060481.html"
},
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/29122"
},
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/29153"
},
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/29284"
},
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/29766"
},
{
"source": "cve@mitre.org",
"url": "http://www.coresecurity.com/?action=item\u0026id=2147"
},
{
"source": "cve@mitre.org",
"url": "http://www.debian.org/security/2008/dsa-1543"
},
{
"source": "cve@mitre.org",
"url": "http://www.gentoo.org/security/en/glsa/glsa-200803-13.xml"
},
{
"source": "cve@mitre.org",
"url": "http://www.securityfocus.com/archive/1/488841/100/0/threaded"
},
{
"source": "cve@mitre.org",
"url": "http://www.securityfocus.com/bid/28007"
},
{
"source": "cve@mitre.org",
"url": "http://www.securitytracker.com/id?1019510"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch"
],
"url": "http://www.videolan.org/security/sa0802.html"
},
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "http://www.vupen.com/english/advisories/2008/0682"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://lists.grok.org.uk/pipermail/full-disclosure/2008-February/060481.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/29122"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/29153"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/29284"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/29766"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.coresecurity.com/?action=item\u0026id=2147"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.debian.org/security/2008/dsa-1543"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.gentoo.org/security/en/glsa/glsa-200803-13.xml"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/archive/1/488841/100/0/threaded"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/bid/28007"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securitytracker.com/id?1019510"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch"
],
"url": "http://www.videolan.org/security/sa0802.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://www.vupen.com/english/advisories/2008/0682"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-399"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2007-06-27 22:30
Modified
2024-11-21 00:33
Severity ?
Summary
input.c in VideoLAN VLC Media Player before 0.8.6c allows remote attackers to cause a denial of service (crash) via a crafted WAV file that causes an uninitialized i_nb_resamplers variable to be used.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| videolan | vlc_media_player | * |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:videolan:vlc_media_player:*:*:*:*:*:*:*:*",
"matchCriteriaId": "2F8F90CE-B1A4-4409-8FF3-65AB5B9A5A82",
"versionEndIncluding": "0.8.6b",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "input.c in VideoLAN VLC Media Player before 0.8.6c allows remote attackers to cause a denial of service (crash) via a crafted WAV file that causes an uninitialized i_nb_resamplers variable to be used."
},
{
"lang": "es",
"value": "input.c en VideoLAN VLC Media Player anterior a 0.8.6c permite a atacantes remotos provocar una denegaci\u00f3n de servicio (ca\u00edda) mediante un fichero WAV artesanal que provoca que una variable i_nb_resamplers no inicializada sea usada."
}
],
"id": "CVE-2007-3468",
"lastModified": "2024-11-21T00:33:18.903",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "COMPLETE",
"baseScore": 7.8,
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:C",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 6.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2007-06-27T22:30:00.000",
"references": [
{
"source": "cve@mitre.org",
"url": "http://osvdb.org/38992"
},
{
"source": "cve@mitre.org",
"url": "http://secunia.com/advisories/25980"
},
{
"source": "cve@mitre.org",
"url": "http://www.debian.org/security/2007/dsa-1332"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch"
],
"url": "http://www.isecpartners.com/advisories/2007-001-vlc.txt"
},
{
"source": "cve@mitre.org",
"url": "http://www.securityfocus.com/archive/1/471933/100/0/threaded"
},
{
"source": "cve@mitre.org",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A14744"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://osvdb.org/38992"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://secunia.com/advisories/25980"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.debian.org/security/2007/dsa-1332"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch"
],
"url": "http://www.isecpartners.com/advisories/2007-001-vlc.txt"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/archive/1/471933/100/0/threaded"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A14744"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-Other"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2021-07-26 17:15
Modified
2024-11-21 05:55
Severity ?
Summary
A NULL-pointer dereference in "Open" in avi.c of VideoLAN VLC Media Player 3.0.11 can a denial of service (DOS) in the application.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| videolan | vlc_media_player | 3.0.11 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:videolan:vlc_media_player:3.0.11:*:*:*:*:*:*:*",
"matchCriteriaId": "2E929B0B-DD5D-46E5-BD58-AD1229FA9307",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "A NULL-pointer dereference in \"Open\" in avi.c of VideoLAN VLC Media Player 3.0.11 can a denial of service (DOS) in the application."
},
{
"lang": "es",
"value": "Una desreferencia de puntero NULL en \"Open\" en el archivo avi.c de VideoLAN VLC Media Player versi\u00f3n 3.0.11, puede causar una denegaci\u00f3n de servicio (DOS) en la aplicaci\u00f3n"
}
],
"id": "CVE-2021-25804",
"lastModified": "2024-11-21T05:55:28.167",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 5.0,
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 3.6,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2021-07-26T17:15:07.887",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "https://code.videolan.org/videolan/vlc-3.0/-/commit/a7f577ec26d35bbd7b2a3cda89d1b41bde69de9c"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://code.videolan.org/videolan/vlc-3.0/-/commit/a7f577ec26d35bbd7b2a3cda89d1b41bde69de9c"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-476"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2021-07-26 17:15
Modified
2024-11-21 05:55
Severity ?
Summary
A buffer overflow vulnerability in the vlc_input_attachment_New component of VideoLAN VLC Media Player 3.0.11 allows attackers to cause an out-of-bounds read via a crafted .avi file.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| videolan | vlc_media_player | 3.0.11 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:videolan:vlc_media_player:3.0.11:*:*:*:*:*:*:*",
"matchCriteriaId": "2E929B0B-DD5D-46E5-BD58-AD1229FA9307",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "A buffer overflow vulnerability in the vlc_input_attachment_New component of VideoLAN VLC Media Player 3.0.11 allows attackers to cause an out-of-bounds read via a crafted .avi file."
},
{
"lang": "es",
"value": "Una vulnerabilidad de desbordamiento de b\u00fafer en el componente vlc_input_attachment_New de VideoLAN VLC Media Player versi\u00f3n 3.0.11, permite a atacantes causar una lectura fuera de l\u00edmites por medio de un archivo .avi dise\u00f1ado"
}
],
"id": "CVE-2021-25803",
"lastModified": "2024-11-21T05:55:27.483",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 5.8,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:M/Au:N/C:P/I:N/A:P",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 4.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.1,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:H",
"version": "3.1"
},
"exploitabilityScore": 1.8,
"impactScore": 5.2,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2021-07-26T17:15:07.850",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "https://code.videolan.org/videolan/vlc-3.0/-/commit/56cbe9c4b59edbdc5e1bb2687992f3bbf492eccb"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://code.videolan.org/videolan/vlc-3.0/-/commit/56cbe9c4b59edbdc5e1bb2687992f3bbf492eccb"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-190"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2020-05-15 18:15
Modified
2024-11-21 04:35
Severity ?
Summary
An off-by-one error in the DecodeBlock function in codec/sdl_image.c in VideoLAN VLC media player before 3.0.9 allows remote attackers to cause a denial of service (memory corruption) via a crafted image file. NOTE: this may be related to the SDL_Image product.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| cve@mitre.org | http://hg.libsdl.org/SDL_image/ | Release Notes, Third Party Advisory | |
| cve@mitre.org | https://bugs.gentoo.org/721940 | Exploit, Patch, Third Party Advisory | |
| cve@mitre.org | https://git.videolan.org/?p=vlc/vlc-3.0.git%3Ba=commit%3Bh=72afe7ebd8305bf4f5360293b8621cde52ec506b | ||
| cve@mitre.org | https://www.videolan.org/security/ | Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://hg.libsdl.org/SDL_image/ | Release Notes, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://bugs.gentoo.org/721940 | Exploit, Patch, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://git.videolan.org/?p=vlc/vlc-3.0.git%3Ba=commit%3Bh=72afe7ebd8305bf4f5360293b8621cde52ec506b | ||
| af854a3a-2127-422b-91ae-364da2661108 | https://www.videolan.org/security/ | Vendor Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| videolan | vlc_media_player | * |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:videolan:vlc_media_player:*:*:*:*:*:*:*:*",
"matchCriteriaId": "4334FB75-63E7-449C-9B41-71B529C68976",
"versionEndExcluding": "3.0.9",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "An off-by-one error in the DecodeBlock function in codec/sdl_image.c in VideoLAN VLC media player before 3.0.9 allows remote attackers to cause a denial of service (memory corruption) via a crafted image file. NOTE: this may be related to the SDL_Image product."
},
{
"lang": "es",
"value": "Un error por un paso en la funci\u00f3n DecodeBlock en el archivo codec/sdl_image.c en reproductor multimedia VideoLAN VLC versiones anteriores a 3.0.9, permite a atacantes remotos causar una denegaci\u00f3n de servicio (corrupci\u00f3n de la memoria) por medio de un archivo de imagen dise\u00f1ado. NOTA: esto puede estar relacionado con el producto SDL_Image."
}
],
"id": "CVE-2019-19721",
"lastModified": "2024-11-21T04:35:15.170",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 6.8,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 1.8,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2020-05-15T18:15:13.277",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Release Notes",
"Third Party Advisory"
],
"url": "http://hg.libsdl.org/SDL_image/"
},
{
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Patch",
"Third Party Advisory"
],
"url": "https://bugs.gentoo.org/721940"
},
{
"source": "cve@mitre.org",
"url": "https://git.videolan.org/?p=vlc/vlc-3.0.git%3Ba=commit%3Bh=72afe7ebd8305bf4f5360293b8621cde52ec506b"
},
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "https://www.videolan.org/security/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Release Notes",
"Third Party Advisory"
],
"url": "http://hg.libsdl.org/SDL_image/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Patch",
"Third Party Advisory"
],
"url": "https://bugs.gentoo.org/721940"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://git.videolan.org/?p=vlc/vlc-3.0.git%3Ba=commit%3Bh=72afe7ebd8305bf4f5360293b8621cde52ec506b"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://www.videolan.org/security/"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-193"
},
{
"lang": "en",
"value": "CWE-787"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2011-01-03 20:00
Modified
2024-11-21 01:19
Severity ?
Summary
Multiple integer overflows in real.c in the Real demuxer plugin in VideoLAN VLC Media Player before 1.1.6 allow remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a zero i_subpackets value in a Real Media file, leading to a heap-based buffer overflow.
References
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:videolan:vlc_media_player:*:*:*:*:*:*:*:*",
"matchCriteriaId": "2892571F-CA1A-49B9-8810-E642D13AD611",
"versionEndIncluding": "1.1.5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:videolan:vlc_media_player:0.1.99b:*:*:*:*:*:*:*",
"matchCriteriaId": "10A23C59-433E-467A-9FDD-7D18CC1AC0AB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:videolan:vlc_media_player:0.1.99e:*:*:*:*:*:*:*",
"matchCriteriaId": "35E2E373-13F6-405D-8866-ECADE118C2F3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:videolan:vlc_media_player:0.1.99f:*:*:*:*:*:*:*",
"matchCriteriaId": "7B9447EA-6F39-4B10-A0E1-C094CF3E1BB3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:videolan:vlc_media_player:0.1.99g:*:*:*:*:*:*:*",
"matchCriteriaId": "D9D2A6B8-B75C-42B5-962F-28DB013D65E3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:videolan:vlc_media_player:0.1.99h:*:*:*:*:*:*:*",
"matchCriteriaId": "9BA4C098-F2B1-496E-B872-90774C7D105C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:videolan:vlc_media_player:0.1.99i:*:*:*:*:*:*:*",
"matchCriteriaId": "E9C2006D-FA5A-4002-B81B-54FC35B46DB0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:videolan:vlc_media_player:0.2.0:*:*:*:*:*:*:*",
"matchCriteriaId": "AC8DE917-7328-4D01-9736-0567963F4D17",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:videolan:vlc_media_player:0.2.60:*:*:*:*:*:*:*",
"matchCriteriaId": "8197F279-8411-4E9A-9840-BCC625D636C1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:videolan:vlc_media_player:0.2.61:*:*:*:*:*:*:*",
"matchCriteriaId": "3F7AF897-3B0C-4CA0-86C7-93C9AA26CD0B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:videolan:vlc_media_player:0.2.62:*:*:*:*:*:*:*",
"matchCriteriaId": "A7B2C78E-8399-404C-97E5-CDAB93587757",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:videolan:vlc_media_player:0.2.63:*:*:*:*:*:*:*",
"matchCriteriaId": "D1D6BE69-725A-4CE1-BD42-D3FA10126BF3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:videolan:vlc_media_player:0.2.70:*:*:*:*:*:*:*",
"matchCriteriaId": "7CC1414B-3733-4B29-AC06-E6788E29C7ED",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:videolan:vlc_media_player:0.2.71:*:*:*:*:*:*:*",
"matchCriteriaId": "DBDEEC2D-8ACD-4C6B-944A-F0952498E511",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:videolan:vlc_media_player:0.2.72:*:*:*:*:*:*:*",
"matchCriteriaId": "3DC59E17-D647-4F91-B9B7-D9949921DFC9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:videolan:vlc_media_player:0.2.73:*:*:*:*:*:*:*",
"matchCriteriaId": "BDC4F928-FD5D-4C11-BF39-B068A5630DF6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:videolan:vlc_media_player:0.2.80:*:*:*:*:*:*:*",
"matchCriteriaId": "398EC30A-ABC6-4474-9516-63769F71E8A7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:videolan:vlc_media_player:0.2.81:*:*:*:*:*:*:*",
"matchCriteriaId": "86EB8260-DCAA-4261-BFF7-8FE3628CE13E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:videolan:vlc_media_player:0.2.82:*:*:*:*:*:*:*",
"matchCriteriaId": "F37BDFCB-3171-44A6-8F0A-0FCCCA876801",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:videolan:vlc_media_player:0.2.83:*:*:*:*:*:*:*",
"matchCriteriaId": "7A26CC61-7D20-4F99-A774-C5FF4AD1F249",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:videolan:vlc_media_player:0.2.90:*:*:*:*:*:*:*",
"matchCriteriaId": "069BA9C0-7B3F-4B6D-B433-2D618F826438",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:videolan:vlc_media_player:0.2.91:*:*:*:*:*:*:*",
"matchCriteriaId": "0B04A969-0645-41D4-AEA4-9AC47725F593",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:videolan:vlc_media_player:0.2.92:*:*:*:*:*:*:*",
"matchCriteriaId": "984C1ABC-B155-417A-AA0E-78B13A263650",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:videolan:vlc_media_player:0.3.0:*:*:*:*:*:*:*",
"matchCriteriaId": "3913F6C0-22E2-4FFC-AFF6-417F286C36F5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:videolan:vlc_media_player:0.3.1:*:*:*:*:*:*:*",
"matchCriteriaId": "205B275E-1E9E-4558-BD8B-1B3E3B349886",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:videolan:vlc_media_player:0.4.0:*:*:*:*:*:*:*",
"matchCriteriaId": "DA909414-DA30-4DAD-A342-3588B0840251",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:videolan:vlc_media_player:0.4.1:*:*:*:*:*:*:*",
"matchCriteriaId": "028CDDD1-BFB7-438F-811D-7549713F45E3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:videolan:vlc_media_player:0.4.2:*:*:*:*:*:*:*",
"matchCriteriaId": "97B959F2-501C-4365-88CD-8231BF36297E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:videolan:vlc_media_player:0.4.3:*:*:*:*:*:*:*",
"matchCriteriaId": "3F5C7D12-3521-4398-AB5C-CBFB6A500DEE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:videolan:vlc_media_player:0.4.4:*:*:*:*:*:*:*",
"matchCriteriaId": "DEFD6C6D-05FC-437E-92B7-848C9112FD42",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:videolan:vlc_media_player:0.4.5:*:*:*:*:*:*:*",
"matchCriteriaId": "C9C45418-8946-4DFE-8D78-CBE3432600BF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:videolan:vlc_media_player:0.4.6:*:*:*:*:*:*:*",
"matchCriteriaId": "3C5F3996-3AE2-4690-84A5-F258BC07596E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:videolan:vlc_media_player:0.5.0:*:*:*:*:*:*:*",
"matchCriteriaId": "12602EC1-07DE-4A40-9897-E7E6A23D4B42",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:videolan:vlc_media_player:0.5.1:*:*:*:*:*:*:*",
"matchCriteriaId": "6726FF43-2330-444C-86F0-FB774F8470C8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:videolan:vlc_media_player:0.5.2:*:*:*:*:*:*:*",
"matchCriteriaId": "90D485D0-BBF8-4A0F-91A1-52835EF876A1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:videolan:vlc_media_player:0.5.3:*:*:*:*:*:*:*",
"matchCriteriaId": "DC23A94C-3611-41BA-9043-22C477B8020B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:videolan:vlc_media_player:0.6.0:*:*:*:*:*:*:*",
"matchCriteriaId": "01118457-9068-48F7-B2A4-BABB354E1449",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:videolan:vlc_media_player:0.6.1:*:*:*:*:*:*:*",
"matchCriteriaId": "EB851F73-D444-4316-9AA0-4556068ADED2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:videolan:vlc_media_player:0.6.2:*:*:*:*:*:*:*",
"matchCriteriaId": "6221A983-B4AC-4646-A939-FAA021EE7F20",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:videolan:vlc_media_player:0.7.0:*:*:*:*:*:*:*",
"matchCriteriaId": "F1707178-C378-4098-8C97-CBFB5DD8B4ED",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:videolan:vlc_media_player:0.7.2:*:*:*:*:*:*:*",
"matchCriteriaId": "46904EED-974A-4900-B676-DE298CB3ADE1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:videolan:vlc_media_player:0.8.0:*:*:*:*:*:*:*",
"matchCriteriaId": "4384C436-12AF-4051-B074-893BE6B4C7F2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:videolan:vlc_media_player:0.8.1:*:*:*:*:*:*:*",
"matchCriteriaId": "7EC2CEE6-A2E1-437A-947F-608EB7987758",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:videolan:vlc_media_player:0.8.2:*:*:*:*:*:*:*",
"matchCriteriaId": "C30A98A2-675A-4913-A425-2B9F8F06CEA8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:videolan:vlc_media_player:0.8.4:*:*:*:*:*:*:*",
"matchCriteriaId": "C6A360E5-501E-4A97-94A0-620FC5B2627A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:videolan:vlc_media_player:0.8.5:*:*:*:*:*:*:*",
"matchCriteriaId": "D2845107-7D0C-4F72-AF0C-0E059E923826",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:videolan:vlc_media_player:0.8.6:*:*:*:*:*:*:*",
"matchCriteriaId": "18B68706-5A1F-479F-8A38-F93D98481F9C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:videolan:vlc_media_player:0.9.2:*:*:*:*:*:*:*",
"matchCriteriaId": "B3B32073-DBD5-4344-8498-A132B99807A8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:videolan:vlc_media_player:0.9.3:*:*:*:*:*:*:*",
"matchCriteriaId": "5330E5C4-BF18-498A-9AE2-1C57E2494AAF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:videolan:vlc_media_player:0.9.4:*:*:*:*:*:*:*",
"matchCriteriaId": "86D31A16-94EE-45D6-8C54-4F27D466A29E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:videolan:vlc_media_player:0.9.5:*:*:*:*:*:*:*",
"matchCriteriaId": "117C896C-1C61-440E-B0F4-A871828CD095",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:videolan:vlc_media_player:0.9.6:*:*:*:*:*:*:*",
"matchCriteriaId": "53C17E1A-2E3A-4765-92DE-55CFEE5E4CB0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:videolan:vlc_media_player:0.9.8a:*:*:*:*:*:*:*",
"matchCriteriaId": "A218DA63-4334-4C9F-BB47-44CC00630613",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:videolan:vlc_media_player:0.9.9:*:*:*:*:*:*:*",
"matchCriteriaId": "3CD809FD-E893-4921-83CE-D34008670F8F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:videolan:vlc_media_player:0.9.10:*:*:*:*:*:*:*",
"matchCriteriaId": "8F60ACBF-E7C6-4184-9B91-8ED3840A7BEA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:videolan:vlc_media_player:1.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "D1925D17-564A-4D8C-87FB-D3C731FA0612",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:videolan:vlc_media_player:1.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "70BD6170-AD0D-4E95-8998-8B5CE8F0E3AF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:videolan:vlc_media_player:1.0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "9B06DCD7-56C5-4B25-936E-07D766109FB8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:videolan:vlc_media_player:1.0.3:*:*:*:*:*:*:*",
"matchCriteriaId": "29AD31C5-B119-44EF-8627-2C480860BAD2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:videolan:vlc_media_player:1.0.4:*:*:*:*:*:*:*",
"matchCriteriaId": "692C36B2-2A55-44EA-B80E-D7EDE384BA7D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:videolan:vlc_media_player:1.0.5:*:*:*:*:*:*:*",
"matchCriteriaId": "CEAD1ED9-4FA1-47D9-87A0-9D6B4C6771DE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:videolan:vlc_media_player:1.0.6:*:*:*:*:*:*:*",
"matchCriteriaId": "B8E2A762-C13C-4BDD-AD86-7A52609D693D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:videolan:vlc_media_player:1.1.0:*:*:*:*:*:*:*",
"matchCriteriaId": "0042DAC1-A91B-40A6-A379-9C345CF13E4B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:videolan:vlc_media_player:1.1.1:*:*:*:*:*:*:*",
"matchCriteriaId": "8D13741F-8A82-44F6-8D73-98451A180529",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:videolan:vlc_media_player:1.1.2:*:*:*:*:*:*:*",
"matchCriteriaId": "E52C6189-71F1-4A3A-BC08-94087AE1FCE6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:videolan:vlc_media_player:1.1.3:*:*:*:*:*:*:*",
"matchCriteriaId": "591C6696-07C0-463A-B986-AD4FA6985AC1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:videolan:vlc_media_player:1.1.4:*:*:*:*:*:*:*",
"matchCriteriaId": "8342E310-43DE-46C0-85D9-E1D1F9F554E8",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Multiple integer overflows in real.c in the Real demuxer plugin in VideoLAN VLC Media Player before 1.1.6 allow remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a zero i_subpackets value in a Real Media file, leading to a heap-based buffer overflow."
},
{
"lang": "es",
"value": "M\u00faltiples desbordamientos de entero en real.c en el complemento Real demuxer en VideoLAN VLC Media Player anterior a v1.1.6 permite a atacantes remotos causar una denegaci\u00f3n de servicio (ca\u00edda de aplicaci\u00f3n) o posiblemente ejecutar c\u00f3digo de su elecci\u00f3n a trav\u00e9s de un valor cero i_subpackets en un archivo de Real Media, que conduce a un desbordamiento de b\u00fafer basado en mont\u00f3n .."
}
],
"id": "CVE-2010-3907",
"lastModified": "2024-11-21T01:19:52.653",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "COMPLETE",
"baseScore": 9.3,
"confidentialityImpact": "COMPLETE",
"integrityImpact": "COMPLETE",
"vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 10.0,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
]
},
"published": "2011-01-03T20:00:42.607",
"references": [
{
"source": "security@ubuntu.com",
"url": "http://git.videolan.org/?p=vlc.git%3Ba=commit%3Bh=6568965770f906d34d4aef83237842a5376adb55"
},
{
"source": "security@ubuntu.com",
"url": "http://www.cs.brown.edu/people/drosenbe/research.html"
},
{
"source": "security@ubuntu.com",
"url": "http://www.securityfocus.com/bid/45632"
},
{
"source": "security@ubuntu.com",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://www.videolan.org/security/sa1007.html"
},
{
"source": "security@ubuntu.com",
"tags": [
"Vendor Advisory"
],
"url": "http://www.vupen.com/english/advisories/2010/3345"
},
{
"source": "security@ubuntu.com",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/64461"
},
{
"source": "security@ubuntu.com",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A13950"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://git.videolan.org/?p=vlc.git%3Ba=commit%3Bh=6568965770f906d34d4aef83237842a5376adb55"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.cs.brown.edu/people/drosenbe/research.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/bid/45632"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://www.videolan.org/security/sa1007.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://www.vupen.com/english/advisories/2010/3345"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/64461"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A13950"
}
],
"sourceIdentifier": "security@ubuntu.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-189"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2019-08-29 19:15
Modified
2024-11-21 04:26
Severity ?
Summary
In VideoLAN VLC media player 3.0.7.1, there is a NULL pointer dereference at the function SeekPercent of demux/asf/asf.c that will lead to a denial of service attack.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| videolan | vlc_media_player | 3.0.7.1 | |
| debian | debian_linux | 9.0 | |
| debian | debian_linux | 10.0 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:videolan:vlc_media_player:3.0.7.1:*:*:*:*:*:*:*",
"matchCriteriaId": "E70E115F-4E34-4944-BFB6-F523B54FC328",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*",
"matchCriteriaId": "DEECE5FC-CACF-4496-A3E7-164736409252",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:debian:debian_linux:10.0:*:*:*:*:*:*:*",
"matchCriteriaId": "07B237A9-69A3-4A9C-9DA0-4E06BD37AE73",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "In VideoLAN VLC media player 3.0.7.1, there is a NULL pointer dereference at the function SeekPercent of demux/asf/asf.c that will lead to a denial of service attack."
},
{
"lang": "es",
"value": "En VideoLAN VLC Media Player versi\u00f3n 3.0.7.1, hay una desreferencia del puntero NULL en la funci\u00f3n SeekPercent del archivo demux/asf/asf.c, lo que conllevar\u00e1 a un ataque de denegaci\u00f3n de servicio."
}
],
"id": "CVE-2019-14534",
"lastModified": "2024-11-21T04:26:55.347",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 4.3,
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:M/Au:N/C:N/I:N/A:P",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
"version": "3.0"
},
"exploitabilityScore": 1.8,
"impactScore": 3.6,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2019-08-29T19:15:13.350",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Patch",
"Third Party Advisory"
],
"url": "http://git.videolan.org/?p=vlc.git\u0026a=search\u0026h=refs/heads/master\u0026st=commit\u0026s=cve-2019"
},
{
"source": "cve@mitre.org",
"url": "http://lists.opensuse.org/opensuse-security-announce/2020-04/msg00036.html"
},
{
"source": "cve@mitre.org",
"url": "http://lists.opensuse.org/opensuse-security-announce/2020-04/msg00046.html"
},
{
"source": "cve@mitre.org",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "https://seclists.org/bugtraq/2019/Aug/36"
},
{
"source": "cve@mitre.org",
"url": "https://security.gentoo.org/glsa/201909-02"
},
{
"source": "cve@mitre.org",
"url": "https://usn.ubuntu.com/4131-1/"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
],
"url": "https://www.debian.org/security/2019/dsa-4504"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "https://www.videolan.org/security/sb-vlc308.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Third Party Advisory"
],
"url": "http://git.videolan.org/?p=vlc.git\u0026a=search\u0026h=refs/heads/master\u0026st=commit\u0026s=cve-2019"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://lists.opensuse.org/opensuse-security-announce/2020-04/msg00036.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://lists.opensuse.org/opensuse-security-announce/2020-04/msg00046.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "https://seclists.org/bugtraq/2019/Aug/36"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://security.gentoo.org/glsa/201909-02"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://usn.ubuntu.com/4131-1/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://www.debian.org/security/2019/dsa-4504"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "https://www.videolan.org/security/sb-vlc308.html"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-476"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2012-04-19 21:55
Modified
2024-11-21 01:39
Severity ?
Summary
VideoLAN VLC media player 2.0.1 allows remote attackers to cause a denial of service (divide-by-zero error and application crash) via a crafted MP4 file.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| videolan | vlc_media_player | 2.0.1 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:videolan:vlc_media_player:2.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "A3FD4FB1-A4E7-4712-B864-0F85D957E81D",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "VideoLAN VLC media player 2.0.1 allows remote attackers to cause a denial of service (divide-by-zero error and application crash) via a crafted MP4 file."
},
{
"lang": "es",
"value": "VideoLAN VLC media player v2.0.1 permite a atacantes remotos causar una denegaci\u00f3n de servicio (error de divisi\u00f3n por cero y ca\u00edda de la aplicaci\u00f3n) a trav\u00e9s de un archivo MP4 modificado."
}
],
"evaluatorComment": "http://cwe.mitre.org/data/definitions/369.html \u0027CWE-369: Divide By Zero\u0027",
"id": "CVE-2012-2396",
"lastModified": "2024-11-21T01:39:00.893",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 4.3,
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:M/Au:N/C:N/I:N/A:P",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
]
},
"published": "2012-04-19T21:55:01.287",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Exploit"
],
"url": "http://www.exploit-db.com/exploits/18757/"
},
{
"source": "cve@mitre.org",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/75038"
},
{
"source": "cve@mitre.org",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A15615"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit"
],
"url": "http://www.exploit-db.com/exploits/18757/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/75038"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A15615"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-Other"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2023-11-22 05:15
Modified
2024-11-21 08:29
Severity ?
Summary
A binary hijacking vulnerability exists within the VideoLAN VLC media player before 3.0.19 on Windows. The uninstaller attempts to execute code with elevated privileges out of a standard user writable location. Standard users may use this to gain arbitrary code execution as SYSTEM.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| cve@mitre.org | https://www.videolan.org/security/sb-vlc3019.html | Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://www.videolan.org/security/sb-vlc3019.html | Vendor Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| videolan | vlc_media_player | * | |
| microsoft | windows | - |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:videolan:vlc_media_player:*:*:*:*:*:*:*:*",
"matchCriteriaId": "2F663974-91B4-4FBC-A97C-8ED5CCFCD59C",
"versionEndExcluding": "3.0.19",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:microsoft:windows:-:*:*:*:*:*:*:*",
"matchCriteriaId": "A2572D17-1DE6-457B-99CC-64AFD54487EA",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "A binary hijacking vulnerability exists within the VideoLAN VLC media player before 3.0.19 on Windows. The uninstaller attempts to execute code with elevated privileges out of a standard user writable location. Standard users may use this to gain arbitrary code execution as SYSTEM."
},
{
"lang": "es",
"value": "Existe una vulnerabilidad de secuestro binario en el reproductor multimedia VideoLAN VLC anterior a 3.0.19 en Windows. El desinstalador intenta ejecutar c\u00f3digo con privilegios elevados desde una ubicaci\u00f3n de escritura est\u00e1ndar por parte del usuario. Los usuarios est\u00e1ndar pueden usar esto para obtener la ejecuci\u00f3n de c\u00f3digo arbitrario como SYSTEM."
}
],
"id": "CVE-2023-46814",
"lastModified": "2024-11-21T08:29:21.657",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 1.8,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2023-11-22T05:15:07.837",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "https://www.videolan.org/security/sb-vlc3019.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://www.videolan.org/security/sb-vlc3019.html"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-427"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2014-05-14 19:55
Modified
2024-11-21 02:08
Severity ?
Summary
codec\libpng_plugin.dll in VideoLAN VLC Media Player 2.1.3 allows remote attackers to cause a denial of service (crash) via a crafted .png file, as demonstrated by a png in a .wave file.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| videolan | vlc_media_player | 2.1.3 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:videolan:vlc_media_player:2.1.3:*:*:*:*:*:*:*",
"matchCriteriaId": "3D2C5AC1-6402-4F53-8AA4-584FFBA40E02",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "codec\\libpng_plugin.dll in VideoLAN VLC Media Player 2.1.3 allows remote attackers to cause a denial of service (crash) via a crafted .png file, as demonstrated by a png in a .wave file."
},
{
"lang": "es",
"value": "codec\\libpng_plugin.dll en VideoLAN VLC Media Player 2.1.3 permite a atacantes remotos causar una denegaci\u00f3n de servicio (ca\u00edda) a trav\u00e9s de un archivo .png manipulado, tal y como fue demostrado por un png en un archivo .wave."
}
],
"id": "CVE-2014-3441",
"lastModified": "2024-11-21T02:08:06.183",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 4.3,
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:M/Au:N/C:N/I:N/A:P",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
]
},
"published": "2014-05-14T19:55:13.153",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Exploit"
],
"url": "http://packetstormsecurity.com/files/126564/VLC-Player-2.1.3-Memory-Corruption.html"
},
{
"source": "cve@mitre.org",
"tags": [
"Exploit"
],
"url": "http://www.securityfocus.com/bid/67315"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit"
],
"url": "http://packetstormsecurity.com/files/126564/VLC-Player-2.1.3-Memory-Corruption.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit"
],
"url": "http://www.securityfocus.com/bid/67315"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-119"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2017-05-23 21:29
Modified
2024-11-21 03:33
Severity ?
Summary
Heap out-of-bound read in CreateHtmlSubtitle in VideoLAN VLC 2.2.x due to missing check of string termination allows attackers to read data beyond allocated memory and potentially crash the process (causing a denial of service) via a crafted subtitles file.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| videolan | vlc_media_player | 2.2.0 | |
| videolan | vlc_media_player | 2.2.1 | |
| videolan | vlc_media_player | 2.2.2 | |
| videolan | vlc_media_player | 2.2.3 | |
| videolan | vlc_media_player | 2.2.4 | |
| videolan | vlc_media_player | 2.2.5 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:videolan:vlc_media_player:2.2.0:*:*:*:*:*:*:*",
"matchCriteriaId": "ECBAF91B-1BC9-4029-ADFC-506FAA3F6C93",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:videolan:vlc_media_player:2.2.1:*:*:*:*:*:*:*",
"matchCriteriaId": "3D0E28DE-2CAC-42CD-A8DF-2659AA135772",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:videolan:vlc_media_player:2.2.2:*:*:*:*:*:*:*",
"matchCriteriaId": "B4F39D96-FC35-4063-BB22-2A4CA6C788D8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:videolan:vlc_media_player:2.2.3:*:*:*:*:*:*:*",
"matchCriteriaId": "2EF54451-B67D-4003-991F-8D306C5ED782",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:videolan:vlc_media_player:2.2.4:*:*:*:*:*:*:*",
"matchCriteriaId": "38860D21-A9DB-49CD-A8CD-3323F98D111F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:videolan:vlc_media_player:2.2.5:*:*:*:*:*:*:*",
"matchCriteriaId": "F4EC0BA2-715C-4DAD-974D-EFBD3BA51944",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Heap out-of-bound read in CreateHtmlSubtitle in VideoLAN VLC 2.2.x due to missing check of string termination allows attackers to read data beyond allocated memory and potentially crash the process (causing a denial of service) via a crafted subtitles file."
},
{
"lang": "es",
"value": "Lectura de fuera de l\u00edmites del heap en la funci\u00f3n CreateHtmlSubtitle en VLC versiones 2.2.x de VideoLAN, debido a la falta de comprobaci\u00f3n de terminaci\u00f3n de cadena permite a los atacantes leer datos m\u00e1s all\u00e1 de la memoria asignada y potencialmente bloquear el proceso (causando una denegaci\u00f3n de servicio) por medio de un archivo de subt\u00edtulos especialmente dise\u00f1ados."
}
],
"id": "CVE-2017-8310",
"lastModified": "2024-11-21T03:33:44.883",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 4.3,
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:M/Au:N/C:N/I:N/A:P",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
"version": "3.0"
},
"exploitabilityScore": 1.8,
"impactScore": 3.6,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2017-05-23T21:29:00.180",
"references": [
{
"source": "cve@checkpoint.com",
"url": "http://git.videolan.org/?p=vlc/vlc-2.2.git%3Ba=blobdiff%3Bf=modules/codec/subsdec.c%3Bh=addd8c71f30d53558fffd19059b374be45cf0f8e%3Bhp=1b4276e299a2a6668047231d29ac705ae93076ba%3Bhb=7cac839692ab79dbfe5e4ebd4c4e37d9a8b1b328%3Bhpb=3477dba3d506de8d95bccef2c6b67861188f6c29"
},
{
"source": "cve@checkpoint.com",
"url": "http://www.debian.org/security/2017/dsa-3899"
},
{
"source": "cve@checkpoint.com",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securityfocus.com/bid/98638"
},
{
"source": "cve@checkpoint.com",
"url": "https://security.gentoo.org/glsa/201707-10"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://git.videolan.org/?p=vlc/vlc-2.2.git%3Ba=blobdiff%3Bf=modules/codec/subsdec.c%3Bh=addd8c71f30d53558fffd19059b374be45cf0f8e%3Bhp=1b4276e299a2a6668047231d29ac705ae93076ba%3Bhb=7cac839692ab79dbfe5e4ebd4c4e37d9a8b1b328%3Bhpb=3477dba3d506de8d95bccef2c6b67861188f6c29"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.debian.org/security/2017/dsa-3899"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securityfocus.com/bid/98638"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://security.gentoo.org/glsa/201707-10"
}
],
"sourceIdentifier": "cve@checkpoint.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-125"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2019-08-29 19:15
Modified
2024-11-21 04:27
Severity ?
Summary
The mkv::virtual_segment_c::seek method of demux/mkv/virtual_segment.cpp in VideoLAN VLC media player 3.0.7.1 has a use-after-free.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| videolan | vlc_media_player | 3.0.7.1 | |
| debian | debian_linux | 9.0 | |
| debian | debian_linux | 10.0 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:videolan:vlc_media_player:3.0.7.1:*:*:*:*:*:*:*",
"matchCriteriaId": "E70E115F-4E34-4944-BFB6-F523B54FC328",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*",
"matchCriteriaId": "DEECE5FC-CACF-4496-A3E7-164736409252",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:debian:debian_linux:10.0:*:*:*:*:*:*:*",
"matchCriteriaId": "07B237A9-69A3-4A9C-9DA0-4E06BD37AE73",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "The mkv::virtual_segment_c::seek method of demux/mkv/virtual_segment.cpp in VideoLAN VLC media player 3.0.7.1 has a use-after-free."
},
{
"lang": "es",
"value": "El m\u00e9todo mkv::virtual_segment_c::seek del archivo demux/mkv/virtual_segment.cpp en VideoLAN VLC media player versi\u00f3n 3.0.7.1, presenta un uso de la memoria previamente liberada."
}
],
"id": "CVE-2019-14778",
"lastModified": "2024-11-21T04:27:20.173",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 6.8,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.0"
},
"exploitabilityScore": 1.8,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2019-08-29T19:15:13.570",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Patch",
"Third Party Advisory"
],
"url": "http://git.videolan.org/?p=vlc.git\u0026a=search\u0026h=refs/heads/master\u0026st=commit\u0026s=cve-2019"
},
{
"source": "cve@mitre.org",
"url": "http://lists.opensuse.org/opensuse-security-announce/2020-04/msg00036.html"
},
{
"source": "cve@mitre.org",
"url": "http://lists.opensuse.org/opensuse-security-announce/2020-04/msg00046.html"
},
{
"source": "cve@mitre.org",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "https://seclists.org/bugtraq/2019/Aug/36"
},
{
"source": "cve@mitre.org",
"url": "https://security.gentoo.org/glsa/201909-02"
},
{
"source": "cve@mitre.org",
"url": "https://usn.ubuntu.com/4131-1/"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
],
"url": "https://www.debian.org/security/2019/dsa-4504"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "https://www.videolan.org/security/sb-vlc308.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Third Party Advisory"
],
"url": "http://git.videolan.org/?p=vlc.git\u0026a=search\u0026h=refs/heads/master\u0026st=commit\u0026s=cve-2019"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://lists.opensuse.org/opensuse-security-announce/2020-04/msg00036.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://lists.opensuse.org/opensuse-security-announce/2020-04/msg00046.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "https://seclists.org/bugtraq/2019/Aug/36"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://security.gentoo.org/glsa/201909-02"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://usn.ubuntu.com/4131-1/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://www.debian.org/security/2019/dsa-4504"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "https://www.videolan.org/security/sb-vlc308.html"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-416"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2020-01-24 22:15
Modified
2024-11-21 02:21
Severity ?
Summary
The MP4_ReadBox_String function in modules/demux/mp4/libmp4.c in VideoLAN VLC media player before 2.1.6 allows remote attackers to trigger an unintended zero-size malloc and conduct buffer overflow attacks, and consequently execute arbitrary code, via a box size of 7.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| cve@mitre.org | http://openwall.com/lists/oss-security/2015/01/20/5 | Mailing List, Patch, Third Party Advisory | |
| cve@mitre.org | https://github.com/videolan/vlc/commit/2e7c7091a61aa5d07e7997b393d821e91f593c39 | Patch, Third Party Advisory | |
| cve@mitre.org | https://www.videolan.org/security/sa1501.html | Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://openwall.com/lists/oss-security/2015/01/20/5 | Mailing List, Patch, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://github.com/videolan/vlc/commit/2e7c7091a61aa5d07e7997b393d821e91f593c39 | Patch, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://www.videolan.org/security/sa1501.html | Vendor Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| videolan | vlc_media_player | * |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:videolan:vlc_media_player:*:*:*:*:*:*:*:*",
"matchCriteriaId": "6E9B8F06-93FB-4A2B-B550-A30BD8F1C5D6",
"versionEndExcluding": "2.1.6",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "The MP4_ReadBox_String function in modules/demux/mp4/libmp4.c in VideoLAN VLC media player before 2.1.6 allows remote attackers to trigger an unintended zero-size malloc and conduct buffer overflow attacks, and consequently execute arbitrary code, via a box size of 7."
},
{
"lang": "es",
"value": "La funci\u00f3n MP4_ReadBox_String en el archivo modules/demux/mp4/libmp4.c en el reproductor multimedia VLC de VideoLAN versiones anteriores a 2.1.6, permite a atacantes remotos desencadenar un malloc involuntario de tama\u00f1o cero y llevar a cabo ataques de desbordamiento del b\u00fafer, y en consecuencia ejecutar c\u00f3digo arbitrario, por medio de un tama\u00f1o de caja de 7."
}
],
"id": "CVE-2014-9628",
"lastModified": "2024-11-21T02:21:17.063",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 6.8,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 1.8,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2020-01-24T22:15:12.520",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Mailing List",
"Patch",
"Third Party Advisory"
],
"url": "http://openwall.com/lists/oss-security/2015/01/20/5"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch",
"Third Party Advisory"
],
"url": "https://github.com/videolan/vlc/commit/2e7c7091a61aa5d07e7997b393d821e91f593c39"
},
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "https://www.videolan.org/security/sa1501.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Mailing List",
"Patch",
"Third Party Advisory"
],
"url": "http://openwall.com/lists/oss-security/2015/01/20/5"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Third Party Advisory"
],
"url": "https://github.com/videolan/vlc/commit/2e7c7091a61aa5d07e7997b393d821e91f593c39"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://www.videolan.org/security/sa1501.html"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-120"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2007-01-16 23:28
Modified
2024-11-21 00:25
Severity ?
Summary
VideoLAN VLC 0.8.6a allows remote attackers to cause a denial of service (application crash) via a crafted .wmv file.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| videolan | vlc_media_player | 0.8.6a |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:videolan:vlc_media_player:0.8.6a:*:*:*:*:*:*:*",
"matchCriteriaId": "06BB94C4-9315-48FB-8859-425993D42973",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "VideoLAN VLC 0.8.6a allows remote attackers to cause a denial of service (application crash) via a crafted .wmv file."
},
{
"lang": "es",
"value": "VideoLAN VLC 0.8.6a permite a atacantes remotos provocar una denegaci\u00f3n de servicio (ca\u00edda de aplicaci\u00f3n) mediante un fichero .wmv manipulado."
}
],
"id": "CVE-2007-0256",
"lastModified": "2024-11-21T00:25:22.100",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "COMPLETE",
"baseScore": 7.8,
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:C",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 6.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2007-01-16T23:28:00.000",
"references": [
{
"source": "cve@mitre.org",
"url": "http://downloads.securityfocus.com/vulnerabilities/exploits/22003.py"
},
{
"source": "cve@mitre.org",
"url": "http://osvdb.org/39022"
},
{
"source": "cve@mitre.org",
"url": "http://wiki.videolan.org/Changelog/0.8.6b"
},
{
"source": "cve@mitre.org",
"tags": [
"Exploit"
],
"url": "http://www.securityfocus.com/bid/22003"
},
{
"source": "cve@mitre.org",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/31515"
},
{
"source": "cve@mitre.org",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A14698"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://downloads.securityfocus.com/vulnerabilities/exploits/22003.py"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://osvdb.org/39022"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://wiki.videolan.org/Changelog/0.8.6b"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit"
],
"url": "http://www.securityfocus.com/bid/22003"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/31515"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A14698"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-Other"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2019-08-29 19:15
Modified
2024-11-21 04:27
Severity ?
Summary
A heap-based buffer over-read exists in DemuxInit() in demux/asf/asf.c in VideoLAN VLC media player 3.0.7.1 via a crafted .mkv file.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| videolan | vlc_media_player | 3.0.7.1 | |
| debian | debian_linux | 9.0 | |
| debian | debian_linux | 10.0 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:videolan:vlc_media_player:3.0.7.1:*:*:*:*:*:*:*",
"matchCriteriaId": "E70E115F-4E34-4944-BFB6-F523B54FC328",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*",
"matchCriteriaId": "DEECE5FC-CACF-4496-A3E7-164736409252",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:debian:debian_linux:10.0:*:*:*:*:*:*:*",
"matchCriteriaId": "07B237A9-69A3-4A9C-9DA0-4E06BD37AE73",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "A heap-based buffer over-read exists in DemuxInit() in demux/asf/asf.c in VideoLAN VLC media player 3.0.7.1 via a crafted .mkv file."
},
{
"lang": "es",
"value": "Se presenta una lectura excesiva del b\u00fafer en la regi\u00f3n heap de la memoria en la funci\u00f3n DemuxInit() en el archivo demux/asf/asf.c en VideoLAN VLC media player versi\u00f3n 3.0.7.1 por medio de un archivo .mkv dise\u00f1ado."
}
],
"id": "CVE-2019-14776",
"lastModified": "2024-11-21T04:27:19.470",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 6.8,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.0"
},
"exploitabilityScore": 1.8,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2019-08-29T19:15:13.430",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Patch",
"Third Party Advisory"
],
"url": "http://git.videolan.org/?p=vlc.git\u0026a=search\u0026h=refs/heads/master\u0026st=commit\u0026s=cve-2019"
},
{
"source": "cve@mitre.org",
"url": "http://lists.opensuse.org/opensuse-security-announce/2020-04/msg00036.html"
},
{
"source": "cve@mitre.org",
"url": "http://lists.opensuse.org/opensuse-security-announce/2020-04/msg00046.html"
},
{
"source": "cve@mitre.org",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "https://seclists.org/bugtraq/2019/Aug/36"
},
{
"source": "cve@mitre.org",
"url": "https://security.gentoo.org/glsa/201909-02"
},
{
"source": "cve@mitre.org",
"url": "https://usn.ubuntu.com/4131-1/"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
],
"url": "https://www.debian.org/security/2019/dsa-4504"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "https://www.videolan.org/security/sb-vlc308.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Third Party Advisory"
],
"url": "http://git.videolan.org/?p=vlc.git\u0026a=search\u0026h=refs/heads/master\u0026st=commit\u0026s=cve-2019"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://lists.opensuse.org/opensuse-security-announce/2020-04/msg00036.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://lists.opensuse.org/opensuse-security-announce/2020-04/msg00046.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "https://seclists.org/bugtraq/2019/Aug/36"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://security.gentoo.org/glsa/201909-02"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://usn.ubuntu.com/4131-1/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://www.debian.org/security/2019/dsa-4504"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "https://www.videolan.org/security/sb-vlc308.html"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-125"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2008-08-20 16:41
Modified
2024-11-21 00:49
Severity ?
Summary
Integer overflow in the Open function in modules/demux/tta.c in VLC Media Player 0.8.6i allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a crafted TTA file, which triggers a heap-based buffer overflow. NOTE: some of these details are obtained from third party information.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| videolan | vlc_media_player | 0.8.6i |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:videolan:vlc_media_player:0.8.6i:*:*:*:*:*:*:*",
"matchCriteriaId": "FD824C10-CB0B-4988-99E9-1B8A2B52C5A3",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Integer overflow in the Open function in modules/demux/tta.c in VLC Media Player 0.8.6i allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a crafted TTA file, which triggers a heap-based buffer overflow. NOTE: some of these details are obtained from third party information."
},
{
"lang": "es",
"value": "Desbordamiento de entero en la funci\u00f3n Open en modules/demux/tta.c de VLC Media Player 0.8.6i, permite a atacantes remotos provocar una denegaci\u00f3n de servicio (ca\u00edda de la aplicaci\u00f3n) o puede que ejecutar c\u00f3digo de su elecci\u00f3n mediante un fichero TTA manipulado; esto conlleva a un desbordamiento de b\u00fafer basado en pila. NOTA: algunos de estos detalles se han obtenido de fuentes de terceros."
}
],
"id": "CVE-2008-3732",
"lastModified": "2024-11-21T00:49:59.380",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "COMPLETE",
"baseScore": 9.3,
"confidentialityImpact": "COMPLETE",
"integrityImpact": "COMPLETE",
"vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 10.0,
"obtainAllPrivilege": true,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
]
},
"published": "2008-08-20T16:41:00.000",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/31512"
},
{
"source": "cve@mitre.org",
"url": "http://security.gentoo.org/glsa/glsa-200809-06.xml"
},
{
"source": "cve@mitre.org",
"url": "http://securityreason.com/securityalert/4170"
},
{
"source": "cve@mitre.org",
"tags": [
"Exploit"
],
"url": "http://www.orange-bat.com/adv/2008/adv.08.16.txt"
},
{
"source": "cve@mitre.org",
"url": "http://www.securityfocus.com/bid/30718"
},
{
"source": "cve@mitre.org",
"url": "http://www.vupen.com/english/advisories/2008/2394"
},
{
"source": "cve@mitre.org",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/44510"
},
{
"source": "cve@mitre.org",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A14570"
},
{
"source": "cve@mitre.org",
"url": "https://www.exploit-db.com/exploits/6252"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/31512"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://security.gentoo.org/glsa/glsa-200809-06.xml"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://securityreason.com/securityalert/4170"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit"
],
"url": "http://www.orange-bat.com/adv/2008/adv.08.16.txt"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/bid/30718"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.vupen.com/english/advisories/2008/2394"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/44510"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A14570"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://www.exploit-db.com/exploits/6252"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-189"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2014-12-26 20:59
Modified
2024-11-21 01:14
Severity ?
Summary
The parse_track_node function in modules/demux/playlist/xspf.c in the XSPF playlist parser in VideoLAN VLC media player before 1.0.6 allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) via an empty location element in an XML Shareable Playlist Format (XSPF) document.
References
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:videolan:vlc_media_player:*:*:*:*:*:*:*:*",
"matchCriteriaId": "573B6617-9109-43AA-BD92-B211B6AB7BC4",
"versionEndIncluding": "1.0.5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:videolan:vlc_media_player:0.5.0:*:*:*:*:*:*:*",
"matchCriteriaId": "12602EC1-07DE-4A40-9897-E7E6A23D4B42",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:videolan:vlc_media_player:0.5.1:*:*:*:*:*:*:*",
"matchCriteriaId": "6726FF43-2330-444C-86F0-FB774F8470C8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:videolan:vlc_media_player:0.5.2:*:*:*:*:*:*:*",
"matchCriteriaId": "90D485D0-BBF8-4A0F-91A1-52835EF876A1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:videolan:vlc_media_player:0.5.3:*:*:*:*:*:*:*",
"matchCriteriaId": "DC23A94C-3611-41BA-9043-22C477B8020B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:videolan:vlc_media_player:0.6.0:*:*:*:*:*:*:*",
"matchCriteriaId": "01118457-9068-48F7-B2A4-BABB354E1449",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:videolan:vlc_media_player:0.6.1:*:*:*:*:*:*:*",
"matchCriteriaId": "EB851F73-D444-4316-9AA0-4556068ADED2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:videolan:vlc_media_player:0.6.2:*:*:*:*:*:*:*",
"matchCriteriaId": "6221A983-B4AC-4646-A939-FAA021EE7F20",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:videolan:vlc_media_player:0.7.0:*:*:*:*:*:*:*",
"matchCriteriaId": "F1707178-C378-4098-8C97-CBFB5DD8B4ED",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:videolan:vlc_media_player:0.7.1:*:*:*:*:*:*:*",
"matchCriteriaId": "08AD173D-10D1-4145-88E9-20053ADA7A6D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:videolan:vlc_media_player:0.7.2:*:*:*:*:*:*:*",
"matchCriteriaId": "46904EED-974A-4900-B676-DE298CB3ADE1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:videolan:vlc_media_player:0.8.0:*:*:*:*:*:*:*",
"matchCriteriaId": "4384C436-12AF-4051-B074-893BE6B4C7F2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:videolan:vlc_media_player:0.8.1:*:*:*:*:*:*:*",
"matchCriteriaId": "7EC2CEE6-A2E1-437A-947F-608EB7987758",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:videolan:vlc_media_player:0.8.2:*:*:*:*:*:*:*",
"matchCriteriaId": "C30A98A2-675A-4913-A425-2B9F8F06CEA8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:videolan:vlc_media_player:0.8.4:*:*:*:*:*:*:*",
"matchCriteriaId": "C6A360E5-501E-4A97-94A0-620FC5B2627A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:videolan:vlc_media_player:0.8.4a:*:*:*:*:*:*:*",
"matchCriteriaId": "8E9742E3-756B-418F-8F9F-D86BD37080DC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:videolan:vlc_media_player:0.8.5:*:*:*:*:*:*:*",
"matchCriteriaId": "D2845107-7D0C-4F72-AF0C-0E059E923826",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:videolan:vlc_media_player:0.8.6:*:*:*:*:*:*:*",
"matchCriteriaId": "18B68706-5A1F-479F-8A38-F93D98481F9C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:videolan:vlc_media_player:0.8.6a:*:*:*:*:*:*:*",
"matchCriteriaId": "06BB94C4-9315-48FB-8859-425993D42973",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:videolan:vlc_media_player:0.8.6b:*:*:*:*:*:*:*",
"matchCriteriaId": "97E4572E-337D-43F3-81AE-54E496F04E49",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:videolan:vlc_media_player:0.8.6c:*:*:*:*:*:*:*",
"matchCriteriaId": "DDB2DD0B-7D95-4391-8881-4A22F4AA1778",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:videolan:vlc_media_player:0.8.6d:*:*:*:*:*:*:*",
"matchCriteriaId": "AAFBA7B6-0227-4E0F-AF95-FC02FE84654D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:videolan:vlc_media_player:0.8.6e:*:*:*:*:*:*:*",
"matchCriteriaId": "9D387A08-1B84-46BB-87E2-51E3E9567B8B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:videolan:vlc_media_player:0.8.6f:*:*:*:*:*:*:*",
"matchCriteriaId": "8D26B400-DAF1-4602-9AF7-ECF97919529A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:videolan:vlc_media_player:0.8.6g:*:*:*:*:*:*:*",
"matchCriteriaId": "2150E50E-C00A-407B-9D14-444124D6AD01",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:videolan:vlc_media_player:0.8.6h:*:*:*:*:*:*:*",
"matchCriteriaId": "725D145D-C3F6-4810-96D8-E8AC871093F0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:videolan:vlc_media_player:0.8.6i:*:*:*:*:*:*:*",
"matchCriteriaId": "FD824C10-CB0B-4988-99E9-1B8A2B52C5A3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:videolan:vlc_media_player:0.8.1337:*:*:*:*:*:*:*",
"matchCriteriaId": "714D8595-BFA8-48CE-8563-1CCFF959F8AE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:videolan:vlc_media_player:0.9.0:*:*:*:*:*:*:*",
"matchCriteriaId": "C13FF305-2547-4E85-9007-0A89F5E34BD4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:videolan:vlc_media_player:0.9.1:*:*:*:*:*:*:*",
"matchCriteriaId": "3E93836E-E9D1-4180-A589-43602647741C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:videolan:vlc_media_player:0.9.2:*:*:*:*:*:*:*",
"matchCriteriaId": "B3B32073-DBD5-4344-8498-A132B99807A8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:videolan:vlc_media_player:0.9.3:*:*:*:*:*:*:*",
"matchCriteriaId": "5330E5C4-BF18-498A-9AE2-1C57E2494AAF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:videolan:vlc_media_player:0.9.4:*:*:*:*:*:*:*",
"matchCriteriaId": "86D31A16-94EE-45D6-8C54-4F27D466A29E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:videolan:vlc_media_player:0.9.5:*:*:*:*:*:*:*",
"matchCriteriaId": "117C896C-1C61-440E-B0F4-A871828CD095",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:videolan:vlc_media_player:0.9.6:*:*:*:*:*:*:*",
"matchCriteriaId": "53C17E1A-2E3A-4765-92DE-55CFEE5E4CB0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:videolan:vlc_media_player:0.9.8a:*:*:*:*:*:*:*",
"matchCriteriaId": "A218DA63-4334-4C9F-BB47-44CC00630613",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:videolan:vlc_media_player:0.9.9:*:*:*:*:*:*:*",
"matchCriteriaId": "3CD809FD-E893-4921-83CE-D34008670F8F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:videolan:vlc_media_player:0.9.9a:*:*:*:*:*:*:*",
"matchCriteriaId": "9F8A163E-3578-4BF5-A278-A267D9B9CE82",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:videolan:vlc_media_player:0.9.10:*:*:*:*:*:*:*",
"matchCriteriaId": "8F60ACBF-E7C6-4184-9B91-8ED3840A7BEA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:videolan:vlc_media_player:1.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "D1925D17-564A-4D8C-87FB-D3C731FA0612",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:videolan:vlc_media_player:1.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "70BD6170-AD0D-4E95-8998-8B5CE8F0E3AF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:videolan:vlc_media_player:1.0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "9B06DCD7-56C5-4B25-936E-07D766109FB8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:videolan:vlc_media_player:1.0.3:*:*:*:*:*:*:*",
"matchCriteriaId": "29AD31C5-B119-44EF-8627-2C480860BAD2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:videolan:vlc_media_player:1.0.4:*:*:*:*:*:*:*",
"matchCriteriaId": "692C36B2-2A55-44EA-B80E-D7EDE384BA7D",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "The parse_track_node function in modules/demux/playlist/xspf.c in the XSPF playlist parser in VideoLAN VLC media player before 1.0.6 allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) via an empty location element in an XML Shareable Playlist Format (XSPF) document."
},
{
"lang": "es",
"value": "La funci\u00f3n parse_track_node en modules/demux/playlist/xspf.c en el analizador de lista de reproducci\u00f3n XSPF de VideoLAN VLC anterior a 1.0.6 permite a atacantes remotos causar una denegaci\u00f3n de servicio (referencia a puntero nulo y ca\u00edda de la aplicaci\u00f3n) a trav\u00e9s de un elemento vac\u00edo en un documento XML Shareable Playlist Format (XSPF)."
}
],
"evaluatorComment": "\u003ca href=\"http://cwe.mitre.org/data/definitions/476.html\"\u003eCWE-476: NULL Pointer Dereference\u003c/a\u003e",
"id": "CVE-2010-1443",
"lastModified": "2024-11-21T01:14:26.320",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 5.0,
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2014-12-26T20:59:04.307",
"references": [
{
"source": "secalert@redhat.com",
"url": "http://git.videolan.org/?p=vlc/vlc-1.1.git%3Ba=commit%3Bh=8902488ba529c0cf4c903a8a84ff20b5737cc753"
},
{
"source": "secalert@redhat.com",
"url": "http://openwall.com/lists/oss-security/2010/04/28/4"
},
{
"source": "secalert@redhat.com",
"tags": [
"Vendor Advisory"
],
"url": "http://www.videolan.org/security/sa1003.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://git.videolan.org/?p=vlc/vlc-1.1.git%3Ba=commit%3Bh=8902488ba529c0cf4c903a8a84ff20b5737cc753"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://openwall.com/lists/oss-security/2010/04/28/4"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://www.videolan.org/security/sa1003.html"
}
],
"sourceIdentifier": "secalert@redhat.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-Other"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2008-01-16 22:00
Modified
2024-11-21 00:41
Severity ?
Summary
Heap-based buffer overflow in the libaccess_realrtsp plugin in VideoLAN VLC Media Player 0.8.6d and earlier on Windows might allow remote RTSP servers to cause a denial of service (application crash) or execute arbitrary code via a long string.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| microsoft | windows | * | |
| videolan | vlc_media_player | * |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:microsoft:windows:*:*:*:*:*:*:*:*",
"matchCriteriaId": "2CF61F35-5905-4BA9-AD7E-7DB261D2F256",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:videolan:vlc_media_player:*:*:*:*:*:*:*:*",
"matchCriteriaId": "A14F15BC-28B2-4DCF-86CC-8213DD66402C",
"versionEndIncluding": "0.8.6d",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Heap-based buffer overflow in the libaccess_realrtsp plugin in VideoLAN VLC Media Player 0.8.6d and earlier on Windows might allow remote RTSP servers to cause a denial of service (application crash) or execute arbitrary code via a long string."
},
{
"lang": "es",
"value": "Desbordamiento de b\u00fafer basado en mont\u00edculo en el plugin libaccess_realrtsp de VideoLAN VLC Media Player 0.8.6d y versiones anteriores en Windows, podr\u00eda permitir a servidores RTSP remotos provocar una denegaci\u00f3n de servicio (ca\u00edda de aplicaci\u00f3n) \u00f3 ejecutar c\u00f3digo de su elecci\u00f3n mediante una cadena larga."
}
],
"id": "CVE-2008-0296",
"lastModified": "2024-11-21T00:41:36.763",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "COMPLETE",
"baseScore": 10.0,
"confidentialityImpact": "COMPLETE",
"integrityImpact": "COMPLETE",
"vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 10.0,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2008-01-16T22:00:00.000",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Exploit"
],
"url": "http://aluigi.altervista.org/adv/vlcxhof-adv.txt"
},
{
"source": "cve@mitre.org",
"url": "http://secunia.com/advisories/29284"
},
{
"source": "cve@mitre.org",
"url": "http://secunia.com/advisories/29766"
},
{
"source": "cve@mitre.org",
"url": "http://www.debian.org/security/2008/dsa-1543"
},
{
"source": "cve@mitre.org",
"url": "http://www.gentoo.org/security/en/glsa/glsa-200803-13.xml"
},
{
"source": "cve@mitre.org",
"url": "http://www.vupen.com/english/advisories/2008/0105"
},
{
"source": "cve@mitre.org",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A14597"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit"
],
"url": "http://aluigi.altervista.org/adv/vlcxhof-adv.txt"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://secunia.com/advisories/29284"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://secunia.com/advisories/29766"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.debian.org/security/2008/dsa-1543"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.gentoo.org/security/en/glsa/glsa-200803-13.xml"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.vupen.com/english/advisories/2008/0105"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A14597"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-119"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2012-10-26 10:39
Modified
2024-11-21 01:44
Severity ?
Summary
libpng_plugin in VideoLAN VLC media player 2.0.3 allows remote attackers to cause a denial of service (application crash) via a crafted PNG file.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| videolan | vlc_media_player | 2.0.3 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:videolan:vlc_media_player:2.0.3:*:*:*:*:*:*:*",
"matchCriteriaId": "99D5CFF3-0643-4AFD-B5D9-7C7C3B18C29B",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "libpng_plugin in VideoLAN VLC media player 2.0.3 allows remote attackers to cause a denial of service (application crash) via a crafted PNG file."
},
{
"lang": "es",
"value": "libpng_plugin en VideoLAN VLC media player v2.0.3 permite a atacantes remotos a provocar una denegaci\u00f3n de servicio (ca\u00edda de la aplicaci\u00f3n) a trav\u00e9s de un fichero PNG manipulado."
}
],
"evaluatorComment": "Per http://www.videolan.org/security/sa1203.html\r\n\r\nWhen parsing an invalid PNG image file, a buffer overflow might occur.",
"id": "CVE-2012-5470",
"lastModified": "2024-11-21T01:44:42.903",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 4.3,
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:M/Au:N/C:N/I:N/A:P",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
]
},
"published": "2012-10-26T10:39:16.610",
"references": [
{
"source": "cve@mitre.org",
"url": "http://openwall.com/lists/oss-security/2012/10/24/3"
},
{
"source": "cve@mitre.org",
"tags": [
"Exploit"
],
"url": "http://www.exploit-db.com/exploits/21889/"
},
{
"source": "cve@mitre.org",
"url": "http://www.securityfocus.com/bid/55850"
},
{
"source": "cve@mitre.org",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A15540"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://openwall.com/lists/oss-security/2012/10/24/3"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit"
],
"url": "http://www.exploit-db.com/exploits/21889/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/bid/55850"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A15540"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-119"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2014-01-23 21:55
Modified
2024-11-21 01:59
Severity ?
Summary
The parseRTSPRequestString function in Live Networks Live555 Streaming Media 2013.11.26, as used in VideoLAN VLC Media Player, allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a space character at the beginning of an RTSP message, which triggers an integer underflow, infinite loop, and buffer overflow. NOTE: this vulnerability exists because of an incomplete fix for CVE-2013-6933.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| cve@mitre.org | http://isecpartners.github.io/fuzzing/vulnerabilities/2013/12/30/vlc-vulnerability.html | Exploit, Third Party Advisory | |
| cve@mitre.org | http://www.live555.com/liveMedia/public/changelog.txt | Vendor Advisory | |
| cve@mitre.org | http://www.securityfocus.com/bid/65139 | Third Party Advisory, VDB Entry | |
| af854a3a-2127-422b-91ae-364da2661108 | http://isecpartners.github.io/fuzzing/vulnerabilities/2013/12/30/vlc-vulnerability.html | Exploit, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.live555.com/liveMedia/public/changelog.txt | Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.securityfocus.com/bid/65139 | Third Party Advisory, VDB Entry |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| live555 | streaming_media | 2013-11-26 | |
| videolan | vlc_media_player | * |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:live555:streaming_media:2013-11-26:*:*:*:*:*:*:*",
"matchCriteriaId": "DCB033D9-C10C-428C-A7EF-DCF113967A19",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:videolan:vlc_media_player:*:*:*:*:*:*:*:*",
"matchCriteriaId": "1CC766DE-C9B4-4067-B90F-37DBB63EEFE0",
"versionEndExcluding": "2.1.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "The parseRTSPRequestString function in Live Networks Live555 Streaming Media 2013.11.26, as used in VideoLAN VLC Media Player, allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a space character at the beginning of an RTSP message, which triggers an integer underflow, infinite loop, and buffer overflow. NOTE: this vulnerability exists because of an incomplete fix for CVE-2013-6933."
},
{
"lang": "es",
"value": "La funci\u00f3n parseRTSPRequestString en Live Networks Live555 Streaming Media 2013.11.26, tal como se usa en VideoLAN VLC Media Player, permite a atacantes remotos provocar una denegaci\u00f3n de servicio (ca\u00edda) y posiblemente ejecutar c\u00f3digo arbitrario a trav\u00e9s de un car\u00e1cter en blanco en el comienzo de un mensaje RTSP, lo que desencadena en un underflow de enteros, bucle infinito, y desbordamiento de b\u00fafer. NOTA: esta vulnerabilidad existe por una soluci\u00f3n incompleta en CVE-2013-6933."
}
],
"id": "CVE-2013-6934",
"lastModified": "2024-11-21T01:59:59.950",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2014-01-23T21:55:04.947",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Third Party Advisory"
],
"url": "http://isecpartners.github.io/fuzzing/vulnerabilities/2013/12/30/vlc-vulnerability.html"
},
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "http://www.live555.com/liveMedia/public/changelog.txt"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securityfocus.com/bid/65139"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Third Party Advisory"
],
"url": "http://isecpartners.github.io/fuzzing/vulnerabilities/2013/12/30/vlc-vulnerability.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://www.live555.com/liveMedia/public/changelog.txt"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securityfocus.com/bid/65139"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-189"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2023-11-07 16:15
Modified
2024-11-21 08:30
Severity ?
Summary
Videolan VLC prior to version 3.0.20 contains an incorrect offset read that leads to a Heap-Based Buffer Overflow in function GetPacket() and results in a memory corruption.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| videolan | vlc_media_player | * |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:videolan:vlc_media_player:*:*:*:*:*:*:*:*",
"matchCriteriaId": "0FEB882C-531D-4002-9CAB-98A0C6EDC382",
"versionEndExcluding": "3.0.20",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Videolan VLC prior to version 3.0.20 contains an incorrect offset read that leads to a Heap-Based Buffer Overflow in function GetPacket() and results in a memory corruption."
},
{
"lang": "es",
"value": "Videolan VLC anterior a la versi\u00f3n 3.0.20 contiene una lectura de desplazamiento incorrecta que provoca un desbordamiento del b\u00fafer en la funci\u00f3n GetPacket() y provoca da\u00f1os en la memoria."
}
],
"id": "CVE-2023-47359",
"lastModified": "2024-11-21T08:30:11.663",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2023-11-07T16:15:29.140",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Third Party Advisory"
],
"url": "https://0xariana.github.io/blog/real_bugs/vlc/mms"
},
{
"source": "cve@mitre.org",
"url": "https://lists.debian.org/debian-lts-announce/2023/11/msg00034.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Third Party Advisory"
],
"url": "https://0xariana.github.io/blog/real_bugs/vlc/mms"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://lists.debian.org/debian-lts-announce/2023/11/msg00034.html"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-787"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2019-08-29 18:15
Modified
2024-11-21 04:26
Severity ?
Summary
The xiph_SplitHeaders function in modules/demux/xiph.h in VideoLAN VLC media player 3.0.7.1 does not check array bounds properly. As a result, a heap-based buffer over-read can be triggered via a crafted .ogg file.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| videolan | vlc_media_player | 3.0.7.1 | |
| debian | debian_linux | 9.0 | |
| debian | debian_linux | 10.0 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:videolan:vlc_media_player:3.0.7.1:*:*:*:*:*:*:*",
"matchCriteriaId": "E70E115F-4E34-4944-BFB6-F523B54FC328",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*",
"matchCriteriaId": "DEECE5FC-CACF-4496-A3E7-164736409252",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:debian:debian_linux:10.0:*:*:*:*:*:*:*",
"matchCriteriaId": "07B237A9-69A3-4A9C-9DA0-4E06BD37AE73",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "The xiph_SplitHeaders function in modules/demux/xiph.h in VideoLAN VLC media player 3.0.7.1 does not check array bounds properly. As a result, a heap-based buffer over-read can be triggered via a crafted .ogg file."
},
{
"lang": "es",
"value": "La funci\u00f3n xiph_SplitHeaders en el archivo modules/demux/xiph.h en VideoLAN VLC media player versi\u00f3n 3.0.7.1, no comprueba los l\u00edmites de la matriz apropiadamente. Como resultado, puede ser activada una lectura excesiva del b\u00fafer en la regi\u00f3n heap de la memoria por medio de un archivo .ogg dise\u00f1ado."
}
],
"id": "CVE-2019-14437",
"lastModified": "2024-11-21T04:26:44.633",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 6.8,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.0"
},
"exploitabilityScore": 1.8,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2019-08-29T18:15:12.127",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Patch"
],
"url": "http://git.videolan.org/?p=vlc.git\u0026a=search\u0026h=refs%2Fheads%2Fmaster\u0026st=commit\u0026s=cve-2019"
},
{
"source": "cve@mitre.org",
"url": "http://lists.opensuse.org/opensuse-security-announce/2020-04/msg00036.html"
},
{
"source": "cve@mitre.org",
"url": "http://lists.opensuse.org/opensuse-security-announce/2020-04/msg00046.html"
},
{
"source": "cve@mitre.org",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "https://seclists.org/bugtraq/2019/Aug/36"
},
{
"source": "cve@mitre.org",
"url": "https://security.gentoo.org/glsa/201909-02"
},
{
"source": "cve@mitre.org",
"url": "https://usn.ubuntu.com/4131-1/"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
],
"url": "https://www.debian.org/security/2019/dsa-4504"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "https://www.videolan.org/security/sb-vlc308.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch"
],
"url": "http://git.videolan.org/?p=vlc.git\u0026a=search\u0026h=refs%2Fheads%2Fmaster\u0026st=commit\u0026s=cve-2019"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://lists.opensuse.org/opensuse-security-announce/2020-04/msg00036.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://lists.opensuse.org/opensuse-security-announce/2020-04/msg00046.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "https://seclists.org/bugtraq/2019/Aug/36"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://security.gentoo.org/glsa/201909-02"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://usn.ubuntu.com/4131-1/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://www.debian.org/security/2019/dsa-4504"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "https://www.videolan.org/security/sb-vlc308.html"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-125"
},
{
"lang": "en",
"value": "CWE-129"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2009-07-16 16:30
Modified
2024-11-21 01:04
Severity ?
Summary
Stack-based buffer overflow in the Win32AddConnection function in modules/access/smb.c in VideoLAN VLC media player 0.9.9, when running on Microsoft Windows, allows remote attackers to cause a denial of service (application crash) and possibly execute arbitrary code via a long smb URI in a playlist file.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| videolan | vlc_media_player | 0.9.9 | |
| microsoft | windows | * |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:videolan:vlc_media_player:0.9.9:*:*:*:*:*:*:*",
"matchCriteriaId": "3CD809FD-E893-4921-83CE-D34008670F8F",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:microsoft:windows:*:*:*:*:*:*:*:*",
"matchCriteriaId": "2CF61F35-5905-4BA9-AD7E-7DB261D2F256",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Stack-based buffer overflow in the Win32AddConnection function in modules/access/smb.c in VideoLAN VLC media player 0.9.9, when running on Microsoft Windows, allows remote attackers to cause a denial of service (application crash) and possibly execute arbitrary code via a long smb URI in a playlist file."
},
{
"lang": "es",
"value": "Desbordamiento de b\u00fafer basado en pila en la funci\u00f3n Win32AddConnection en modules/access/smb.c en VideoLAN VLC media player v0.9.9, cuando se ejecuta en Microsoft Windows, permite a los atacantes remotos causar una denegaci\u00f3n de servicio (ca\u00edda de la aplicaci\u00f3n) y posiblemente ejecutar c\u00f3digo arbitrario a trav\u00e9s de una smb URI larga en un archivo de lista de reproducci\u00f3n."
}
],
"id": "CVE-2009-2484",
"lastModified": "2024-11-21T01:04:59.227",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "COMPLETE",
"baseScore": 9.3,
"confidentialityImpact": "COMPLETE",
"integrityImpact": "COMPLETE",
"vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 10.0,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
]
},
"published": "2009-07-16T16:30:00.500",
"references": [
{
"source": "cve@mitre.org",
"url": "http://git.videolan.org/?p=vlc.git%3Ba=commit%3Bh=e60a9038b13b5eb805a76755efc5c6d5e080180f"
},
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/35558"
},
{
"source": "cve@mitre.org",
"url": "http://www.exploit-db.com/exploits/9029"
},
{
"source": "cve@mitre.org",
"tags": [
"Exploit"
],
"url": "http://www.securityfocus.com/bid/35500"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://www.vupen.com/english/advisories/2009/1714"
},
{
"source": "cve@mitre.org",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A14800"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://git.videolan.org/?p=vlc.git%3Ba=commit%3Bh=e60a9038b13b5eb805a76755efc5c6d5e080180f"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/35558"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.exploit-db.com/exploits/9029"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit"
],
"url": "http://www.securityfocus.com/bid/35500"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://www.vupen.com/english/advisories/2009/1714"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A14800"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-119"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2019-07-30 21:15
Modified
2024-11-21 04:44
Severity ?
Summary
Double Free in VLC versions <= 3.0.6 leads to a crash.
References
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:videolan:vlc_media_player:*:*:*:*:*:*:*:*",
"matchCriteriaId": "C0B495DB-9B59-48DE-9B22-7AB48CDBBF2B",
"versionEndIncluding": "3.0.6",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:opensuse:backports:sle-15:-:*:*:*:*:*:*",
"matchCriteriaId": "398716BC-E609-4338-BAB9-7CB2A78599BC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:opensuse:backports:sle-15:sp1:*:*:*:*:*:*",
"matchCriteriaId": "C84D9410-31B7-421A-AD99-8ED2E45A9BC6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:opensuse:leap:15.0:*:*:*:*:*:*:*",
"matchCriteriaId": "F1E78106-58E6-4D59-990F-75DA575BFAD9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:opensuse:leap:15.1:*:*:*:*:*:*:*",
"matchCriteriaId": "B620311B-34A3-48A6-82DF-6F078D7A4493",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Double Free in VLC versions \u003c= 3.0.6 leads to a crash."
},
{
"lang": "es",
"value": "Una vulnerabilidad de Doble Liberaci\u00f3n en VLC versiones anteriores a 3.0.6 (incluida), conlleva a un bloqueo."
}
],
"id": "CVE-2019-5460",
"lastModified": "2024-11-21T04:44:58.610",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 4.3,
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:M/Au:N/C:N/I:N/A:P",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"exploitabilityScore": 1.8,
"impactScore": 3.6,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2019-07-30T21:15:12.320",
"references": [
{
"source": "support@hackerone.com",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2019-08/msg00005.html"
},
{
"source": "support@hackerone.com",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2019-08/msg00037.html"
},
{
"source": "support@hackerone.com",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2019-08/msg00040.html"
},
{
"source": "support@hackerone.com",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2019-08/msg00081.html"
},
{
"source": "support@hackerone.com",
"tags": [
"Exploit",
"Issue Tracking",
"Third Party Advisory"
],
"url": "https://hackerone.com/reports/503208"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2019-08/msg00005.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2019-08/msg00037.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2019-08/msg00040.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2019-08/msg00081.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Issue Tracking",
"Third Party Advisory"
],
"url": "https://hackerone.com/reports/503208"
}
],
"sourceIdentifier": "support@hackerone.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-415"
}
],
"source": "support@hackerone.com",
"type": "Secondary"
},
{
"description": [
{
"lang": "en",
"value": "CWE-415"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2008-10-15 00:00
Modified
2024-11-21 00:51
Severity ?
Summary
Array index error in VLC media player 0.9.2 allows remote attackers to overwrite arbitrary memory and execute arbitrary code via an XSPF playlist file with a negative identifier tag, which passes a signed comparison.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| videolan | vlc_media_player | 0.9.2 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:videolan:vlc_media_player:0.9.2:*:*:*:*:*:*:*",
"matchCriteriaId": "B3B32073-DBD5-4344-8498-A132B99807A8",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Array index error in VLC media player 0.9.2 allows remote attackers to overwrite arbitrary memory and execute arbitrary code via an XSPF playlist file with a negative identifier tag, which passes a signed comparison."
},
{
"lang": "es",
"value": "Error de \u00edndice de array en VLC media player 0.9.2 permite a atacantes remotos sobrescribir memoria de su elecci\u00f3n y ejecutar c\u00f3digo de su elecci\u00f3n a trav\u00e9s de un fichero lista de reproduccio\u00b4n XSPF con una etiqueta con identificador negativo, lo cual pasa una comparaci\u00f3n firmada."
}
],
"id": "CVE-2008-4558",
"lastModified": "2024-11-21T00:51:58.547",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 6.8,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": true,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
]
},
"published": "2008-10-15T00:00:00.710",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/32267"
},
{
"source": "cve@mitre.org",
"tags": [
"Exploit"
],
"url": "http://www.coresecurity.com/content/vlc-xspf-memory-corruption"
},
{
"source": "cve@mitre.org",
"url": "http://www.exploit-db.com/exploits/6756"
},
{
"source": "cve@mitre.org",
"url": "http://www.securityfocus.com/archive/1/497354/100/0/threaded"
},
{
"source": "cve@mitre.org",
"url": "http://www.securityfocus.com/bid/31758"
},
{
"source": "cve@mitre.org",
"url": "http://www.vupen.com/english/advisories/2008/2826"
},
{
"source": "cve@mitre.org",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/45869"
},
{
"source": "cve@mitre.org",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A14726"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/32267"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit"
],
"url": "http://www.coresecurity.com/content/vlc-xspf-memory-corruption"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.exploit-db.com/exploits/6756"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/archive/1/497354/100/0/threaded"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/bid/31758"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.vupen.com/english/advisories/2008/2826"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/45869"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A14726"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-399"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2014-12-26 20:59
Modified
2024-11-21 01:14
Severity ?
Summary
Multiple heap-based buffer overflows in VideoLAN VLC media player before 1.0.6 allow remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a crafted byte stream to the (1) A/52, (2) DTS, or (3) MPEG Audio decoder.
References
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:videolan:vlc_media_player:*:*:*:*:*:*:*:*",
"matchCriteriaId": "573B6617-9109-43AA-BD92-B211B6AB7BC4",
"versionEndIncluding": "1.0.5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:videolan:vlc_media_player:0.5.0:*:*:*:*:*:*:*",
"matchCriteriaId": "12602EC1-07DE-4A40-9897-E7E6A23D4B42",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:videolan:vlc_media_player:0.5.1:*:*:*:*:*:*:*",
"matchCriteriaId": "6726FF43-2330-444C-86F0-FB774F8470C8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:videolan:vlc_media_player:0.5.2:*:*:*:*:*:*:*",
"matchCriteriaId": "90D485D0-BBF8-4A0F-91A1-52835EF876A1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:videolan:vlc_media_player:0.5.3:*:*:*:*:*:*:*",
"matchCriteriaId": "DC23A94C-3611-41BA-9043-22C477B8020B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:videolan:vlc_media_player:0.6.0:*:*:*:*:*:*:*",
"matchCriteriaId": "01118457-9068-48F7-B2A4-BABB354E1449",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:videolan:vlc_media_player:0.6.1:*:*:*:*:*:*:*",
"matchCriteriaId": "EB851F73-D444-4316-9AA0-4556068ADED2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:videolan:vlc_media_player:0.6.2:*:*:*:*:*:*:*",
"matchCriteriaId": "6221A983-B4AC-4646-A939-FAA021EE7F20",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:videolan:vlc_media_player:0.7.0:*:*:*:*:*:*:*",
"matchCriteriaId": "F1707178-C378-4098-8C97-CBFB5DD8B4ED",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:videolan:vlc_media_player:0.7.1:*:*:*:*:*:*:*",
"matchCriteriaId": "08AD173D-10D1-4145-88E9-20053ADA7A6D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:videolan:vlc_media_player:0.7.2:*:*:*:*:*:*:*",
"matchCriteriaId": "46904EED-974A-4900-B676-DE298CB3ADE1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:videolan:vlc_media_player:0.8.0:*:*:*:*:*:*:*",
"matchCriteriaId": "4384C436-12AF-4051-B074-893BE6B4C7F2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:videolan:vlc_media_player:0.8.1:*:*:*:*:*:*:*",
"matchCriteriaId": "7EC2CEE6-A2E1-437A-947F-608EB7987758",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:videolan:vlc_media_player:0.8.2:*:*:*:*:*:*:*",
"matchCriteriaId": "C30A98A2-675A-4913-A425-2B9F8F06CEA8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:videolan:vlc_media_player:0.8.4:*:*:*:*:*:*:*",
"matchCriteriaId": "C6A360E5-501E-4A97-94A0-620FC5B2627A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:videolan:vlc_media_player:0.8.4a:*:*:*:*:*:*:*",
"matchCriteriaId": "8E9742E3-756B-418F-8F9F-D86BD37080DC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:videolan:vlc_media_player:0.8.5:*:*:*:*:*:*:*",
"matchCriteriaId": "D2845107-7D0C-4F72-AF0C-0E059E923826",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:videolan:vlc_media_player:0.8.6:*:*:*:*:*:*:*",
"matchCriteriaId": "18B68706-5A1F-479F-8A38-F93D98481F9C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:videolan:vlc_media_player:0.8.6a:*:*:*:*:*:*:*",
"matchCriteriaId": "06BB94C4-9315-48FB-8859-425993D42973",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:videolan:vlc_media_player:0.8.6b:*:*:*:*:*:*:*",
"matchCriteriaId": "97E4572E-337D-43F3-81AE-54E496F04E49",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:videolan:vlc_media_player:0.8.6c:*:*:*:*:*:*:*",
"matchCriteriaId": "DDB2DD0B-7D95-4391-8881-4A22F4AA1778",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:videolan:vlc_media_player:0.8.6d:*:*:*:*:*:*:*",
"matchCriteriaId": "AAFBA7B6-0227-4E0F-AF95-FC02FE84654D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:videolan:vlc_media_player:0.8.6e:*:*:*:*:*:*:*",
"matchCriteriaId": "9D387A08-1B84-46BB-87E2-51E3E9567B8B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:videolan:vlc_media_player:0.8.6f:*:*:*:*:*:*:*",
"matchCriteriaId": "8D26B400-DAF1-4602-9AF7-ECF97919529A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:videolan:vlc_media_player:0.8.6g:*:*:*:*:*:*:*",
"matchCriteriaId": "2150E50E-C00A-407B-9D14-444124D6AD01",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:videolan:vlc_media_player:0.8.6h:*:*:*:*:*:*:*",
"matchCriteriaId": "725D145D-C3F6-4810-96D8-E8AC871093F0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:videolan:vlc_media_player:0.8.6i:*:*:*:*:*:*:*",
"matchCriteriaId": "FD824C10-CB0B-4988-99E9-1B8A2B52C5A3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:videolan:vlc_media_player:0.8.1337:*:*:*:*:*:*:*",
"matchCriteriaId": "714D8595-BFA8-48CE-8563-1CCFF959F8AE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:videolan:vlc_media_player:0.9.0:*:*:*:*:*:*:*",
"matchCriteriaId": "C13FF305-2547-4E85-9007-0A89F5E34BD4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:videolan:vlc_media_player:0.9.1:*:*:*:*:*:*:*",
"matchCriteriaId": "3E93836E-E9D1-4180-A589-43602647741C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:videolan:vlc_media_player:0.9.2:*:*:*:*:*:*:*",
"matchCriteriaId": "B3B32073-DBD5-4344-8498-A132B99807A8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:videolan:vlc_media_player:0.9.3:*:*:*:*:*:*:*",
"matchCriteriaId": "5330E5C4-BF18-498A-9AE2-1C57E2494AAF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:videolan:vlc_media_player:0.9.4:*:*:*:*:*:*:*",
"matchCriteriaId": "86D31A16-94EE-45D6-8C54-4F27D466A29E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:videolan:vlc_media_player:0.9.5:*:*:*:*:*:*:*",
"matchCriteriaId": "117C896C-1C61-440E-B0F4-A871828CD095",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:videolan:vlc_media_player:0.9.6:*:*:*:*:*:*:*",
"matchCriteriaId": "53C17E1A-2E3A-4765-92DE-55CFEE5E4CB0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:videolan:vlc_media_player:0.9.8a:*:*:*:*:*:*:*",
"matchCriteriaId": "A218DA63-4334-4C9F-BB47-44CC00630613",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:videolan:vlc_media_player:0.9.9:*:*:*:*:*:*:*",
"matchCriteriaId": "3CD809FD-E893-4921-83CE-D34008670F8F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:videolan:vlc_media_player:0.9.9a:*:*:*:*:*:*:*",
"matchCriteriaId": "9F8A163E-3578-4BF5-A278-A267D9B9CE82",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:videolan:vlc_media_player:0.9.10:*:*:*:*:*:*:*",
"matchCriteriaId": "8F60ACBF-E7C6-4184-9B91-8ED3840A7BEA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:videolan:vlc_media_player:1.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "D1925D17-564A-4D8C-87FB-D3C731FA0612",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:videolan:vlc_media_player:1.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "70BD6170-AD0D-4E95-8998-8B5CE8F0E3AF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:videolan:vlc_media_player:1.0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "9B06DCD7-56C5-4B25-936E-07D766109FB8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:videolan:vlc_media_player:1.0.3:*:*:*:*:*:*:*",
"matchCriteriaId": "29AD31C5-B119-44EF-8627-2C480860BAD2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:videolan:vlc_media_player:1.0.4:*:*:*:*:*:*:*",
"matchCriteriaId": "692C36B2-2A55-44EA-B80E-D7EDE384BA7D",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Multiple heap-based buffer overflows in VideoLAN VLC media player before 1.0.6 allow remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a crafted byte stream to the (1) A/52, (2) DTS, or (3) MPEG Audio decoder."
},
{
"lang": "es",
"value": "Desbordamiento de buffer basado en memoria din\u00e1mica en el reroductor multimedia VideoLAN VLC 1.0.6 permite a atacantes remotos causar una denegaci\u00f3n de servicio (ca\u00edda de la aplicaci\u00f3n) o la posibilidad de ejecutar c\u00f3digo arbitrario a trav\u00e9s un flujo de bytes modificados a (1) A/52, (2) DTS, o (3) MPEG decodificador de audio."
}
],
"id": "CVE-2010-1441",
"lastModified": "2024-11-21T01:14:26.103",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2014-12-26T20:59:00.090",
"references": [
{
"source": "secalert@redhat.com",
"url": "http://openwall.com/lists/oss-security/2010/04/28/4"
},
{
"source": "secalert@redhat.com",
"tags": [
"Vendor Advisory"
],
"url": "http://www.videolan.org/security/sa1003.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://openwall.com/lists/oss-security/2010/04/28/4"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://www.videolan.org/security/sa1003.html"
}
],
"sourceIdentifier": "secalert@redhat.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-119"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2011-03-28 16:55
Modified
2024-11-21 01:18
Severity ?
Summary
libdirectx_plugin.dll in VideoLAN VLC Media Player before 1.1.8 allows remote attackers to execute arbitrary code via a crafted width in an AMV file, related to a "dangling pointer vulnerability."
References
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:videolan:vlc_media_player:*:*:*:*:*:*:*:*",
"matchCriteriaId": "5F99F1B7-6879-4FE2-87F6-5C3079E6D4E6",
"versionEndIncluding": "1.1.7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:videolan:vlc_media_player:0.1.99b:*:*:*:*:*:*:*",
"matchCriteriaId": "10A23C59-433E-467A-9FDD-7D18CC1AC0AB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:videolan:vlc_media_player:0.1.99e:*:*:*:*:*:*:*",
"matchCriteriaId": "35E2E373-13F6-405D-8866-ECADE118C2F3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:videolan:vlc_media_player:0.1.99f:*:*:*:*:*:*:*",
"matchCriteriaId": "7B9447EA-6F39-4B10-A0E1-C094CF3E1BB3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:videolan:vlc_media_player:0.1.99g:*:*:*:*:*:*:*",
"matchCriteriaId": "D9D2A6B8-B75C-42B5-962F-28DB013D65E3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:videolan:vlc_media_player:0.1.99h:*:*:*:*:*:*:*",
"matchCriteriaId": "9BA4C098-F2B1-496E-B872-90774C7D105C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:videolan:vlc_media_player:0.1.99i:*:*:*:*:*:*:*",
"matchCriteriaId": "E9C2006D-FA5A-4002-B81B-54FC35B46DB0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:videolan:vlc_media_player:0.2.0:*:*:*:*:*:*:*",
"matchCriteriaId": "AC8DE917-7328-4D01-9736-0567963F4D17",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:videolan:vlc_media_player:0.2.60:*:*:*:*:*:*:*",
"matchCriteriaId": "8197F279-8411-4E9A-9840-BCC625D636C1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:videolan:vlc_media_player:0.2.61:*:*:*:*:*:*:*",
"matchCriteriaId": "3F7AF897-3B0C-4CA0-86C7-93C9AA26CD0B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:videolan:vlc_media_player:0.2.62:*:*:*:*:*:*:*",
"matchCriteriaId": "A7B2C78E-8399-404C-97E5-CDAB93587757",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:videolan:vlc_media_player:0.2.63:*:*:*:*:*:*:*",
"matchCriteriaId": "D1D6BE69-725A-4CE1-BD42-D3FA10126BF3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:videolan:vlc_media_player:0.2.70:*:*:*:*:*:*:*",
"matchCriteriaId": "7CC1414B-3733-4B29-AC06-E6788E29C7ED",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:videolan:vlc_media_player:0.2.71:*:*:*:*:*:*:*",
"matchCriteriaId": "DBDEEC2D-8ACD-4C6B-944A-F0952498E511",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:videolan:vlc_media_player:0.2.72:*:*:*:*:*:*:*",
"matchCriteriaId": "3DC59E17-D647-4F91-B9B7-D9949921DFC9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:videolan:vlc_media_player:0.2.73:*:*:*:*:*:*:*",
"matchCriteriaId": "BDC4F928-FD5D-4C11-BF39-B068A5630DF6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:videolan:vlc_media_player:0.2.80:*:*:*:*:*:*:*",
"matchCriteriaId": "398EC30A-ABC6-4474-9516-63769F71E8A7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:videolan:vlc_media_player:0.2.81:*:*:*:*:*:*:*",
"matchCriteriaId": "86EB8260-DCAA-4261-BFF7-8FE3628CE13E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:videolan:vlc_media_player:0.2.82:*:*:*:*:*:*:*",
"matchCriteriaId": "F37BDFCB-3171-44A6-8F0A-0FCCCA876801",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:videolan:vlc_media_player:0.2.83:*:*:*:*:*:*:*",
"matchCriteriaId": "7A26CC61-7D20-4F99-A774-C5FF4AD1F249",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:videolan:vlc_media_player:0.2.90:*:*:*:*:*:*:*",
"matchCriteriaId": "069BA9C0-7B3F-4B6D-B433-2D618F826438",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:videolan:vlc_media_player:0.2.91:*:*:*:*:*:*:*",
"matchCriteriaId": "0B04A969-0645-41D4-AEA4-9AC47725F593",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:videolan:vlc_media_player:0.2.92:*:*:*:*:*:*:*",
"matchCriteriaId": "984C1ABC-B155-417A-AA0E-78B13A263650",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:videolan:vlc_media_player:0.3.0:*:*:*:*:*:*:*",
"matchCriteriaId": "3913F6C0-22E2-4FFC-AFF6-417F286C36F5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:videolan:vlc_media_player:0.3.1:*:*:*:*:*:*:*",
"matchCriteriaId": "205B275E-1E9E-4558-BD8B-1B3E3B349886",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:videolan:vlc_media_player:0.4.0:*:*:*:*:*:*:*",
"matchCriteriaId": "DA909414-DA30-4DAD-A342-3588B0840251",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:videolan:vlc_media_player:0.4.1:*:*:*:*:*:*:*",
"matchCriteriaId": "028CDDD1-BFB7-438F-811D-7549713F45E3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:videolan:vlc_media_player:0.4.2:*:*:*:*:*:*:*",
"matchCriteriaId": "97B959F2-501C-4365-88CD-8231BF36297E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:videolan:vlc_media_player:0.4.3:*:*:*:*:*:*:*",
"matchCriteriaId": "3F5C7D12-3521-4398-AB5C-CBFB6A500DEE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:videolan:vlc_media_player:0.4.4:*:*:*:*:*:*:*",
"matchCriteriaId": "DEFD6C6D-05FC-437E-92B7-848C9112FD42",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:videolan:vlc_media_player:0.4.5:*:*:*:*:*:*:*",
"matchCriteriaId": "C9C45418-8946-4DFE-8D78-CBE3432600BF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:videolan:vlc_media_player:0.4.6:*:*:*:*:*:*:*",
"matchCriteriaId": "3C5F3996-3AE2-4690-84A5-F258BC07596E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:videolan:vlc_media_player:0.5.0:*:*:*:*:*:*:*",
"matchCriteriaId": "12602EC1-07DE-4A40-9897-E7E6A23D4B42",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:videolan:vlc_media_player:0.5.1:*:*:*:*:*:*:*",
"matchCriteriaId": "6726FF43-2330-444C-86F0-FB774F8470C8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:videolan:vlc_media_player:0.5.2:*:*:*:*:*:*:*",
"matchCriteriaId": "90D485D0-BBF8-4A0F-91A1-52835EF876A1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:videolan:vlc_media_player:0.5.3:*:*:*:*:*:*:*",
"matchCriteriaId": "DC23A94C-3611-41BA-9043-22C477B8020B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:videolan:vlc_media_player:0.6.0:*:*:*:*:*:*:*",
"matchCriteriaId": "01118457-9068-48F7-B2A4-BABB354E1449",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:videolan:vlc_media_player:0.6.1:*:*:*:*:*:*:*",
"matchCriteriaId": "EB851F73-D444-4316-9AA0-4556068ADED2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:videolan:vlc_media_player:0.6.2:*:*:*:*:*:*:*",
"matchCriteriaId": "6221A983-B4AC-4646-A939-FAA021EE7F20",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:videolan:vlc_media_player:0.7.0:*:*:*:*:*:*:*",
"matchCriteriaId": "F1707178-C378-4098-8C97-CBFB5DD8B4ED",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:videolan:vlc_media_player:0.7.2:*:*:*:*:*:*:*",
"matchCriteriaId": "46904EED-974A-4900-B676-DE298CB3ADE1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:videolan:vlc_media_player:0.8.0:*:*:*:*:*:*:*",
"matchCriteriaId": "4384C436-12AF-4051-B074-893BE6B4C7F2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:videolan:vlc_media_player:0.8.1:*:*:*:*:*:*:*",
"matchCriteriaId": "7EC2CEE6-A2E1-437A-947F-608EB7987758",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:videolan:vlc_media_player:0.8.2:*:*:*:*:*:*:*",
"matchCriteriaId": "C30A98A2-675A-4913-A425-2B9F8F06CEA8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:videolan:vlc_media_player:0.8.4:*:*:*:*:*:*:*",
"matchCriteriaId": "C6A360E5-501E-4A97-94A0-620FC5B2627A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:videolan:vlc_media_player:0.8.5:*:*:*:*:*:*:*",
"matchCriteriaId": "D2845107-7D0C-4F72-AF0C-0E059E923826",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:videolan:vlc_media_player:0.8.6:*:*:*:*:*:*:*",
"matchCriteriaId": "18B68706-5A1F-479F-8A38-F93D98481F9C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:videolan:vlc_media_player:0.9.2:*:*:*:*:*:*:*",
"matchCriteriaId": "B3B32073-DBD5-4344-8498-A132B99807A8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:videolan:vlc_media_player:0.9.3:*:*:*:*:*:*:*",
"matchCriteriaId": "5330E5C4-BF18-498A-9AE2-1C57E2494AAF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:videolan:vlc_media_player:0.9.4:*:*:*:*:*:*:*",
"matchCriteriaId": "86D31A16-94EE-45D6-8C54-4F27D466A29E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:videolan:vlc_media_player:0.9.5:*:*:*:*:*:*:*",
"matchCriteriaId": "117C896C-1C61-440E-B0F4-A871828CD095",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:videolan:vlc_media_player:0.9.6:*:*:*:*:*:*:*",
"matchCriteriaId": "53C17E1A-2E3A-4765-92DE-55CFEE5E4CB0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:videolan:vlc_media_player:0.9.8a:*:*:*:*:*:*:*",
"matchCriteriaId": "A218DA63-4334-4C9F-BB47-44CC00630613",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:videolan:vlc_media_player:0.9.9:*:*:*:*:*:*:*",
"matchCriteriaId": "3CD809FD-E893-4921-83CE-D34008670F8F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:videolan:vlc_media_player:0.9.10:*:*:*:*:*:*:*",
"matchCriteriaId": "8F60ACBF-E7C6-4184-9B91-8ED3840A7BEA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:videolan:vlc_media_player:1.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "D1925D17-564A-4D8C-87FB-D3C731FA0612",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:videolan:vlc_media_player:1.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "70BD6170-AD0D-4E95-8998-8B5CE8F0E3AF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:videolan:vlc_media_player:1.0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "9B06DCD7-56C5-4B25-936E-07D766109FB8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:videolan:vlc_media_player:1.0.3:*:*:*:*:*:*:*",
"matchCriteriaId": "29AD31C5-B119-44EF-8627-2C480860BAD2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:videolan:vlc_media_player:1.0.4:*:*:*:*:*:*:*",
"matchCriteriaId": "692C36B2-2A55-44EA-B80E-D7EDE384BA7D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:videolan:vlc_media_player:1.0.5:*:*:*:*:*:*:*",
"matchCriteriaId": "CEAD1ED9-4FA1-47D9-87A0-9D6B4C6771DE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:videolan:vlc_media_player:1.0.6:*:*:*:*:*:*:*",
"matchCriteriaId": "B8E2A762-C13C-4BDD-AD86-7A52609D693D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:videolan:vlc_media_player:1.1.0:*:*:*:*:*:*:*",
"matchCriteriaId": "0042DAC1-A91B-40A6-A379-9C345CF13E4B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:videolan:vlc_media_player:1.1.1:*:*:*:*:*:*:*",
"matchCriteriaId": "8D13741F-8A82-44F6-8D73-98451A180529",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:videolan:vlc_media_player:1.1.2:*:*:*:*:*:*:*",
"matchCriteriaId": "E52C6189-71F1-4A3A-BC08-94087AE1FCE6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:videolan:vlc_media_player:1.1.3:*:*:*:*:*:*:*",
"matchCriteriaId": "591C6696-07C0-463A-B986-AD4FA6985AC1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:videolan:vlc_media_player:1.1.4:*:*:*:*:*:*:*",
"matchCriteriaId": "8342E310-43DE-46C0-85D9-E1D1F9F554E8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:videolan:vlc_media_player:1.1.5:*:*:*:*:*:*:*",
"matchCriteriaId": "E74E71F3-984E-4CF3-900A-F80E7103D3C5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:videolan:vlc_media_player:1.1.6:*:*:*:*:*:*:*",
"matchCriteriaId": "B8596527-4778-4CCD-ABBB-90CA434D91E1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:videolan:vlc_media_player:1.1.6.1:*:*:*:*:*:*:*",
"matchCriteriaId": "7CA6D5F5-8EB7-4DA7-BD6C-CAF45052DCB1",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "libdirectx_plugin.dll in VideoLAN VLC Media Player before 1.1.8 allows remote attackers to execute arbitrary code via a crafted width in an AMV file, related to a \"dangling pointer vulnerability.\""
},
{
"lang": "es",
"value": "libdirectx_plugin.dll del reproductor multimedia VideoLAN VLC en versiones anteriores a la 1.1.8 permite a atacantes remotos ejecutar c\u00f3digo de su elecci\u00f3n a trav\u00e9s de una anchura modificada de un fichero AMV. Relacionado con una vulnerabilidad de puntero no liberado."
}
],
"id": "CVE-2010-3275",
"lastModified": "2024-11-21T01:18:25.143",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "COMPLETE",
"baseScore": 9.3,
"confidentialityImpact": "COMPLETE",
"integrityImpact": "COMPLETE",
"vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 10.0,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
]
},
"published": "2011-03-28T16:55:02.530",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/43826"
},
{
"source": "cve@mitre.org",
"url": "http://securityreason.com/securityalert/8162"
},
{
"source": "cve@mitre.org",
"url": "http://securitytracker.com/id?1025250"
},
{
"source": "cve@mitre.org",
"url": "http://www.coresecurity.com/content/vlc-vulnerabilities-amv-nsv-files"
},
{
"source": "cve@mitre.org",
"url": "http://www.debian.org/security/2011/dsa-2211"
},
{
"source": "cve@mitre.org",
"tags": [
"Exploit"
],
"url": "http://www.exploit-db.com/exploits/17048"
},
{
"source": "cve@mitre.org",
"tags": [
"Exploit"
],
"url": "http://www.metasploit.com/modules/exploit/windows/browser/vlc_amv"
},
{
"source": "cve@mitre.org",
"url": "http://www.osvdb.org/71277"
},
{
"source": "cve@mitre.org",
"url": "http://www.securityfocus.com/archive/1/517150/100/0/threaded"
},
{
"source": "cve@mitre.org",
"tags": [
"Exploit"
],
"url": "http://www.securityfocus.com/bid/47012"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch"
],
"url": "http://www.videolan.org/vlc/releases/1.1.8.html"
},
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "http://www.vupen.com/english/advisories/2011/0759"
},
{
"source": "cve@mitre.org",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/66259"
},
{
"source": "cve@mitre.org",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A14718"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/43826"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://securityreason.com/securityalert/8162"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://securitytracker.com/id?1025250"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.coresecurity.com/content/vlc-vulnerabilities-amv-nsv-files"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.debian.org/security/2011/dsa-2211"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit"
],
"url": "http://www.exploit-db.com/exploits/17048"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit"
],
"url": "http://www.metasploit.com/modules/exploit/windows/browser/vlc_amv"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.osvdb.org/71277"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/archive/1/517150/100/0/threaded"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit"
],
"url": "http://www.securityfocus.com/bid/47012"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch"
],
"url": "http://www.videolan.org/vlc/releases/1.1.8.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://www.vupen.com/english/advisories/2011/0759"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/66259"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A14718"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-119"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2015-01-21 15:17
Modified
2024-11-21 02:21
Severity ?
Summary
The picture_Release function in misc/picture.c in VideoLAN VLC media player 2.1.5 allows remote attackers to execute arbitrary code or cause a denial of service (write access violation) via a crafted M2V file.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| videolan | vlc_media_player | 2.1.5 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:videolan:vlc_media_player:2.1.5:*:*:*:*:*:*:*",
"matchCriteriaId": "1E7A286D-5BC7-4D8A-A33F-A1974B5FCA25",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "The picture_Release function in misc/picture.c in VideoLAN VLC media player 2.1.5 allows remote attackers to execute arbitrary code or cause a denial of service (write access violation) via a crafted M2V file."
},
{
"lang": "es",
"value": "La funci\u00f3n picture_Release en misc/picture.c en el reproductor multimedia VideoLAN VLC 2.1.5 permite a atacantes remotos ejecutar c\u00f3digo arbitrario o causar una denegaci\u00f3n de servicio (violaci\u00f3n de acceso a escritura) a trav\u00e9s de un archivo modificado M2V"
}
],
"id": "CVE-2014-9598",
"lastModified": "2024-11-21T02:21:12.730",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 6.8,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
]
},
"published": "2015-01-21T15:17:10.027",
"references": [
{
"source": "cve@mitre.org",
"url": "http://seclists.org/fulldisclosure/2015/Jan/72"
},
{
"source": "cve@mitre.org",
"tags": [
"URL Repurposed"
],
"url": "http://www.binarysniper.net/2015/01/vlc-media-player-215-memory-corruption.html"
},
{
"source": "cve@mitre.org",
"url": "https://security.gentoo.org/glsa/201603-08"
},
{
"source": "cve@mitre.org",
"url": "https://trac.videolan.org/vlc/attachment/ticket/13390/windbglog.txt"
},
{
"source": "cve@mitre.org",
"url": "https://trac.videolan.org/vlc/ticket/13390"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://seclists.org/fulldisclosure/2015/Jan/72"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"URL Repurposed"
],
"url": "http://www.binarysniper.net/2015/01/vlc-media-player-215-memory-corruption.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://security.gentoo.org/glsa/201603-08"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://trac.videolan.org/vlc/attachment/ticket/13390/windbglog.txt"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://trac.videolan.org/vlc/ticket/13390"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-20"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2008-07-07 23:41
Modified
2024-11-21 00:46
Severity ?
Summary
Integer overflow in the Open function in modules/demux/wav.c in VLC Media Player 0.8.6h on Windows allows remote attackers to execute arbitrary code via a large fmt chunk in a WAV file.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| microsoft | windows_nt | * | |
| videolan | vlc_media_player | 0.8.6h |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:microsoft:windows_nt:*:*:*:*:*:*:*:*",
"matchCriteriaId": "ED27882B-A02A-4D5F-9117-A47976C676E0",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:videolan:vlc_media_player:0.8.6h:*:*:*:*:*:*:*",
"matchCriteriaId": "725D145D-C3F6-4810-96D8-E8AC871093F0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Integer overflow in the Open function in modules/demux/wav.c in VLC Media Player 0.8.6h on Windows allows remote attackers to execute arbitrary code via a large fmt chunk in a WAV file."
},
{
"lang": "es",
"value": "Desbordamiento de entero en la Funci\u00f3n Open en modules/demux/wav.c en VLC Media Player 0.8.6h ejecutado sobre Windows, permite a atacantes remotos ejecutar c\u00f3digo de su elecci\u00f3n a trav\u00e9s de un fragmento fmt de gran tama\u00f1o en un archivo WAV."
}
],
"id": "CVE-2008-2430",
"lastModified": "2024-11-21T00:46:52.237",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "COMPLETE",
"baseScore": 9.3,
"confidentialityImpact": "COMPLETE",
"integrityImpact": "COMPLETE",
"vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 10.0,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
]
},
"published": "2008-07-07T23:41:00.000",
"references": [
{
"source": "PSIRT-CNA@flexerasoftware.com",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/30601"
},
{
"source": "PSIRT-CNA@flexerasoftware.com",
"url": "http://secunia.com/advisories/31317"
},
{
"source": "PSIRT-CNA@flexerasoftware.com",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/secunia_research/2008-29/advisory/"
},
{
"source": "PSIRT-CNA@flexerasoftware.com",
"url": "http://security.gentoo.org/glsa/glsa-200807-13.xml"
},
{
"source": "PSIRT-CNA@flexerasoftware.com",
"url": "http://securityreason.com/securityalert/3976"
},
{
"source": "PSIRT-CNA@flexerasoftware.com",
"url": "http://www.securityfocus.com/archive/1/493849/100/0/threaded"
},
{
"source": "PSIRT-CNA@flexerasoftware.com",
"url": "http://www.securityfocus.com/bid/30058"
},
{
"source": "PSIRT-CNA@flexerasoftware.com",
"url": "http://www.securitytracker.com/id?1020429"
},
{
"source": "PSIRT-CNA@flexerasoftware.com",
"url": "http://www.videolan.org/developers/vlc/NEWS"
},
{
"source": "PSIRT-CNA@flexerasoftware.com",
"url": "http://www.vupen.com/english/advisories/2008/1995/references"
},
{
"source": "PSIRT-CNA@flexerasoftware.com",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A14344"
},
{
"source": "PSIRT-CNA@flexerasoftware.com",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A14769"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/30601"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://secunia.com/advisories/31317"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/secunia_research/2008-29/advisory/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://security.gentoo.org/glsa/glsa-200807-13.xml"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://securityreason.com/securityalert/3976"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/archive/1/493849/100/0/threaded"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/bid/30058"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securitytracker.com/id?1020429"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.videolan.org/developers/vlc/NEWS"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.vupen.com/english/advisories/2008/1995/references"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A14344"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A14769"
}
],
"sourceIdentifier": "PSIRT-CNA@flexerasoftware.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-189"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2007-12-06 02:46
Modified
2024-11-21 00:39
Severity ?
Summary
A certain ActiveX control in axvlc.dll in VideoLAN VLC 0.8.6 before 0.8.6d allows remote attackers to execute arbitrary code via crafted arguments to the (1) addTarget, (2) getVariable, or (3) setVariable function, resulting from a "bad initialized pointer," aka a "recursive plugin release vulnerability."
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| videolan | vlc_media_player | 0.8.6 | |
| videolan | vlc_media_player | 0.8.6a | |
| videolan | vlc_media_player | 0.8.6b |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:videolan:vlc_media_player:0.8.6:*:*:*:*:*:*:*",
"matchCriteriaId": "18B68706-5A1F-479F-8A38-F93D98481F9C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:videolan:vlc_media_player:0.8.6a:*:*:*:*:*:*:*",
"matchCriteriaId": "06BB94C4-9315-48FB-8859-425993D42973",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:videolan:vlc_media_player:0.8.6b:*:*:*:*:*:*:*",
"matchCriteriaId": "97E4572E-337D-43F3-81AE-54E496F04E49",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "A certain ActiveX control in axvlc.dll in VideoLAN VLC 0.8.6 before 0.8.6d allows remote attackers to execute arbitrary code via crafted arguments to the (1) addTarget, (2) getVariable, or (3) setVariable function, resulting from a \"bad initialized pointer,\" aka a \"recursive plugin release vulnerability.\""
},
{
"lang": "es",
"value": "Cierto control ActiveX de axvlc.dll en VideoLAN VLC 0.8.6 anterior a 0.8.6d permite a atacantes remotos ejecutar c\u00f3digo de su elecci\u00f3n mediante argumentos manipulados a las funciones (1) addTarget, (2) getVariable, o (3) setVariable, resultando en un \"puntero mal inicializado\", tambi\u00e9n conocido como una \"vulnerabilidad recursiva de liberaci\u00f3n de extensi\u00f3n\"."
}
],
"id": "CVE-2007-6262",
"lastModified": "2024-11-21T00:39:43.703",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 6.8,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
]
},
"published": "2007-12-06T02:46:00.000",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/27878"
},
{
"source": "cve@mitre.org",
"url": "http://securityreason.com/securityalert/3420"
},
{
"source": "cve@mitre.org",
"url": "http://www.coresecurity.com/?action=item\u0026id=2035"
},
{
"source": "cve@mitre.org",
"url": "http://www.securityfocus.com/archive/1/484563/100/0/threaded"
},
{
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Patch"
],
"url": "http://www.securityfocus.com/bid/26675"
},
{
"source": "cve@mitre.org",
"url": "http://www.videolan.org/sa0703.html"
},
{
"source": "cve@mitre.org",
"url": "http://www.vupen.com/english/advisories/2007/4061"
},
{
"source": "cve@mitre.org",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/38816"
},
{
"source": "cve@mitre.org",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A14280"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/27878"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://securityreason.com/securityalert/3420"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.coresecurity.com/?action=item\u0026id=2035"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/archive/1/484563/100/0/threaded"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Patch"
],
"url": "http://www.securityfocus.com/bid/26675"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.videolan.org/sa0703.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.vupen.com/english/advisories/2007/4061"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/38816"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A14280"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-119"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2019-08-29 19:15
Modified
2024-11-21 04:27
Severity ?
Summary
The Control function of demux/mkv/mkv.cpp in VideoLAN VLC media player 3.0.7.1 has a use-after-free.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| videolan | vlc_media_player | 3.0.7.1 | |
| debian | debian_linux | 9.0 | |
| debian | debian_linux | 10.0 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:videolan:vlc_media_player:3.0.7.1:*:*:*:*:*:*:*",
"matchCriteriaId": "E70E115F-4E34-4944-BFB6-F523B54FC328",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*",
"matchCriteriaId": "DEECE5FC-CACF-4496-A3E7-164736409252",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:debian:debian_linux:10.0:*:*:*:*:*:*:*",
"matchCriteriaId": "07B237A9-69A3-4A9C-9DA0-4E06BD37AE73",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "The Control function of demux/mkv/mkv.cpp in VideoLAN VLC media player 3.0.7.1 has a use-after-free."
},
{
"lang": "es",
"value": "La funci\u00f3n Control del archivo demux/mkv/mkv.cpp en VideoLAN VLC media player versi\u00f3n 3.0.7.1, presenta un uso de la memoria previamente liberada."
}
],
"id": "CVE-2019-14777",
"lastModified": "2024-11-21T04:27:19.630",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 6.8,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.0"
},
"exploitabilityScore": 1.8,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2019-08-29T19:15:13.490",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Patch",
"Third Party Advisory"
],
"url": "http://git.videolan.org/?p=vlc.git\u0026a=search\u0026h=refs/heads/master\u0026st=commit\u0026s=cve-2019"
},
{
"source": "cve@mitre.org",
"url": "http://lists.opensuse.org/opensuse-security-announce/2020-04/msg00036.html"
},
{
"source": "cve@mitre.org",
"url": "http://lists.opensuse.org/opensuse-security-announce/2020-04/msg00046.html"
},
{
"source": "cve@mitre.org",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "https://seclists.org/bugtraq/2019/Aug/36"
},
{
"source": "cve@mitre.org",
"url": "https://security.gentoo.org/glsa/201909-02"
},
{
"source": "cve@mitre.org",
"url": "https://usn.ubuntu.com/4131-1/"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
],
"url": "https://www.debian.org/security/2019/dsa-4504"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "https://www.videolan.org/security/sb-vlc308.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Third Party Advisory"
],
"url": "http://git.videolan.org/?p=vlc.git\u0026a=search\u0026h=refs/heads/master\u0026st=commit\u0026s=cve-2019"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://lists.opensuse.org/opensuse-security-announce/2020-04/msg00036.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://lists.opensuse.org/opensuse-security-announce/2020-04/msg00046.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "https://seclists.org/bugtraq/2019/Aug/36"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://security.gentoo.org/glsa/201909-02"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://usn.ubuntu.com/4131-1/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://www.debian.org/security/2019/dsa-4504"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "https://www.videolan.org/security/sb-vlc308.html"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-416"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2011-05-03 20:55
Modified
2024-11-21 01:26
Severity ?
Summary
Heap-based buffer overflow in the MP4_ReadBox_skcr function in libmp4.c in the MP4 demultiplexer in VideoLAN VLC media player 1.x before 1.1.9 allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a crafted MP4 file.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| videolan | vlc_media_player | 1.0.0 | |
| videolan | vlc_media_player | 1.0.1 | |
| videolan | vlc_media_player | 1.0.2 | |
| videolan | vlc_media_player | 1.0.3 | |
| videolan | vlc_media_player | 1.0.4 | |
| videolan | vlc_media_player | 1.0.5 | |
| videolan | vlc_media_player | 1.0.6 | |
| videolan | vlc_media_player | 1.1.0 | |
| videolan | vlc_media_player | 1.1.1 | |
| videolan | vlc_media_player | 1.1.2 | |
| videolan | vlc_media_player | 1.1.3 | |
| videolan | vlc_media_player | 1.1.4 | |
| videolan | vlc_media_player | 1.1.5 | |
| videolan | vlc_media_player | 1.1.6 | |
| videolan | vlc_media_player | 1.1.6.1 | |
| videolan | vlc_media_player | 1.1.7 | |
| videolan | vlc_media_player | 1.1.8 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:videolan:vlc_media_player:1.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "D1925D17-564A-4D8C-87FB-D3C731FA0612",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:videolan:vlc_media_player:1.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "70BD6170-AD0D-4E95-8998-8B5CE8F0E3AF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:videolan:vlc_media_player:1.0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "9B06DCD7-56C5-4B25-936E-07D766109FB8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:videolan:vlc_media_player:1.0.3:*:*:*:*:*:*:*",
"matchCriteriaId": "29AD31C5-B119-44EF-8627-2C480860BAD2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:videolan:vlc_media_player:1.0.4:*:*:*:*:*:*:*",
"matchCriteriaId": "692C36B2-2A55-44EA-B80E-D7EDE384BA7D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:videolan:vlc_media_player:1.0.5:*:*:*:*:*:*:*",
"matchCriteriaId": "CEAD1ED9-4FA1-47D9-87A0-9D6B4C6771DE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:videolan:vlc_media_player:1.0.6:*:*:*:*:*:*:*",
"matchCriteriaId": "B8E2A762-C13C-4BDD-AD86-7A52609D693D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:videolan:vlc_media_player:1.1.0:*:*:*:*:*:*:*",
"matchCriteriaId": "0042DAC1-A91B-40A6-A379-9C345CF13E4B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:videolan:vlc_media_player:1.1.1:*:*:*:*:*:*:*",
"matchCriteriaId": "8D13741F-8A82-44F6-8D73-98451A180529",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:videolan:vlc_media_player:1.1.2:*:*:*:*:*:*:*",
"matchCriteriaId": "E52C6189-71F1-4A3A-BC08-94087AE1FCE6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:videolan:vlc_media_player:1.1.3:*:*:*:*:*:*:*",
"matchCriteriaId": "591C6696-07C0-463A-B986-AD4FA6985AC1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:videolan:vlc_media_player:1.1.4:*:*:*:*:*:*:*",
"matchCriteriaId": "8342E310-43DE-46C0-85D9-E1D1F9F554E8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:videolan:vlc_media_player:1.1.5:*:*:*:*:*:*:*",
"matchCriteriaId": "E74E71F3-984E-4CF3-900A-F80E7103D3C5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:videolan:vlc_media_player:1.1.6:*:*:*:*:*:*:*",
"matchCriteriaId": "B8596527-4778-4CCD-ABBB-90CA434D91E1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:videolan:vlc_media_player:1.1.6.1:*:*:*:*:*:*:*",
"matchCriteriaId": "7CA6D5F5-8EB7-4DA7-BD6C-CAF45052DCB1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:videolan:vlc_media_player:1.1.7:*:*:*:*:*:*:*",
"matchCriteriaId": "6DF8ED57-EE37-4B1D-B094-B3CA22E45127",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:videolan:vlc_media_player:1.1.8:*:*:*:*:*:*:*",
"matchCriteriaId": "E42A1C4B-91EE-417B-A254-9D0E93FCF3B6",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Heap-based buffer overflow in the MP4_ReadBox_skcr function in libmp4.c in the MP4 demultiplexer in VideoLAN VLC media player 1.x before 1.1.9 allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a crafted MP4 file."
},
{
"lang": "es",
"value": "Un desbordamiento de b\u00fafer en la regi\u00f3n heap de la memoria en la funci\u00f3n MP4_ReadBox_skcr en la biblioteca libmp4.c en el demultiplexor MP4 en el reproductor multimedia VLC de VideoLAN versiones 1.x anterior a 1.1.9, permite a los atacantes remotos causar una denegaci\u00f3n de servicio (bloqueo de aplicaci\u00f3n) o posiblemente ejecutar c\u00f3digo arbitrario por medio de un archivo MP4."
}
],
"id": "CVE-2011-1684",
"lastModified": "2024-11-21T01:26:47.950",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 6.8,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
]
},
"published": "2011-05-03T20:55:11.840",
"references": [
{
"source": "cve@mitre.org",
"url": "http://git.videolan.org/?p=vlc.git%3Ba=commit%3Bh=5637ca8141bf39f263ecdb62035d2cb45c740821"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch"
],
"url": "http://openwall.com/lists/oss-security/2011/04/11/17"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch"
],
"url": "http://openwall.com/lists/oss-security/2011/04/13/14"
},
{
"source": "cve@mitre.org",
"url": "http://openwall.com/lists/oss-security/2011/04/13/17"
},
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/43890"
},
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/44022"
},
{
"source": "cve@mitre.org",
"url": "http://securitytracker.com/id?1025373"
},
{
"source": "cve@mitre.org",
"url": "http://www.debian.org/security/2011/dsa-2218"
},
{
"source": "cve@mitre.org",
"url": "http://www.securityfocus.com/bid/47293"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://www.videolan.org/security/sa1103.html"
},
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "http://www.vupen.com/english/advisories/2011/0916"
},
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "http://www.vupen.com/english/advisories/2011/0954"
},
{
"source": "cve@mitre.org",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/66664"
},
{
"source": "cve@mitre.org",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A14741"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://git.videolan.org/?p=vlc.git%3Ba=commit%3Bh=5637ca8141bf39f263ecdb62035d2cb45c740821"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch"
],
"url": "http://openwall.com/lists/oss-security/2011/04/11/17"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch"
],
"url": "http://openwall.com/lists/oss-security/2011/04/13/14"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://openwall.com/lists/oss-security/2011/04/13/17"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/43890"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/44022"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://securitytracker.com/id?1025373"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.debian.org/security/2011/dsa-2218"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/bid/47293"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://www.videolan.org/security/sa1103.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://www.vupen.com/english/advisories/2011/0916"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://www.vupen.com/english/advisories/2011/0954"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/66664"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A14741"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-119"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2021-07-26 17:15
Modified
2024-11-21 05:55
Severity ?
Summary
A buffer overflow vulnerability in the AVI_ExtractSubtitle component of VideoLAN VLC Media Player 3.0.11 allows attackers to cause an out-of-bounds read via a crafted .avi file.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| videolan | vlc_media_player | 3.0.11 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:videolan:vlc_media_player:3.0.11:*:*:*:*:*:*:*",
"matchCriteriaId": "2E929B0B-DD5D-46E5-BD58-AD1229FA9307",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "A buffer overflow vulnerability in the AVI_ExtractSubtitle component of VideoLAN VLC Media Player 3.0.11 allows attackers to cause an out-of-bounds read via a crafted .avi file."
},
{
"lang": "es",
"value": "Una vulnerabilidad de desbordamiento de b\u00fafer en el componente AVI_ExtractSubtitle de VideoLAN VLC Media Player versi\u00f3n 3.0.11 permite a atacantes causar una lectura fuera de los l\u00edmites por medio de un archivo .avi dise\u00f1ado"
}
],
"id": "CVE-2021-25802",
"lastModified": "2024-11-21T05:55:27.330",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 5.8,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:M/Au:N/C:P/I:N/A:P",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 4.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.1,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:H",
"version": "3.1"
},
"exploitabilityScore": 1.8,
"impactScore": 5.2,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2021-07-26T17:15:07.817",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "https://code.videolan.org/videolan/vlc-3.0/-/commit/0660acc3ab64d2c3ad99cae887a438f0648faa72"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "https://code.videolan.org/videolan/vlc-3.0/-/commit/0660acc3ab64d2c3ad99cae887a438f0648faa72"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-125"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2015-08-17 15:59
Modified
2024-11-21 02:21
Severity ?
Summary
Cross-site scripting (XSS) vulnerability in the httpd_HtmlError function in network/httpd.c in the web interface in VideoLAN VLC Media Player before 2.2.0 allows remote attackers to inject arbitrary web script or HTML via the path info.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| videolan | vlc_media_player | * |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:videolan:vlc_media_player:*:*:*:*:*:*:*:*",
"matchCriteriaId": "264503F7-BC8A-44D9-9BFF-A6C72FAAF091",
"versionEndIncluding": "2.1.6",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Cross-site scripting (XSS) vulnerability in the httpd_HtmlError function in network/httpd.c in the web interface in VideoLAN VLC Media Player before 2.2.0 allows remote attackers to inject arbitrary web script or HTML via the path info."
},
{
"lang": "es",
"value": "Vulnerabilidad de XSS en la funci\u00f3n httpd_HtmlError en network/httpd.c en la interfaz web en VideoLAN VLC Media Player en versiones anteriores a 2.2.0, permite a atacantes remotos inyectar secuencias de comandos web o HTML arbitrarios a trav\u00e9s de informaci\u00f3n de ruta."
}
],
"id": "CVE-2014-9743",
"lastModified": "2024-11-21T02:21:34.153",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
]
},
"published": "2015-08-17T15:59:00.107",
"references": [
{
"source": "cve@mitre.org",
"url": "http://git.videolan.org/?p=vlc.git%3Ba=commit%3Bh=fe5063ec5ad1873039ea719eb1f137c8f3bda84b"
},
{
"source": "cve@mitre.org",
"tags": [
"Exploit"
],
"url": "http://seclists.org/fulldisclosure/2014/Mar/324"
},
{
"source": "cve@mitre.org",
"tags": [
"Exploit"
],
"url": "http://www.quantumleap.it/vlc-reflected-xss-vulnerability/"
},
{
"source": "cve@mitre.org",
"url": "http://www.securityfocus.com/bid/66307"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://git.videolan.org/?p=vlc.git%3Ba=commit%3Bh=fe5063ec5ad1873039ea719eb1f137c8f3bda84b"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit"
],
"url": "http://seclists.org/fulldisclosure/2014/Mar/324"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit"
],
"url": "http://www.quantumleap.it/vlc-reflected-xss-vulnerability/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/bid/66307"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-79"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2014-12-26 20:59
Modified
2024-11-21 01:14
Severity ?
Summary
The ZIP archive decompressor in VideoLAN VLC media player before 1.0.6 allows remote attackers to cause a denial of service (invalid memory access and application crash) or possibly execute arbitrary code via a crafted archive.
References
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:videolan:vlc_media_player:*:*:*:*:*:*:*:*",
"matchCriteriaId": "573B6617-9109-43AA-BD92-B211B6AB7BC4",
"versionEndIncluding": "1.0.5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:videolan:vlc_media_player:0.5.0:*:*:*:*:*:*:*",
"matchCriteriaId": "12602EC1-07DE-4A40-9897-E7E6A23D4B42",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:videolan:vlc_media_player:0.5.1:*:*:*:*:*:*:*",
"matchCriteriaId": "6726FF43-2330-444C-86F0-FB774F8470C8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:videolan:vlc_media_player:0.5.2:*:*:*:*:*:*:*",
"matchCriteriaId": "90D485D0-BBF8-4A0F-91A1-52835EF876A1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:videolan:vlc_media_player:0.5.3:*:*:*:*:*:*:*",
"matchCriteriaId": "DC23A94C-3611-41BA-9043-22C477B8020B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:videolan:vlc_media_player:0.6.0:*:*:*:*:*:*:*",
"matchCriteriaId": "01118457-9068-48F7-B2A4-BABB354E1449",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:videolan:vlc_media_player:0.6.1:*:*:*:*:*:*:*",
"matchCriteriaId": "EB851F73-D444-4316-9AA0-4556068ADED2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:videolan:vlc_media_player:0.6.2:*:*:*:*:*:*:*",
"matchCriteriaId": "6221A983-B4AC-4646-A939-FAA021EE7F20",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:videolan:vlc_media_player:0.7.0:*:*:*:*:*:*:*",
"matchCriteriaId": "F1707178-C378-4098-8C97-CBFB5DD8B4ED",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:videolan:vlc_media_player:0.7.1:*:*:*:*:*:*:*",
"matchCriteriaId": "08AD173D-10D1-4145-88E9-20053ADA7A6D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:videolan:vlc_media_player:0.7.2:*:*:*:*:*:*:*",
"matchCriteriaId": "46904EED-974A-4900-B676-DE298CB3ADE1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:videolan:vlc_media_player:0.8.0:*:*:*:*:*:*:*",
"matchCriteriaId": "4384C436-12AF-4051-B074-893BE6B4C7F2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:videolan:vlc_media_player:0.8.1:*:*:*:*:*:*:*",
"matchCriteriaId": "7EC2CEE6-A2E1-437A-947F-608EB7987758",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:videolan:vlc_media_player:0.8.2:*:*:*:*:*:*:*",
"matchCriteriaId": "C30A98A2-675A-4913-A425-2B9F8F06CEA8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:videolan:vlc_media_player:0.8.4:*:*:*:*:*:*:*",
"matchCriteriaId": "C6A360E5-501E-4A97-94A0-620FC5B2627A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:videolan:vlc_media_player:0.8.4a:*:*:*:*:*:*:*",
"matchCriteriaId": "8E9742E3-756B-418F-8F9F-D86BD37080DC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:videolan:vlc_media_player:0.8.5:*:*:*:*:*:*:*",
"matchCriteriaId": "D2845107-7D0C-4F72-AF0C-0E059E923826",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:videolan:vlc_media_player:0.8.6:*:*:*:*:*:*:*",
"matchCriteriaId": "18B68706-5A1F-479F-8A38-F93D98481F9C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:videolan:vlc_media_player:0.8.6a:*:*:*:*:*:*:*",
"matchCriteriaId": "06BB94C4-9315-48FB-8859-425993D42973",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:videolan:vlc_media_player:0.8.6b:*:*:*:*:*:*:*",
"matchCriteriaId": "97E4572E-337D-43F3-81AE-54E496F04E49",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:videolan:vlc_media_player:0.8.6c:*:*:*:*:*:*:*",
"matchCriteriaId": "DDB2DD0B-7D95-4391-8881-4A22F4AA1778",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:videolan:vlc_media_player:0.8.6d:*:*:*:*:*:*:*",
"matchCriteriaId": "AAFBA7B6-0227-4E0F-AF95-FC02FE84654D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:videolan:vlc_media_player:0.8.6e:*:*:*:*:*:*:*",
"matchCriteriaId": "9D387A08-1B84-46BB-87E2-51E3E9567B8B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:videolan:vlc_media_player:0.8.6f:*:*:*:*:*:*:*",
"matchCriteriaId": "8D26B400-DAF1-4602-9AF7-ECF97919529A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:videolan:vlc_media_player:0.8.6g:*:*:*:*:*:*:*",
"matchCriteriaId": "2150E50E-C00A-407B-9D14-444124D6AD01",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:videolan:vlc_media_player:0.8.6h:*:*:*:*:*:*:*",
"matchCriteriaId": "725D145D-C3F6-4810-96D8-E8AC871093F0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:videolan:vlc_media_player:0.8.6i:*:*:*:*:*:*:*",
"matchCriteriaId": "FD824C10-CB0B-4988-99E9-1B8A2B52C5A3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:videolan:vlc_media_player:0.8.1337:*:*:*:*:*:*:*",
"matchCriteriaId": "714D8595-BFA8-48CE-8563-1CCFF959F8AE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:videolan:vlc_media_player:0.9.0:*:*:*:*:*:*:*",
"matchCriteriaId": "C13FF305-2547-4E85-9007-0A89F5E34BD4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:videolan:vlc_media_player:0.9.1:*:*:*:*:*:*:*",
"matchCriteriaId": "3E93836E-E9D1-4180-A589-43602647741C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:videolan:vlc_media_player:0.9.2:*:*:*:*:*:*:*",
"matchCriteriaId": "B3B32073-DBD5-4344-8498-A132B99807A8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:videolan:vlc_media_player:0.9.3:*:*:*:*:*:*:*",
"matchCriteriaId": "5330E5C4-BF18-498A-9AE2-1C57E2494AAF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:videolan:vlc_media_player:0.9.4:*:*:*:*:*:*:*",
"matchCriteriaId": "86D31A16-94EE-45D6-8C54-4F27D466A29E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:videolan:vlc_media_player:0.9.5:*:*:*:*:*:*:*",
"matchCriteriaId": "117C896C-1C61-440E-B0F4-A871828CD095",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:videolan:vlc_media_player:0.9.6:*:*:*:*:*:*:*",
"matchCriteriaId": "53C17E1A-2E3A-4765-92DE-55CFEE5E4CB0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:videolan:vlc_media_player:0.9.8a:*:*:*:*:*:*:*",
"matchCriteriaId": "A218DA63-4334-4C9F-BB47-44CC00630613",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:videolan:vlc_media_player:0.9.9:*:*:*:*:*:*:*",
"matchCriteriaId": "3CD809FD-E893-4921-83CE-D34008670F8F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:videolan:vlc_media_player:0.9.9a:*:*:*:*:*:*:*",
"matchCriteriaId": "9F8A163E-3578-4BF5-A278-A267D9B9CE82",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:videolan:vlc_media_player:0.9.10:*:*:*:*:*:*:*",
"matchCriteriaId": "8F60ACBF-E7C6-4184-9B91-8ED3840A7BEA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:videolan:vlc_media_player:1.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "D1925D17-564A-4D8C-87FB-D3C731FA0612",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:videolan:vlc_media_player:1.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "70BD6170-AD0D-4E95-8998-8B5CE8F0E3AF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:videolan:vlc_media_player:1.0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "9B06DCD7-56C5-4B25-936E-07D766109FB8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:videolan:vlc_media_player:1.0.3:*:*:*:*:*:*:*",
"matchCriteriaId": "29AD31C5-B119-44EF-8627-2C480860BAD2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:videolan:vlc_media_player:1.0.4:*:*:*:*:*:*:*",
"matchCriteriaId": "692C36B2-2A55-44EA-B80E-D7EDE384BA7D",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "The ZIP archive decompressor in VideoLAN VLC media player before 1.0.6 allows remote attackers to cause a denial of service (invalid memory access and application crash) or possibly execute arbitrary code via a crafted archive."
},
{
"lang": "es",
"value": "El archivo descompresor ZIP en el reproductor multimedia VideoLAN VLC 1.0.6 permite a atacantes remotos causar una denegaci\u00f3n de servicio (acceso inv\u00e1lido a memoria y ca\u00edda de la aplicaci\u00f3n) o la posibilidad de ejecutar c\u00f3digo arbitrario a trav\u00e9s de un archivo modificado."
}
],
"id": "CVE-2010-1444",
"lastModified": "2024-11-21T01:14:26.427",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2014-12-26T20:59:05.700",
"references": [
{
"source": "secalert@redhat.com",
"url": "http://git.videolan.org/?p=vlc/vlc-1.1.git%3Ba=commit%3Bh=08813ee6f8eb0faf83790bd4247c0a97af75a1cf"
},
{
"source": "secalert@redhat.com",
"url": "http://openwall.com/lists/oss-security/2010/04/28/4"
},
{
"source": "secalert@redhat.com",
"tags": [
"Vendor Advisory"
],
"url": "http://www.videolan.org/security/sa1003.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://git.videolan.org/?p=vlc/vlc-1.1.git%3Ba=commit%3Bh=08813ee6f8eb0faf83790bd4247c0a97af75a1cf"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://openwall.com/lists/oss-security/2010/04/28/4"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://www.videolan.org/security/sa1003.html"
}
],
"sourceIdentifier": "secalert@redhat.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-119"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2019-08-29 19:15
Modified
2024-11-21 04:27
Severity ?
Summary
A vulnerability in mkv::event_thread_t in VideoLAN VLC media player 3.0.7.1 allows remote attackers to trigger a heap-based buffer overflow via a crafted .mkv file.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| videolan | vlc_media_player | 3.0.7.1 | |
| debian | debian_linux | 9.0 | |
| debian | debian_linux | 10.0 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:videolan:vlc_media_player:3.0.7.1:*:*:*:*:*:*:*",
"matchCriteriaId": "E70E115F-4E34-4944-BFB6-F523B54FC328",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*",
"matchCriteriaId": "DEECE5FC-CACF-4496-A3E7-164736409252",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:debian:debian_linux:10.0:*:*:*:*:*:*:*",
"matchCriteriaId": "07B237A9-69A3-4A9C-9DA0-4E06BD37AE73",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "A vulnerability in mkv::event_thread_t in VideoLAN VLC media player 3.0.7.1 allows remote attackers to trigger a heap-based buffer overflow via a crafted .mkv file."
},
{
"lang": "es",
"value": "Una vulnerabilidad en la funci\u00f3n mkv::event_thread_t en VideoLAN VLC media player versi\u00f3n 3.0.7.1, permite a atacantes remotos desencadenar un desbordamiento del b\u00fafer en la regi\u00f3n heap de la memoria por medio de un archivo .mkv dise\u00f1ado."
}
],
"id": "CVE-2019-14970",
"lastModified": "2024-11-21T04:27:47.877",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 6.8,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.0"
},
"exploitabilityScore": 1.8,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2019-08-29T19:15:13.633",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Patch",
"Third Party Advisory"
],
"url": "http://git.videolan.org/?p=vlc.git\u0026a=search\u0026h=refs/heads/master\u0026st=commit\u0026s=cve-2019"
},
{
"source": "cve@mitre.org",
"url": "http://lists.opensuse.org/opensuse-security-announce/2020-04/msg00036.html"
},
{
"source": "cve@mitre.org",
"url": "http://lists.opensuse.org/opensuse-security-announce/2020-04/msg00046.html"
},
{
"source": "cve@mitre.org",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "https://seclists.org/bugtraq/2019/Aug/36"
},
{
"source": "cve@mitre.org",
"url": "https://security.gentoo.org/glsa/201909-02"
},
{
"source": "cve@mitre.org",
"url": "https://usn.ubuntu.com/4131-1/"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
],
"url": "https://www.debian.org/security/2019/dsa-4504"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "https://www.videolan.org/security/sb-vlc308.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Third Party Advisory"
],
"url": "http://git.videolan.org/?p=vlc.git\u0026a=search\u0026h=refs/heads/master\u0026st=commit\u0026s=cve-2019"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://lists.opensuse.org/opensuse-security-announce/2020-04/msg00036.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://lists.opensuse.org/opensuse-security-announce/2020-04/msg00046.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "https://seclists.org/bugtraq/2019/Aug/36"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://security.gentoo.org/glsa/201909-02"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://usn.ubuntu.com/4131-1/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://www.debian.org/security/2019/dsa-4504"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "https://www.videolan.org/security/sb-vlc308.html"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-787"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2012-10-30 19:55
Modified
2024-11-21 01:34
Severity ?
Summary
Double free vulnerability in the get_chunk_header function in modules/demux/ty.c in VideoLAN VLC media player 0.9.0 through 1.1.12 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a crafted TiVo (TY) file.
References
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:videolan:vlc_media_player:0.9.0:*:*:*:*:*:*:*",
"matchCriteriaId": "C13FF305-2547-4E85-9007-0A89F5E34BD4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:videolan:vlc_media_player:0.9.1:*:*:*:*:*:*:*",
"matchCriteriaId": "3E93836E-E9D1-4180-A589-43602647741C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:videolan:vlc_media_player:0.9.2:*:*:*:*:*:*:*",
"matchCriteriaId": "B3B32073-DBD5-4344-8498-A132B99807A8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:videolan:vlc_media_player:0.9.3:*:*:*:*:*:*:*",
"matchCriteriaId": "5330E5C4-BF18-498A-9AE2-1C57E2494AAF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:videolan:vlc_media_player:0.9.4:*:*:*:*:*:*:*",
"matchCriteriaId": "86D31A16-94EE-45D6-8C54-4F27D466A29E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:videolan:vlc_media_player:0.9.5:*:*:*:*:*:*:*",
"matchCriteriaId": "117C896C-1C61-440E-B0F4-A871828CD095",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:videolan:vlc_media_player:0.9.6:*:*:*:*:*:*:*",
"matchCriteriaId": "53C17E1A-2E3A-4765-92DE-55CFEE5E4CB0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:videolan:vlc_media_player:0.9.8a:*:*:*:*:*:*:*",
"matchCriteriaId": "A218DA63-4334-4C9F-BB47-44CC00630613",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:videolan:vlc_media_player:0.9.9:*:*:*:*:*:*:*",
"matchCriteriaId": "3CD809FD-E893-4921-83CE-D34008670F8F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:videolan:vlc_media_player:0.9.9a:*:*:*:*:*:*:*",
"matchCriteriaId": "9F8A163E-3578-4BF5-A278-A267D9B9CE82",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:videolan:vlc_media_player:0.9.10:*:*:*:*:*:*:*",
"matchCriteriaId": "8F60ACBF-E7C6-4184-9B91-8ED3840A7BEA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:videolan:vlc_media_player:1.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "D1925D17-564A-4D8C-87FB-D3C731FA0612",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:videolan:vlc_media_player:1.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "70BD6170-AD0D-4E95-8998-8B5CE8F0E3AF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:videolan:vlc_media_player:1.0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "9B06DCD7-56C5-4B25-936E-07D766109FB8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:videolan:vlc_media_player:1.0.3:*:*:*:*:*:*:*",
"matchCriteriaId": "29AD31C5-B119-44EF-8627-2C480860BAD2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:videolan:vlc_media_player:1.0.4:*:*:*:*:*:*:*",
"matchCriteriaId": "692C36B2-2A55-44EA-B80E-D7EDE384BA7D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:videolan:vlc_media_player:1.0.5:*:*:*:*:*:*:*",
"matchCriteriaId": "CEAD1ED9-4FA1-47D9-87A0-9D6B4C6771DE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:videolan:vlc_media_player:1.0.6:*:*:*:*:*:*:*",
"matchCriteriaId": "B8E2A762-C13C-4BDD-AD86-7A52609D693D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:videolan:vlc_media_player:1.1.0:*:*:*:*:*:*:*",
"matchCriteriaId": "0042DAC1-A91B-40A6-A379-9C345CF13E4B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:videolan:vlc_media_player:1.1.1:*:*:*:*:*:*:*",
"matchCriteriaId": "8D13741F-8A82-44F6-8D73-98451A180529",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:videolan:vlc_media_player:1.1.2:*:*:*:*:*:*:*",
"matchCriteriaId": "E52C6189-71F1-4A3A-BC08-94087AE1FCE6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:videolan:vlc_media_player:1.1.3:*:*:*:*:*:*:*",
"matchCriteriaId": "591C6696-07C0-463A-B986-AD4FA6985AC1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:videolan:vlc_media_player:1.1.4:*:*:*:*:*:*:*",
"matchCriteriaId": "8342E310-43DE-46C0-85D9-E1D1F9F554E8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:videolan:vlc_media_player:1.1.4.1:*:*:*:*:*:*:*",
"matchCriteriaId": "FAFBBE61-2E34-4CD2-96D2-89A85E66C9AF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:videolan:vlc_media_player:1.1.5:*:*:*:*:*:*:*",
"matchCriteriaId": "E74E71F3-984E-4CF3-900A-F80E7103D3C5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:videolan:vlc_media_player:1.1.6:*:*:*:*:*:*:*",
"matchCriteriaId": "B8596527-4778-4CCD-ABBB-90CA434D91E1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:videolan:vlc_media_player:1.1.6.1:*:*:*:*:*:*:*",
"matchCriteriaId": "7CA6D5F5-8EB7-4DA7-BD6C-CAF45052DCB1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:videolan:vlc_media_player:1.1.7:*:*:*:*:*:*:*",
"matchCriteriaId": "6DF8ED57-EE37-4B1D-B094-B3CA22E45127",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:videolan:vlc_media_player:1.1.8:*:*:*:*:*:*:*",
"matchCriteriaId": "E42A1C4B-91EE-417B-A254-9D0E93FCF3B6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:videolan:vlc_media_player:1.1.9:*:*:*:*:*:*:*",
"matchCriteriaId": "4A0D56A0-6217-4DCF-807A-A17349D63D6B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:videolan:vlc_media_player:1.1.10:*:*:*:*:*:*:*",
"matchCriteriaId": "AC9CA897-FAD0-41AF-97B0-1F44D8C89CF7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:videolan:vlc_media_player:1.1.10.1:*:*:*:*:*:*:*",
"matchCriteriaId": "7CA6FC57-C7FA-4F6E-8B39-083EE477D4DB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:videolan:vlc_media_player:1.1.11:*:*:*:*:*:*:*",
"matchCriteriaId": "D442FC10-1527-4736-AE94-8B65F3601F70",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:videolan:vlc_media_player:1.1.12:*:*:*:*:*:*:*",
"matchCriteriaId": "2AA85720-8DE1-49C8-8A23-1739FBF42B86",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Double free vulnerability in the get_chunk_header function in modules/demux/ty.c in VideoLAN VLC media player 0.9.0 through 1.1.12 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a crafted TiVo (TY) file."
},
{
"lang": "es",
"value": "Vulnerabilidad de doble liberaci\u00f3n en la funci\u00f3n get_chunk_header en modules/demux/ty.c en VideoLAN VLC media player v0.9.0 hasta v1.1.12 permite a atacantes remotos provocar una denegaci\u00f3n de servicio (ca\u00edda de la aplicaci\u00f3n) y posiblemente ejecutar c\u00f3digo de su elecci\u00f3n a trav\u00e9s de un fichero TiVo modificado (TY).\r\n"
}
],
"id": "CVE-2012-0023",
"lastModified": "2024-11-21T01:34:14.087",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "COMPLETE",
"baseScore": 9.3,
"confidentialityImpact": "COMPLETE",
"integrityImpact": "COMPLETE",
"vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 10.0,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
]
},
"published": "2012-10-30T19:55:03.527",
"references": [
{
"source": "secalert@redhat.com",
"url": "http://git.videolan.org/?p=vlc.git%3Ba=commit%3Bh=7d282fac1cc455b5a5eca2bb56375efcbf879b06"
},
{
"source": "secalert@redhat.com",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/47325"
},
{
"source": "secalert@redhat.com",
"url": "http://securitytracker.com/id?1026449"
},
{
"source": "secalert@redhat.com",
"url": "http://www.openwall.com/lists/oss-security/2012/10/29/5"
},
{
"source": "secalert@redhat.com",
"url": "http://www.openwall.com/lists/oss-security/2012/10/30/9"
},
{
"source": "secalert@redhat.com",
"url": "http://www.osvdb.org/77975"
},
{
"source": "secalert@redhat.com",
"url": "http://www.securityfocus.com/bid/51231"
},
{
"source": "secalert@redhat.com",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://www.videolan.org/security/sa1108.html"
},
{
"source": "secalert@redhat.com",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/71916"
},
{
"source": "secalert@redhat.com",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A15893"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://git.videolan.org/?p=vlc.git%3Ba=commit%3Bh=7d282fac1cc455b5a5eca2bb56375efcbf879b06"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/47325"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://securitytracker.com/id?1026449"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.openwall.com/lists/oss-security/2012/10/29/5"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.openwall.com/lists/oss-security/2012/10/30/9"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.osvdb.org/77975"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/bid/51231"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://www.videolan.org/security/sa1108.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/71916"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A15893"
}
],
"sourceIdentifier": "secalert@redhat.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-399"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2011-01-25 19:00
Modified
2024-11-21 01:23
Severity ?
Summary
Multiple heap-based buffer overflows in cdg.c in the CDG decoder in VideoLAN VLC Media Player before 1.1.6 allow remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a crafted CDG video.
References
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:videolan:vlc_media_player:*:*:*:*:*:*:*:*",
"matchCriteriaId": "2892571F-CA1A-49B9-8810-E642D13AD611",
"versionEndIncluding": "1.1.5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:videolan:vlc_media_player:0.1.99b:*:*:*:*:*:*:*",
"matchCriteriaId": "10A23C59-433E-467A-9FDD-7D18CC1AC0AB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:videolan:vlc_media_player:0.1.99e:*:*:*:*:*:*:*",
"matchCriteriaId": "35E2E373-13F6-405D-8866-ECADE118C2F3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:videolan:vlc_media_player:0.1.99f:*:*:*:*:*:*:*",
"matchCriteriaId": "7B9447EA-6F39-4B10-A0E1-C094CF3E1BB3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:videolan:vlc_media_player:0.1.99g:*:*:*:*:*:*:*",
"matchCriteriaId": "D9D2A6B8-B75C-42B5-962F-28DB013D65E3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:videolan:vlc_media_player:0.1.99h:*:*:*:*:*:*:*",
"matchCriteriaId": "9BA4C098-F2B1-496E-B872-90774C7D105C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:videolan:vlc_media_player:0.1.99i:*:*:*:*:*:*:*",
"matchCriteriaId": "E9C2006D-FA5A-4002-B81B-54FC35B46DB0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:videolan:vlc_media_player:0.2.0:*:*:*:*:*:*:*",
"matchCriteriaId": "AC8DE917-7328-4D01-9736-0567963F4D17",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:videolan:vlc_media_player:0.2.60:*:*:*:*:*:*:*",
"matchCriteriaId": "8197F279-8411-4E9A-9840-BCC625D636C1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:videolan:vlc_media_player:0.2.61:*:*:*:*:*:*:*",
"matchCriteriaId": "3F7AF897-3B0C-4CA0-86C7-93C9AA26CD0B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:videolan:vlc_media_player:0.2.62:*:*:*:*:*:*:*",
"matchCriteriaId": "A7B2C78E-8399-404C-97E5-CDAB93587757",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:videolan:vlc_media_player:0.2.63:*:*:*:*:*:*:*",
"matchCriteriaId": "D1D6BE69-725A-4CE1-BD42-D3FA10126BF3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:videolan:vlc_media_player:0.2.70:*:*:*:*:*:*:*",
"matchCriteriaId": "7CC1414B-3733-4B29-AC06-E6788E29C7ED",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:videolan:vlc_media_player:0.2.71:*:*:*:*:*:*:*",
"matchCriteriaId": "DBDEEC2D-8ACD-4C6B-944A-F0952498E511",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:videolan:vlc_media_player:0.2.72:*:*:*:*:*:*:*",
"matchCriteriaId": "3DC59E17-D647-4F91-B9B7-D9949921DFC9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:videolan:vlc_media_player:0.2.73:*:*:*:*:*:*:*",
"matchCriteriaId": "BDC4F928-FD5D-4C11-BF39-B068A5630DF6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:videolan:vlc_media_player:0.2.80:*:*:*:*:*:*:*",
"matchCriteriaId": "398EC30A-ABC6-4474-9516-63769F71E8A7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:videolan:vlc_media_player:0.2.81:*:*:*:*:*:*:*",
"matchCriteriaId": "86EB8260-DCAA-4261-BFF7-8FE3628CE13E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:videolan:vlc_media_player:0.2.82:*:*:*:*:*:*:*",
"matchCriteriaId": "F37BDFCB-3171-44A6-8F0A-0FCCCA876801",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:videolan:vlc_media_player:0.2.83:*:*:*:*:*:*:*",
"matchCriteriaId": "7A26CC61-7D20-4F99-A774-C5FF4AD1F249",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:videolan:vlc_media_player:0.2.90:*:*:*:*:*:*:*",
"matchCriteriaId": "069BA9C0-7B3F-4B6D-B433-2D618F826438",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:videolan:vlc_media_player:0.2.91:*:*:*:*:*:*:*",
"matchCriteriaId": "0B04A969-0645-41D4-AEA4-9AC47725F593",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:videolan:vlc_media_player:0.2.92:*:*:*:*:*:*:*",
"matchCriteriaId": "984C1ABC-B155-417A-AA0E-78B13A263650",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:videolan:vlc_media_player:0.3.0:*:*:*:*:*:*:*",
"matchCriteriaId": "3913F6C0-22E2-4FFC-AFF6-417F286C36F5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:videolan:vlc_media_player:0.3.1:*:*:*:*:*:*:*",
"matchCriteriaId": "205B275E-1E9E-4558-BD8B-1B3E3B349886",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:videolan:vlc_media_player:0.4.0:*:*:*:*:*:*:*",
"matchCriteriaId": "DA909414-DA30-4DAD-A342-3588B0840251",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:videolan:vlc_media_player:0.4.1:*:*:*:*:*:*:*",
"matchCriteriaId": "028CDDD1-BFB7-438F-811D-7549713F45E3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:videolan:vlc_media_player:0.4.2:*:*:*:*:*:*:*",
"matchCriteriaId": "97B959F2-501C-4365-88CD-8231BF36297E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:videolan:vlc_media_player:0.4.3:*:*:*:*:*:*:*",
"matchCriteriaId": "3F5C7D12-3521-4398-AB5C-CBFB6A500DEE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:videolan:vlc_media_player:0.4.4:*:*:*:*:*:*:*",
"matchCriteriaId": "DEFD6C6D-05FC-437E-92B7-848C9112FD42",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:videolan:vlc_media_player:0.4.5:*:*:*:*:*:*:*",
"matchCriteriaId": "C9C45418-8946-4DFE-8D78-CBE3432600BF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:videolan:vlc_media_player:0.4.6:*:*:*:*:*:*:*",
"matchCriteriaId": "3C5F3996-3AE2-4690-84A5-F258BC07596E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:videolan:vlc_media_player:0.5.0:*:*:*:*:*:*:*",
"matchCriteriaId": "12602EC1-07DE-4A40-9897-E7E6A23D4B42",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:videolan:vlc_media_player:0.5.1:*:*:*:*:*:*:*",
"matchCriteriaId": "6726FF43-2330-444C-86F0-FB774F8470C8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:videolan:vlc_media_player:0.5.2:*:*:*:*:*:*:*",
"matchCriteriaId": "90D485D0-BBF8-4A0F-91A1-52835EF876A1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:videolan:vlc_media_player:0.5.3:*:*:*:*:*:*:*",
"matchCriteriaId": "DC23A94C-3611-41BA-9043-22C477B8020B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:videolan:vlc_media_player:0.6.0:*:*:*:*:*:*:*",
"matchCriteriaId": "01118457-9068-48F7-B2A4-BABB354E1449",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:videolan:vlc_media_player:0.6.1:*:*:*:*:*:*:*",
"matchCriteriaId": "EB851F73-D444-4316-9AA0-4556068ADED2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:videolan:vlc_media_player:0.6.2:*:*:*:*:*:*:*",
"matchCriteriaId": "6221A983-B4AC-4646-A939-FAA021EE7F20",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:videolan:vlc_media_player:0.7.0:*:*:*:*:*:*:*",
"matchCriteriaId": "F1707178-C378-4098-8C97-CBFB5DD8B4ED",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:videolan:vlc_media_player:0.7.2:*:*:*:*:*:*:*",
"matchCriteriaId": "46904EED-974A-4900-B676-DE298CB3ADE1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:videolan:vlc_media_player:0.8.0:*:*:*:*:*:*:*",
"matchCriteriaId": "4384C436-12AF-4051-B074-893BE6B4C7F2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:videolan:vlc_media_player:0.8.1:*:*:*:*:*:*:*",
"matchCriteriaId": "7EC2CEE6-A2E1-437A-947F-608EB7987758",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:videolan:vlc_media_player:0.8.2:*:*:*:*:*:*:*",
"matchCriteriaId": "C30A98A2-675A-4913-A425-2B9F8F06CEA8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:videolan:vlc_media_player:0.8.4:*:*:*:*:*:*:*",
"matchCriteriaId": "C6A360E5-501E-4A97-94A0-620FC5B2627A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:videolan:vlc_media_player:0.8.5:*:*:*:*:*:*:*",
"matchCriteriaId": "D2845107-7D0C-4F72-AF0C-0E059E923826",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:videolan:vlc_media_player:0.8.6:*:*:*:*:*:*:*",
"matchCriteriaId": "18B68706-5A1F-479F-8A38-F93D98481F9C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:videolan:vlc_media_player:0.9.2:*:*:*:*:*:*:*",
"matchCriteriaId": "B3B32073-DBD5-4344-8498-A132B99807A8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:videolan:vlc_media_player:0.9.3:*:*:*:*:*:*:*",
"matchCriteriaId": "5330E5C4-BF18-498A-9AE2-1C57E2494AAF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:videolan:vlc_media_player:0.9.4:*:*:*:*:*:*:*",
"matchCriteriaId": "86D31A16-94EE-45D6-8C54-4F27D466A29E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:videolan:vlc_media_player:0.9.5:*:*:*:*:*:*:*",
"matchCriteriaId": "117C896C-1C61-440E-B0F4-A871828CD095",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:videolan:vlc_media_player:0.9.6:*:*:*:*:*:*:*",
"matchCriteriaId": "53C17E1A-2E3A-4765-92DE-55CFEE5E4CB0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:videolan:vlc_media_player:0.9.8a:*:*:*:*:*:*:*",
"matchCriteriaId": "A218DA63-4334-4C9F-BB47-44CC00630613",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:videolan:vlc_media_player:0.9.9:*:*:*:*:*:*:*",
"matchCriteriaId": "3CD809FD-E893-4921-83CE-D34008670F8F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:videolan:vlc_media_player:0.9.10:*:*:*:*:*:*:*",
"matchCriteriaId": "8F60ACBF-E7C6-4184-9B91-8ED3840A7BEA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:videolan:vlc_media_player:1.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "D1925D17-564A-4D8C-87FB-D3C731FA0612",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:videolan:vlc_media_player:1.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "70BD6170-AD0D-4E95-8998-8B5CE8F0E3AF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:videolan:vlc_media_player:1.0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "9B06DCD7-56C5-4B25-936E-07D766109FB8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:videolan:vlc_media_player:1.0.3:*:*:*:*:*:*:*",
"matchCriteriaId": "29AD31C5-B119-44EF-8627-2C480860BAD2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:videolan:vlc_media_player:1.0.4:*:*:*:*:*:*:*",
"matchCriteriaId": "692C36B2-2A55-44EA-B80E-D7EDE384BA7D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:videolan:vlc_media_player:1.0.5:*:*:*:*:*:*:*",
"matchCriteriaId": "CEAD1ED9-4FA1-47D9-87A0-9D6B4C6771DE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:videolan:vlc_media_player:1.0.6:*:*:*:*:*:*:*",
"matchCriteriaId": "B8E2A762-C13C-4BDD-AD86-7A52609D693D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:videolan:vlc_media_player:1.1.0:*:*:*:*:*:*:*",
"matchCriteriaId": "0042DAC1-A91B-40A6-A379-9C345CF13E4B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:videolan:vlc_media_player:1.1.1:*:*:*:*:*:*:*",
"matchCriteriaId": "8D13741F-8A82-44F6-8D73-98451A180529",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:videolan:vlc_media_player:1.1.2:*:*:*:*:*:*:*",
"matchCriteriaId": "E52C6189-71F1-4A3A-BC08-94087AE1FCE6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:videolan:vlc_media_player:1.1.3:*:*:*:*:*:*:*",
"matchCriteriaId": "591C6696-07C0-463A-B986-AD4FA6985AC1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:videolan:vlc_media_player:1.1.4:*:*:*:*:*:*:*",
"matchCriteriaId": "8342E310-43DE-46C0-85D9-E1D1F9F554E8",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Multiple heap-based buffer overflows in cdg.c in the CDG decoder in VideoLAN VLC Media Player before 1.1.6 allow remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a crafted CDG video."
},
{
"lang": "es",
"value": "M\u00faltiples desbordamientos de b\u00fafer de la memoria din\u00e1mica en cdg.c del descodificador CDG para VideoLAN VLC Media Player anterior a v1.1.6 permite a atacantes remotos causar una denegaci\u00f3n de servicio (ca\u00edda de aplicaci\u00f3n) o posiblemente ejecutar c\u00f3digo de su elecci\u00f3n a trav\u00e9s de un v\u00eddeo CDG manipulado"
}
],
"id": "CVE-2011-0021",
"lastModified": "2024-11-21T01:23:08.453",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "COMPLETE",
"baseScore": 9.3,
"confidentialityImpact": "COMPLETE",
"integrityImpact": "COMPLETE",
"vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 10.0,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
]
},
"published": "2011-01-25T19:00:04.370",
"references": [
{
"source": "secalert@redhat.com",
"tags": [
"Patch"
],
"url": "http://download.videolan.org/pub/videolan/vlc/1.1.6/vlc-1.1.6.tar.bz2"
},
{
"source": "secalert@redhat.com",
"url": "http://git.videolan.org/?p=vlc.git%3Ba=commit%3Bh=f9b664eac0e1a7bceed9d7b5854fd9fc351b4aab"
},
{
"source": "secalert@redhat.com",
"url": "http://openwall.com/lists/oss-security/2011/01/19/6"
},
{
"source": "secalert@redhat.com",
"tags": [
"Patch"
],
"url": "http://openwall.com/lists/oss-security/2011/01/20/3"
},
{
"source": "secalert@redhat.com",
"url": "http://www.securityfocus.com/bid/45927"
},
{
"source": "secalert@redhat.com",
"tags": [
"Vendor Advisory"
],
"url": "http://www.vupen.com/english/advisories/2011/0185"
},
{
"source": "secalert@redhat.com",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/64879"
},
{
"source": "secalert@redhat.com",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A12460"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch"
],
"url": "http://download.videolan.org/pub/videolan/vlc/1.1.6/vlc-1.1.6.tar.bz2"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://git.videolan.org/?p=vlc.git%3Ba=commit%3Bh=f9b664eac0e1a7bceed9d7b5854fd9fc351b4aab"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://openwall.com/lists/oss-security/2011/01/19/6"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch"
],
"url": "http://openwall.com/lists/oss-security/2011/01/20/3"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/bid/45927"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://www.vupen.com/english/advisories/2011/0185"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/64879"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A12460"
}
],
"sourceIdentifier": "secalert@redhat.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-119"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2011-06-24 20:55
Modified
2024-11-21 01:27
Severity ?
Summary
Integer overflow in the XSPF playlist parser in VideoLAN VLC media player 0.8.5 through 1.1.9 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via unspecified vectors that trigger a heap-based buffer overflow.
References
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:videolan:vlc_media_player:0.8.5:*:*:*:*:*:*:*",
"matchCriteriaId": "D2845107-7D0C-4F72-AF0C-0E059E923826",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:videolan:vlc_media_player:0.8.6:*:*:*:*:*:*:*",
"matchCriteriaId": "18B68706-5A1F-479F-8A38-F93D98481F9C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:videolan:vlc_media_player:0.8.6a:*:*:*:*:*:*:*",
"matchCriteriaId": "06BB94C4-9315-48FB-8859-425993D42973",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:videolan:vlc_media_player:0.8.6b:*:*:*:*:*:*:*",
"matchCriteriaId": "97E4572E-337D-43F3-81AE-54E496F04E49",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:videolan:vlc_media_player:0.8.6c:*:*:*:*:*:*:*",
"matchCriteriaId": "DDB2DD0B-7D95-4391-8881-4A22F4AA1778",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:videolan:vlc_media_player:0.8.6d:*:*:*:*:*:*:*",
"matchCriteriaId": "AAFBA7B6-0227-4E0F-AF95-FC02FE84654D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:videolan:vlc_media_player:0.8.6e:*:*:*:*:*:*:*",
"matchCriteriaId": "9D387A08-1B84-46BB-87E2-51E3E9567B8B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:videolan:vlc_media_player:0.8.6f:*:*:*:*:*:*:*",
"matchCriteriaId": "8D26B400-DAF1-4602-9AF7-ECF97919529A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:videolan:vlc_media_player:0.8.6g:*:*:*:*:*:*:*",
"matchCriteriaId": "2150E50E-C00A-407B-9D14-444124D6AD01",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:videolan:vlc_media_player:0.8.6h:*:*:*:*:*:*:*",
"matchCriteriaId": "725D145D-C3F6-4810-96D8-E8AC871093F0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:videolan:vlc_media_player:0.8.6i:*:*:*:*:*:*:*",
"matchCriteriaId": "FD824C10-CB0B-4988-99E9-1B8A2B52C5A3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:videolan:vlc_media_player:0.9.0:*:*:*:*:*:*:*",
"matchCriteriaId": "C13FF305-2547-4E85-9007-0A89F5E34BD4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:videolan:vlc_media_player:0.9.1:*:*:*:*:*:*:*",
"matchCriteriaId": "3E93836E-E9D1-4180-A589-43602647741C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:videolan:vlc_media_player:0.9.2:*:*:*:*:*:*:*",
"matchCriteriaId": "B3B32073-DBD5-4344-8498-A132B99807A8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:videolan:vlc_media_player:0.9.3:*:*:*:*:*:*:*",
"matchCriteriaId": "5330E5C4-BF18-498A-9AE2-1C57E2494AAF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:videolan:vlc_media_player:0.9.4:*:*:*:*:*:*:*",
"matchCriteriaId": "86D31A16-94EE-45D6-8C54-4F27D466A29E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:videolan:vlc_media_player:0.9.5:*:*:*:*:*:*:*",
"matchCriteriaId": "117C896C-1C61-440E-B0F4-A871828CD095",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:videolan:vlc_media_player:0.9.6:*:*:*:*:*:*:*",
"matchCriteriaId": "53C17E1A-2E3A-4765-92DE-55CFEE5E4CB0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:videolan:vlc_media_player:0.9.8a:*:*:*:*:*:*:*",
"matchCriteriaId": "A218DA63-4334-4C9F-BB47-44CC00630613",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:videolan:vlc_media_player:0.9.9:*:*:*:*:*:*:*",
"matchCriteriaId": "3CD809FD-E893-4921-83CE-D34008670F8F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:videolan:vlc_media_player:0.9.9a:*:*:*:*:*:*:*",
"matchCriteriaId": "9F8A163E-3578-4BF5-A278-A267D9B9CE82",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:videolan:vlc_media_player:0.9.10:*:*:*:*:*:*:*",
"matchCriteriaId": "8F60ACBF-E7C6-4184-9B91-8ED3840A7BEA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:videolan:vlc_media_player:1.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "D1925D17-564A-4D8C-87FB-D3C731FA0612",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:videolan:vlc_media_player:1.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "70BD6170-AD0D-4E95-8998-8B5CE8F0E3AF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:videolan:vlc_media_player:1.0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "9B06DCD7-56C5-4B25-936E-07D766109FB8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:videolan:vlc_media_player:1.0.3:*:*:*:*:*:*:*",
"matchCriteriaId": "29AD31C5-B119-44EF-8627-2C480860BAD2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:videolan:vlc_media_player:1.0.4:*:*:*:*:*:*:*",
"matchCriteriaId": "692C36B2-2A55-44EA-B80E-D7EDE384BA7D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:videolan:vlc_media_player:1.0.5:*:*:*:*:*:*:*",
"matchCriteriaId": "CEAD1ED9-4FA1-47D9-87A0-9D6B4C6771DE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:videolan:vlc_media_player:1.0.6:*:*:*:*:*:*:*",
"matchCriteriaId": "B8E2A762-C13C-4BDD-AD86-7A52609D693D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:videolan:vlc_media_player:1.1.0:*:*:*:*:*:*:*",
"matchCriteriaId": "0042DAC1-A91B-40A6-A379-9C345CF13E4B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:videolan:vlc_media_player:1.1.1:*:*:*:*:*:*:*",
"matchCriteriaId": "8D13741F-8A82-44F6-8D73-98451A180529",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:videolan:vlc_media_player:1.1.2:*:*:*:*:*:*:*",
"matchCriteriaId": "E52C6189-71F1-4A3A-BC08-94087AE1FCE6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:videolan:vlc_media_player:1.1.3:*:*:*:*:*:*:*",
"matchCriteriaId": "591C6696-07C0-463A-B986-AD4FA6985AC1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:videolan:vlc_media_player:1.1.4:*:*:*:*:*:*:*",
"matchCriteriaId": "8342E310-43DE-46C0-85D9-E1D1F9F554E8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:videolan:vlc_media_player:1.1.4.1:*:*:*:*:*:*:*",
"matchCriteriaId": "FAFBBE61-2E34-4CD2-96D2-89A85E66C9AF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:videolan:vlc_media_player:1.1.5:*:*:*:*:*:*:*",
"matchCriteriaId": "E74E71F3-984E-4CF3-900A-F80E7103D3C5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:videolan:vlc_media_player:1.1.6:*:*:*:*:*:*:*",
"matchCriteriaId": "B8596527-4778-4CCD-ABBB-90CA434D91E1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:videolan:vlc_media_player:1.1.7:*:*:*:*:*:*:*",
"matchCriteriaId": "6DF8ED57-EE37-4B1D-B094-B3CA22E45127",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:videolan:vlc_media_player:1.1.8:*:*:*:*:*:*:*",
"matchCriteriaId": "E42A1C4B-91EE-417B-A254-9D0E93FCF3B6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:videolan:vlc_media_player:1.1.9:*:*:*:*:*:*:*",
"matchCriteriaId": "4A0D56A0-6217-4DCF-807A-A17349D63D6B",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Integer overflow in the XSPF playlist parser in VideoLAN VLC media player 0.8.5 through 1.1.9 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via unspecified vectors that trigger a heap-based buffer overflow."
},
{
"lang": "es",
"value": "Vulnerabilidad de desbordamiento de entero en el analizador de lista de reproducci\u00f3n XSPF de VLC v0.8.5 a v1.1.9 permite a atacantes remotos causar una denegaci\u00f3n de servicio (ca\u00edda de la aplicaci\u00f3n) y posiblemente ejecutar c\u00f3digo arbitrario a trav\u00e9s de vectores no especificados que desencadenan un desbordamiento de b\u00fafer basado en memoria din\u00e1mica."
}
],
"id": "CVE-2011-2194",
"lastModified": "2024-11-21T01:27:47.423",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "COMPLETE",
"baseScore": 9.3,
"confidentialityImpact": "COMPLETE",
"integrityImpact": "COMPLETE",
"vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 10.0,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
]
},
"published": "2011-06-24T20:55:03.840",
"references": [
{
"source": "secalert@redhat.com",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/44892"
},
{
"source": "secalert@redhat.com",
"url": "http://www.debian.org/security/2011/dsa-2257"
},
{
"source": "secalert@redhat.com",
"url": "http://www.securityfocus.com/bid/48171"
},
{
"source": "secalert@redhat.com",
"tags": [
"Vendor Advisory"
],
"url": "http://www.videolan.org/security/sa1104.html"
},
{
"source": "secalert@redhat.com",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A14774"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/44892"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.debian.org/security/2011/dsa-2257"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/bid/48171"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://www.videolan.org/security/sa1104.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A14774"
}
],
"sourceIdentifier": "secalert@redhat.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-189"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2012-03-19 16:55
Modified
2024-11-21 01:37
Severity ?
Summary
Stack-based buffer overflow in VideoLAN VLC media player before 2.0.1 allows remote attackers to execute arbitrary code via a crafted MMS:// stream.
References
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:videolan:vlc_media_player:*:*:*:*:*:*:*:*",
"matchCriteriaId": "3591B2B6-9D24-4C6A-BDF6-7494F83AFF49",
"versionEndIncluding": "2.0.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:videolan:vlc_media_player:0.1.99a:*:*:*:*:*:*:*",
"matchCriteriaId": "EF646283-FBEF-4B71-865F-83D69E5B5348",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:videolan:vlc_media_player:0.1.99b:*:*:*:*:*:*:*",
"matchCriteriaId": "10A23C59-433E-467A-9FDD-7D18CC1AC0AB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:videolan:vlc_media_player:0.1.99c:*:*:*:*:*:*:*",
"matchCriteriaId": "A6EB97D6-20A7-4BAC-BB23-AEF4F9801718",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:videolan:vlc_media_player:0.1.99d:*:*:*:*:*:*:*",
"matchCriteriaId": "BAE3E03E-4F93-4C4B-9748-BBB461E77EB6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:videolan:vlc_media_player:0.1.99e:*:*:*:*:*:*:*",
"matchCriteriaId": "35E2E373-13F6-405D-8866-ECADE118C2F3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:videolan:vlc_media_player:0.1.99f:*:*:*:*:*:*:*",
"matchCriteriaId": "7B9447EA-6F39-4B10-A0E1-C094CF3E1BB3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:videolan:vlc_media_player:0.1.99g:*:*:*:*:*:*:*",
"matchCriteriaId": "D9D2A6B8-B75C-42B5-962F-28DB013D65E3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:videolan:vlc_media_player:0.1.99h:*:*:*:*:*:*:*",
"matchCriteriaId": "9BA4C098-F2B1-496E-B872-90774C7D105C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:videolan:vlc_media_player:0.1.99i:*:*:*:*:*:*:*",
"matchCriteriaId": "E9C2006D-FA5A-4002-B81B-54FC35B46DB0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:videolan:vlc_media_player:0.2.0:*:*:*:*:*:*:*",
"matchCriteriaId": "AC8DE917-7328-4D01-9736-0567963F4D17",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:videolan:vlc_media_player:0.2.50:*:*:*:*:*:*:*",
"matchCriteriaId": "D471A44E-78FB-47E2-A4D9-26148842D4B4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:videolan:vlc_media_player:0.2.60:*:*:*:*:*:*:*",
"matchCriteriaId": "8197F279-8411-4E9A-9840-BCC625D636C1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:videolan:vlc_media_player:0.2.61:*:*:*:*:*:*:*",
"matchCriteriaId": "3F7AF897-3B0C-4CA0-86C7-93C9AA26CD0B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:videolan:vlc_media_player:0.2.62:*:*:*:*:*:*:*",
"matchCriteriaId": "A7B2C78E-8399-404C-97E5-CDAB93587757",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:videolan:vlc_media_player:0.2.63:*:*:*:*:*:*:*",
"matchCriteriaId": "D1D6BE69-725A-4CE1-BD42-D3FA10126BF3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:videolan:vlc_media_player:0.2.70:*:*:*:*:*:*:*",
"matchCriteriaId": "7CC1414B-3733-4B29-AC06-E6788E29C7ED",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:videolan:vlc_media_player:0.2.71:*:*:*:*:*:*:*",
"matchCriteriaId": "DBDEEC2D-8ACD-4C6B-944A-F0952498E511",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:videolan:vlc_media_player:0.2.72:*:*:*:*:*:*:*",
"matchCriteriaId": "3DC59E17-D647-4F91-B9B7-D9949921DFC9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:videolan:vlc_media_player:0.2.73:*:*:*:*:*:*:*",
"matchCriteriaId": "BDC4F928-FD5D-4C11-BF39-B068A5630DF6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:videolan:vlc_media_player:0.2.80:*:*:*:*:*:*:*",
"matchCriteriaId": "398EC30A-ABC6-4474-9516-63769F71E8A7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:videolan:vlc_media_player:0.2.81:*:*:*:*:*:*:*",
"matchCriteriaId": "86EB8260-DCAA-4261-BFF7-8FE3628CE13E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:videolan:vlc_media_player:0.2.82:*:*:*:*:*:*:*",
"matchCriteriaId": "F37BDFCB-3171-44A6-8F0A-0FCCCA876801",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:videolan:vlc_media_player:0.2.83:*:*:*:*:*:*:*",
"matchCriteriaId": "7A26CC61-7D20-4F99-A774-C5FF4AD1F249",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:videolan:vlc_media_player:0.2.90:*:*:*:*:*:*:*",
"matchCriteriaId": "069BA9C0-7B3F-4B6D-B433-2D618F826438",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:videolan:vlc_media_player:0.2.91:*:*:*:*:*:*:*",
"matchCriteriaId": "0B04A969-0645-41D4-AEA4-9AC47725F593",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:videolan:vlc_media_player:0.2.92:*:*:*:*:*:*:*",
"matchCriteriaId": "984C1ABC-B155-417A-AA0E-78B13A263650",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:videolan:vlc_media_player:0.3.0:*:*:*:*:*:*:*",
"matchCriteriaId": "3913F6C0-22E2-4FFC-AFF6-417F286C36F5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:videolan:vlc_media_player:0.3.1:*:*:*:*:*:*:*",
"matchCriteriaId": "205B275E-1E9E-4558-BD8B-1B3E3B349886",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:videolan:vlc_media_player:0.4.0:*:*:*:*:*:*:*",
"matchCriteriaId": "DA909414-DA30-4DAD-A342-3588B0840251",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:videolan:vlc_media_player:0.4.1:*:*:*:*:*:*:*",
"matchCriteriaId": "028CDDD1-BFB7-438F-811D-7549713F45E3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:videolan:vlc_media_player:0.4.2:*:*:*:*:*:*:*",
"matchCriteriaId": "97B959F2-501C-4365-88CD-8231BF36297E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:videolan:vlc_media_player:0.4.3:*:*:*:*:*:*:*",
"matchCriteriaId": "3F5C7D12-3521-4398-AB5C-CBFB6A500DEE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:videolan:vlc_media_player:0.4.3-ac3:*:*:*:*:*:*:*",
"matchCriteriaId": "55159344-9F98-4896-BB2D-D500102BE04E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:videolan:vlc_media_player:0.4.4:*:*:*:*:*:*:*",
"matchCriteriaId": "DEFD6C6D-05FC-437E-92B7-848C9112FD42",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:videolan:vlc_media_player:0.4.5:*:*:*:*:*:*:*",
"matchCriteriaId": "C9C45418-8946-4DFE-8D78-CBE3432600BF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:videolan:vlc_media_player:0.4.6:*:*:*:*:*:*:*",
"matchCriteriaId": "3C5F3996-3AE2-4690-84A5-F258BC07596E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:videolan:vlc_media_player:0.5.0:*:*:*:*:*:*:*",
"matchCriteriaId": "12602EC1-07DE-4A40-9897-E7E6A23D4B42",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:videolan:vlc_media_player:0.5.1:*:*:*:*:*:*:*",
"matchCriteriaId": "6726FF43-2330-444C-86F0-FB774F8470C8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:videolan:vlc_media_player:0.5.2:*:*:*:*:*:*:*",
"matchCriteriaId": "90D485D0-BBF8-4A0F-91A1-52835EF876A1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:videolan:vlc_media_player:0.5.3:*:*:*:*:*:*:*",
"matchCriteriaId": "DC23A94C-3611-41BA-9043-22C477B8020B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:videolan:vlc_media_player:0.6.0:*:*:*:*:*:*:*",
"matchCriteriaId": "01118457-9068-48F7-B2A4-BABB354E1449",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:videolan:vlc_media_player:0.6.1:*:*:*:*:*:*:*",
"matchCriteriaId": "EB851F73-D444-4316-9AA0-4556068ADED2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:videolan:vlc_media_player:0.6.2:*:*:*:*:*:*:*",
"matchCriteriaId": "6221A983-B4AC-4646-A939-FAA021EE7F20",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:videolan:vlc_media_player:0.7.0:*:*:*:*:*:*:*",
"matchCriteriaId": "F1707178-C378-4098-8C97-CBFB5DD8B4ED",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:videolan:vlc_media_player:0.7.1:*:*:*:*:*:*:*",
"matchCriteriaId": "08AD173D-10D1-4145-88E9-20053ADA7A6D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:videolan:vlc_media_player:0.7.1a:*:*:*:*:*:*:*",
"matchCriteriaId": "DA2757CC-8491-4186-9D2D-C2D02A151083",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:videolan:vlc_media_player:0.7.2:*:*:*:*:*:*:*",
"matchCriteriaId": "46904EED-974A-4900-B676-DE298CB3ADE1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:videolan:vlc_media_player:0.7.2:test2:*:*:*:*:*:*",
"matchCriteriaId": "086A0630-E837-482C-B402-7752D1047942",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:videolan:vlc_media_player:0.7.2:test3:*:*:*:*:*:*",
"matchCriteriaId": "E2E714EE-40F1-49DA-886C-1F24C9E56520",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:videolan:vlc_media_player:0.8.0:*:*:*:*:*:*:*",
"matchCriteriaId": "4384C436-12AF-4051-B074-893BE6B4C7F2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:videolan:vlc_media_player:0.8.1:*:*:*:*:*:*:*",
"matchCriteriaId": "7EC2CEE6-A2E1-437A-947F-608EB7987758",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:videolan:vlc_media_player:0.8.2:*:*:*:*:*:*:*",
"matchCriteriaId": "C30A98A2-675A-4913-A425-2B9F8F06CEA8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:videolan:vlc_media_player:0.8.4:*:*:*:*:*:*:*",
"matchCriteriaId": "C6A360E5-501E-4A97-94A0-620FC5B2627A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:videolan:vlc_media_player:0.8.4:test2:*:*:*:*:*:*",
"matchCriteriaId": "EC6BC004-F036-4D5B-A28C-7DE3D7E235D7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:videolan:vlc_media_player:0.8.4a:*:*:*:*:*:*:*",
"matchCriteriaId": "8E9742E3-756B-418F-8F9F-D86BD37080DC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:videolan:vlc_media_player:0.8.5:*:*:*:*:*:*:*",
"matchCriteriaId": "D2845107-7D0C-4F72-AF0C-0E059E923826",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:videolan:vlc_media_player:0.8.5:test3:*:*:*:*:*:*",
"matchCriteriaId": "92694DE5-F480-4647-BD9F-B0A184329269",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:videolan:vlc_media_player:0.8.5:test4:*:*:*:*:*:*",
"matchCriteriaId": "986E669D-6631-4191-A78A-59D2AA370D1F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:videolan:vlc_media_player:0.8.6:*:*:*:*:*:*:*",
"matchCriteriaId": "18B68706-5A1F-479F-8A38-F93D98481F9C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:videolan:vlc_media_player:0.8.6a:*:*:*:*:*:*:*",
"matchCriteriaId": "06BB94C4-9315-48FB-8859-425993D42973",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:videolan:vlc_media_player:0.8.6b:*:*:*:*:*:*:*",
"matchCriteriaId": "97E4572E-337D-43F3-81AE-54E496F04E49",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:videolan:vlc_media_player:0.8.6c:*:*:*:*:*:*:*",
"matchCriteriaId": "DDB2DD0B-7D95-4391-8881-4A22F4AA1778",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:videolan:vlc_media_player:0.8.6d:*:*:*:*:*:*:*",
"matchCriteriaId": "AAFBA7B6-0227-4E0F-AF95-FC02FE84654D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:videolan:vlc_media_player:0.8.6e:*:*:*:*:*:*:*",
"matchCriteriaId": "9D387A08-1B84-46BB-87E2-51E3E9567B8B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:videolan:vlc_media_player:0.8.6f:*:*:*:*:*:*:*",
"matchCriteriaId": "8D26B400-DAF1-4602-9AF7-ECF97919529A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:videolan:vlc_media_player:0.8.6g:*:*:*:*:*:*:*",
"matchCriteriaId": "2150E50E-C00A-407B-9D14-444124D6AD01",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:videolan:vlc_media_player:0.8.6h:*:*:*:*:*:*:*",
"matchCriteriaId": "725D145D-C3F6-4810-96D8-E8AC871093F0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:videolan:vlc_media_player:0.8.6i:*:*:*:*:*:*:*",
"matchCriteriaId": "FD824C10-CB0B-4988-99E9-1B8A2B52C5A3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:videolan:vlc_media_player:0.8.1337:*:*:*:*:*:*:*",
"matchCriteriaId": "714D8595-BFA8-48CE-8563-1CCFF959F8AE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:videolan:vlc_media_player:0.9:*:*:*:*:*:*:*",
"matchCriteriaId": "2989A186-A580-47FE-A8B0-87FD0861D325",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:videolan:vlc_media_player:0.9.0:*:*:*:*:*:*:*",
"matchCriteriaId": "C13FF305-2547-4E85-9007-0A89F5E34BD4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:videolan:vlc_media_player:0.9.1:*:*:*:*:*:*:*",
"matchCriteriaId": "3E93836E-E9D1-4180-A589-43602647741C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:videolan:vlc_media_player:0.9.2:*:*:*:*:*:*:*",
"matchCriteriaId": "B3B32073-DBD5-4344-8498-A132B99807A8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:videolan:vlc_media_player:0.9.3:*:*:*:*:*:*:*",
"matchCriteriaId": "5330E5C4-BF18-498A-9AE2-1C57E2494AAF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:videolan:vlc_media_player:0.9.4:*:*:*:*:*:*:*",
"matchCriteriaId": "86D31A16-94EE-45D6-8C54-4F27D466A29E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:videolan:vlc_media_player:0.9.5:*:*:*:*:*:*:*",
"matchCriteriaId": "117C896C-1C61-440E-B0F4-A871828CD095",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:videolan:vlc_media_player:0.9.6:*:*:*:*:*:*:*",
"matchCriteriaId": "53C17E1A-2E3A-4765-92DE-55CFEE5E4CB0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:videolan:vlc_media_player:0.9.7:*:*:*:*:*:*:*",
"matchCriteriaId": "117878B7-E04F-400E-8E63-FFC5420978A8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:videolan:vlc_media_player:0.9.8:*:*:*:*:*:*:*",
"matchCriteriaId": "8815D85E-1556-40A8-9465-0200D720444B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:videolan:vlc_media_player:0.9.8a:*:*:*:*:*:*:*",
"matchCriteriaId": "A218DA63-4334-4C9F-BB47-44CC00630613",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:videolan:vlc_media_player:0.9.9:*:*:*:*:*:*:*",
"matchCriteriaId": "3CD809FD-E893-4921-83CE-D34008670F8F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:videolan:vlc_media_player:0.9.9a:*:*:*:*:*:*:*",
"matchCriteriaId": "9F8A163E-3578-4BF5-A278-A267D9B9CE82",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:videolan:vlc_media_player:0.9.10:*:*:*:*:*:*:*",
"matchCriteriaId": "8F60ACBF-E7C6-4184-9B91-8ED3840A7BEA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:videolan:vlc_media_player:1.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "D1925D17-564A-4D8C-87FB-D3C731FA0612",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:videolan:vlc_media_player:1.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "70BD6170-AD0D-4E95-8998-8B5CE8F0E3AF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:videolan:vlc_media_player:1.0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "9B06DCD7-56C5-4B25-936E-07D766109FB8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:videolan:vlc_media_player:1.0.3:*:*:*:*:*:*:*",
"matchCriteriaId": "29AD31C5-B119-44EF-8627-2C480860BAD2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:videolan:vlc_media_player:1.0.4:*:*:*:*:*:*:*",
"matchCriteriaId": "692C36B2-2A55-44EA-B80E-D7EDE384BA7D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:videolan:vlc_media_player:1.0.5:*:*:*:*:*:*:*",
"matchCriteriaId": "CEAD1ED9-4FA1-47D9-87A0-9D6B4C6771DE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:videolan:vlc_media_player:1.0.6:*:*:*:*:*:*:*",
"matchCriteriaId": "B8E2A762-C13C-4BDD-AD86-7A52609D693D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:videolan:vlc_media_player:1.1.0:*:*:*:*:*:*:*",
"matchCriteriaId": "0042DAC1-A91B-40A6-A379-9C345CF13E4B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:videolan:vlc_media_player:1.1.1:*:*:*:*:*:*:*",
"matchCriteriaId": "8D13741F-8A82-44F6-8D73-98451A180529",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:videolan:vlc_media_player:1.1.2:*:*:*:*:*:*:*",
"matchCriteriaId": "E52C6189-71F1-4A3A-BC08-94087AE1FCE6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:videolan:vlc_media_player:1.1.3:*:*:*:*:*:*:*",
"matchCriteriaId": "591C6696-07C0-463A-B986-AD4FA6985AC1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:videolan:vlc_media_player:1.1.4:*:*:*:*:*:*:*",
"matchCriteriaId": "8342E310-43DE-46C0-85D9-E1D1F9F554E8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:videolan:vlc_media_player:1.1.4.1:*:*:*:*:*:*:*",
"matchCriteriaId": "FAFBBE61-2E34-4CD2-96D2-89A85E66C9AF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:videolan:vlc_media_player:1.1.5:*:*:*:*:*:*:*",
"matchCriteriaId": "E74E71F3-984E-4CF3-900A-F80E7103D3C5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:videolan:vlc_media_player:1.1.6:*:*:*:*:*:*:*",
"matchCriteriaId": "B8596527-4778-4CCD-ABBB-90CA434D91E1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:videolan:vlc_media_player:1.1.6.1:*:*:*:*:*:*:*",
"matchCriteriaId": "7CA6D5F5-8EB7-4DA7-BD6C-CAF45052DCB1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:videolan:vlc_media_player:1.1.7:*:*:*:*:*:*:*",
"matchCriteriaId": "6DF8ED57-EE37-4B1D-B094-B3CA22E45127",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:videolan:vlc_media_player:1.1.8:*:*:*:*:*:*:*",
"matchCriteriaId": "E42A1C4B-91EE-417B-A254-9D0E93FCF3B6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:videolan:vlc_media_player:1.1.9:*:*:*:*:*:*:*",
"matchCriteriaId": "4A0D56A0-6217-4DCF-807A-A17349D63D6B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:videolan:vlc_media_player:1.1.10:*:*:*:*:*:*:*",
"matchCriteriaId": "AC9CA897-FAD0-41AF-97B0-1F44D8C89CF7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:videolan:vlc_media_player:1.1.10.1:*:*:*:*:*:*:*",
"matchCriteriaId": "7CA6FC57-C7FA-4F6E-8B39-083EE477D4DB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:videolan:vlc_media_player:1.1.11:*:*:*:*:*:*:*",
"matchCriteriaId": "D442FC10-1527-4736-AE94-8B65F3601F70",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:videolan:vlc_media_player:1.1.13:*:*:*:*:*:*:*",
"matchCriteriaId": "F1161807-F82D-4B4B-BF1A-27FEBD7F8715",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Stack-based buffer overflow in VideoLAN VLC media player before 2.0.1 allows remote attackers to execute arbitrary code via a crafted MMS:// stream."
},
{
"lang": "es",
"value": "Un desbordamiento de b\u00fafer Basado en pila en VideoLAN VLC media player antes de v2.0.1 permite a atacantes remotos ejecutar c\u00f3digo de su elecci\u00f3n a trav\u00e9s de un stream MMS:// modificado a mano."
}
],
"id": "CVE-2012-1775",
"lastModified": "2024-11-21T01:37:45.137",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "COMPLETE",
"baseScore": 9.3,
"confidentialityImpact": "COMPLETE",
"integrityImpact": "COMPLETE",
"vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 10.0,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
]
},
"published": "2012-03-19T16:55:01.123",
"references": [
{
"source": "cve@mitre.org",
"url": "http://git.videolan.org/?p=vlc/vlc-2.0.git%3Ba=commit%3Bh=11a95cce96fffdbaba1be6034d7b42721667821c"
},
{
"source": "cve@mitre.org",
"url": "http://www.exploit-db.com/exploits/18825"
},
{
"source": "cve@mitre.org",
"url": "http://www.securityfocus.com/bid/52550"
},
{
"source": "cve@mitre.org",
"url": "http://www.securityfocus.com/bid/53391"
},
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "http://www.videolan.org/security/sa1201.html"
},
{
"source": "cve@mitre.org",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A14820"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://git.videolan.org/?p=vlc/vlc-2.0.git%3Ba=commit%3Bh=11a95cce96fffdbaba1be6034d7b42721667821c"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.exploit-db.com/exploits/18825"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/bid/52550"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/bid/53391"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://www.videolan.org/security/sa1201.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A14820"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-119"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2011-07-07 21:55
Modified
2024-11-21 01:27
Severity ?
Summary
sp5xdec.c in the Sunplus SP5X JPEG decoder in libavcodec in FFmpeg before 0.6.3 and libav through 0.6.2, as used in VideoLAN VLC media player 1.1.9 and earlier and other products, performs a write operation outside the bounds of an unspecified array, which allows remote attackers to cause a denial of service (memory corruption) or possibly execute arbitrary code via a malformed AMV file.
References
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:ffmpeg:ffmpeg:*:*:*:*:*:*:*:*",
"matchCriteriaId": "62B371E4-1DC2-421C-97C3-0C7D63634431",
"versionEndIncluding": "0.6.2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ffmpeg:ffmpeg:0.3:*:*:*:*:*:*:*",
"matchCriteriaId": "B2649A80-4739-4BBB-AB0B-99AD435BE7CF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ffmpeg:ffmpeg:0.3.1:*:*:*:*:*:*:*",
"matchCriteriaId": "D4A2E77D-B826-4B49-ADC8-7F704E149A5A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ffmpeg:ffmpeg:0.3.2:*:*:*:*:*:*:*",
"matchCriteriaId": "18157837-4550-45E3-A12E-AE06E047E253",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ffmpeg:ffmpeg:0.3.3:*:*:*:*:*:*:*",
"matchCriteriaId": "E9F42611-C3E2-416B-9AE7-A5AE83E4DEF7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ffmpeg:ffmpeg:0.3.4:*:*:*:*:*:*:*",
"matchCriteriaId": "3A20789F-26E3-4871-B24E-25E922BADDF0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ffmpeg:ffmpeg:0.4.0:*:*:*:*:*:*:*",
"matchCriteriaId": "67C6C243-3ACC-49C3-80CA-D7CA8FEFF0D8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ffmpeg:ffmpeg:0.4.2:*:*:*:*:*:*:*",
"matchCriteriaId": "6AE6D368-0BA6-4499-B7E1-EE16C03012E9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ffmpeg:ffmpeg:0.4.3:*:*:*:*:*:*:*",
"matchCriteriaId": "26C0F6EF-0452-4AFE-AF3E-B88F963A0938",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ffmpeg:ffmpeg:0.4.4:*:*:*:*:*:*:*",
"matchCriteriaId": "5B4DD372-4D3B-445C-8C38-E083A3C0D4A7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ffmpeg:ffmpeg:0.4.5:*:*:*:*:*:*:*",
"matchCriteriaId": "733C03D7-2780-4D69-A98D-BCFB91D1119A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ffmpeg:ffmpeg:0.4.6:*:*:*:*:*:*:*",
"matchCriteriaId": "0AEE1977-E9E0-4BFF-B33B-B083E49E51F1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ffmpeg:ffmpeg:0.4.7:*:*:*:*:*:*:*",
"matchCriteriaId": "E6979C17-0BC6-47D1-9B73-254D84306A96",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ffmpeg:ffmpeg:0.4.8:*:*:*:*:*:*:*",
"matchCriteriaId": "204C7C05-3441-4DB0-8702-D99C8FCB381E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ffmpeg:ffmpeg:0.4.9:pre1:*:*:*:*:*:*",
"matchCriteriaId": "2E1A7011-B992-4E35-B306-45772DACB23C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ffmpeg:ffmpeg:0.5:*:*:*:*:*:*:*",
"matchCriteriaId": "8D486C17-FC4A-4AEE-A430-1B1FBCC2C27C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ffmpeg:ffmpeg:0.5.1:*:*:*:*:*:*:*",
"matchCriteriaId": "632BC7C2-FE59-47B0-885C-0EB8C74DF041",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ffmpeg:ffmpeg:0.5.2:*:*:*:*:*:*:*",
"matchCriteriaId": "5D1AE0BF-A6FD-4EBA-BF61-07AC81EA560D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ffmpeg:ffmpeg:0.5.3:*:*:*:*:*:*:*",
"matchCriteriaId": "5B8FA106-FE65-4BB0-92A7-E8A5AF978A9B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ffmpeg:ffmpeg:0.5.4:*:*:*:*:*:*:*",
"matchCriteriaId": "514669DA-8D02-44CE-BE18-8783F69AE394",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ffmpeg:ffmpeg:0.6:*:*:*:*:*:*:*",
"matchCriteriaId": "37FBB817-A186-4517-9DA7-B3638576AAE7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ffmpeg:ffmpeg:0.6.1:*:*:*:*:*:*:*",
"matchCriteriaId": "157ABA40-6101-4E9C-A24C-84F8E23D374D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ffmpeg:libavcodec:*:*:*:*:*:*:*:*",
"matchCriteriaId": "3DA07753-777E-469D-BBBA-E300C8FDE9D9",
"vulnerable": false
},
{
"criteria": "cpe:2.3:a:libav:libav:*:*:*:*:*:*:*:*",
"matchCriteriaId": "B022E537-0A57-4F9A-941E-DA10CFF0FC0B",
"versionEndIncluding": "0.6.2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:libav:libav:0.3:*:*:*:*:*:*:*",
"matchCriteriaId": "FB86B78D-837D-481F-A6E8-F48501E08D94",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:libav:libav:0.3.1:*:*:*:*:*:*:*",
"matchCriteriaId": "5056E88C-1F9D-4138-A291-D28CB6766D49",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:libav:libav:0.3.2:*:*:*:*:*:*:*",
"matchCriteriaId": "76D7B815-46FE-4EB6-A922-5B174B74F4D2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:libav:libav:0.3.3:*:*:*:*:*:*:*",
"matchCriteriaId": "5ECC4210-D6A3-4ECC-A042-2107FD655A40",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:libav:libav:0.3.4:*:*:*:*:*:*:*",
"matchCriteriaId": "71EE1D87-553D-4EA6-BFA7-58CBA7819A01",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:libav:libav:0.4.0:*:*:*:*:*:*:*",
"matchCriteriaId": "9CDE9C28-FCF7-4CF8-A657-780F18769980",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:libav:libav:0.4.1:*:*:*:*:*:*:*",
"matchCriteriaId": "E1607C08-0CAD-4148-9F0E-74E53D364156",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:libav:libav:0.4.2:*:*:*:*:*:*:*",
"matchCriteriaId": "B957D8F4-F012-4FF5-87B5-3D31936004DF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:libav:libav:0.4.3:*:*:*:*:*:*:*",
"matchCriteriaId": "4B9344E3-FBB0-4777-889A-D40438C3C560",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:libav:libav:0.4.4:*:*:*:*:*:*:*",
"matchCriteriaId": "4D53D47A-8946-4EB3-8A2B-4A87E0AADD11",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:libav:libav:0.4.5:*:*:*:*:*:*:*",
"matchCriteriaId": "4F28C3ED-FE8A-4404-9CD7-9119373C6EC5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:libav:libav:0.4.6:*:*:*:*:*:*:*",
"matchCriteriaId": "B473F20B-FE7F-4AB4-86AB-BE50E68A1E55",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:libav:libav:0.4.7:*:*:*:*:*:*:*",
"matchCriteriaId": "C5E0C3E3-7935-4569-B086-9C1CA048EE68",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:libav:libav:0.4.8:*:*:*:*:*:*:*",
"matchCriteriaId": "78EBAC6A-AAD3-4F7F-8500-C98EB2BD4468",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:libav:libav:0.4.9:pre1:*:*:*:*:*:*",
"matchCriteriaId": "38A1F1CF-56FD-46C4-AABA-AA72648D7863",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:libav:libav:0.5:*:*:*:*:*:*:*",
"matchCriteriaId": "F27FF9C0-652E-42E8-90D0-B9B369DD6C8D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:libav:libav:0.5.4:*:*:*:*:*:*:*",
"matchCriteriaId": "CECEC54E-7014-447C-9174-8C2B026FF0B0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:libav:libav:0.6:*:*:*:*:*:*:*",
"matchCriteriaId": "ABD1BB7A-D6FF-4B80-9DA6-36D081FB41CE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:libav:libav:0.6.1:*:*:*:*:*:*:*",
"matchCriteriaId": "530C27CC-3250-4C94-8D88-F423FFD0BD4B",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:videolan:vlc_media_player:*:*:*:*:*:*:*:*",
"matchCriteriaId": "790E5A3C-CDBA-46B9-8C77-3C3905BC0760",
"versionEndIncluding": "1.1.9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:videolan:vlc_media_player:0.1.99b:*:*:*:*:*:*:*",
"matchCriteriaId": "10A23C59-433E-467A-9FDD-7D18CC1AC0AB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:videolan:vlc_media_player:0.1.99e:*:*:*:*:*:*:*",
"matchCriteriaId": "35E2E373-13F6-405D-8866-ECADE118C2F3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:videolan:vlc_media_player:0.1.99f:*:*:*:*:*:*:*",
"matchCriteriaId": "7B9447EA-6F39-4B10-A0E1-C094CF3E1BB3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:videolan:vlc_media_player:0.1.99g:*:*:*:*:*:*:*",
"matchCriteriaId": "D9D2A6B8-B75C-42B5-962F-28DB013D65E3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:videolan:vlc_media_player:0.1.99h:*:*:*:*:*:*:*",
"matchCriteriaId": "9BA4C098-F2B1-496E-B872-90774C7D105C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:videolan:vlc_media_player:0.1.99i:*:*:*:*:*:*:*",
"matchCriteriaId": "E9C2006D-FA5A-4002-B81B-54FC35B46DB0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:videolan:vlc_media_player:0.2.0:*:*:*:*:*:*:*",
"matchCriteriaId": "AC8DE917-7328-4D01-9736-0567963F4D17",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:videolan:vlc_media_player:0.2.60:*:*:*:*:*:*:*",
"matchCriteriaId": "8197F279-8411-4E9A-9840-BCC625D636C1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:videolan:vlc_media_player:0.2.61:*:*:*:*:*:*:*",
"matchCriteriaId": "3F7AF897-3B0C-4CA0-86C7-93C9AA26CD0B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:videolan:vlc_media_player:0.2.62:*:*:*:*:*:*:*",
"matchCriteriaId": "A7B2C78E-8399-404C-97E5-CDAB93587757",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:videolan:vlc_media_player:0.2.63:*:*:*:*:*:*:*",
"matchCriteriaId": "D1D6BE69-725A-4CE1-BD42-D3FA10126BF3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:videolan:vlc_media_player:0.2.70:*:*:*:*:*:*:*",
"matchCriteriaId": "7CC1414B-3733-4B29-AC06-E6788E29C7ED",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:videolan:vlc_media_player:0.2.71:*:*:*:*:*:*:*",
"matchCriteriaId": "DBDEEC2D-8ACD-4C6B-944A-F0952498E511",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:videolan:vlc_media_player:0.2.72:*:*:*:*:*:*:*",
"matchCriteriaId": "3DC59E17-D647-4F91-B9B7-D9949921DFC9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:videolan:vlc_media_player:0.2.73:*:*:*:*:*:*:*",
"matchCriteriaId": "BDC4F928-FD5D-4C11-BF39-B068A5630DF6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:videolan:vlc_media_player:0.2.80:*:*:*:*:*:*:*",
"matchCriteriaId": "398EC30A-ABC6-4474-9516-63769F71E8A7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:videolan:vlc_media_player:0.2.81:*:*:*:*:*:*:*",
"matchCriteriaId": "86EB8260-DCAA-4261-BFF7-8FE3628CE13E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:videolan:vlc_media_player:0.2.82:*:*:*:*:*:*:*",
"matchCriteriaId": "F37BDFCB-3171-44A6-8F0A-0FCCCA876801",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:videolan:vlc_media_player:0.2.83:*:*:*:*:*:*:*",
"matchCriteriaId": "7A26CC61-7D20-4F99-A774-C5FF4AD1F249",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:videolan:vlc_media_player:0.2.90:*:*:*:*:*:*:*",
"matchCriteriaId": "069BA9C0-7B3F-4B6D-B433-2D618F826438",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:videolan:vlc_media_player:0.2.91:*:*:*:*:*:*:*",
"matchCriteriaId": "0B04A969-0645-41D4-AEA4-9AC47725F593",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:videolan:vlc_media_player:0.2.92:*:*:*:*:*:*:*",
"matchCriteriaId": "984C1ABC-B155-417A-AA0E-78B13A263650",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:videolan:vlc_media_player:0.3.0:*:*:*:*:*:*:*",
"matchCriteriaId": "3913F6C0-22E2-4FFC-AFF6-417F286C36F5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:videolan:vlc_media_player:0.3.1:*:*:*:*:*:*:*",
"matchCriteriaId": "205B275E-1E9E-4558-BD8B-1B3E3B349886",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:videolan:vlc_media_player:0.4.0:*:*:*:*:*:*:*",
"matchCriteriaId": "DA909414-DA30-4DAD-A342-3588B0840251",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:videolan:vlc_media_player:0.4.1:*:*:*:*:*:*:*",
"matchCriteriaId": "028CDDD1-BFB7-438F-811D-7549713F45E3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:videolan:vlc_media_player:0.4.2:*:*:*:*:*:*:*",
"matchCriteriaId": "97B959F2-501C-4365-88CD-8231BF36297E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:videolan:vlc_media_player:0.4.3:*:*:*:*:*:*:*",
"matchCriteriaId": "3F5C7D12-3521-4398-AB5C-CBFB6A500DEE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:videolan:vlc_media_player:0.4.4:*:*:*:*:*:*:*",
"matchCriteriaId": "DEFD6C6D-05FC-437E-92B7-848C9112FD42",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:videolan:vlc_media_player:0.4.5:*:*:*:*:*:*:*",
"matchCriteriaId": "C9C45418-8946-4DFE-8D78-CBE3432600BF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:videolan:vlc_media_player:0.4.6:*:*:*:*:*:*:*",
"matchCriteriaId": "3C5F3996-3AE2-4690-84A5-F258BC07596E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:videolan:vlc_media_player:0.5.0:*:*:*:*:*:*:*",
"matchCriteriaId": "12602EC1-07DE-4A40-9897-E7E6A23D4B42",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:videolan:vlc_media_player:0.5.1:*:*:*:*:*:*:*",
"matchCriteriaId": "6726FF43-2330-444C-86F0-FB774F8470C8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:videolan:vlc_media_player:0.5.2:*:*:*:*:*:*:*",
"matchCriteriaId": "90D485D0-BBF8-4A0F-91A1-52835EF876A1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:videolan:vlc_media_player:0.5.3:*:*:*:*:*:*:*",
"matchCriteriaId": "DC23A94C-3611-41BA-9043-22C477B8020B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:videolan:vlc_media_player:0.6.0:*:*:*:*:*:*:*",
"matchCriteriaId": "01118457-9068-48F7-B2A4-BABB354E1449",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:videolan:vlc_media_player:0.6.1:*:*:*:*:*:*:*",
"matchCriteriaId": "EB851F73-D444-4316-9AA0-4556068ADED2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:videolan:vlc_media_player:0.6.2:*:*:*:*:*:*:*",
"matchCriteriaId": "6221A983-B4AC-4646-A939-FAA021EE7F20",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:videolan:vlc_media_player:0.7.0:*:*:*:*:*:*:*",
"matchCriteriaId": "F1707178-C378-4098-8C97-CBFB5DD8B4ED",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:videolan:vlc_media_player:0.7.2:*:*:*:*:*:*:*",
"matchCriteriaId": "46904EED-974A-4900-B676-DE298CB3ADE1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:videolan:vlc_media_player:0.8.0:*:*:*:*:*:*:*",
"matchCriteriaId": "4384C436-12AF-4051-B074-893BE6B4C7F2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:videolan:vlc_media_player:0.8.1:*:*:*:*:*:*:*",
"matchCriteriaId": "7EC2CEE6-A2E1-437A-947F-608EB7987758",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:videolan:vlc_media_player:0.8.2:*:*:*:*:*:*:*",
"matchCriteriaId": "C30A98A2-675A-4913-A425-2B9F8F06CEA8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:videolan:vlc_media_player:0.8.4:*:*:*:*:*:*:*",
"matchCriteriaId": "C6A360E5-501E-4A97-94A0-620FC5B2627A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:videolan:vlc_media_player:0.8.5:*:*:*:*:*:*:*",
"matchCriteriaId": "D2845107-7D0C-4F72-AF0C-0E059E923826",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:videolan:vlc_media_player:0.8.6:*:*:*:*:*:*:*",
"matchCriteriaId": "18B68706-5A1F-479F-8A38-F93D98481F9C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:videolan:vlc_media_player:0.9.2:*:*:*:*:*:*:*",
"matchCriteriaId": "B3B32073-DBD5-4344-8498-A132B99807A8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:videolan:vlc_media_player:0.9.3:*:*:*:*:*:*:*",
"matchCriteriaId": "5330E5C4-BF18-498A-9AE2-1C57E2494AAF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:videolan:vlc_media_player:0.9.4:*:*:*:*:*:*:*",
"matchCriteriaId": "86D31A16-94EE-45D6-8C54-4F27D466A29E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:videolan:vlc_media_player:0.9.5:*:*:*:*:*:*:*",
"matchCriteriaId": "117C896C-1C61-440E-B0F4-A871828CD095",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:videolan:vlc_media_player:0.9.6:*:*:*:*:*:*:*",
"matchCriteriaId": "53C17E1A-2E3A-4765-92DE-55CFEE5E4CB0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:videolan:vlc_media_player:0.9.8a:*:*:*:*:*:*:*",
"matchCriteriaId": "A218DA63-4334-4C9F-BB47-44CC00630613",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:videolan:vlc_media_player:0.9.9:*:*:*:*:*:*:*",
"matchCriteriaId": "3CD809FD-E893-4921-83CE-D34008670F8F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:videolan:vlc_media_player:0.9.10:*:*:*:*:*:*:*",
"matchCriteriaId": "8F60ACBF-E7C6-4184-9B91-8ED3840A7BEA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:videolan:vlc_media_player:1.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "D1925D17-564A-4D8C-87FB-D3C731FA0612",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:videolan:vlc_media_player:1.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "70BD6170-AD0D-4E95-8998-8B5CE8F0E3AF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:videolan:vlc_media_player:1.0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "9B06DCD7-56C5-4B25-936E-07D766109FB8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:videolan:vlc_media_player:1.0.3:*:*:*:*:*:*:*",
"matchCriteriaId": "29AD31C5-B119-44EF-8627-2C480860BAD2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:videolan:vlc_media_player:1.0.4:*:*:*:*:*:*:*",
"matchCriteriaId": "692C36B2-2A55-44EA-B80E-D7EDE384BA7D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:videolan:vlc_media_player:1.0.5:*:*:*:*:*:*:*",
"matchCriteriaId": "CEAD1ED9-4FA1-47D9-87A0-9D6B4C6771DE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:videolan:vlc_media_player:1.0.6:*:*:*:*:*:*:*",
"matchCriteriaId": "B8E2A762-C13C-4BDD-AD86-7A52609D693D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:videolan:vlc_media_player:1.1.0:*:*:*:*:*:*:*",
"matchCriteriaId": "0042DAC1-A91B-40A6-A379-9C345CF13E4B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:videolan:vlc_media_player:1.1.1:*:*:*:*:*:*:*",
"matchCriteriaId": "8D13741F-8A82-44F6-8D73-98451A180529",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:videolan:vlc_media_player:1.1.2:*:*:*:*:*:*:*",
"matchCriteriaId": "E52C6189-71F1-4A3A-BC08-94087AE1FCE6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:videolan:vlc_media_player:1.1.3:*:*:*:*:*:*:*",
"matchCriteriaId": "591C6696-07C0-463A-B986-AD4FA6985AC1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:videolan:vlc_media_player:1.1.4:*:*:*:*:*:*:*",
"matchCriteriaId": "8342E310-43DE-46C0-85D9-E1D1F9F554E8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:videolan:vlc_media_player:1.1.4.1:*:*:*:*:*:*:*",
"matchCriteriaId": "FAFBBE61-2E34-4CD2-96D2-89A85E66C9AF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:videolan:vlc_media_player:1.1.5:*:*:*:*:*:*:*",
"matchCriteriaId": "E74E71F3-984E-4CF3-900A-F80E7103D3C5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:videolan:vlc_media_player:1.1.6:*:*:*:*:*:*:*",
"matchCriteriaId": "B8596527-4778-4CCD-ABBB-90CA434D91E1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:videolan:vlc_media_player:1.1.7:*:*:*:*:*:*:*",
"matchCriteriaId": "6DF8ED57-EE37-4B1D-B094-B3CA22E45127",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:videolan:vlc_media_player:1.1.8:*:*:*:*:*:*:*",
"matchCriteriaId": "E42A1C4B-91EE-417B-A254-9D0E93FCF3B6",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "sp5xdec.c in the Sunplus SP5X JPEG decoder in libavcodec in FFmpeg before 0.6.3 and libav through 0.6.2, as used in VideoLAN VLC media player 1.1.9 and earlier and other products, performs a write operation outside the bounds of an unspecified array, which allows remote attackers to cause a denial of service (memory corruption) or possibly execute arbitrary code via a malformed AMV file."
},
{
"lang": "es",
"value": "sp5xdec.c en el decodificador Sunplus SP5X JPEG en libavcodec en FFmpeg antes de v0.6.3 y libav hasta v0.6.2, tal y como se utiliza en VideoLAN VLC media player v1.1.9 y versiones anteriores y otros productos, realiza una operaci\u00f3n de escritura fuera de los l\u00edmites permitidos de un array no especificado, lo que permite a atacantes remotos causar una denegaci\u00f3n de servicio (por corrupci\u00f3n de memoria) o posiblemente ejecutar c\u00f3digo arbitrario a trav\u00e9s de un archivo AMV mal formado."
}
],
"id": "CVE-2011-1931",
"lastModified": "2024-11-21T01:27:20.057",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 6.8,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
]
},
"published": "2011-07-07T21:55:02.087",
"references": [
{
"source": "secalert@redhat.com",
"tags": [
"Patch"
],
"url": "http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=624339"
},
{
"source": "secalert@redhat.com",
"url": "http://git.videolan.org/?p=ffmpeg.git%3Ba=commit%3Bh=89f903b3d5ec38c9c5d90fba7e626fa0eda61a32"
},
{
"source": "secalert@redhat.com",
"url": "http://securityreason.com/securityalert/8299"
},
{
"source": "secalert@redhat.com",
"url": "http://www.securityfocus.com/archive/1/517706"
},
{
"source": "secalert@redhat.com",
"url": "http://www.securityfocus.com/bid/47602"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch"
],
"url": "http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=624339"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://git.videolan.org/?p=ffmpeg.git%3Ba=commit%3Bh=89f903b3d5ec38c9c5d90fba7e626fa0eda61a32"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://securityreason.com/securityalert/8299"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/archive/1/517706"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/bid/47602"
}
],
"sourceIdentifier": "secalert@redhat.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-119"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2012-03-19 16:55
Modified
2024-11-21 01:37
Severity ?
Summary
Multiple heap-based buffer overflows in VideoLAN VLC media player before 2.0.1 allow remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a crafted Real RTSP stream.
References
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:videolan:vlc_media_player:*:*:*:*:*:*:*:*",
"matchCriteriaId": "3591B2B6-9D24-4C6A-BDF6-7494F83AFF49",
"versionEndIncluding": "2.0.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:videolan:vlc_media_player:0.1.99a:*:*:*:*:*:*:*",
"matchCriteriaId": "EF646283-FBEF-4B71-865F-83D69E5B5348",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:videolan:vlc_media_player:0.1.99b:*:*:*:*:*:*:*",
"matchCriteriaId": "10A23C59-433E-467A-9FDD-7D18CC1AC0AB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:videolan:vlc_media_player:0.1.99c:*:*:*:*:*:*:*",
"matchCriteriaId": "A6EB97D6-20A7-4BAC-BB23-AEF4F9801718",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:videolan:vlc_media_player:0.1.99d:*:*:*:*:*:*:*",
"matchCriteriaId": "BAE3E03E-4F93-4C4B-9748-BBB461E77EB6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:videolan:vlc_media_player:0.1.99e:*:*:*:*:*:*:*",
"matchCriteriaId": "35E2E373-13F6-405D-8866-ECADE118C2F3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:videolan:vlc_media_player:0.1.99f:*:*:*:*:*:*:*",
"matchCriteriaId": "7B9447EA-6F39-4B10-A0E1-C094CF3E1BB3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:videolan:vlc_media_player:0.1.99g:*:*:*:*:*:*:*",
"matchCriteriaId": "D9D2A6B8-B75C-42B5-962F-28DB013D65E3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:videolan:vlc_media_player:0.1.99h:*:*:*:*:*:*:*",
"matchCriteriaId": "9BA4C098-F2B1-496E-B872-90774C7D105C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:videolan:vlc_media_player:0.1.99i:*:*:*:*:*:*:*",
"matchCriteriaId": "E9C2006D-FA5A-4002-B81B-54FC35B46DB0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:videolan:vlc_media_player:0.2.0:*:*:*:*:*:*:*",
"matchCriteriaId": "AC8DE917-7328-4D01-9736-0567963F4D17",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:videolan:vlc_media_player:0.2.50:*:*:*:*:*:*:*",
"matchCriteriaId": "D471A44E-78FB-47E2-A4D9-26148842D4B4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:videolan:vlc_media_player:0.2.60:*:*:*:*:*:*:*",
"matchCriteriaId": "8197F279-8411-4E9A-9840-BCC625D636C1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:videolan:vlc_media_player:0.2.61:*:*:*:*:*:*:*",
"matchCriteriaId": "3F7AF897-3B0C-4CA0-86C7-93C9AA26CD0B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:videolan:vlc_media_player:0.2.62:*:*:*:*:*:*:*",
"matchCriteriaId": "A7B2C78E-8399-404C-97E5-CDAB93587757",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:videolan:vlc_media_player:0.2.63:*:*:*:*:*:*:*",
"matchCriteriaId": "D1D6BE69-725A-4CE1-BD42-D3FA10126BF3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:videolan:vlc_media_player:0.2.70:*:*:*:*:*:*:*",
"matchCriteriaId": "7CC1414B-3733-4B29-AC06-E6788E29C7ED",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:videolan:vlc_media_player:0.2.71:*:*:*:*:*:*:*",
"matchCriteriaId": "DBDEEC2D-8ACD-4C6B-944A-F0952498E511",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:videolan:vlc_media_player:0.2.72:*:*:*:*:*:*:*",
"matchCriteriaId": "3DC59E17-D647-4F91-B9B7-D9949921DFC9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:videolan:vlc_media_player:0.2.73:*:*:*:*:*:*:*",
"matchCriteriaId": "BDC4F928-FD5D-4C11-BF39-B068A5630DF6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:videolan:vlc_media_player:0.2.80:*:*:*:*:*:*:*",
"matchCriteriaId": "398EC30A-ABC6-4474-9516-63769F71E8A7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:videolan:vlc_media_player:0.2.81:*:*:*:*:*:*:*",
"matchCriteriaId": "86EB8260-DCAA-4261-BFF7-8FE3628CE13E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:videolan:vlc_media_player:0.2.82:*:*:*:*:*:*:*",
"matchCriteriaId": "F37BDFCB-3171-44A6-8F0A-0FCCCA876801",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:videolan:vlc_media_player:0.2.83:*:*:*:*:*:*:*",
"matchCriteriaId": "7A26CC61-7D20-4F99-A774-C5FF4AD1F249",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:videolan:vlc_media_player:0.2.90:*:*:*:*:*:*:*",
"matchCriteriaId": "069BA9C0-7B3F-4B6D-B433-2D618F826438",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:videolan:vlc_media_player:0.2.91:*:*:*:*:*:*:*",
"matchCriteriaId": "0B04A969-0645-41D4-AEA4-9AC47725F593",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:videolan:vlc_media_player:0.2.92:*:*:*:*:*:*:*",
"matchCriteriaId": "984C1ABC-B155-417A-AA0E-78B13A263650",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:videolan:vlc_media_player:0.3.0:*:*:*:*:*:*:*",
"matchCriteriaId": "3913F6C0-22E2-4FFC-AFF6-417F286C36F5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:videolan:vlc_media_player:0.3.1:*:*:*:*:*:*:*",
"matchCriteriaId": "205B275E-1E9E-4558-BD8B-1B3E3B349886",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:videolan:vlc_media_player:0.4.0:*:*:*:*:*:*:*",
"matchCriteriaId": "DA909414-DA30-4DAD-A342-3588B0840251",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:videolan:vlc_media_player:0.4.1:*:*:*:*:*:*:*",
"matchCriteriaId": "028CDDD1-BFB7-438F-811D-7549713F45E3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:videolan:vlc_media_player:0.4.2:*:*:*:*:*:*:*",
"matchCriteriaId": "97B959F2-501C-4365-88CD-8231BF36297E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:videolan:vlc_media_player:0.4.3:*:*:*:*:*:*:*",
"matchCriteriaId": "3F5C7D12-3521-4398-AB5C-CBFB6A500DEE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:videolan:vlc_media_player:0.4.3-ac3:*:*:*:*:*:*:*",
"matchCriteriaId": "55159344-9F98-4896-BB2D-D500102BE04E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:videolan:vlc_media_player:0.4.4:*:*:*:*:*:*:*",
"matchCriteriaId": "DEFD6C6D-05FC-437E-92B7-848C9112FD42",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:videolan:vlc_media_player:0.4.5:*:*:*:*:*:*:*",
"matchCriteriaId": "C9C45418-8946-4DFE-8D78-CBE3432600BF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:videolan:vlc_media_player:0.4.6:*:*:*:*:*:*:*",
"matchCriteriaId": "3C5F3996-3AE2-4690-84A5-F258BC07596E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:videolan:vlc_media_player:0.5.0:*:*:*:*:*:*:*",
"matchCriteriaId": "12602EC1-07DE-4A40-9897-E7E6A23D4B42",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:videolan:vlc_media_player:0.5.1:*:*:*:*:*:*:*",
"matchCriteriaId": "6726FF43-2330-444C-86F0-FB774F8470C8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:videolan:vlc_media_player:0.5.2:*:*:*:*:*:*:*",
"matchCriteriaId": "90D485D0-BBF8-4A0F-91A1-52835EF876A1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:videolan:vlc_media_player:0.5.3:*:*:*:*:*:*:*",
"matchCriteriaId": "DC23A94C-3611-41BA-9043-22C477B8020B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:videolan:vlc_media_player:0.6.0:*:*:*:*:*:*:*",
"matchCriteriaId": "01118457-9068-48F7-B2A4-BABB354E1449",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:videolan:vlc_media_player:0.6.1:*:*:*:*:*:*:*",
"matchCriteriaId": "EB851F73-D444-4316-9AA0-4556068ADED2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:videolan:vlc_media_player:0.6.2:*:*:*:*:*:*:*",
"matchCriteriaId": "6221A983-B4AC-4646-A939-FAA021EE7F20",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:videolan:vlc_media_player:0.7.0:*:*:*:*:*:*:*",
"matchCriteriaId": "F1707178-C378-4098-8C97-CBFB5DD8B4ED",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:videolan:vlc_media_player:0.7.1:*:*:*:*:*:*:*",
"matchCriteriaId": "08AD173D-10D1-4145-88E9-20053ADA7A6D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:videolan:vlc_media_player:0.7.1a:*:*:*:*:*:*:*",
"matchCriteriaId": "DA2757CC-8491-4186-9D2D-C2D02A151083",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:videolan:vlc_media_player:0.7.2:*:*:*:*:*:*:*",
"matchCriteriaId": "46904EED-974A-4900-B676-DE298CB3ADE1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:videolan:vlc_media_player:0.7.2:test2:*:*:*:*:*:*",
"matchCriteriaId": "086A0630-E837-482C-B402-7752D1047942",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:videolan:vlc_media_player:0.7.2:test3:*:*:*:*:*:*",
"matchCriteriaId": "E2E714EE-40F1-49DA-886C-1F24C9E56520",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:videolan:vlc_media_player:0.8.0:*:*:*:*:*:*:*",
"matchCriteriaId": "4384C436-12AF-4051-B074-893BE6B4C7F2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:videolan:vlc_media_player:0.8.1:*:*:*:*:*:*:*",
"matchCriteriaId": "7EC2CEE6-A2E1-437A-947F-608EB7987758",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:videolan:vlc_media_player:0.8.2:*:*:*:*:*:*:*",
"matchCriteriaId": "C30A98A2-675A-4913-A425-2B9F8F06CEA8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:videolan:vlc_media_player:0.8.4:*:*:*:*:*:*:*",
"matchCriteriaId": "C6A360E5-501E-4A97-94A0-620FC5B2627A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:videolan:vlc_media_player:0.8.4:test2:*:*:*:*:*:*",
"matchCriteriaId": "EC6BC004-F036-4D5B-A28C-7DE3D7E235D7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:videolan:vlc_media_player:0.8.4a:*:*:*:*:*:*:*",
"matchCriteriaId": "8E9742E3-756B-418F-8F9F-D86BD37080DC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:videolan:vlc_media_player:0.8.5:*:*:*:*:*:*:*",
"matchCriteriaId": "D2845107-7D0C-4F72-AF0C-0E059E923826",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:videolan:vlc_media_player:0.8.5:test3:*:*:*:*:*:*",
"matchCriteriaId": "92694DE5-F480-4647-BD9F-B0A184329269",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:videolan:vlc_media_player:0.8.5:test4:*:*:*:*:*:*",
"matchCriteriaId": "986E669D-6631-4191-A78A-59D2AA370D1F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:videolan:vlc_media_player:0.8.6:*:*:*:*:*:*:*",
"matchCriteriaId": "18B68706-5A1F-479F-8A38-F93D98481F9C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:videolan:vlc_media_player:0.8.6a:*:*:*:*:*:*:*",
"matchCriteriaId": "06BB94C4-9315-48FB-8859-425993D42973",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:videolan:vlc_media_player:0.8.6b:*:*:*:*:*:*:*",
"matchCriteriaId": "97E4572E-337D-43F3-81AE-54E496F04E49",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:videolan:vlc_media_player:0.8.6c:*:*:*:*:*:*:*",
"matchCriteriaId": "DDB2DD0B-7D95-4391-8881-4A22F4AA1778",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:videolan:vlc_media_player:0.8.6d:*:*:*:*:*:*:*",
"matchCriteriaId": "AAFBA7B6-0227-4E0F-AF95-FC02FE84654D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:videolan:vlc_media_player:0.8.6e:*:*:*:*:*:*:*",
"matchCriteriaId": "9D387A08-1B84-46BB-87E2-51E3E9567B8B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:videolan:vlc_media_player:0.8.6f:*:*:*:*:*:*:*",
"matchCriteriaId": "8D26B400-DAF1-4602-9AF7-ECF97919529A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:videolan:vlc_media_player:0.8.6g:*:*:*:*:*:*:*",
"matchCriteriaId": "2150E50E-C00A-407B-9D14-444124D6AD01",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:videolan:vlc_media_player:0.8.6h:*:*:*:*:*:*:*",
"matchCriteriaId": "725D145D-C3F6-4810-96D8-E8AC871093F0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:videolan:vlc_media_player:0.8.6i:*:*:*:*:*:*:*",
"matchCriteriaId": "FD824C10-CB0B-4988-99E9-1B8A2B52C5A3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:videolan:vlc_media_player:0.8.1337:*:*:*:*:*:*:*",
"matchCriteriaId": "714D8595-BFA8-48CE-8563-1CCFF959F8AE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:videolan:vlc_media_player:0.9:*:*:*:*:*:*:*",
"matchCriteriaId": "2989A186-A580-47FE-A8B0-87FD0861D325",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:videolan:vlc_media_player:0.9.0:*:*:*:*:*:*:*",
"matchCriteriaId": "C13FF305-2547-4E85-9007-0A89F5E34BD4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:videolan:vlc_media_player:0.9.1:*:*:*:*:*:*:*",
"matchCriteriaId": "3E93836E-E9D1-4180-A589-43602647741C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:videolan:vlc_media_player:0.9.2:*:*:*:*:*:*:*",
"matchCriteriaId": "B3B32073-DBD5-4344-8498-A132B99807A8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:videolan:vlc_media_player:0.9.3:*:*:*:*:*:*:*",
"matchCriteriaId": "5330E5C4-BF18-498A-9AE2-1C57E2494AAF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:videolan:vlc_media_player:0.9.4:*:*:*:*:*:*:*",
"matchCriteriaId": "86D31A16-94EE-45D6-8C54-4F27D466A29E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:videolan:vlc_media_player:0.9.5:*:*:*:*:*:*:*",
"matchCriteriaId": "117C896C-1C61-440E-B0F4-A871828CD095",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:videolan:vlc_media_player:0.9.6:*:*:*:*:*:*:*",
"matchCriteriaId": "53C17E1A-2E3A-4765-92DE-55CFEE5E4CB0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:videolan:vlc_media_player:0.9.7:*:*:*:*:*:*:*",
"matchCriteriaId": "117878B7-E04F-400E-8E63-FFC5420978A8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:videolan:vlc_media_player:0.9.8:*:*:*:*:*:*:*",
"matchCriteriaId": "8815D85E-1556-40A8-9465-0200D720444B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:videolan:vlc_media_player:0.9.8a:*:*:*:*:*:*:*",
"matchCriteriaId": "A218DA63-4334-4C9F-BB47-44CC00630613",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:videolan:vlc_media_player:0.9.9:*:*:*:*:*:*:*",
"matchCriteriaId": "3CD809FD-E893-4921-83CE-D34008670F8F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:videolan:vlc_media_player:0.9.9a:*:*:*:*:*:*:*",
"matchCriteriaId": "9F8A163E-3578-4BF5-A278-A267D9B9CE82",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:videolan:vlc_media_player:0.9.10:*:*:*:*:*:*:*",
"matchCriteriaId": "8F60ACBF-E7C6-4184-9B91-8ED3840A7BEA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:videolan:vlc_media_player:1.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "D1925D17-564A-4D8C-87FB-D3C731FA0612",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:videolan:vlc_media_player:1.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "70BD6170-AD0D-4E95-8998-8B5CE8F0E3AF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:videolan:vlc_media_player:1.0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "9B06DCD7-56C5-4B25-936E-07D766109FB8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:videolan:vlc_media_player:1.0.3:*:*:*:*:*:*:*",
"matchCriteriaId": "29AD31C5-B119-44EF-8627-2C480860BAD2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:videolan:vlc_media_player:1.0.4:*:*:*:*:*:*:*",
"matchCriteriaId": "692C36B2-2A55-44EA-B80E-D7EDE384BA7D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:videolan:vlc_media_player:1.0.5:*:*:*:*:*:*:*",
"matchCriteriaId": "CEAD1ED9-4FA1-47D9-87A0-9D6B4C6771DE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:videolan:vlc_media_player:1.0.6:*:*:*:*:*:*:*",
"matchCriteriaId": "B8E2A762-C13C-4BDD-AD86-7A52609D693D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:videolan:vlc_media_player:1.1.0:*:*:*:*:*:*:*",
"matchCriteriaId": "0042DAC1-A91B-40A6-A379-9C345CF13E4B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:videolan:vlc_media_player:1.1.1:*:*:*:*:*:*:*",
"matchCriteriaId": "8D13741F-8A82-44F6-8D73-98451A180529",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:videolan:vlc_media_player:1.1.2:*:*:*:*:*:*:*",
"matchCriteriaId": "E52C6189-71F1-4A3A-BC08-94087AE1FCE6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:videolan:vlc_media_player:1.1.3:*:*:*:*:*:*:*",
"matchCriteriaId": "591C6696-07C0-463A-B986-AD4FA6985AC1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:videolan:vlc_media_player:1.1.4:*:*:*:*:*:*:*",
"matchCriteriaId": "8342E310-43DE-46C0-85D9-E1D1F9F554E8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:videolan:vlc_media_player:1.1.4.1:*:*:*:*:*:*:*",
"matchCriteriaId": "FAFBBE61-2E34-4CD2-96D2-89A85E66C9AF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:videolan:vlc_media_player:1.1.5:*:*:*:*:*:*:*",
"matchCriteriaId": "E74E71F3-984E-4CF3-900A-F80E7103D3C5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:videolan:vlc_media_player:1.1.6:*:*:*:*:*:*:*",
"matchCriteriaId": "B8596527-4778-4CCD-ABBB-90CA434D91E1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:videolan:vlc_media_player:1.1.6.1:*:*:*:*:*:*:*",
"matchCriteriaId": "7CA6D5F5-8EB7-4DA7-BD6C-CAF45052DCB1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:videolan:vlc_media_player:1.1.7:*:*:*:*:*:*:*",
"matchCriteriaId": "6DF8ED57-EE37-4B1D-B094-B3CA22E45127",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:videolan:vlc_media_player:1.1.8:*:*:*:*:*:*:*",
"matchCriteriaId": "E42A1C4B-91EE-417B-A254-9D0E93FCF3B6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:videolan:vlc_media_player:1.1.9:*:*:*:*:*:*:*",
"matchCriteriaId": "4A0D56A0-6217-4DCF-807A-A17349D63D6B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:videolan:vlc_media_player:1.1.10:*:*:*:*:*:*:*",
"matchCriteriaId": "AC9CA897-FAD0-41AF-97B0-1F44D8C89CF7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:videolan:vlc_media_player:1.1.10.1:*:*:*:*:*:*:*",
"matchCriteriaId": "7CA6FC57-C7FA-4F6E-8B39-083EE477D4DB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:videolan:vlc_media_player:1.1.11:*:*:*:*:*:*:*",
"matchCriteriaId": "D442FC10-1527-4736-AE94-8B65F3601F70",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:videolan:vlc_media_player:1.1.13:*:*:*:*:*:*:*",
"matchCriteriaId": "F1161807-F82D-4B4B-BF1A-27FEBD7F8715",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Multiple heap-based buffer overflows in VideoLAN VLC media player before 2.0.1 allow remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a crafted Real RTSP stream."
},
{
"lang": "es",
"value": "M\u00faltiples desbordamientos de buffer de memoria din\u00e1mica en el reproductor multimedia VideoLAN VLC anteriores a 2.0.1. Permiten a atacantes remotos provocar una denegaci\u00f3n de servicio (ca\u00edda de la aplicaci\u00f3n) o posiblemente ejecutar c\u00f3digo arbitrario a trav\u00e9s de un stream Real RTSP modificado."
}
],
"id": "CVE-2012-1776",
"lastModified": "2024-11-21T01:37:45.377",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "COMPLETE",
"baseScore": 9.3,
"confidentialityImpact": "COMPLETE",
"integrityImpact": "COMPLETE",
"vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 10.0,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
]
},
"published": "2012-03-19T16:55:01.170",
"references": [
{
"source": "cve@mitre.org",
"url": "http://osvdb.org/80189"
},
{
"source": "cve@mitre.org",
"url": "http://www.securityfocus.com/bid/52550"
},
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "http://www.videolan.org/security/sa1202.html"
},
{
"source": "cve@mitre.org",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/74118"
},
{
"source": "cve@mitre.org",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A14817"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://osvdb.org/80189"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/bid/52550"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://www.videolan.org/security/sa1202.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/74118"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A14817"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-119"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2019-07-30 21:15
Modified
2024-11-21 04:44
Severity ?
Summary
An Integer underflow in VLC Media Player versions < 3.0.7 leads to an out-of-band read.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| videolan | vlc_media_player | * | |
| opensuse | backports_sle | 15.0 | |
| opensuse | backports | sle-15 | |
| opensuse | leap | 15.0 | |
| opensuse | leap | 15.1 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:videolan:vlc_media_player:*:*:*:*:*:*:*:*",
"matchCriteriaId": "288A8608-A671-415D-9BEC-C85098C8C51B",
"versionEndExcluding": "3.0.7",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:opensuse:backports_sle:15.0:sp1:*:*:*:*:*:*",
"matchCriteriaId": "40513095-7E6E-46B3-B604-C926F1BA3568",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:opensuse:backports:sle-15:*:*:*:*:*:*:*",
"matchCriteriaId": "1CBC4824-9D9F-427D-87A6-60B2CEBAAFEE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:opensuse:leap:15.0:*:*:*:*:*:*:*",
"matchCriteriaId": "F1E78106-58E6-4D59-990F-75DA575BFAD9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:opensuse:leap:15.1:*:*:*:*:*:*:*",
"matchCriteriaId": "B620311B-34A3-48A6-82DF-6F078D7A4493",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "An Integer underflow in VLC Media Player versions \u003c 3.0.7 leads to an out-of-band read."
},
{
"lang": "es",
"value": "Un desbordamiento de enteros de VLC Media Player versiones anteriores a 3.0.7, conlleva a una lectura fuera de banda."
}
],
"id": "CVE-2019-5459",
"lastModified": "2024-11-21T04:44:58.477",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 5.8,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:M/Au:N/C:P/I:N/A:P",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 4.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.1,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:H",
"version": "3.1"
},
"exploitabilityScore": 1.8,
"impactScore": 5.2,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2019-07-30T21:15:12.257",
"references": [
{
"source": "support@hackerone.com",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2019-08/msg00005.html"
},
{
"source": "support@hackerone.com",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2019-08/msg00037.html"
},
{
"source": "support@hackerone.com",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2019-08/msg00040.html"
},
{
"source": "support@hackerone.com",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2019-08/msg00081.html"
},
{
"source": "support@hackerone.com",
"tags": [
"Exploit",
"Third Party Advisory"
],
"url": "https://hackerone.com/reports/502816"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2019-08/msg00005.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2019-08/msg00037.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2019-08/msg00040.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2019-08/msg00081.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Third Party Advisory"
],
"url": "https://hackerone.com/reports/502816"
}
],
"sourceIdentifier": "support@hackerone.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-191"
}
],
"source": "support@hackerone.com",
"type": "Secondary"
},
{
"description": [
{
"lang": "en",
"value": "CWE-191"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2019-10-23 14:15
Modified
2024-11-21 04:32
Severity ?
Summary
When executing VideoLAN VLC media player 3.0.8 with libqt on Windows, Data from a Faulting Address controls Code Flow starting at libqt_plugin!vlc_entry_license__3_0_0f+0x00000000003b9aba. NOTE: the VideoLAN security team indicates that they have not been contacted, and have no way of reproducing this issue.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| cve@mitre.org | https://code610.blogspot.com/2019/10/random-bytes-in-vlc-308.html | Exploit, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://code610.blogspot.com/2019/10/random-bytes-in-vlc-308.html | Exploit, Third Party Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| videolan | vlc_media_player | 3.0.8 | |
| microsoft | windows | - |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:videolan:vlc_media_player:3.0.8:*:*:*:*:*:*:*",
"matchCriteriaId": "EA10A2B1-215C-4BDD-99E2-28286ACC42B1",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:microsoft:windows:-:*:*:*:*:*:*:*",
"matchCriteriaId": "A2572D17-1DE6-457B-99CC-64AFD54487EA",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "When executing VideoLAN VLC media player 3.0.8 with libqt on Windows, Data from a Faulting Address controls Code Flow starting at libqt_plugin!vlc_entry_license__3_0_0f+0x00000000003b9aba. NOTE: the VideoLAN security team indicates that they have not been contacted, and have no way of reproducing this issue."
},
{
"lang": "es",
"value": "Al ejecutar el reproductor de medios VideoLAN VLC 3.0.8 con libqt en Windows, los datos de una direcci\u00f3n con errores controlan el flujo de c\u00f3digo a partir de libqt_plugin! Vlc_entry_license__3_0_0f + 0x00000000003b9aba. NOTA: el equipo de seguridad de VideoLAN indica que no han sido contactados y no tienen forma de reproducir este problema."
}
],
"id": "CVE-2019-18278",
"lastModified": "2024-11-21T04:32:57.520",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "LOCAL",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 4.6,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:L/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 3.9,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 1.8,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2019-10-23T14:15:10.667",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Third Party Advisory"
],
"url": "https://code610.blogspot.com/2019/10/random-bytes-in-vlc-308.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Third Party Advisory"
],
"url": "https://code610.blogspot.com/2019/10/random-bytes-in-vlc-308.html"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-noinfo"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2019-07-18 20:15
Modified
2024-11-21 04:25
Severity ?
Summary
lavc_CopyPicture in modules/codec/avcodec/video.c in VideoLAN VLC media player through 3.0.7 has a heap-based buffer over-read because it does not properly validate the width and height.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| videolan | vlc_media_player | * | |
| opensuse | backports_sle | 15.0 | |
| opensuse | backports_sle | 15.0 | |
| opensuse | leap | 15.0 | |
| opensuse | leap | 15.1 | |
| debian | debian_linux | 9.0 | |
| debian | debian_linux | 10.0 | |
| canonical | ubuntu_linux | 18.04 | |
| canonical | ubuntu_linux | 19.04 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:videolan:vlc_media_player:*:*:*:*:*:*:*:*",
"matchCriteriaId": "37AFF938-87B1-47C3-A243-2880AB4DCBFC",
"versionEndIncluding": "3.0.7",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:opensuse:backports_sle:15.0:-:*:*:*:*:*:*",
"matchCriteriaId": "D83DA865-E4A6-4FBF-AA1B-A969EBA6B2AD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:opensuse:backports_sle:15.0:sp1:*:*:*:*:*:*",
"matchCriteriaId": "40513095-7E6E-46B3-B604-C926F1BA3568",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:opensuse:leap:15.0:*:*:*:*:*:*:*",
"matchCriteriaId": "F1E78106-58E6-4D59-990F-75DA575BFAD9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:opensuse:leap:15.1:*:*:*:*:*:*:*",
"matchCriteriaId": "B620311B-34A3-48A6-82DF-6F078D7A4493",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*",
"matchCriteriaId": "DEECE5FC-CACF-4496-A3E7-164736409252",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:debian:debian_linux:10.0:*:*:*:*:*:*:*",
"matchCriteriaId": "07B237A9-69A3-4A9C-9DA0-4E06BD37AE73",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:canonical:ubuntu_linux:18.04:*:*:*:lts:*:*:*",
"matchCriteriaId": "23A7C53F-B80F-4E6A-AFA9-58EEA84BE11D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:canonical:ubuntu_linux:19.04:*:*:*:*:*:*:*",
"matchCriteriaId": "CD783B0C-9246-47D9-A937-6144FE8BFF0F",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "lavc_CopyPicture in modules/codec/avcodec/video.c in VideoLAN VLC media player through 3.0.7 has a heap-based buffer over-read because it does not properly validate the width and height."
},
{
"lang": "es",
"value": "lavc_CopyPicture en modules / codec / avcodec / video.c en el reproductor de medios VideoLAN VLC a trav\u00e9s de 3.0.7 tiene una lectura en exceso del b\u00fafer basado en el mont\u00f3n porque no valida correctamente el ancho y la altura."
}
],
"id": "CVE-2019-13962",
"lastModified": "2024-11-21T04:25:47.330",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2019-07-18T20:15:12.163",
"references": [
{
"source": "cve@mitre.org",
"url": "http://git.videolan.org/?p=vlc/vlc-3.0.git%3Ba=commit%3Bh=2b4f9d0b0e0861f262c90e9b9b94e7d53b864509"
},
{
"source": "cve@mitre.org",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2019-08/msg00005.html"
},
{
"source": "cve@mitre.org",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2019-08/msg00037.html"
},
{
"source": "cve@mitre.org",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2019-08/msg00040.html"
},
{
"source": "cve@mitre.org",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2019-08/msg00081.html"
},
{
"source": "cve@mitre.org",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2020-04/msg00036.html"
},
{
"source": "cve@mitre.org",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2020-04/msg00046.html"
},
{
"source": "cve@mitre.org",
"tags": [
"Broken Link"
],
"url": "http://www.securityfocus.com/bid/109306"
},
{
"source": "cve@mitre.org",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "https://seclists.org/bugtraq/2019/Aug/36"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
],
"url": "https://security.gentoo.org/glsa/201909-02"
},
{
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Vendor Advisory"
],
"url": "https://trac.videolan.org/vlc/ticket/22240"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
],
"url": "https://usn.ubuntu.com/4131-1/"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
],
"url": "https://www.debian.org/security/2019/dsa-4504"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://git.videolan.org/?p=vlc/vlc-3.0.git%3Ba=commit%3Bh=2b4f9d0b0e0861f262c90e9b9b94e7d53b864509"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2019-08/msg00005.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2019-08/msg00037.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2019-08/msg00040.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2019-08/msg00081.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2020-04/msg00036.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2020-04/msg00046.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Broken Link"
],
"url": "http://www.securityfocus.com/bid/109306"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "https://seclists.org/bugtraq/2019/Aug/36"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://security.gentoo.org/glsa/201909-02"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Vendor Advisory"
],
"url": "https://trac.videolan.org/vlc/ticket/22240"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://usn.ubuntu.com/4131-1/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://www.debian.org/security/2019/dsa-4504"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-125"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2008-10-22 00:11
Modified
2024-11-21 00:52
Severity ?
Summary
Stack-based buffer overflow in the parse_master function in the Ty demux plugin (modules/demux/ty.c) in VLC Media Player 0.9.0 through 0.9.4 allows remote attackers to execute arbitrary code via a TiVo TY media file with a header containing a crafted size value.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| videolan | vlc_media_player | 0.9 | |
| videolan | vlc_media_player | 0.9.1 | |
| videolan | vlc_media_player | 0.9.2 | |
| videolan | vlc_media_player | 0.9.3 | |
| videolan | vlc_media_player | 0.9.4 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:videolan:vlc_media_player:0.9:*:*:*:*:*:*:*",
"matchCriteriaId": "2989A186-A580-47FE-A8B0-87FD0861D325",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:videolan:vlc_media_player:0.9.1:*:*:*:*:*:*:*",
"matchCriteriaId": "3E93836E-E9D1-4180-A589-43602647741C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:videolan:vlc_media_player:0.9.2:*:*:*:*:*:*:*",
"matchCriteriaId": "B3B32073-DBD5-4344-8498-A132B99807A8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:videolan:vlc_media_player:0.9.3:*:*:*:*:*:*:*",
"matchCriteriaId": "5330E5C4-BF18-498A-9AE2-1C57E2494AAF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:videolan:vlc_media_player:0.9.4:*:*:*:*:*:*:*",
"matchCriteriaId": "86D31A16-94EE-45D6-8C54-4F27D466A29E",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Stack-based buffer overflow in the parse_master function in the Ty demux plugin (modules/demux/ty.c) in VLC Media Player 0.9.0 through 0.9.4 allows remote attackers to execute arbitrary code via a TiVo TY media file with a header containing a crafted size value."
},
{
"lang": "es",
"value": "Desbordamiento de b\u00fafer basado en pila en la funci\u00f3n parse_master en el plugin modules/demux/ty.c) en VLC Media Player v0.9.0 a la 0.9.4, permite a atacantes remotos ejecutar c\u00f3digo de su elecci\u00f3n a trav\u00e9s de un archivo TiVo TY con una cabecera que contiene un valor de tama\u00f1o manipulado."
}
],
"id": "CVE-2008-4654",
"lastModified": "2024-11-21T00:52:12.367",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "COMPLETE",
"baseScore": 9.3,
"confidentialityImpact": "COMPLETE",
"integrityImpact": "COMPLETE",
"vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 10.0,
"obtainAllPrivilege": true,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
]
},
"published": "2008-10-22T00:11:51.147",
"references": [
{
"source": "cve@mitre.org",
"url": "http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=502726"
},
{
"source": "cve@mitre.org",
"url": "http://git.videolan.org/?p=vlc.git%3Ba=commit%3Bh=fde9e1cc1fe1ec9635169fa071e42b3aa6436033"
},
{
"source": "cve@mitre.org",
"url": "http://git.videolan.org/?p=vlc.git%3Ba=commitdiff%3Bh=26d92b87bba99b5ea2e17b7eaa39c462d65e9133"
},
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/32339"
},
{
"source": "cve@mitre.org",
"url": "http://securityreason.com/securityalert/4460"
},
{
"source": "cve@mitre.org",
"url": "http://www.openwall.com/lists/oss-security/2008/10/19/2"
},
{
"source": "cve@mitre.org",
"url": "http://www.securityfocus.com/archive/1/497587/100/0/threaded"
},
{
"source": "cve@mitre.org",
"url": "http://www.securityfocus.com/bid/31813"
},
{
"source": "cve@mitre.org",
"tags": [
"Exploit"
],
"url": "http://www.trapkit.de/advisories/TKADV2008-010.txt"
},
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "http://www.videolan.org/security/sa0809.html"
},
{
"source": "cve@mitre.org",
"url": "http://www.vupen.com/english/advisories/2008/2856"
},
{
"source": "cve@mitre.org",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/45960"
},
{
"source": "cve@mitre.org",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A14803"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=502726"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://git.videolan.org/?p=vlc.git%3Ba=commit%3Bh=fde9e1cc1fe1ec9635169fa071e42b3aa6436033"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://git.videolan.org/?p=vlc.git%3Ba=commitdiff%3Bh=26d92b87bba99b5ea2e17b7eaa39c462d65e9133"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/32339"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://securityreason.com/securityalert/4460"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.openwall.com/lists/oss-security/2008/10/19/2"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/archive/1/497587/100/0/threaded"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/bid/31813"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit"
],
"url": "http://www.trapkit.de/advisories/TKADV2008-010.txt"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://www.videolan.org/security/sa0809.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.vupen.com/english/advisories/2008/2856"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/45960"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A14803"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-119"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2020-01-24 22:15
Modified
2024-11-21 02:21
Severity ?
Summary
Integer overflow in the Encode function in modules/codec/schroedinger.c in VideoLAN VLC media player before 2.1.6 and 2.2.x before 2.2.1 allows remote attackers to conduct buffer overflow attacks and execute arbitrary code via a crafted length value.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| cve@mitre.org | http://openwall.com/lists/oss-security/2015/01/20/5 | Mailing List, Third Party Advisory | |
| cve@mitre.org | https://github.com/videolan/vlc/commit/9bb0353a5c63a7f8c6fc853faa3df4b4df1f5eb5 | Patch, Third Party Advisory | |
| cve@mitre.org | https://www.videolan.org/security/sa1501.html | Third Party Advisory, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://openwall.com/lists/oss-security/2015/01/20/5 | Mailing List, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://github.com/videolan/vlc/commit/9bb0353a5c63a7f8c6fc853faa3df4b4df1f5eb5 | Patch, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://www.videolan.org/security/sa1501.html | Third Party Advisory, Vendor Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| videolan | vlc_media_player | * | |
| videolan | vlc_media_player | * |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:videolan:vlc_media_player:*:*:*:*:*:*:*:*",
"matchCriteriaId": "6E9B8F06-93FB-4A2B-B550-A30BD8F1C5D6",
"versionEndExcluding": "2.1.6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:videolan:vlc_media_player:*:*:*:*:*:*:*:*",
"matchCriteriaId": "98F1290A-93D8-442E-BD60-6B7E25A21DB0",
"versionEndExcluding": "2.2.1",
"versionStartIncluding": "2.2.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Integer overflow in the Encode function in modules/codec/schroedinger.c in VideoLAN VLC media player before 2.1.6 and 2.2.x before 2.2.1 allows remote attackers to conduct buffer overflow attacks and execute arbitrary code via a crafted length value."
},
{
"lang": "es",
"value": "Un desbordamiento de enteros en la funci\u00f3n Encode en el archivo modules/codec/schroedinger.c en el reproductor multimedia VLC de VideoLAN versiones anteriores a 2.1.6 y versiones 2.2.x anteriores a 2.2.1, permite a atacantes remotos llevar a cabo ataques de desbordamiento de b\u00fafer y ejecutar c\u00f3digo arbitrario por medio de un valor de longitud dise\u00f1ado."
}
],
"id": "CVE-2014-9629",
"lastModified": "2024-11-21T02:21:17.210",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 6.8,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 1.8,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2020-01-24T22:15:12.597",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "http://openwall.com/lists/oss-security/2015/01/20/5"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch",
"Third Party Advisory"
],
"url": "https://github.com/videolan/vlc/commit/9bb0353a5c63a7f8c6fc853faa3df4b4df1f5eb5"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory",
"Vendor Advisory"
],
"url": "https://www.videolan.org/security/sa1501.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "http://openwall.com/lists/oss-security/2015/01/20/5"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Third Party Advisory"
],
"url": "https://github.com/videolan/vlc/commit/9bb0353a5c63a7f8c6fc853faa3df4b4df1f5eb5"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory",
"Vendor Advisory"
],
"url": "https://www.videolan.org/security/sa1501.html"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-120"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2018-12-05 11:29
Modified
2024-11-21 03:58
Severity ?
Summary
The CAF demuxer in modules/demux/caf.c in VideoLAN VLC media player 3.0.4 may read memory from an uninitialized pointer when processing magic cookies in CAF files, because a ReadKukiChunk() cast converts a return value to an unsigned int even if that value is negative. This could result in a denial of service and/or a potential infoleak.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| videolan | vlc_media_player | 3.0.4 | |
| debian | debian_linux | 9.0 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:videolan:vlc_media_player:3.0.4:*:*:*:*:*:*:*",
"matchCriteriaId": "9F251BF2-F741-4628-8EE3-7C5A33FAAD26",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*",
"matchCriteriaId": "DEECE5FC-CACF-4496-A3E7-164736409252",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "The CAF demuxer in modules/demux/caf.c in VideoLAN VLC media player 3.0.4 may read memory from an uninitialized pointer when processing magic cookies in CAF files, because a ReadKukiChunk() cast converts a return value to an unsigned int even if that value is negative. This could result in a denial of service and/or a potential infoleak."
},
{
"lang": "es",
"value": "El demuxer CAF en modules/demux/caf.c en VideoLAN VLC media player 3.0.4 podr\u00eda leer memoria desde un puntero no inicializado al procesar cookies m\u00e1gicas en los archivos CAF. Esto se debe a que una conversi\u00f3n ReadKukiChunk() convierte un valor de retorno a un entero sin firmar, incluso aunque ese valor sea negativo. Esto podr\u00eda resultar en una denegaci\u00f3n de servicio (DoS) o una potencial divulgaci\u00f3n de informaci\u00f3n."
}
],
"id": "CVE-2018-19857",
"lastModified": "2024-11-21T03:58:41.743",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 6.4,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:P",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 4.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.1,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H",
"version": "3.0"
},
"exploitabilityScore": 3.9,
"impactScore": 5.2,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2018-12-05T11:29:05.827",
"references": [
{
"source": "cve@mitre.org",
"url": "http://lists.opensuse.org/opensuse-security-announce/2019-08/msg00005.html"
},
{
"source": "cve@mitre.org",
"url": "http://lists.opensuse.org/opensuse-security-announce/2019-08/msg00037.html"
},
{
"source": "cve@mitre.org",
"url": "http://lists.opensuse.org/opensuse-security-announce/2019-08/msg00040.html"
},
{
"source": "cve@mitre.org",
"url": "http://lists.opensuse.org/opensuse-security-announce/2019-08/msg00081.html"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securityfocus.com/bid/106130"
},
{
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Third Party Advisory"
],
"url": "https://dyntopia.com/advisories/013-vlc"
},
{
"source": "cve@mitre.org",
"url": "https://git.videolan.org/?p=vlc.git%3Ba=commit%3Bh=0cc5ea748ee5ff7705dde61ab15dff8f58be39d0"
},
{
"source": "cve@mitre.org",
"url": "https://usn.ubuntu.com/4074-1/"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
],
"url": "https://www.debian.org/security/2019/dsa-4366"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://lists.opensuse.org/opensuse-security-announce/2019-08/msg00005.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://lists.opensuse.org/opensuse-security-announce/2019-08/msg00037.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://lists.opensuse.org/opensuse-security-announce/2019-08/msg00040.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://lists.opensuse.org/opensuse-security-announce/2019-08/msg00081.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securityfocus.com/bid/106130"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Third Party Advisory"
],
"url": "https://dyntopia.com/advisories/013-vlc"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://git.videolan.org/?p=vlc.git%3Ba=commit%3Bh=0cc5ea748ee5ff7705dde61ab15dff8f58be39d0"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://usn.ubuntu.com/4074-1/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://www.debian.org/security/2019/dsa-4366"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-824"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2019-08-29 18:15
Modified
2024-11-21 04:26
Severity ?
Summary
A divide-by-zero error exists in the SeekIndex function of demux/asf/asf.c in VideoLAN VLC media player 3.0.7.1. As a result, an FPE can be triggered via a crafted WMV file.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| videolan | vlc_media_player | 3.0.7.1 | |
| debian | debian_linux | 9.0 | |
| debian | debian_linux | 10.0 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:videolan:vlc_media_player:3.0.7.1:*:*:*:*:*:*:*",
"matchCriteriaId": "E70E115F-4E34-4944-BFB6-F523B54FC328",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*",
"matchCriteriaId": "DEECE5FC-CACF-4496-A3E7-164736409252",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:debian:debian_linux:10.0:*:*:*:*:*:*:*",
"matchCriteriaId": "07B237A9-69A3-4A9C-9DA0-4E06BD37AE73",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "A divide-by-zero error exists in the SeekIndex function of demux/asf/asf.c in VideoLAN VLC media player 3.0.7.1. As a result, an FPE can be triggered via a crafted WMV file."
},
{
"lang": "es",
"value": "Se presenta un error de divisi\u00f3n por cero en la funci\u00f3n SeekIndex del archivo demux/asf/asf.c en VideoLAN VLC media player versi\u00f3n 3.0.7.1. Como resultado, puede ser activado un FPE por medio de un archivo WMV especialmente dise\u00f1ado."
}
],
"id": "CVE-2019-14535",
"lastModified": "2024-11-21T04:26:55.497",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 6.8,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.0"
},
"exploitabilityScore": 1.8,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2019-08-29T18:15:12.343",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Patch",
"Third Party Advisory"
],
"url": "http://git.videolan.org/?p=vlc.git\u0026a=search\u0026h=refs/heads/master\u0026st=commit\u0026s=cve-2019"
},
{
"source": "cve@mitre.org",
"url": "http://lists.opensuse.org/opensuse-security-announce/2020-04/msg00036.html"
},
{
"source": "cve@mitre.org",
"url": "http://lists.opensuse.org/opensuse-security-announce/2020-04/msg00046.html"
},
{
"source": "cve@mitre.org",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "https://seclists.org/bugtraq/2019/Aug/36"
},
{
"source": "cve@mitre.org",
"url": "https://security.gentoo.org/glsa/201909-02"
},
{
"source": "cve@mitre.org",
"url": "https://usn.ubuntu.com/4131-1/"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
],
"url": "https://www.debian.org/security/2019/dsa-4504"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "https://www.videolan.org/security/sb-vlc308.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Third Party Advisory"
],
"url": "http://git.videolan.org/?p=vlc.git\u0026a=search\u0026h=refs/heads/master\u0026st=commit\u0026s=cve-2019"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://lists.opensuse.org/opensuse-security-announce/2020-04/msg00036.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://lists.opensuse.org/opensuse-security-announce/2020-04/msg00046.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "https://seclists.org/bugtraq/2019/Aug/36"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://security.gentoo.org/glsa/201909-02"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://usn.ubuntu.com/4131-1/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://www.debian.org/security/2019/dsa-4504"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "https://www.videolan.org/security/sb-vlc308.html"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-369"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2018-05-28 16:29
Modified
2024-11-21 03:43
Severity ?
Summary
The vlc_demux_chained_Delete function in input/demux_chained.c in VideoLAN VLC media player 3.0.1 allows remote attackers to cause a denial of service (heap corruption and application crash) or possibly have unspecified other impact via a crafted .swf file.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| cve@mitre.org | http://code610.blogspot.com/2018/05/make-free-vlc.html | Exploit, Third Party Advisory | |
| cve@mitre.org | http://www.securityfocus.com/bid/104293 | Broken Link, Third Party Advisory, VDB Entry | |
| cve@mitre.org | http://www.securitytracker.com/id/1041312 | Broken Link, Third Party Advisory, VDB Entry | |
| cve@mitre.org | http://www.videolan.org/security/sa1801.html | Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://code610.blogspot.com/2018/05/make-free-vlc.html | Exploit, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.securityfocus.com/bid/104293 | Broken Link, Third Party Advisory, VDB Entry | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.securitytracker.com/id/1041312 | Broken Link, Third Party Advisory, VDB Entry | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.videolan.org/security/sa1801.html | Third Party Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| videolan | vlc_media_player | 3.0.0 | |
| videolan | vlc_media_player | 3.0.1 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:videolan:vlc_media_player:3.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "345A1BB5-F36B-4351-A784-9A64673E6597",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:videolan:vlc_media_player:3.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "26691980-AF81-41FD-B087-F191F17E5143",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "The vlc_demux_chained_Delete function in input/demux_chained.c in VideoLAN VLC media player 3.0.1 allows remote attackers to cause a denial of service (heap corruption and application crash) or possibly have unspecified other impact via a crafted .swf file."
},
{
"lang": "es",
"value": "PI Coresight 2016 R2 contiene una vulnerabilidad de Cross-Site Request Forgery (CSRF) que podr\u00eda permitir el acceso al sistema PI. OSIsoft recomienda que los usuarios actualicen a PI Vision 2017 o siguientes para mitigar esta vulnerabilidad."
}
],
"id": "CVE-2018-11516",
"lastModified": "2024-11-21T03:43:31.960",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 6.8,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 2.8,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2018-05-28T16:29:00.323",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Third Party Advisory"
],
"url": "http://code610.blogspot.com/2018/05/make-free-vlc.html"
},
{
"source": "cve@mitre.org",
"tags": [
"Broken Link",
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securityfocus.com/bid/104293"
},
{
"source": "cve@mitre.org",
"tags": [
"Broken Link",
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securitytracker.com/id/1041312"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
],
"url": "http://www.videolan.org/security/sa1801.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Third Party Advisory"
],
"url": "http://code610.blogspot.com/2018/05/make-free-vlc.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Broken Link",
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securityfocus.com/bid/104293"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Broken Link",
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securitytracker.com/id/1041312"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "http://www.videolan.org/security/sa1801.html"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-416"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2011-02-07 21:00
Modified
2024-11-21 01:24
Severity ?
Summary
demux/mkv/mkv.hpp in the MKV demuxer plugin in VideoLAN VLC media player 1.1.6.1 and earlier allows remote attackers to cause a denial of service (crash) and execute arbitrary commands via a crafted MKV (WebM or Matroska) file that triggers memory corruption, related to "class mismatching" and the MKV_IS_ID macro.
References
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:videolan:vlc_media_player:*:*:*:*:*:*:*:*",
"matchCriteriaId": "CE93DBBF-A557-401F-8887-02E20FD35F92",
"versionEndIncluding": "1.1.6.1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:videolan:vlc_media_player:0.1.99b:*:*:*:*:*:*:*",
"matchCriteriaId": "10A23C59-433E-467A-9FDD-7D18CC1AC0AB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:videolan:vlc_media_player:0.1.99e:*:*:*:*:*:*:*",
"matchCriteriaId": "35E2E373-13F6-405D-8866-ECADE118C2F3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:videolan:vlc_media_player:0.1.99f:*:*:*:*:*:*:*",
"matchCriteriaId": "7B9447EA-6F39-4B10-A0E1-C094CF3E1BB3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:videolan:vlc_media_player:0.1.99g:*:*:*:*:*:*:*",
"matchCriteriaId": "D9D2A6B8-B75C-42B5-962F-28DB013D65E3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:videolan:vlc_media_player:0.1.99h:*:*:*:*:*:*:*",
"matchCriteriaId": "9BA4C098-F2B1-496E-B872-90774C7D105C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:videolan:vlc_media_player:0.1.99i:*:*:*:*:*:*:*",
"matchCriteriaId": "E9C2006D-FA5A-4002-B81B-54FC35B46DB0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:videolan:vlc_media_player:0.2.0:*:*:*:*:*:*:*",
"matchCriteriaId": "AC8DE917-7328-4D01-9736-0567963F4D17",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:videolan:vlc_media_player:0.2.60:*:*:*:*:*:*:*",
"matchCriteriaId": "8197F279-8411-4E9A-9840-BCC625D636C1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:videolan:vlc_media_player:0.2.61:*:*:*:*:*:*:*",
"matchCriteriaId": "3F7AF897-3B0C-4CA0-86C7-93C9AA26CD0B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:videolan:vlc_media_player:0.2.62:*:*:*:*:*:*:*",
"matchCriteriaId": "A7B2C78E-8399-404C-97E5-CDAB93587757",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:videolan:vlc_media_player:0.2.63:*:*:*:*:*:*:*",
"matchCriteriaId": "D1D6BE69-725A-4CE1-BD42-D3FA10126BF3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:videolan:vlc_media_player:0.2.70:*:*:*:*:*:*:*",
"matchCriteriaId": "7CC1414B-3733-4B29-AC06-E6788E29C7ED",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:videolan:vlc_media_player:0.2.71:*:*:*:*:*:*:*",
"matchCriteriaId": "DBDEEC2D-8ACD-4C6B-944A-F0952498E511",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:videolan:vlc_media_player:0.2.72:*:*:*:*:*:*:*",
"matchCriteriaId": "3DC59E17-D647-4F91-B9B7-D9949921DFC9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:videolan:vlc_media_player:0.2.73:*:*:*:*:*:*:*",
"matchCriteriaId": "BDC4F928-FD5D-4C11-BF39-B068A5630DF6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:videolan:vlc_media_player:0.2.80:*:*:*:*:*:*:*",
"matchCriteriaId": "398EC30A-ABC6-4474-9516-63769F71E8A7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:videolan:vlc_media_player:0.2.81:*:*:*:*:*:*:*",
"matchCriteriaId": "86EB8260-DCAA-4261-BFF7-8FE3628CE13E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:videolan:vlc_media_player:0.2.82:*:*:*:*:*:*:*",
"matchCriteriaId": "F37BDFCB-3171-44A6-8F0A-0FCCCA876801",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:videolan:vlc_media_player:0.2.83:*:*:*:*:*:*:*",
"matchCriteriaId": "7A26CC61-7D20-4F99-A774-C5FF4AD1F249",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:videolan:vlc_media_player:0.2.90:*:*:*:*:*:*:*",
"matchCriteriaId": "069BA9C0-7B3F-4B6D-B433-2D618F826438",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:videolan:vlc_media_player:0.2.91:*:*:*:*:*:*:*",
"matchCriteriaId": "0B04A969-0645-41D4-AEA4-9AC47725F593",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:videolan:vlc_media_player:0.2.92:*:*:*:*:*:*:*",
"matchCriteriaId": "984C1ABC-B155-417A-AA0E-78B13A263650",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:videolan:vlc_media_player:0.3.0:*:*:*:*:*:*:*",
"matchCriteriaId": "3913F6C0-22E2-4FFC-AFF6-417F286C36F5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:videolan:vlc_media_player:0.3.1:*:*:*:*:*:*:*",
"matchCriteriaId": "205B275E-1E9E-4558-BD8B-1B3E3B349886",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:videolan:vlc_media_player:0.4.0:*:*:*:*:*:*:*",
"matchCriteriaId": "DA909414-DA30-4DAD-A342-3588B0840251",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:videolan:vlc_media_player:0.4.1:*:*:*:*:*:*:*",
"matchCriteriaId": "028CDDD1-BFB7-438F-811D-7549713F45E3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:videolan:vlc_media_player:0.4.2:*:*:*:*:*:*:*",
"matchCriteriaId": "97B959F2-501C-4365-88CD-8231BF36297E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:videolan:vlc_media_player:0.4.3:*:*:*:*:*:*:*",
"matchCriteriaId": "3F5C7D12-3521-4398-AB5C-CBFB6A500DEE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:videolan:vlc_media_player:0.4.4:*:*:*:*:*:*:*",
"matchCriteriaId": "DEFD6C6D-05FC-437E-92B7-848C9112FD42",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:videolan:vlc_media_player:0.4.5:*:*:*:*:*:*:*",
"matchCriteriaId": "C9C45418-8946-4DFE-8D78-CBE3432600BF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:videolan:vlc_media_player:0.4.6:*:*:*:*:*:*:*",
"matchCriteriaId": "3C5F3996-3AE2-4690-84A5-F258BC07596E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:videolan:vlc_media_player:0.5.0:*:*:*:*:*:*:*",
"matchCriteriaId": "12602EC1-07DE-4A40-9897-E7E6A23D4B42",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:videolan:vlc_media_player:0.5.1:*:*:*:*:*:*:*",
"matchCriteriaId": "6726FF43-2330-444C-86F0-FB774F8470C8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:videolan:vlc_media_player:0.5.2:*:*:*:*:*:*:*",
"matchCriteriaId": "90D485D0-BBF8-4A0F-91A1-52835EF876A1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:videolan:vlc_media_player:0.5.3:*:*:*:*:*:*:*",
"matchCriteriaId": "DC23A94C-3611-41BA-9043-22C477B8020B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:videolan:vlc_media_player:0.6.0:*:*:*:*:*:*:*",
"matchCriteriaId": "01118457-9068-48F7-B2A4-BABB354E1449",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:videolan:vlc_media_player:0.6.1:*:*:*:*:*:*:*",
"matchCriteriaId": "EB851F73-D444-4316-9AA0-4556068ADED2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:videolan:vlc_media_player:0.6.2:*:*:*:*:*:*:*",
"matchCriteriaId": "6221A983-B4AC-4646-A939-FAA021EE7F20",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:videolan:vlc_media_player:0.7.0:*:*:*:*:*:*:*",
"matchCriteriaId": "F1707178-C378-4098-8C97-CBFB5DD8B4ED",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:videolan:vlc_media_player:0.7.2:*:*:*:*:*:*:*",
"matchCriteriaId": "46904EED-974A-4900-B676-DE298CB3ADE1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:videolan:vlc_media_player:0.8.0:*:*:*:*:*:*:*",
"matchCriteriaId": "4384C436-12AF-4051-B074-893BE6B4C7F2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:videolan:vlc_media_player:0.8.1:*:*:*:*:*:*:*",
"matchCriteriaId": "7EC2CEE6-A2E1-437A-947F-608EB7987758",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:videolan:vlc_media_player:0.8.2:*:*:*:*:*:*:*",
"matchCriteriaId": "C30A98A2-675A-4913-A425-2B9F8F06CEA8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:videolan:vlc_media_player:0.8.4:*:*:*:*:*:*:*",
"matchCriteriaId": "C6A360E5-501E-4A97-94A0-620FC5B2627A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:videolan:vlc_media_player:0.8.5:*:*:*:*:*:*:*",
"matchCriteriaId": "D2845107-7D0C-4F72-AF0C-0E059E923826",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:videolan:vlc_media_player:0.8.6:*:*:*:*:*:*:*",
"matchCriteriaId": "18B68706-5A1F-479F-8A38-F93D98481F9C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:videolan:vlc_media_player:0.9.2:*:*:*:*:*:*:*",
"matchCriteriaId": "B3B32073-DBD5-4344-8498-A132B99807A8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:videolan:vlc_media_player:0.9.3:*:*:*:*:*:*:*",
"matchCriteriaId": "5330E5C4-BF18-498A-9AE2-1C57E2494AAF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:videolan:vlc_media_player:0.9.4:*:*:*:*:*:*:*",
"matchCriteriaId": "86D31A16-94EE-45D6-8C54-4F27D466A29E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:videolan:vlc_media_player:0.9.5:*:*:*:*:*:*:*",
"matchCriteriaId": "117C896C-1C61-440E-B0F4-A871828CD095",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:videolan:vlc_media_player:0.9.6:*:*:*:*:*:*:*",
"matchCriteriaId": "53C17E1A-2E3A-4765-92DE-55CFEE5E4CB0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:videolan:vlc_media_player:0.9.8a:*:*:*:*:*:*:*",
"matchCriteriaId": "A218DA63-4334-4C9F-BB47-44CC00630613",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:videolan:vlc_media_player:0.9.9:*:*:*:*:*:*:*",
"matchCriteriaId": "3CD809FD-E893-4921-83CE-D34008670F8F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:videolan:vlc_media_player:0.9.10:*:*:*:*:*:*:*",
"matchCriteriaId": "8F60ACBF-E7C6-4184-9B91-8ED3840A7BEA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:videolan:vlc_media_player:1.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "D1925D17-564A-4D8C-87FB-D3C731FA0612",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:videolan:vlc_media_player:1.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "70BD6170-AD0D-4E95-8998-8B5CE8F0E3AF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:videolan:vlc_media_player:1.0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "9B06DCD7-56C5-4B25-936E-07D766109FB8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:videolan:vlc_media_player:1.0.3:*:*:*:*:*:*:*",
"matchCriteriaId": "29AD31C5-B119-44EF-8627-2C480860BAD2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:videolan:vlc_media_player:1.0.4:*:*:*:*:*:*:*",
"matchCriteriaId": "692C36B2-2A55-44EA-B80E-D7EDE384BA7D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:videolan:vlc_media_player:1.0.5:*:*:*:*:*:*:*",
"matchCriteriaId": "CEAD1ED9-4FA1-47D9-87A0-9D6B4C6771DE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:videolan:vlc_media_player:1.0.6:*:*:*:*:*:*:*",
"matchCriteriaId": "B8E2A762-C13C-4BDD-AD86-7A52609D693D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:videolan:vlc_media_player:1.1.0:*:*:*:*:*:*:*",
"matchCriteriaId": "0042DAC1-A91B-40A6-A379-9C345CF13E4B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:videolan:vlc_media_player:1.1.1:*:*:*:*:*:*:*",
"matchCriteriaId": "8D13741F-8A82-44F6-8D73-98451A180529",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:videolan:vlc_media_player:1.1.2:*:*:*:*:*:*:*",
"matchCriteriaId": "E52C6189-71F1-4A3A-BC08-94087AE1FCE6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:videolan:vlc_media_player:1.1.3:*:*:*:*:*:*:*",
"matchCriteriaId": "591C6696-07C0-463A-B986-AD4FA6985AC1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:videolan:vlc_media_player:1.1.4:*:*:*:*:*:*:*",
"matchCriteriaId": "8342E310-43DE-46C0-85D9-E1D1F9F554E8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:videolan:vlc_media_player:1.1.5:*:*:*:*:*:*:*",
"matchCriteriaId": "E74E71F3-984E-4CF3-900A-F80E7103D3C5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:videolan:vlc_media_player:1.1.6:*:*:*:*:*:*:*",
"matchCriteriaId": "B8596527-4778-4CCD-ABBB-90CA434D91E1",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "demux/mkv/mkv.hpp in the MKV demuxer plugin in VideoLAN VLC media player 1.1.6.1 and earlier allows remote attackers to cause a denial of service (crash) and execute arbitrary commands via a crafted MKV (WebM or Matroska) file that triggers memory corruption, related to \"class mismatching\" and the MKV_IS_ID macro."
},
{
"lang": "es",
"value": "demux/mkv/mkv.hpp en el plugin MKV demuxer en VideoLAN VLC Media Player v1.1.6.1 y anteriores permite a atacantes remotos causar una denegaci\u00f3n de servicio (ca\u00edda) y ejecutar comandos arbitrarios a trav\u00e9s de un archivo MKV (Matroska o WebM) manipulado que realiza una corrupci\u00f3n de memoria, relacionado con \"class mismatching\" y la macro MKV_IS_ID."
}
],
"id": "CVE-2011-0531",
"lastModified": "2024-11-21T01:24:13.843",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "COMPLETE",
"baseScore": 9.3,
"confidentialityImpact": "COMPLETE",
"integrityImpact": "COMPLETE",
"vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 10.0,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
]
},
"published": "2011-02-07T21:00:16.697",
"references": [
{
"source": "secalert@redhat.com",
"url": "http://git.videolan.org/?p=vlc.git%3Ba=commit%3Bh=59491dcedffbf97612d2c572943b56ee4289dd07"
},
{
"source": "secalert@redhat.com",
"url": "http://osvdb.org/70698"
},
{
"source": "secalert@redhat.com",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/43131"
},
{
"source": "secalert@redhat.com",
"url": "http://secunia.com/advisories/43242"
},
{
"source": "secalert@redhat.com",
"url": "http://www.debian.org/security/2011/dsa-2159"
},
{
"source": "secalert@redhat.com",
"tags": [
"Patch"
],
"url": "http://www.openwall.com/lists/oss-security/2011/01/31/4"
},
{
"source": "secalert@redhat.com",
"tags": [
"Patch"
],
"url": "http://www.openwall.com/lists/oss-security/2011/01/31/8"
},
{
"source": "secalert@redhat.com",
"url": "http://www.securityfocus.com/bid/46060"
},
{
"source": "secalert@redhat.com",
"url": "http://www.securitytracker.com/id?1025018"
},
{
"source": "secalert@redhat.com",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://www.videolan.org/security/sa1102.html"
},
{
"source": "secalert@redhat.com",
"url": "http://www.vupen.com/english/advisories/2011/0363"
},
{
"source": "secalert@redhat.com",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/65045"
},
{
"source": "secalert@redhat.com",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A12415"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://git.videolan.org/?p=vlc.git%3Ba=commit%3Bh=59491dcedffbf97612d2c572943b56ee4289dd07"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://osvdb.org/70698"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/43131"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://secunia.com/advisories/43242"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.debian.org/security/2011/dsa-2159"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch"
],
"url": "http://www.openwall.com/lists/oss-security/2011/01/31/4"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch"
],
"url": "http://www.openwall.com/lists/oss-security/2011/01/31/8"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/bid/46060"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securitytracker.com/id?1025018"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://www.videolan.org/security/sa1102.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.vupen.com/english/advisories/2011/0363"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/65045"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A12415"
}
],
"sourceIdentifier": "secalert@redhat.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-20"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2008-01-16 22:00
Modified
2024-11-21 00:41
Severity ?
Summary
Heap-based buffer overflow in modules/access/rtsp/real_sdpplin.c in the Xine library, as used in VideoLAN VLC Media Player 0.8.6d and earlier, allows user-assisted remote attackers to cause a denial of service (crash) or execute arbitrary code via long Session Description Protocol (SDP) data.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| videolan | vlc_media_player | * |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:videolan:vlc_media_player:*:*:*:*:*:*:*:*",
"matchCriteriaId": "A14F15BC-28B2-4DCF-86CC-8213DD66402C",
"versionEndIncluding": "0.8.6d",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Heap-based buffer overflow in modules/access/rtsp/real_sdpplin.c in the Xine library, as used in VideoLAN VLC Media Player 0.8.6d and earlier, allows user-assisted remote attackers to cause a denial of service (crash) or execute arbitrary code via long Session Description Protocol (SDP) data."
},
{
"lang": "es",
"value": "Desbordamiento de b\u00fafer basado en mont\u00edculo en modules/access/rtsp/real_sdpplin.c de la biblioteca Xine, tal y como se usa en VideoLAN VLC Media Player 0.8.6d y versiones anteriores, permite a atacantes remotos con la complicidad del usuario provocar una denegaci\u00f3n de servicio (ca\u00edda) \u00f3 ejecutar c\u00f3digo de su elecci\u00f3n mediante datos largos de Protocolo de Descripci\u00f3n de Sesi\u00f3n (SDP)."
}
],
"id": "CVE-2008-0295",
"lastModified": "2024-11-21T00:41:36.623",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"availabilityImpact": "COMPLETE",
"baseScore": 8.5,
"confidentialityImpact": "COMPLETE",
"integrityImpact": "COMPLETE",
"vectorString": "AV:N/AC:M/Au:S/C:C/I:C/A:C",
"version": "2.0"
},
"exploitabilityScore": 6.8,
"impactScore": 10.0,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2008-01-16T22:00:00.000",
"references": [
{
"source": "cve@mitre.org",
"url": "http://aluigi.altervista.org/adv/vlcxhof-adv.txt"
},
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/28383"
},
{
"source": "cve@mitre.org",
"url": "http://secunia.com/advisories/29284"
},
{
"source": "cve@mitre.org",
"url": "http://secunia.com/advisories/29766"
},
{
"source": "cve@mitre.org",
"url": "http://www.debian.org/security/2008/dsa-1543"
},
{
"source": "cve@mitre.org",
"url": "http://www.gentoo.org/security/en/glsa/glsa-200803-13.xml"
},
{
"source": "cve@mitre.org",
"url": "http://www.securityfocus.com/bid/27221"
},
{
"source": "cve@mitre.org",
"url": "http://www.vupen.com/english/advisories/2008/0105"
},
{
"source": "cve@mitre.org",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A14776"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://aluigi.altervista.org/adv/vlcxhof-adv.txt"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/28383"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://secunia.com/advisories/29284"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://secunia.com/advisories/29766"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.debian.org/security/2008/dsa-1543"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.gentoo.org/security/en/glsa/glsa-200803-13.xml"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/bid/27221"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.vupen.com/english/advisories/2008/0105"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A14776"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-119"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2015-08-25 17:59
Modified
2024-11-21 02:34
Severity ?
Summary
VideoLAN VLC media player 2.2.1 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a crafted 3GP file, which triggers the freeing of arbitrary pointers.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| videolan | vlc_media_player | * |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:videolan:vlc_media_player:*:*:*:*:*:*:*:*",
"matchCriteriaId": "DFA6D412-CB6A-470A-90DA-273D32F40259",
"versionEndIncluding": "2.2.1",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "VideoLAN VLC media player 2.2.1 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a crafted 3GP file, which triggers the freeing of arbitrary pointers."
},
{
"lang": "es",
"value": "Vulnerabilidad en VideoLAN VLC media player 2.2.1, permite a atacantes remotos causar una denegaci\u00f3n de servicio (ca\u00edda) y posiblemente ejecutar c\u00f3digo arbitrario a trav\u00e9s de un archivo 3GP manipulado, lo que hace que se desencadene la liberaci\u00f3n de punteros arbitrarios."
}
],
"id": "CVE-2015-5949",
"lastModified": "2024-11-21T02:34:11.637",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 6.8,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
]
},
"published": "2015-08-25T17:59:05.133",
"references": [
{
"source": "cve@mitre.org",
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-02/msg00040.html"
},
{
"source": "cve@mitre.org",
"url": "http://packetstormsecurity.com/files/133266/VLC-2.2.1-Arbitrary-Pointer-Dereference.html"
},
{
"source": "cve@mitre.org",
"url": "http://www.debian.org/security/2015/dsa-3342"
},
{
"source": "cve@mitre.org",
"url": "http://www.openwall.com/lists/oss-security/2015/08/20/3"
},
{
"source": "cve@mitre.org",
"url": "http://www.openwall.com/lists/oss-security/2015/08/20/8"
},
{
"source": "cve@mitre.org",
"url": "http://www.securityfocus.com/archive/1/536287/100/0/threaded"
},
{
"source": "cve@mitre.org",
"url": "https://git.videolan.org/?p=vlc/vlc-2.2.git%3Ba=commitdiff%3Bh=ce91452460a75d7424b165c4dc8db98114c3cbd9%3Bhp=9e12195d3e4316278af1fa4bcb6a705ff27456fd"
},
{
"source": "cve@mitre.org",
"url": "https://security.gentoo.org/glsa/201603-08"
},
{
"source": "cve@mitre.org",
"tags": [
"US Government Resource"
],
"url": "https://www.ocert.org/advisories/ocert-2015-009.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-02/msg00040.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://packetstormsecurity.com/files/133266/VLC-2.2.1-Arbitrary-Pointer-Dereference.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.debian.org/security/2015/dsa-3342"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.openwall.com/lists/oss-security/2015/08/20/3"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.openwall.com/lists/oss-security/2015/08/20/8"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/archive/1/536287/100/0/threaded"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://git.videolan.org/?p=vlc/vlc-2.2.git%3Ba=commitdiff%3Bh=ce91452460a75d7424b165c4dc8db98114c3cbd9%3Bhp=9e12195d3e4316278af1fa4bcb6a705ff27456fd"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://security.gentoo.org/glsa/201603-08"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"US Government Resource"
],
"url": "https://www.ocert.org/advisories/ocert-2015-009.html"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-119"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2010-08-26 18:36
Modified
2024-11-21 01:18
Severity ?
Summary
Untrusted search path vulnerability in bin/winvlc.c in VLC Media Player 1.1.3 and earlier allows local users, and possibly remote attackers, to execute arbitrary code and conduct DLL hijacking attacks via a Trojan horse wintab32.dll that is located in the same folder as a .mp3 file.
References
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:videolan:vlc_media_player:*:*:*:*:*:*:*:*",
"matchCriteriaId": "5B56F960-8A00-4DC1-9F0E-1C1211A1F8DB",
"versionEndIncluding": "1.1.3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:videolan:vlc_media_player:0.1.99b:*:*:*:*:*:*:*",
"matchCriteriaId": "10A23C59-433E-467A-9FDD-7D18CC1AC0AB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:videolan:vlc_media_player:0.1.99e:*:*:*:*:*:*:*",
"matchCriteriaId": "35E2E373-13F6-405D-8866-ECADE118C2F3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:videolan:vlc_media_player:0.1.99f:*:*:*:*:*:*:*",
"matchCriteriaId": "7B9447EA-6F39-4B10-A0E1-C094CF3E1BB3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:videolan:vlc_media_player:0.1.99g:*:*:*:*:*:*:*",
"matchCriteriaId": "D9D2A6B8-B75C-42B5-962F-28DB013D65E3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:videolan:vlc_media_player:0.1.99h:*:*:*:*:*:*:*",
"matchCriteriaId": "9BA4C098-F2B1-496E-B872-90774C7D105C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:videolan:vlc_media_player:0.1.99i:*:*:*:*:*:*:*",
"matchCriteriaId": "E9C2006D-FA5A-4002-B81B-54FC35B46DB0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:videolan:vlc_media_player:0.2.0:*:*:*:*:*:*:*",
"matchCriteriaId": "AC8DE917-7328-4D01-9736-0567963F4D17",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:videolan:vlc_media_player:0.2.60:*:*:*:*:*:*:*",
"matchCriteriaId": "8197F279-8411-4E9A-9840-BCC625D636C1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:videolan:vlc_media_player:0.2.61:*:*:*:*:*:*:*",
"matchCriteriaId": "3F7AF897-3B0C-4CA0-86C7-93C9AA26CD0B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:videolan:vlc_media_player:0.2.62:*:*:*:*:*:*:*",
"matchCriteriaId": "A7B2C78E-8399-404C-97E5-CDAB93587757",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:videolan:vlc_media_player:0.2.63:*:*:*:*:*:*:*",
"matchCriteriaId": "D1D6BE69-725A-4CE1-BD42-D3FA10126BF3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:videolan:vlc_media_player:0.2.70:*:*:*:*:*:*:*",
"matchCriteriaId": "7CC1414B-3733-4B29-AC06-E6788E29C7ED",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:videolan:vlc_media_player:0.2.71:*:*:*:*:*:*:*",
"matchCriteriaId": "DBDEEC2D-8ACD-4C6B-944A-F0952498E511",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:videolan:vlc_media_player:0.2.72:*:*:*:*:*:*:*",
"matchCriteriaId": "3DC59E17-D647-4F91-B9B7-D9949921DFC9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:videolan:vlc_media_player:0.2.73:*:*:*:*:*:*:*",
"matchCriteriaId": "BDC4F928-FD5D-4C11-BF39-B068A5630DF6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:videolan:vlc_media_player:0.2.80:*:*:*:*:*:*:*",
"matchCriteriaId": "398EC30A-ABC6-4474-9516-63769F71E8A7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:videolan:vlc_media_player:0.2.81:*:*:*:*:*:*:*",
"matchCriteriaId": "86EB8260-DCAA-4261-BFF7-8FE3628CE13E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:videolan:vlc_media_player:0.2.82:*:*:*:*:*:*:*",
"matchCriteriaId": "F37BDFCB-3171-44A6-8F0A-0FCCCA876801",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:videolan:vlc_media_player:0.2.83:*:*:*:*:*:*:*",
"matchCriteriaId": "7A26CC61-7D20-4F99-A774-C5FF4AD1F249",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:videolan:vlc_media_player:0.2.90:*:*:*:*:*:*:*",
"matchCriteriaId": "069BA9C0-7B3F-4B6D-B433-2D618F826438",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:videolan:vlc_media_player:0.2.91:*:*:*:*:*:*:*",
"matchCriteriaId": "0B04A969-0645-41D4-AEA4-9AC47725F593",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:videolan:vlc_media_player:0.2.92:*:*:*:*:*:*:*",
"matchCriteriaId": "984C1ABC-B155-417A-AA0E-78B13A263650",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:videolan:vlc_media_player:0.3.0:*:*:*:*:*:*:*",
"matchCriteriaId": "3913F6C0-22E2-4FFC-AFF6-417F286C36F5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:videolan:vlc_media_player:0.3.1:*:*:*:*:*:*:*",
"matchCriteriaId": "205B275E-1E9E-4558-BD8B-1B3E3B349886",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:videolan:vlc_media_player:0.4.0:*:*:*:*:*:*:*",
"matchCriteriaId": "DA909414-DA30-4DAD-A342-3588B0840251",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:videolan:vlc_media_player:0.4.1:*:*:*:*:*:*:*",
"matchCriteriaId": "028CDDD1-BFB7-438F-811D-7549713F45E3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:videolan:vlc_media_player:0.4.2:*:*:*:*:*:*:*",
"matchCriteriaId": "97B959F2-501C-4365-88CD-8231BF36297E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:videolan:vlc_media_player:0.4.3:*:*:*:*:*:*:*",
"matchCriteriaId": "3F5C7D12-3521-4398-AB5C-CBFB6A500DEE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:videolan:vlc_media_player:0.4.4:*:*:*:*:*:*:*",
"matchCriteriaId": "DEFD6C6D-05FC-437E-92B7-848C9112FD42",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:videolan:vlc_media_player:0.4.5:*:*:*:*:*:*:*",
"matchCriteriaId": "C9C45418-8946-4DFE-8D78-CBE3432600BF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:videolan:vlc_media_player:0.4.6:*:*:*:*:*:*:*",
"matchCriteriaId": "3C5F3996-3AE2-4690-84A5-F258BC07596E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:videolan:vlc_media_player:0.5.0:*:*:*:*:*:*:*",
"matchCriteriaId": "12602EC1-07DE-4A40-9897-E7E6A23D4B42",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:videolan:vlc_media_player:0.5.1:*:*:*:*:*:*:*",
"matchCriteriaId": "6726FF43-2330-444C-86F0-FB774F8470C8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:videolan:vlc_media_player:0.5.2:*:*:*:*:*:*:*",
"matchCriteriaId": "90D485D0-BBF8-4A0F-91A1-52835EF876A1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:videolan:vlc_media_player:0.5.3:*:*:*:*:*:*:*",
"matchCriteriaId": "DC23A94C-3611-41BA-9043-22C477B8020B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:videolan:vlc_media_player:0.6.0:*:*:*:*:*:*:*",
"matchCriteriaId": "01118457-9068-48F7-B2A4-BABB354E1449",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:videolan:vlc_media_player:0.6.1:*:*:*:*:*:*:*",
"matchCriteriaId": "EB851F73-D444-4316-9AA0-4556068ADED2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:videolan:vlc_media_player:0.6.2:*:*:*:*:*:*:*",
"matchCriteriaId": "6221A983-B4AC-4646-A939-FAA021EE7F20",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:videolan:vlc_media_player:0.7.0:*:*:*:*:*:*:*",
"matchCriteriaId": "F1707178-C378-4098-8C97-CBFB5DD8B4ED",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:videolan:vlc_media_player:0.7.2:*:*:*:*:*:*:*",
"matchCriteriaId": "46904EED-974A-4900-B676-DE298CB3ADE1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:videolan:vlc_media_player:0.8.0:*:*:*:*:*:*:*",
"matchCriteriaId": "4384C436-12AF-4051-B074-893BE6B4C7F2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:videolan:vlc_media_player:0.8.1:*:*:*:*:*:*:*",
"matchCriteriaId": "7EC2CEE6-A2E1-437A-947F-608EB7987758",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:videolan:vlc_media_player:0.8.2:*:*:*:*:*:*:*",
"matchCriteriaId": "C30A98A2-675A-4913-A425-2B9F8F06CEA8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:videolan:vlc_media_player:0.8.4:*:*:*:*:*:*:*",
"matchCriteriaId": "C6A360E5-501E-4A97-94A0-620FC5B2627A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:videolan:vlc_media_player:0.8.5:*:*:*:*:*:*:*",
"matchCriteriaId": "D2845107-7D0C-4F72-AF0C-0E059E923826",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:videolan:vlc_media_player:0.8.6:*:*:*:*:*:*:*",
"matchCriteriaId": "18B68706-5A1F-479F-8A38-F93D98481F9C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:videolan:vlc_media_player:0.9.2:*:*:*:*:*:*:*",
"matchCriteriaId": "B3B32073-DBD5-4344-8498-A132B99807A8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:videolan:vlc_media_player:0.9.3:*:*:*:*:*:*:*",
"matchCriteriaId": "5330E5C4-BF18-498A-9AE2-1C57E2494AAF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:videolan:vlc_media_player:0.9.4:*:*:*:*:*:*:*",
"matchCriteriaId": "86D31A16-94EE-45D6-8C54-4F27D466A29E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:videolan:vlc_media_player:0.9.5:*:*:*:*:*:*:*",
"matchCriteriaId": "117C896C-1C61-440E-B0F4-A871828CD095",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:videolan:vlc_media_player:0.9.6:*:*:*:*:*:*:*",
"matchCriteriaId": "53C17E1A-2E3A-4765-92DE-55CFEE5E4CB0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:videolan:vlc_media_player:0.9.8a:*:*:*:*:*:*:*",
"matchCriteriaId": "A218DA63-4334-4C9F-BB47-44CC00630613",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:videolan:vlc_media_player:0.9.9:*:*:*:*:*:*:*",
"matchCriteriaId": "3CD809FD-E893-4921-83CE-D34008670F8F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:videolan:vlc_media_player:0.9.10:*:*:*:*:*:*:*",
"matchCriteriaId": "8F60ACBF-E7C6-4184-9B91-8ED3840A7BEA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:videolan:vlc_media_player:1.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "D1925D17-564A-4D8C-87FB-D3C731FA0612",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:videolan:vlc_media_player:1.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "70BD6170-AD0D-4E95-8998-8B5CE8F0E3AF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:videolan:vlc_media_player:1.0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "9B06DCD7-56C5-4B25-936E-07D766109FB8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:videolan:vlc_media_player:1.0.3:*:*:*:*:*:*:*",
"matchCriteriaId": "29AD31C5-B119-44EF-8627-2C480860BAD2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:videolan:vlc_media_player:1.0.4:*:*:*:*:*:*:*",
"matchCriteriaId": "692C36B2-2A55-44EA-B80E-D7EDE384BA7D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:videolan:vlc_media_player:1.0.5:*:*:*:*:*:*:*",
"matchCriteriaId": "CEAD1ED9-4FA1-47D9-87A0-9D6B4C6771DE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:videolan:vlc_media_player:1.0.6:*:*:*:*:*:*:*",
"matchCriteriaId": "B8E2A762-C13C-4BDD-AD86-7A52609D693D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:videolan:vlc_media_player:1.1.0:*:*:*:*:*:*:*",
"matchCriteriaId": "0042DAC1-A91B-40A6-A379-9C345CF13E4B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:videolan:vlc_media_player:1.1.1:*:*:*:*:*:*:*",
"matchCriteriaId": "8D13741F-8A82-44F6-8D73-98451A180529",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:videolan:vlc_media_player:1.1.2:*:*:*:*:*:*:*",
"matchCriteriaId": "E52C6189-71F1-4A3A-BC08-94087AE1FCE6",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Untrusted search path vulnerability in bin/winvlc.c in VLC Media Player 1.1.3 and earlier allows local users, and possibly remote attackers, to execute arbitrary code and conduct DLL hijacking attacks via a Trojan horse wintab32.dll that is located in the same folder as a .mp3 file."
},
{
"lang": "es",
"value": "Vulnerabilidad de ruta de b\u00fasqueda no confiable en bin/winvlc.c de VLC Media Player v1.1.3 y anteriores permite a usuarios locales, y puede que atacantes remotos, ejecutar c\u00f3digo de su elecci\u00f3n y producir un ataque de secuestro de DLL, a trav\u00e9s de un troyano wintab32.dll que est\u00e1 ubicado en la misma carpeta que un fichero .mp3."
}
],
"evaluatorComment": "Per: http://cwe.mitre.org/data/definitions/426.html\r\n\r\n\u0027CWE-426: Untrusted Search Path\u0027",
"id": "CVE-2010-3124",
"lastModified": "2024-11-21T01:18:05.133",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "COMPLETE",
"baseScore": 9.3,
"confidentialityImpact": "COMPLETE",
"integrityImpact": "COMPLETE",
"vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 10.0,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
]
},
"published": "2010-08-26T18:36:35.530",
"references": [
{
"source": "cve@mitre.org",
"url": "http://git.videolan.org/?p=vlc/vlc-1.1.git%3Ba=blobdiff%3Bf=bin/winvlc.c%3Bh=ac9b97ca9f5f9ba001f13bf61eb5127a1c1dbcbf%3Bhp=2d09cba320e3b0def7069ce1ebab25d1340161c5%3Bhb=43a31df56c37bd62c691cdbe3c1f11babd164b56%3Bhpb=2d366da738b19f8d761d7084746c6db6f52808c6"
},
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/41107"
},
{
"source": "cve@mitre.org",
"tags": [
"Exploit"
],
"url": "http://www.exploit-db.com/exploits/14750"
},
{
"source": "cve@mitre.org",
"url": "http://www.openwall.com/lists/oss-security/2010/08/25/10"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch"
],
"url": "http://www.openwall.com/lists/oss-security/2010/08/25/9"
},
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "http://www.vupen.com/english/advisories/2010/2172"
},
{
"source": "cve@mitre.org",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A12190"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://git.videolan.org/?p=vlc/vlc-1.1.git%3Ba=blobdiff%3Bf=bin/winvlc.c%3Bh=ac9b97ca9f5f9ba001f13bf61eb5127a1c1dbcbf%3Bhp=2d09cba320e3b0def7069ce1ebab25d1340161c5%3Bhb=43a31df56c37bd62c691cdbe3c1f11babd164b56%3Bhpb=2d366da738b19f8d761d7084746c6db6f52808c6"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/41107"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit"
],
"url": "http://www.exploit-db.com/exploits/14750"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.openwall.com/lists/oss-security/2010/08/25/10"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch"
],
"url": "http://www.openwall.com/lists/oss-security/2010/08/25/9"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://www.vupen.com/english/advisories/2010/2172"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A12190"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-Other"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2019-08-29 18:15
Modified
2024-11-21 04:26
Severity ?
Summary
A divide-by-zero error exists in the Control function of demux/caf.c in VideoLAN VLC media player 3.0.7.1. As a result, an FPE can be triggered via a crafted CAF file.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| videolan | vlc_media_player | 3.0.7.1 | |
| debian | debian_linux | 9.0 | |
| debian | debian_linux | 10.0 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:videolan:vlc_media_player:3.0.7.1:*:*:*:*:*:*:*",
"matchCriteriaId": "E70E115F-4E34-4944-BFB6-F523B54FC328",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*",
"matchCriteriaId": "DEECE5FC-CACF-4496-A3E7-164736409252",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:debian:debian_linux:10.0:*:*:*:*:*:*:*",
"matchCriteriaId": "07B237A9-69A3-4A9C-9DA0-4E06BD37AE73",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "A divide-by-zero error exists in the Control function of demux/caf.c in VideoLAN VLC media player 3.0.7.1. As a result, an FPE can be triggered via a crafted CAF file."
},
{
"lang": "es",
"value": "Existe un error de divisi\u00f3n por cero en la funci\u00f3n Control del archivo demux/caf.c en VideoLAN VLC media player versi\u00f3n 3.0.7.1. Como resultado, puede ser activado un FPE por medio de un archivo CAF dise\u00f1ado."
}
],
"id": "CVE-2019-14498",
"lastModified": "2024-11-21T04:26:52.050",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 6.8,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.0"
},
"exploitabilityScore": 1.8,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2019-08-29T18:15:12.280",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Patch",
"Third Party Advisory"
],
"url": "http://git.videolan.org/?p=vlc.git\u0026a=search\u0026h=refs/heads/master\u0026st=commit\u0026s=cve-2019"
},
{
"source": "cve@mitre.org",
"url": "http://lists.opensuse.org/opensuse-security-announce/2020-04/msg00036.html"
},
{
"source": "cve@mitre.org",
"url": "http://lists.opensuse.org/opensuse-security-announce/2020-04/msg00046.html"
},
{
"source": "cve@mitre.org",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "https://seclists.org/bugtraq/2019/Aug/36"
},
{
"source": "cve@mitre.org",
"url": "https://security.gentoo.org/glsa/201909-02"
},
{
"source": "cve@mitre.org",
"url": "https://usn.ubuntu.com/4131-1/"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
],
"url": "https://www.debian.org/security/2019/dsa-4504"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "https://www.videolan.org/security/sb-vlc308.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Third Party Advisory"
],
"url": "http://git.videolan.org/?p=vlc.git\u0026a=search\u0026h=refs/heads/master\u0026st=commit\u0026s=cve-2019"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://lists.opensuse.org/opensuse-security-announce/2020-04/msg00036.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://lists.opensuse.org/opensuse-security-announce/2020-04/msg00046.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "https://seclists.org/bugtraq/2019/Aug/36"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://security.gentoo.org/glsa/201909-02"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://usn.ubuntu.com/4131-1/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://www.debian.org/security/2019/dsa-4504"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "https://www.videolan.org/security/sb-vlc308.html"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-369"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2020-01-24 22:15
Modified
2024-11-21 02:21
Severity ?
Summary
Integer underflow in the MP4_ReadBox_String function in modules/demux/mp4/libmp4.c in VideoLAN VLC media player before 2.1.6 allows remote attackers to cause a denial of service or possibly have unspecified other impact via a box size less than 7.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| cve@mitre.org | http://openwall.com/lists/oss-security/2015/01/20/5 | Mailing List, Patch, Third Party Advisory | |
| cve@mitre.org | https://github.com/videolan/vlc/commit/2e7c7091a61aa5d07e7997b393d821e91f593c39 | Patch, Third Party Advisory | |
| cve@mitre.org | https://www.videolan.org/security/sa1501.html | Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://openwall.com/lists/oss-security/2015/01/20/5 | Mailing List, Patch, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://github.com/videolan/vlc/commit/2e7c7091a61aa5d07e7997b393d821e91f593c39 | Patch, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://www.videolan.org/security/sa1501.html | Vendor Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| videolan | vlc_media_player | * |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:videolan:vlc_media_player:*:*:*:*:*:*:*:*",
"matchCriteriaId": "6E9B8F06-93FB-4A2B-B550-A30BD8F1C5D6",
"versionEndExcluding": "2.1.6",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Integer underflow in the MP4_ReadBox_String function in modules/demux/mp4/libmp4.c in VideoLAN VLC media player before 2.1.6 allows remote attackers to cause a denial of service or possibly have unspecified other impact via a box size less than 7."
},
{
"lang": "es",
"value": "Un desbordamiento de enteros en la funci\u00f3n MP4_ReadBox_String en el archivo modules/demux/mp4/libmp4.c en el reproductor multimedia VLC de VideoLAN versiones anteriores a 2.1.6, permite a atacantes remotos causar una denegaci\u00f3n de servicio o posiblemente tener otro impacto no especificado por medio de un tama\u00f1o de caja menor a 7."
}
],
"id": "CVE-2014-9626",
"lastModified": "2024-11-21T02:21:16.777",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 6.8,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 1.8,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2020-01-24T22:15:12.393",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Mailing List",
"Patch",
"Third Party Advisory"
],
"url": "http://openwall.com/lists/oss-security/2015/01/20/5"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch",
"Third Party Advisory"
],
"url": "https://github.com/videolan/vlc/commit/2e7c7091a61aa5d07e7997b393d821e91f593c39"
},
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "https://www.videolan.org/security/sa1501.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Mailing List",
"Patch",
"Third Party Advisory"
],
"url": "http://openwall.com/lists/oss-security/2015/01/20/5"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Third Party Advisory"
],
"url": "https://github.com/videolan/vlc/commit/2e7c7091a61aa5d07e7997b393d821e91f593c39"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://www.videolan.org/security/sa1501.html"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-191"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2017-05-23 21:29
Modified
2024-11-21 03:33
Severity ?
Summary
Heap out-of-bound read in ParseJSS in VideoLAN VLC due to missing check of string length allows attackers to read heap uninitialized data via a crafted subtitles file.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| videolan | vlc_media_player | * | |
| debian | debian_linux | 8.0 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:videolan:vlc_media_player:*:*:*:*:*:*:*:*",
"matchCriteriaId": "2B2A32BA-56BB-429E-BD82-53DE10720894",
"versionEndExcluding": "2.2.6",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*",
"matchCriteriaId": "C11E6FB0-C8C0-4527-9AA0-CB9B316F8F43",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Heap out-of-bound read in ParseJSS in VideoLAN VLC due to missing check of string length allows attackers to read heap uninitialized data via a crafted subtitles file."
},
{
"lang": "es",
"value": "Una lectura fuera del l\u00edmite de la pila en ParseJSS en VideoLAN VLC debido a la falta de comprobaci\u00f3n de longitud de la cadena permite a los atacantes leer datos no inicializados de la pila por medio de un archivo de subt\u00edtulos creado."
}
],
"id": "CVE-2017-8312",
"lastModified": "2024-11-21T03:33:45.133",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:M/Au:N/C:P/I:N/A:N",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "NONE",
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N",
"version": "3.0"
},
"exploitabilityScore": 1.8,
"impactScore": 3.6,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2017-05-23T21:29:00.257",
"references": [
{
"source": "cve@checkpoint.com",
"url": "http://git.videolan.org/?p=vlc.git%3Ba=blobdiff%3Bf=modules/demux/subtitle.c%3Bh=5e4fcdb7f25b2819f5441156c7c0ea2a7d112ca3%3Bhp=2a75fbfb7c3f56b24b2e4498bbb8fe0aa2575974%3Bhb=611398fc8d32f3fe4331f60b220c52ba3557beaa%3Bhpb=075bc7169b05b004fa0250e4a4ce5516b05487a9"
},
{
"source": "cve@checkpoint.com",
"tags": [
"Third Party Advisory"
],
"url": "http://www.debian.org/security/2017/dsa-3899"
},
{
"source": "cve@checkpoint.com",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securityfocus.com/bid/98631"
},
{
"source": "cve@checkpoint.com",
"tags": [
"Third Party Advisory"
],
"url": "https://security.gentoo.org/glsa/201707-10"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://git.videolan.org/?p=vlc.git%3Ba=blobdiff%3Bf=modules/demux/subtitle.c%3Bh=5e4fcdb7f25b2819f5441156c7c0ea2a7d112ca3%3Bhp=2a75fbfb7c3f56b24b2e4498bbb8fe0aa2575974%3Bhb=611398fc8d32f3fe4331f60b220c52ba3557beaa%3Bhpb=075bc7169b05b004fa0250e4a4ce5516b05487a9"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "http://www.debian.org/security/2017/dsa-3899"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securityfocus.com/bid/98631"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://security.gentoo.org/glsa/201707-10"
}
],
"sourceIdentifier": "cve@checkpoint.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-125"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2013-07-10 19:55
Modified
2024-11-21 01:45
Severity ?
Summary
The SHAddToRecentDocs function in VideoLAN VLC media player 2.0.4 and earlier might allow user-assisted attackers to cause a denial of service (crash) via a crafted file name that triggers an incorrect string-length calculation when the file is added to VLC. NOTE: it is not clear whether this issue crosses privilege boundaries or whether it can be exploited without user interaction.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| videolan | vlc_media_player | * | |
| videolan | vlc_media_player | 2.0.0 | |
| videolan | vlc_media_player | 2.0.1 | |
| videolan | vlc_media_player | 2.0.2 | |
| videolan | vlc_media_player | 2.0.3 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:videolan:vlc_media_player:*:*:*:*:*:*:*:*",
"matchCriteriaId": "E5C76C9C-1161-49AA-8108-167DC868473D",
"versionEndIncluding": "2.0.4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:videolan:vlc_media_player:2.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "1928547F-4689-43CD-9C66-7097AE360669",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:videolan:vlc_media_player:2.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "A3FD4FB1-A4E7-4712-B864-0F85D957E81D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:videolan:vlc_media_player:2.0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "2A6AE8D3-46C9-441B-886C-63D9A28DB918",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:videolan:vlc_media_player:2.0.3:*:*:*:*:*:*:*",
"matchCriteriaId": "99D5CFF3-0643-4AFD-B5D9-7C7C3B18C29B",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "The SHAddToRecentDocs function in VideoLAN VLC media player 2.0.4 and earlier might allow user-assisted attackers to cause a denial of service (crash) via a crafted file name that triggers an incorrect string-length calculation when the file is added to VLC. NOTE: it is not clear whether this issue crosses privilege boundaries or whether it can be exploited without user interaction."
},
{
"lang": "es",
"value": "La funci\u00f3n SHAddToRecentDocs en VideoLAN VLC media player v2.0.4 y versiones anteriores podr\u00eda permitir a los atacantes asistidos por el usuario provocar una denegaci\u00f3n de servicio (ca\u00edda) a trav\u00e9s de un nombre de archivo especialmente dise\u00f1ado que genera una calculo de longitud de cadena incorrecto cuando se agrega el archivo a VLC. NOTA: no est\u00e1 claro si este problema puede saltarse los l\u00edmites de privilegio o si puede ser explotado sin la interacci\u00f3n del usuario."
}
],
"id": "CVE-2012-5855",
"lastModified": "2024-11-21T01:45:22.520",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 4.3,
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:M/Au:N/C:N/I:N/A:P",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
]
},
"published": "2013-07-10T19:55:01.347",
"references": [
{
"source": "cve@mitre.org",
"url": "http://marc.info/?l=oss-security\u0026m=135274330022215\u0026w=2"
},
{
"source": "cve@mitre.org",
"tags": [
"Exploit"
],
"url": "http://www.securityfocus.com/archive/1/524626"
},
{
"source": "cve@mitre.org",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A16781"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://marc.info/?l=oss-security\u0026m=135274330022215\u0026w=2"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit"
],
"url": "http://www.securityfocus.com/archive/1/524626"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A16781"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-189"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2021-07-26 17:15
Modified
2024-11-21 05:55
Severity ?
Summary
A buffer overflow vulnerability in the __Parse_indx component of VideoLAN VLC Media Player 3.0.11 allows attackers to cause an out-of-bounds read via a crafted .avi file.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| videolan | vlc_media_player | 3.0.11 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:videolan:vlc_media_player:3.0.11:*:*:*:*:*:*:*",
"matchCriteriaId": "2E929B0B-DD5D-46E5-BD58-AD1229FA9307",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "A buffer overflow vulnerability in the __Parse_indx component of VideoLAN VLC Media Player 3.0.11 allows attackers to cause an out-of-bounds read via a crafted .avi file."
},
{
"lang": "es",
"value": "Una vulnerabilidad de desbordamiento de b\u00fafer en el componente __Parse_indx de VideoLAN VLC Media Player versi\u00f3n 3.0.11 permite a atacantes causar una lectura fuera de los l\u00edmites por medio de un archivo .avi dise\u00f1ado"
}
],
"id": "CVE-2021-25801",
"lastModified": "2024-11-21T05:55:27.180",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 5.8,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:M/Au:N/C:P/I:N/A:P",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 4.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.1,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:H",
"version": "3.1"
},
"exploitabilityScore": 1.8,
"impactScore": 5.2,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2021-07-26T17:15:07.777",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "https://code.videolan.org/videolan/vlc-3.0/-/commit/f5f8cc3ab8825f178de3f6714bfbff8b3f293fd2"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://code.videolan.org/videolan/vlc-3.0/-/commit/f5f8cc3ab8825f178de3f6714bfbff8b3f293fd2"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-125"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2008-12-03 17:30
Modified
2024-11-21 00:53
Severity ?
Summary
Integer overflow in the ReadRealIndex function in real.c in the Real demuxer plugin in VideoLAN VLC media player 0.9.0 through 0.9.7 allows remote attackers to execute arbitrary code via a malformed RealMedia (.rm) file that triggers a heap-based buffer overflow.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| videolan | vlc_media_player | 0.9.0 | |
| videolan | vlc_media_player | 0.9.1 | |
| videolan | vlc_media_player | 0.9.2 | |
| videolan | vlc_media_player | 0.9.3 | |
| videolan | vlc_media_player | 0.9.4 | |
| videolan | vlc_media_player | 0.9.5 | |
| videolan | vlc_media_player | 0.9.6 | |
| videolan | vlc_media_player | 0.9.7 | |
| videolan | vlc_media_player | 0.9.8 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:videolan:vlc_media_player:0.9.0:*:*:*:*:*:*:*",
"matchCriteriaId": "C13FF305-2547-4E85-9007-0A89F5E34BD4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:videolan:vlc_media_player:0.9.1:*:*:*:*:*:*:*",
"matchCriteriaId": "3E93836E-E9D1-4180-A589-43602647741C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:videolan:vlc_media_player:0.9.2:*:*:*:*:*:*:*",
"matchCriteriaId": "B3B32073-DBD5-4344-8498-A132B99807A8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:videolan:vlc_media_player:0.9.3:*:*:*:*:*:*:*",
"matchCriteriaId": "5330E5C4-BF18-498A-9AE2-1C57E2494AAF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:videolan:vlc_media_player:0.9.4:*:*:*:*:*:*:*",
"matchCriteriaId": "86D31A16-94EE-45D6-8C54-4F27D466A29E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:videolan:vlc_media_player:0.9.5:*:*:*:*:*:*:*",
"matchCriteriaId": "117C896C-1C61-440E-B0F4-A871828CD095",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:videolan:vlc_media_player:0.9.6:*:*:*:*:*:*:*",
"matchCriteriaId": "53C17E1A-2E3A-4765-92DE-55CFEE5E4CB0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:videolan:vlc_media_player:0.9.7:*:*:*:*:*:*:*",
"matchCriteriaId": "117878B7-E04F-400E-8E63-FFC5420978A8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:videolan:vlc_media_player:0.9.8:*:*:*:*:*:*:*",
"matchCriteriaId": "8815D85E-1556-40A8-9465-0200D720444B",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Integer overflow in the ReadRealIndex function in real.c in the Real demuxer plugin in VideoLAN VLC media player 0.9.0 through 0.9.7 allows remote attackers to execute arbitrary code via a malformed RealMedia (.rm) file that triggers a heap-based buffer overflow."
},
{
"lang": "es",
"value": "Desbordamiento de entero en la funci\u00f3n ReadRealIndex en el archivo real.c en el Real demuxer plugin en reproductor multimedia VideoLAN VLC desde la versi\u00f3n 0.9.0 hasta 0.9.7, permite a los atacante remotos ejecutar arbitrariamente c\u00f3digo a trav\u00e9s de ficheros RealMedia (.rm) mal formados que lanzan un desbordamiento de b\u00fafer basado en mont\u00edculo."
}
],
"id": "CVE-2008-5276",
"lastModified": "2024-11-21T00:53:42.697",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "COMPLETE",
"baseScore": 9.3,
"confidentialityImpact": "COMPLETE",
"integrityImpact": "COMPLETE",
"vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 10.0,
"obtainAllPrivilege": true,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
]
},
"published": "2008-12-03T17:30:00.417",
"references": [
{
"source": "cve@mitre.org",
"url": "http://git.videolan.org/?p=vlc.git%3Ba=commitdiff%3Bh=d19de4e9f2211cbe5bde00726b66c47a424f4e07"
},
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/32942"
},
{
"source": "cve@mitre.org",
"url": "http://secunia.com/advisories/33315"
},
{
"source": "cve@mitre.org",
"url": "http://security.gentoo.org/glsa/glsa-200812-24.xml"
},
{
"source": "cve@mitre.org",
"url": "http://securityreason.com/securityalert/4680"
},
{
"source": "cve@mitre.org",
"url": "http://www.osvdb.org/50333"
},
{
"source": "cve@mitre.org",
"url": "http://www.securityfocus.com/archive/1/498768/100/0/threaded"
},
{
"source": "cve@mitre.org",
"url": "http://www.securityfocus.com/bid/32545"
},
{
"source": "cve@mitre.org",
"tags": [
"Exploit"
],
"url": "http://www.trapkit.de/advisories/TKADV2008-013.txt"
},
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "http://www.videolan.org/security/sa0811.html"
},
{
"source": "cve@mitre.org",
"url": "http://www.vupen.com/english/advisories/2008/3287"
},
{
"source": "cve@mitre.org",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A14793"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://git.videolan.org/?p=vlc.git%3Ba=commitdiff%3Bh=d19de4e9f2211cbe5bde00726b66c47a424f4e07"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/32942"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://secunia.com/advisories/33315"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://security.gentoo.org/glsa/glsa-200812-24.xml"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://securityreason.com/securityalert/4680"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.osvdb.org/50333"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/archive/1/498768/100/0/threaded"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/bid/32545"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit"
],
"url": "http://www.trapkit.de/advisories/TKADV2008-013.txt"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://www.videolan.org/security/sa0811.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.vupen.com/english/advisories/2008/3287"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A14793"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-189"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2020-01-31 22:15
Modified
2024-11-21 01:53
Severity ?
Summary
Multiple cross-site scripting (XSS) vulnerabilities in the HTTP Interface in VideoLAN VLC Media Player before 2.0.7 allow remote attackers to inject arbitrary web script or HTML via the (1) command parameter to requests/vlm_cmd.xml, (2) dir parameter to requests/browse.xml, or (3) URI in a request, which is returned in an error message through share/lua/intf/http.lua.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| videolan | vlc_media_player | * | |
| opensuse | opensuse | 13.1 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:videolan:vlc_media_player:*:*:*:*:*:*:*:*",
"matchCriteriaId": "DC240283-0705-417E-80E1-3FB3E7407F3A",
"versionEndExcluding": "2.0.7",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:opensuse:opensuse:13.1:*:*:*:*:*:*:*",
"matchCriteriaId": "A10BC294-9196-425F-9FB0-B1625465B47F",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Multiple cross-site scripting (XSS) vulnerabilities in the HTTP Interface in VideoLAN VLC Media Player before 2.0.7 allow remote attackers to inject arbitrary web script or HTML via the (1) command parameter to requests/vlm_cmd.xml, (2) dir parameter to requests/browse.xml, or (3) URI in a request, which is returned in an error message through share/lua/intf/http.lua."
},
{
"lang": "es",
"value": "M\u00faltiples vulnerabilidades de tipo cross-site scripting (XSS) en la interfaz HTTP en VideoLAN VLC Media Player versiones anteriores a 2.0.7, permiten a atacantes remotos inyectar script web o HTML arbitrario por medio del (1) par\u00e1metro command en el archivo request/vlm_cmd.xml, (2) par\u00e1metro dir en el archivo request/browse.xml, o (3) URI en una petici\u00f3n, que es devuelta en un mensaje de error por medio del archivo share/lua/intf/http.lua."
}
],
"id": "CVE-2013-3565",
"lastModified": "2024-11-21T01:53:53.920",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.1,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
"version": "3.1"
},
"exploitabilityScore": 2.8,
"impactScore": 2.7,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2020-01-31T22:15:10.213",
"references": [
{
"source": "cve@mitre.org",
"url": "http://git.videolan.org/gitweb.cgi/vlc.git/?p=vlc.git%3Ba=commitdiff%3Bh=bf02b8dd211d5a52aa301a9a2ff4e73ed8195881"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
],
"url": "http://lists.opensuse.org/opensuse-updates/2014-03/msg00001.html"
},
{
"source": "cve@mitre.org",
"tags": [
"Release Notes"
],
"url": "http://www.videolan.org/developers/vlc-branch/NEWS"
},
{
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Third Party Advisory"
],
"url": "https://www3.trustwave.com/spiderlabs/advisories/TWSL2013-007.txt"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://git.videolan.org/gitweb.cgi/vlc.git/?p=vlc.git%3Ba=commitdiff%3Bh=bf02b8dd211d5a52aa301a9a2ff4e73ed8195881"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "http://lists.opensuse.org/opensuse-updates/2014-03/msg00001.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Release Notes"
],
"url": "http://www.videolan.org/developers/vlc-branch/NEWS"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Third Party Advisory"
],
"url": "https://www3.trustwave.com/spiderlabs/advisories/TWSL2013-007.txt"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-79"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2012-07-12 21:55
Modified
2024-11-21 01:40
Severity ?
Summary
Heap-based buffer overflow in the Ogg_DecodePacket function in the OGG demuxer (modules/demux/ogg.c) in VideoLAN VLC media player before 2.0.2 allows remote attackers to cause a denial of service (application crash) and possibly execute arbitrary code via a crafted OGG file.
References
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:videolan:vlc_media_player:*:*:*:*:*:*:*:*",
"matchCriteriaId": "E826C8D8-C5B9-4711-B50E-FB1CAC5A330A",
"versionEndIncluding": "2.0.1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:videolan:vlc_media_player:0.1.99a:*:*:*:*:*:*:*",
"matchCriteriaId": "EF646283-FBEF-4B71-865F-83D69E5B5348",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:videolan:vlc_media_player:0.1.99b:*:*:*:*:*:*:*",
"matchCriteriaId": "10A23C59-433E-467A-9FDD-7D18CC1AC0AB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:videolan:vlc_media_player:0.1.99c:*:*:*:*:*:*:*",
"matchCriteriaId": "A6EB97D6-20A7-4BAC-BB23-AEF4F9801718",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:videolan:vlc_media_player:0.1.99d:*:*:*:*:*:*:*",
"matchCriteriaId": "BAE3E03E-4F93-4C4B-9748-BBB461E77EB6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:videolan:vlc_media_player:0.1.99e:*:*:*:*:*:*:*",
"matchCriteriaId": "35E2E373-13F6-405D-8866-ECADE118C2F3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:videolan:vlc_media_player:0.1.99f:*:*:*:*:*:*:*",
"matchCriteriaId": "7B9447EA-6F39-4B10-A0E1-C094CF3E1BB3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:videolan:vlc_media_player:0.1.99g:*:*:*:*:*:*:*",
"matchCriteriaId": "D9D2A6B8-B75C-42B5-962F-28DB013D65E3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:videolan:vlc_media_player:0.1.99h:*:*:*:*:*:*:*",
"matchCriteriaId": "9BA4C098-F2B1-496E-B872-90774C7D105C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:videolan:vlc_media_player:0.1.99i:*:*:*:*:*:*:*",
"matchCriteriaId": "E9C2006D-FA5A-4002-B81B-54FC35B46DB0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:videolan:vlc_media_player:0.2.0:*:*:*:*:*:*:*",
"matchCriteriaId": "AC8DE917-7328-4D01-9736-0567963F4D17",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:videolan:vlc_media_player:0.2.50:*:*:*:*:*:*:*",
"matchCriteriaId": "D471A44E-78FB-47E2-A4D9-26148842D4B4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:videolan:vlc_media_player:0.2.60:*:*:*:*:*:*:*",
"matchCriteriaId": "8197F279-8411-4E9A-9840-BCC625D636C1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:videolan:vlc_media_player:0.2.61:*:*:*:*:*:*:*",
"matchCriteriaId": "3F7AF897-3B0C-4CA0-86C7-93C9AA26CD0B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:videolan:vlc_media_player:0.2.62:*:*:*:*:*:*:*",
"matchCriteriaId": "A7B2C78E-8399-404C-97E5-CDAB93587757",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:videolan:vlc_media_player:0.2.63:*:*:*:*:*:*:*",
"matchCriteriaId": "D1D6BE69-725A-4CE1-BD42-D3FA10126BF3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:videolan:vlc_media_player:0.2.70:*:*:*:*:*:*:*",
"matchCriteriaId": "7CC1414B-3733-4B29-AC06-E6788E29C7ED",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:videolan:vlc_media_player:0.2.71:*:*:*:*:*:*:*",
"matchCriteriaId": "DBDEEC2D-8ACD-4C6B-944A-F0952498E511",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:videolan:vlc_media_player:0.2.72:*:*:*:*:*:*:*",
"matchCriteriaId": "3DC59E17-D647-4F91-B9B7-D9949921DFC9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:videolan:vlc_media_player:0.2.73:*:*:*:*:*:*:*",
"matchCriteriaId": "BDC4F928-FD5D-4C11-BF39-B068A5630DF6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:videolan:vlc_media_player:0.2.80:*:*:*:*:*:*:*",
"matchCriteriaId": "398EC30A-ABC6-4474-9516-63769F71E8A7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:videolan:vlc_media_player:0.2.81:*:*:*:*:*:*:*",
"matchCriteriaId": "86EB8260-DCAA-4261-BFF7-8FE3628CE13E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:videolan:vlc_media_player:0.2.82:*:*:*:*:*:*:*",
"matchCriteriaId": "F37BDFCB-3171-44A6-8F0A-0FCCCA876801",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:videolan:vlc_media_player:0.2.83:*:*:*:*:*:*:*",
"matchCriteriaId": "7A26CC61-7D20-4F99-A774-C5FF4AD1F249",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:videolan:vlc_media_player:0.2.90:*:*:*:*:*:*:*",
"matchCriteriaId": "069BA9C0-7B3F-4B6D-B433-2D618F826438",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:videolan:vlc_media_player:0.2.91:*:*:*:*:*:*:*",
"matchCriteriaId": "0B04A969-0645-41D4-AEA4-9AC47725F593",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:videolan:vlc_media_player:0.2.92:*:*:*:*:*:*:*",
"matchCriteriaId": "984C1ABC-B155-417A-AA0E-78B13A263650",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:videolan:vlc_media_player:0.3.0:*:*:*:*:*:*:*",
"matchCriteriaId": "3913F6C0-22E2-4FFC-AFF6-417F286C36F5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:videolan:vlc_media_player:0.3.1:*:*:*:*:*:*:*",
"matchCriteriaId": "205B275E-1E9E-4558-BD8B-1B3E3B349886",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:videolan:vlc_media_player:0.4.0:*:*:*:*:*:*:*",
"matchCriteriaId": "DA909414-DA30-4DAD-A342-3588B0840251",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:videolan:vlc_media_player:0.4.1:*:*:*:*:*:*:*",
"matchCriteriaId": "028CDDD1-BFB7-438F-811D-7549713F45E3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:videolan:vlc_media_player:0.4.2:*:*:*:*:*:*:*",
"matchCriteriaId": "97B959F2-501C-4365-88CD-8231BF36297E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:videolan:vlc_media_player:0.4.3:*:*:*:*:*:*:*",
"matchCriteriaId": "3F5C7D12-3521-4398-AB5C-CBFB6A500DEE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:videolan:vlc_media_player:0.4.3-ac3:*:*:*:*:*:*:*",
"matchCriteriaId": "55159344-9F98-4896-BB2D-D500102BE04E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:videolan:vlc_media_player:0.4.4:*:*:*:*:*:*:*",
"matchCriteriaId": "DEFD6C6D-05FC-437E-92B7-848C9112FD42",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:videolan:vlc_media_player:0.4.5:*:*:*:*:*:*:*",
"matchCriteriaId": "C9C45418-8946-4DFE-8D78-CBE3432600BF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:videolan:vlc_media_player:0.4.6:*:*:*:*:*:*:*",
"matchCriteriaId": "3C5F3996-3AE2-4690-84A5-F258BC07596E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:videolan:vlc_media_player:0.5.0:*:*:*:*:*:*:*",
"matchCriteriaId": "12602EC1-07DE-4A40-9897-E7E6A23D4B42",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:videolan:vlc_media_player:0.5.1:*:*:*:*:*:*:*",
"matchCriteriaId": "6726FF43-2330-444C-86F0-FB774F8470C8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:videolan:vlc_media_player:0.5.2:*:*:*:*:*:*:*",
"matchCriteriaId": "90D485D0-BBF8-4A0F-91A1-52835EF876A1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:videolan:vlc_media_player:0.5.3:*:*:*:*:*:*:*",
"matchCriteriaId": "DC23A94C-3611-41BA-9043-22C477B8020B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:videolan:vlc_media_player:0.6.0:*:*:*:*:*:*:*",
"matchCriteriaId": "01118457-9068-48F7-B2A4-BABB354E1449",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:videolan:vlc_media_player:0.6.1:*:*:*:*:*:*:*",
"matchCriteriaId": "EB851F73-D444-4316-9AA0-4556068ADED2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:videolan:vlc_media_player:0.6.2:*:*:*:*:*:*:*",
"matchCriteriaId": "6221A983-B4AC-4646-A939-FAA021EE7F20",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:videolan:vlc_media_player:0.7.0:*:*:*:*:*:*:*",
"matchCriteriaId": "F1707178-C378-4098-8C97-CBFB5DD8B4ED",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:videolan:vlc_media_player:0.7.1:*:*:*:*:*:*:*",
"matchCriteriaId": "08AD173D-10D1-4145-88E9-20053ADA7A6D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:videolan:vlc_media_player:0.7.2:*:*:*:*:*:*:*",
"matchCriteriaId": "46904EED-974A-4900-B676-DE298CB3ADE1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:videolan:vlc_media_player:0.8.0:*:*:*:*:*:*:*",
"matchCriteriaId": "4384C436-12AF-4051-B074-893BE6B4C7F2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:videolan:vlc_media_player:0.8.1:*:*:*:*:*:*:*",
"matchCriteriaId": "7EC2CEE6-A2E1-437A-947F-608EB7987758",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:videolan:vlc_media_player:0.8.2:*:*:*:*:*:*:*",
"matchCriteriaId": "C30A98A2-675A-4913-A425-2B9F8F06CEA8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:videolan:vlc_media_player:0.8.4:*:*:*:*:*:*:*",
"matchCriteriaId": "C6A360E5-501E-4A97-94A0-620FC5B2627A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:videolan:vlc_media_player:0.8.4a:*:*:*:*:*:*:*",
"matchCriteriaId": "8E9742E3-756B-418F-8F9F-D86BD37080DC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:videolan:vlc_media_player:0.8.5:*:*:*:*:*:*:*",
"matchCriteriaId": "D2845107-7D0C-4F72-AF0C-0E059E923826",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:videolan:vlc_media_player:0.8.6:*:*:*:*:*:*:*",
"matchCriteriaId": "18B68706-5A1F-479F-8A38-F93D98481F9C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:videolan:vlc_media_player:0.8.6a:*:*:*:*:*:*:*",
"matchCriteriaId": "06BB94C4-9315-48FB-8859-425993D42973",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:videolan:vlc_media_player:0.8.6b:*:*:*:*:*:*:*",
"matchCriteriaId": "97E4572E-337D-43F3-81AE-54E496F04E49",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:videolan:vlc_media_player:0.8.6c:*:*:*:*:*:*:*",
"matchCriteriaId": "DDB2DD0B-7D95-4391-8881-4A22F4AA1778",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:videolan:vlc_media_player:0.8.6d:*:*:*:*:*:*:*",
"matchCriteriaId": "AAFBA7B6-0227-4E0F-AF95-FC02FE84654D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:videolan:vlc_media_player:0.8.6e:*:*:*:*:*:*:*",
"matchCriteriaId": "9D387A08-1B84-46BB-87E2-51E3E9567B8B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:videolan:vlc_media_player:0.8.6f:*:*:*:*:*:*:*",
"matchCriteriaId": "8D26B400-DAF1-4602-9AF7-ECF97919529A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:videolan:vlc_media_player:0.8.6g:*:*:*:*:*:*:*",
"matchCriteriaId": "2150E50E-C00A-407B-9D14-444124D6AD01",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:videolan:vlc_media_player:0.8.6h:*:*:*:*:*:*:*",
"matchCriteriaId": "725D145D-C3F6-4810-96D8-E8AC871093F0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:videolan:vlc_media_player:0.8.6i:*:*:*:*:*:*:*",
"matchCriteriaId": "FD824C10-CB0B-4988-99E9-1B8A2B52C5A3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:videolan:vlc_media_player:0.8.1337:*:*:*:*:*:*:*",
"matchCriteriaId": "714D8595-BFA8-48CE-8563-1CCFF959F8AE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:videolan:vlc_media_player:0.9.0:*:*:*:*:*:*:*",
"matchCriteriaId": "C13FF305-2547-4E85-9007-0A89F5E34BD4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:videolan:vlc_media_player:0.9.1:*:*:*:*:*:*:*",
"matchCriteriaId": "3E93836E-E9D1-4180-A589-43602647741C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:videolan:vlc_media_player:0.9.2:*:*:*:*:*:*:*",
"matchCriteriaId": "B3B32073-DBD5-4344-8498-A132B99807A8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:videolan:vlc_media_player:0.9.3:*:*:*:*:*:*:*",
"matchCriteriaId": "5330E5C4-BF18-498A-9AE2-1C57E2494AAF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:videolan:vlc_media_player:0.9.4:*:*:*:*:*:*:*",
"matchCriteriaId": "86D31A16-94EE-45D6-8C54-4F27D466A29E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:videolan:vlc_media_player:0.9.5:*:*:*:*:*:*:*",
"matchCriteriaId": "117C896C-1C61-440E-B0F4-A871828CD095",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:videolan:vlc_media_player:0.9.6:*:*:*:*:*:*:*",
"matchCriteriaId": "53C17E1A-2E3A-4765-92DE-55CFEE5E4CB0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:videolan:vlc_media_player:0.9.8a:*:*:*:*:*:*:*",
"matchCriteriaId": "A218DA63-4334-4C9F-BB47-44CC00630613",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:videolan:vlc_media_player:0.9.9:*:*:*:*:*:*:*",
"matchCriteriaId": "3CD809FD-E893-4921-83CE-D34008670F8F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:videolan:vlc_media_player:0.9.9a:*:*:*:*:*:*:*",
"matchCriteriaId": "9F8A163E-3578-4BF5-A278-A267D9B9CE82",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:videolan:vlc_media_player:0.9.10:*:*:*:*:*:*:*",
"matchCriteriaId": "8F60ACBF-E7C6-4184-9B91-8ED3840A7BEA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:videolan:vlc_media_player:1.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "D1925D17-564A-4D8C-87FB-D3C731FA0612",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:videolan:vlc_media_player:1.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "70BD6170-AD0D-4E95-8998-8B5CE8F0E3AF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:videolan:vlc_media_player:1.0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "9B06DCD7-56C5-4B25-936E-07D766109FB8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:videolan:vlc_media_player:1.0.3:*:*:*:*:*:*:*",
"matchCriteriaId": "29AD31C5-B119-44EF-8627-2C480860BAD2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:videolan:vlc_media_player:1.0.4:*:*:*:*:*:*:*",
"matchCriteriaId": "692C36B2-2A55-44EA-B80E-D7EDE384BA7D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:videolan:vlc_media_player:1.0.5:*:*:*:*:*:*:*",
"matchCriteriaId": "CEAD1ED9-4FA1-47D9-87A0-9D6B4C6771DE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:videolan:vlc_media_player:1.0.6:*:*:*:*:*:*:*",
"matchCriteriaId": "B8E2A762-C13C-4BDD-AD86-7A52609D693D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:videolan:vlc_media_player:1.1.0:*:*:*:*:*:*:*",
"matchCriteriaId": "0042DAC1-A91B-40A6-A379-9C345CF13E4B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:videolan:vlc_media_player:1.1.1:*:*:*:*:*:*:*",
"matchCriteriaId": "8D13741F-8A82-44F6-8D73-98451A180529",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:videolan:vlc_media_player:1.1.2:*:*:*:*:*:*:*",
"matchCriteriaId": "E52C6189-71F1-4A3A-BC08-94087AE1FCE6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:videolan:vlc_media_player:1.1.3:*:*:*:*:*:*:*",
"matchCriteriaId": "591C6696-07C0-463A-B986-AD4FA6985AC1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:videolan:vlc_media_player:1.1.4:*:*:*:*:*:*:*",
"matchCriteriaId": "8342E310-43DE-46C0-85D9-E1D1F9F554E8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:videolan:vlc_media_player:1.1.4.1:*:*:*:*:*:*:*",
"matchCriteriaId": "FAFBBE61-2E34-4CD2-96D2-89A85E66C9AF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:videolan:vlc_media_player:1.1.5:*:*:*:*:*:*:*",
"matchCriteriaId": "E74E71F3-984E-4CF3-900A-F80E7103D3C5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:videolan:vlc_media_player:1.1.6:*:*:*:*:*:*:*",
"matchCriteriaId": "B8596527-4778-4CCD-ABBB-90CA434D91E1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:videolan:vlc_media_player:1.1.6.1:*:*:*:*:*:*:*",
"matchCriteriaId": "7CA6D5F5-8EB7-4DA7-BD6C-CAF45052DCB1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:videolan:vlc_media_player:1.1.7:*:*:*:*:*:*:*",
"matchCriteriaId": "6DF8ED57-EE37-4B1D-B094-B3CA22E45127",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:videolan:vlc_media_player:1.1.8:*:*:*:*:*:*:*",
"matchCriteriaId": "E42A1C4B-91EE-417B-A254-9D0E93FCF3B6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:videolan:vlc_media_player:1.1.9:*:*:*:*:*:*:*",
"matchCriteriaId": "4A0D56A0-6217-4DCF-807A-A17349D63D6B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:videolan:vlc_media_player:1.1.10:*:*:*:*:*:*:*",
"matchCriteriaId": "AC9CA897-FAD0-41AF-97B0-1F44D8C89CF7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:videolan:vlc_media_player:1.1.10.1:*:*:*:*:*:*:*",
"matchCriteriaId": "7CA6FC57-C7FA-4F6E-8B39-083EE477D4DB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:videolan:vlc_media_player:1.1.11:*:*:*:*:*:*:*",
"matchCriteriaId": "D442FC10-1527-4736-AE94-8B65F3601F70",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:videolan:vlc_media_player:1.1.13:*:*:*:*:*:*:*",
"matchCriteriaId": "F1161807-F82D-4B4B-BF1A-27FEBD7F8715",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:videolan:vlc_media_player:2.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "1928547F-4689-43CD-9C66-7097AE360669",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Heap-based buffer overflow in the Ogg_DecodePacket function in the OGG demuxer (modules/demux/ogg.c) in VideoLAN VLC media player before 2.0.2 allows remote attackers to cause a denial of service (application crash) and possibly execute arbitrary code via a crafted OGG file."
},
{
"lang": "es",
"value": "Un desbordamiento de b\u00fafer basado en memoria din\u00e1mica en la funci\u00f3n Ogg_DecodePacket en el demuxer OGG (modules/demux/ogg.c) en VideoLAN VLC media player antes de v2.0.2 permite a atacantes remotos causar una denegaci\u00f3n de servicio (por ca\u00edda de la aplicaci\u00f3n) y posiblemente ejecutar c\u00f3digo de su elecci\u00f3n a trav\u00e9s de un archivo modificado de tipo OGG."
}
],
"id": "CVE-2012-3377",
"lastModified": "2024-11-21T01:40:44.580",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 6.8,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2012-07-12T21:55:07.920",
"references": [
{
"source": "secalert@redhat.com",
"url": "http://git.videolan.org/?p=vlc/vlc-2.0.git%3Ba=commitdiff%3Bh=16e9e126333fb7acb47d363366fee3deadc8331e"
},
{
"source": "secalert@redhat.com",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/49835"
},
{
"source": "secalert@redhat.com",
"url": "http://www.openwall.com/lists/oss-security/2012/07/06/1"
},
{
"source": "secalert@redhat.com",
"url": "http://www.openwall.com/lists/oss-security/2012/07/06/2"
},
{
"source": "secalert@redhat.com",
"url": "http://www.securityfocus.com/bid/54345"
},
{
"source": "secalert@redhat.com",
"url": "http://www.securitytracker.com/id?1027224"
},
{
"source": "secalert@redhat.com",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A15299"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://git.videolan.org/?p=vlc/vlc-2.0.git%3Ba=commitdiff%3Bh=16e9e126333fb7acb47d363366fee3deadc8331e"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/49835"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.openwall.com/lists/oss-security/2012/07/06/1"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.openwall.com/lists/oss-security/2012/07/06/2"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/bid/54345"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securitytracker.com/id?1027224"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A15299"
}
],
"sourceIdentifier": "secalert@redhat.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-119"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2017-12-15 09:29
Modified
2024-11-21 03:18
Severity ?
Summary
In VideoLAN VLC media player through 2.2.8, there is a type conversion vulnerability in modules/demux/mp4/libmp4.c in the MP4 demux module leading to a invalid free, because the type of a box may be changed between a read operation and a free operation.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| cve@mitre.org | http://openwall.com/lists/oss-security/2017/12/15/1 | Exploit, Mailing List, Third Party Advisory | |
| cve@mitre.org | http://www.securityfocus.com/bid/102214 | Third Party Advisory, VDB Entry | |
| cve@mitre.org | http://www.securitytracker.com/id/1040938 | Third Party Advisory, VDB Entry | |
| cve@mitre.org | https://www.debian.org/security/2018/dsa-4203 | Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://openwall.com/lists/oss-security/2017/12/15/1 | Exploit, Mailing List, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.securityfocus.com/bid/102214 | Third Party Advisory, VDB Entry | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.securitytracker.com/id/1040938 | Third Party Advisory, VDB Entry | |
| af854a3a-2127-422b-91ae-364da2661108 | https://www.debian.org/security/2018/dsa-4203 | Third Party Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| videolan | vlc_media_player | * | |
| debian | debian_linux | 9.0 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:videolan:vlc_media_player:*:*:*:*:*:*:*:*",
"matchCriteriaId": "BB3504B1-D1E2-40BC-B565-C5390061580B",
"versionEndIncluding": "2.2.8",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*",
"matchCriteriaId": "DEECE5FC-CACF-4496-A3E7-164736409252",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "In VideoLAN VLC media player through 2.2.8, there is a type conversion vulnerability in modules/demux/mp4/libmp4.c in the MP4 demux module leading to a invalid free, because the type of a box may be changed between a read operation and a free operation."
},
{
"lang": "es",
"value": "En VideoLAN VLC media player, hasta la versi\u00f3n 2.2.8, hay una vulnerabilidad de conversi\u00f3n de tipos en modules/demux/mp4/libmp4.c en el m\u00f3dulo MP4 demux que conduce a una liberaci\u00f3n no v\u00e1lida. Esto se debe a que el tipo de una caja podr\u00eda cambiarse entre una operaci\u00f3n de lectura y una de liberaci\u00f3n."
}
],
"id": "CVE-2017-17670",
"lastModified": "2024-11-21T03:18:25.997",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 6.8,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.0"
},
"exploitabilityScore": 2.8,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2017-12-15T09:29:00.250",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Mailing List",
"Third Party Advisory"
],
"url": "http://openwall.com/lists/oss-security/2017/12/15/1"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securityfocus.com/bid/102214"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securitytracker.com/id/1040938"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
],
"url": "https://www.debian.org/security/2018/dsa-4203"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Mailing List",
"Third Party Advisory"
],
"url": "http://openwall.com/lists/oss-security/2017/12/15/1"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securityfocus.com/bid/102214"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securitytracker.com/id/1040938"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://www.debian.org/security/2018/dsa-4203"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-416"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2008-11-10 16:15
Modified
2024-11-21 00:53
Severity ?
Summary
Stack-based buffer overflow in VideoLAN VLC media player 0.5.0 through 0.9.5 might allow user-assisted attackers to execute arbitrary code via the header of an invalid CUE image file, related to modules/access/vcd/cdrom.c. NOTE: this identifier originally included an issue related to RealText, but that issue has been assigned a separate identifier, CVE-2008-5036.
References
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:videolan:vlc_media_player:0.5.0:*:*:*:*:*:*:*",
"matchCriteriaId": "12602EC1-07DE-4A40-9897-E7E6A23D4B42",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:videolan:vlc_media_player:0.5.3:*:*:*:*:*:*:*",
"matchCriteriaId": "DC23A94C-3611-41BA-9043-22C477B8020B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:videolan:vlc_media_player:0.6.0:*:*:*:*:*:*:*",
"matchCriteriaId": "01118457-9068-48F7-B2A4-BABB354E1449",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:videolan:vlc_media_player:0.6.2:*:*:*:*:*:*:*",
"matchCriteriaId": "6221A983-B4AC-4646-A939-FAA021EE7F20",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:videolan:vlc_media_player:0.7.0:*:*:*:*:*:*:*",
"matchCriteriaId": "F1707178-C378-4098-8C97-CBFB5DD8B4ED",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:videolan:vlc_media_player:0.7.1:*:*:*:*:*:*:*",
"matchCriteriaId": "08AD173D-10D1-4145-88E9-20053ADA7A6D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:videolan:vlc_media_player:0.7.1a:*:*:*:*:*:*:*",
"matchCriteriaId": "DA2757CC-8491-4186-9D2D-C2D02A151083",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:videolan:vlc_media_player:0.7.2:*:*:*:*:*:*:*",
"matchCriteriaId": "46904EED-974A-4900-B676-DE298CB3ADE1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:videolan:vlc_media_player:0.7.2:test2:*:*:*:*:*:*",
"matchCriteriaId": "086A0630-E837-482C-B402-7752D1047942",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:videolan:vlc_media_player:0.7.2:test3:*:*:*:*:*:*",
"matchCriteriaId": "E2E714EE-40F1-49DA-886C-1F24C9E56520",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:videolan:vlc_media_player:0.8.0:*:*:*:*:*:*:*",
"matchCriteriaId": "4384C436-12AF-4051-B074-893BE6B4C7F2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:videolan:vlc_media_player:0.8.1:*:*:*:*:*:*:*",
"matchCriteriaId": "7EC2CEE6-A2E1-437A-947F-608EB7987758",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:videolan:vlc_media_player:0.8.2:*:*:*:*:*:*:*",
"matchCriteriaId": "C30A98A2-675A-4913-A425-2B9F8F06CEA8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:videolan:vlc_media_player:0.8.4:*:*:*:*:*:*:*",
"matchCriteriaId": "C6A360E5-501E-4A97-94A0-620FC5B2627A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:videolan:vlc_media_player:0.8.4:test2:*:*:*:*:*:*",
"matchCriteriaId": "EC6BC004-F036-4D5B-A28C-7DE3D7E235D7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:videolan:vlc_media_player:0.8.4a:*:*:*:*:*:*:*",
"matchCriteriaId": "8E9742E3-756B-418F-8F9F-D86BD37080DC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:videolan:vlc_media_player:0.8.5:*:*:*:*:*:*:*",
"matchCriteriaId": "D2845107-7D0C-4F72-AF0C-0E059E923826",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:videolan:vlc_media_player:0.8.5:test3:*:*:*:*:*:*",
"matchCriteriaId": "92694DE5-F480-4647-BD9F-B0A184329269",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:videolan:vlc_media_player:0.8.5:test4:*:*:*:*:*:*",
"matchCriteriaId": "986E669D-6631-4191-A78A-59D2AA370D1F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:videolan:vlc_media_player:0.8.6:*:*:*:*:*:*:*",
"matchCriteriaId": "18B68706-5A1F-479F-8A38-F93D98481F9C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:videolan:vlc_media_player:0.8.6a:*:*:*:*:*:*:*",
"matchCriteriaId": "06BB94C4-9315-48FB-8859-425993D42973",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:videolan:vlc_media_player:0.8.6b:*:*:*:*:*:*:*",
"matchCriteriaId": "97E4572E-337D-43F3-81AE-54E496F04E49",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:videolan:vlc_media_player:0.8.6c:*:*:*:*:*:*:*",
"matchCriteriaId": "DDB2DD0B-7D95-4391-8881-4A22F4AA1778",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:videolan:vlc_media_player:0.8.6d:*:*:*:*:*:*:*",
"matchCriteriaId": "AAFBA7B6-0227-4E0F-AF95-FC02FE84654D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:videolan:vlc_media_player:0.8.6e:*:*:*:*:*:*:*",
"matchCriteriaId": "9D387A08-1B84-46BB-87E2-51E3E9567B8B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:videolan:vlc_media_player:0.8.6f:*:*:*:*:*:*:*",
"matchCriteriaId": "8D26B400-DAF1-4602-9AF7-ECF97919529A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:videolan:vlc_media_player:0.8.6g:*:*:*:*:*:*:*",
"matchCriteriaId": "2150E50E-C00A-407B-9D14-444124D6AD01",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:videolan:vlc_media_player:0.8.6h:*:*:*:*:*:*:*",
"matchCriteriaId": "725D145D-C3F6-4810-96D8-E8AC871093F0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:videolan:vlc_media_player:0.8.6i:*:*:*:*:*:*:*",
"matchCriteriaId": "FD824C10-CB0B-4988-99E9-1B8A2B52C5A3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:videolan:vlc_media_player:0.9:*:*:*:*:*:*:*",
"matchCriteriaId": "2989A186-A580-47FE-A8B0-87FD0861D325",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:videolan:vlc_media_player:0.9.0:*:*:*:*:*:*:*",
"matchCriteriaId": "C13FF305-2547-4E85-9007-0A89F5E34BD4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:videolan:vlc_media_player:0.9.1:*:*:*:*:*:*:*",
"matchCriteriaId": "3E93836E-E9D1-4180-A589-43602647741C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:videolan:vlc_media_player:0.9.2:*:*:*:*:*:*:*",
"matchCriteriaId": "B3B32073-DBD5-4344-8498-A132B99807A8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:videolan:vlc_media_player:0.9.3:*:*:*:*:*:*:*",
"matchCriteriaId": "5330E5C4-BF18-498A-9AE2-1C57E2494AAF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:videolan:vlc_media_player:0.9.4:*:*:*:*:*:*:*",
"matchCriteriaId": "86D31A16-94EE-45D6-8C54-4F27D466A29E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:videolan:vlc_media_player:0.9.5:*:*:*:*:*:*:*",
"matchCriteriaId": "117C896C-1C61-440E-B0F4-A871828CD095",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Stack-based buffer overflow in VideoLAN VLC media player 0.5.0 through 0.9.5 might allow user-assisted attackers to execute arbitrary code via the header of an invalid CUE image file, related to modules/access/vcd/cdrom.c. NOTE: this identifier originally included an issue related to RealText, but that issue has been assigned a separate identifier, CVE-2008-5036."
},
{
"lang": "es",
"value": "Un desbordamiento de b\u00fafer en la regi\u00f3n stack de la memoria en el reproductor multimedia VideoLAN VLC versiones 0.5.0 hasta 0.9.5, podr\u00eda permitir a los atacantes asistidos por el usuario ejecutar c\u00f3digo arbitrario por medio del encabezado de un archivo de imagen CUE no v\u00e1lido, relacionado con el archivo modules/access/vcd/cdrom.c. NOTA: este identificador originalmente inclu\u00eda un problema relacionado con RealText, pero a ese problema se le ha asignado un identificador separado, CVE-2008-5036."
}
],
"id": "CVE-2008-5032",
"lastModified": "2024-11-21T00:53:07.637",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "COMPLETE",
"baseScore": 9.3,
"confidentialityImpact": "COMPLETE",
"integrityImpact": "COMPLETE",
"vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 10.0,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
]
},
"published": "2008-11-10T16:15:12.157",
"references": [
{
"source": "cve@mitre.org",
"url": "http://git.videolan.org/?p=vlc.git%3Ba=commitdiff%3Bh=5f63f1562d43f32331006c2c1a61742de031b84d"
},
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/32569"
},
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/33315"
},
{
"source": "cve@mitre.org",
"url": "http://security.gentoo.org/glsa/glsa-200812-24.xml"
},
{
"source": "cve@mitre.org",
"url": "http://www.openwall.com/lists/oss-security/2008/11/05/4"
},
{
"source": "cve@mitre.org",
"url": "http://www.openwall.com/lists/oss-security/2008/11/05/5"
},
{
"source": "cve@mitre.org",
"url": "http://www.openwall.com/lists/oss-security/2008/11/10/13"
},
{
"source": "cve@mitre.org",
"url": "http://www.securityfocus.com/archive/1/498112/100/0/threaded"
},
{
"source": "cve@mitre.org",
"url": "http://www.securityfocus.com/bid/32125"
},
{
"source": "cve@mitre.org",
"tags": [
"Exploit"
],
"url": "http://www.trapkit.de/advisories/TKADV2008-012.txt"
},
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "http://www.videolan.org/security/sa0810.html"
},
{
"source": "cve@mitre.org",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/46375"
},
{
"source": "cve@mitre.org",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A14798"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://git.videolan.org/?p=vlc.git%3Ba=commitdiff%3Bh=5f63f1562d43f32331006c2c1a61742de031b84d"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/32569"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/33315"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://security.gentoo.org/glsa/glsa-200812-24.xml"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.openwall.com/lists/oss-security/2008/11/05/4"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.openwall.com/lists/oss-security/2008/11/05/5"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.openwall.com/lists/oss-security/2008/11/10/13"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/archive/1/498112/100/0/threaded"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/bid/32125"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit"
],
"url": "http://www.trapkit.de/advisories/TKADV2008-012.txt"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://www.videolan.org/security/sa0810.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/46375"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A14798"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-119"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2011-07-27 02:55
Modified
2024-11-21 01:28
Severity ?
Summary
Heap-based buffer overflow in the AVI_ChunkRead_strf function in libavi.c in the AVI demuxer in VideoLAN VLC media player before 1.1.11 allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a crafted AVI media file.
References
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:videolan:vlc_media_player:*:*:*:*:*:*:*:*",
"matchCriteriaId": "FD0FF9C7-DA17-45DD-B352-D04ACAB4D958",
"versionEndIncluding": "1.1.10.1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:videolan:vlc_media_player:0.1.99b:*:*:*:*:*:*:*",
"matchCriteriaId": "10A23C59-433E-467A-9FDD-7D18CC1AC0AB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:videolan:vlc_media_player:0.1.99e:*:*:*:*:*:*:*",
"matchCriteriaId": "35E2E373-13F6-405D-8866-ECADE118C2F3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:videolan:vlc_media_player:0.1.99f:*:*:*:*:*:*:*",
"matchCriteriaId": "7B9447EA-6F39-4B10-A0E1-C094CF3E1BB3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:videolan:vlc_media_player:0.1.99g:*:*:*:*:*:*:*",
"matchCriteriaId": "D9D2A6B8-B75C-42B5-962F-28DB013D65E3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:videolan:vlc_media_player:0.1.99h:*:*:*:*:*:*:*",
"matchCriteriaId": "9BA4C098-F2B1-496E-B872-90774C7D105C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:videolan:vlc_media_player:0.1.99i:*:*:*:*:*:*:*",
"matchCriteriaId": "E9C2006D-FA5A-4002-B81B-54FC35B46DB0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:videolan:vlc_media_player:0.2.0:*:*:*:*:*:*:*",
"matchCriteriaId": "AC8DE917-7328-4D01-9736-0567963F4D17",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:videolan:vlc_media_player:0.2.60:*:*:*:*:*:*:*",
"matchCriteriaId": "8197F279-8411-4E9A-9840-BCC625D636C1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:videolan:vlc_media_player:0.2.61:*:*:*:*:*:*:*",
"matchCriteriaId": "3F7AF897-3B0C-4CA0-86C7-93C9AA26CD0B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:videolan:vlc_media_player:0.2.62:*:*:*:*:*:*:*",
"matchCriteriaId": "A7B2C78E-8399-404C-97E5-CDAB93587757",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:videolan:vlc_media_player:0.2.63:*:*:*:*:*:*:*",
"matchCriteriaId": "D1D6BE69-725A-4CE1-BD42-D3FA10126BF3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:videolan:vlc_media_player:0.2.70:*:*:*:*:*:*:*",
"matchCriteriaId": "7CC1414B-3733-4B29-AC06-E6788E29C7ED",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:videolan:vlc_media_player:0.2.71:*:*:*:*:*:*:*",
"matchCriteriaId": "DBDEEC2D-8ACD-4C6B-944A-F0952498E511",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:videolan:vlc_media_player:0.2.72:*:*:*:*:*:*:*",
"matchCriteriaId": "3DC59E17-D647-4F91-B9B7-D9949921DFC9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:videolan:vlc_media_player:0.2.73:*:*:*:*:*:*:*",
"matchCriteriaId": "BDC4F928-FD5D-4C11-BF39-B068A5630DF6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:videolan:vlc_media_player:0.2.80:*:*:*:*:*:*:*",
"matchCriteriaId": "398EC30A-ABC6-4474-9516-63769F71E8A7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:videolan:vlc_media_player:0.2.81:*:*:*:*:*:*:*",
"matchCriteriaId": "86EB8260-DCAA-4261-BFF7-8FE3628CE13E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:videolan:vlc_media_player:0.2.82:*:*:*:*:*:*:*",
"matchCriteriaId": "F37BDFCB-3171-44A6-8F0A-0FCCCA876801",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:videolan:vlc_media_player:0.2.83:*:*:*:*:*:*:*",
"matchCriteriaId": "7A26CC61-7D20-4F99-A774-C5FF4AD1F249",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:videolan:vlc_media_player:0.2.90:*:*:*:*:*:*:*",
"matchCriteriaId": "069BA9C0-7B3F-4B6D-B433-2D618F826438",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:videolan:vlc_media_player:0.2.91:*:*:*:*:*:*:*",
"matchCriteriaId": "0B04A969-0645-41D4-AEA4-9AC47725F593",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:videolan:vlc_media_player:0.2.92:*:*:*:*:*:*:*",
"matchCriteriaId": "984C1ABC-B155-417A-AA0E-78B13A263650",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:videolan:vlc_media_player:0.3.0:*:*:*:*:*:*:*",
"matchCriteriaId": "3913F6C0-22E2-4FFC-AFF6-417F286C36F5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:videolan:vlc_media_player:0.3.1:*:*:*:*:*:*:*",
"matchCriteriaId": "205B275E-1E9E-4558-BD8B-1B3E3B349886",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:videolan:vlc_media_player:0.4.0:*:*:*:*:*:*:*",
"matchCriteriaId": "DA909414-DA30-4DAD-A342-3588B0840251",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:videolan:vlc_media_player:0.4.1:*:*:*:*:*:*:*",
"matchCriteriaId": "028CDDD1-BFB7-438F-811D-7549713F45E3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:videolan:vlc_media_player:0.4.2:*:*:*:*:*:*:*",
"matchCriteriaId": "97B959F2-501C-4365-88CD-8231BF36297E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:videolan:vlc_media_player:0.4.3:*:*:*:*:*:*:*",
"matchCriteriaId": "3F5C7D12-3521-4398-AB5C-CBFB6A500DEE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:videolan:vlc_media_player:0.4.4:*:*:*:*:*:*:*",
"matchCriteriaId": "DEFD6C6D-05FC-437E-92B7-848C9112FD42",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:videolan:vlc_media_player:0.4.5:*:*:*:*:*:*:*",
"matchCriteriaId": "C9C45418-8946-4DFE-8D78-CBE3432600BF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:videolan:vlc_media_player:0.4.6:*:*:*:*:*:*:*",
"matchCriteriaId": "3C5F3996-3AE2-4690-84A5-F258BC07596E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:videolan:vlc_media_player:0.5.0:*:*:*:*:*:*:*",
"matchCriteriaId": "12602EC1-07DE-4A40-9897-E7E6A23D4B42",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:videolan:vlc_media_player:0.5.1:*:*:*:*:*:*:*",
"matchCriteriaId": "6726FF43-2330-444C-86F0-FB774F8470C8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:videolan:vlc_media_player:0.5.2:*:*:*:*:*:*:*",
"matchCriteriaId": "90D485D0-BBF8-4A0F-91A1-52835EF876A1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:videolan:vlc_media_player:0.5.3:*:*:*:*:*:*:*",
"matchCriteriaId": "DC23A94C-3611-41BA-9043-22C477B8020B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:videolan:vlc_media_player:0.6.0:*:*:*:*:*:*:*",
"matchCriteriaId": "01118457-9068-48F7-B2A4-BABB354E1449",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:videolan:vlc_media_player:0.6.1:*:*:*:*:*:*:*",
"matchCriteriaId": "EB851F73-D444-4316-9AA0-4556068ADED2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:videolan:vlc_media_player:0.6.2:*:*:*:*:*:*:*",
"matchCriteriaId": "6221A983-B4AC-4646-A939-FAA021EE7F20",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:videolan:vlc_media_player:0.7.0:*:*:*:*:*:*:*",
"matchCriteriaId": "F1707178-C378-4098-8C97-CBFB5DD8B4ED",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:videolan:vlc_media_player:0.7.2:*:*:*:*:*:*:*",
"matchCriteriaId": "46904EED-974A-4900-B676-DE298CB3ADE1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:videolan:vlc_media_player:0.8.0:*:*:*:*:*:*:*",
"matchCriteriaId": "4384C436-12AF-4051-B074-893BE6B4C7F2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:videolan:vlc_media_player:0.8.1:*:*:*:*:*:*:*",
"matchCriteriaId": "7EC2CEE6-A2E1-437A-947F-608EB7987758",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:videolan:vlc_media_player:0.8.2:*:*:*:*:*:*:*",
"matchCriteriaId": "C30A98A2-675A-4913-A425-2B9F8F06CEA8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:videolan:vlc_media_player:0.8.4:*:*:*:*:*:*:*",
"matchCriteriaId": "C6A360E5-501E-4A97-94A0-620FC5B2627A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:videolan:vlc_media_player:0.8.5:*:*:*:*:*:*:*",
"matchCriteriaId": "D2845107-7D0C-4F72-AF0C-0E059E923826",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:videolan:vlc_media_player:0.8.6:*:*:*:*:*:*:*",
"matchCriteriaId": "18B68706-5A1F-479F-8A38-F93D98481F9C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:videolan:vlc_media_player:0.9.2:*:*:*:*:*:*:*",
"matchCriteriaId": "B3B32073-DBD5-4344-8498-A132B99807A8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:videolan:vlc_media_player:0.9.3:*:*:*:*:*:*:*",
"matchCriteriaId": "5330E5C4-BF18-498A-9AE2-1C57E2494AAF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:videolan:vlc_media_player:0.9.4:*:*:*:*:*:*:*",
"matchCriteriaId": "86D31A16-94EE-45D6-8C54-4F27D466A29E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:videolan:vlc_media_player:0.9.5:*:*:*:*:*:*:*",
"matchCriteriaId": "117C896C-1C61-440E-B0F4-A871828CD095",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:videolan:vlc_media_player:0.9.6:*:*:*:*:*:*:*",
"matchCriteriaId": "53C17E1A-2E3A-4765-92DE-55CFEE5E4CB0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:videolan:vlc_media_player:0.9.8a:*:*:*:*:*:*:*",
"matchCriteriaId": "A218DA63-4334-4C9F-BB47-44CC00630613",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:videolan:vlc_media_player:0.9.9:*:*:*:*:*:*:*",
"matchCriteriaId": "3CD809FD-E893-4921-83CE-D34008670F8F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:videolan:vlc_media_player:0.9.10:*:*:*:*:*:*:*",
"matchCriteriaId": "8F60ACBF-E7C6-4184-9B91-8ED3840A7BEA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:videolan:vlc_media_player:1.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "D1925D17-564A-4D8C-87FB-D3C731FA0612",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:videolan:vlc_media_player:1.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "70BD6170-AD0D-4E95-8998-8B5CE8F0E3AF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:videolan:vlc_media_player:1.0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "9B06DCD7-56C5-4B25-936E-07D766109FB8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:videolan:vlc_media_player:1.0.3:*:*:*:*:*:*:*",
"matchCriteriaId": "29AD31C5-B119-44EF-8627-2C480860BAD2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:videolan:vlc_media_player:1.0.4:*:*:*:*:*:*:*",
"matchCriteriaId": "692C36B2-2A55-44EA-B80E-D7EDE384BA7D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:videolan:vlc_media_player:1.0.5:*:*:*:*:*:*:*",
"matchCriteriaId": "CEAD1ED9-4FA1-47D9-87A0-9D6B4C6771DE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:videolan:vlc_media_player:1.0.6:*:*:*:*:*:*:*",
"matchCriteriaId": "B8E2A762-C13C-4BDD-AD86-7A52609D693D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:videolan:vlc_media_player:1.1.0:*:*:*:*:*:*:*",
"matchCriteriaId": "0042DAC1-A91B-40A6-A379-9C345CF13E4B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:videolan:vlc_media_player:1.1.1:*:*:*:*:*:*:*",
"matchCriteriaId": "8D13741F-8A82-44F6-8D73-98451A180529",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:videolan:vlc_media_player:1.1.2:*:*:*:*:*:*:*",
"matchCriteriaId": "E52C6189-71F1-4A3A-BC08-94087AE1FCE6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:videolan:vlc_media_player:1.1.3:*:*:*:*:*:*:*",
"matchCriteriaId": "591C6696-07C0-463A-B986-AD4FA6985AC1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:videolan:vlc_media_player:1.1.4:*:*:*:*:*:*:*",
"matchCriteriaId": "8342E310-43DE-46C0-85D9-E1D1F9F554E8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:videolan:vlc_media_player:1.1.5:*:*:*:*:*:*:*",
"matchCriteriaId": "E74E71F3-984E-4CF3-900A-F80E7103D3C5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:videolan:vlc_media_player:1.1.6:*:*:*:*:*:*:*",
"matchCriteriaId": "B8596527-4778-4CCD-ABBB-90CA434D91E1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:videolan:vlc_media_player:1.1.6.1:*:*:*:*:*:*:*",
"matchCriteriaId": "7CA6D5F5-8EB7-4DA7-BD6C-CAF45052DCB1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:videolan:vlc_media_player:1.1.7:*:*:*:*:*:*:*",
"matchCriteriaId": "6DF8ED57-EE37-4B1D-B094-B3CA22E45127",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:videolan:vlc_media_player:1.1.8:*:*:*:*:*:*:*",
"matchCriteriaId": "E42A1C4B-91EE-417B-A254-9D0E93FCF3B6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:videolan:vlc_media_player:1.1.9:*:*:*:*:*:*:*",
"matchCriteriaId": "4A0D56A0-6217-4DCF-807A-A17349D63D6B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:videolan:vlc_media_player:1.1.10:*:*:*:*:*:*:*",
"matchCriteriaId": "AC9CA897-FAD0-41AF-97B0-1F44D8C89CF7",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Heap-based buffer overflow in the AVI_ChunkRead_strf function in libavi.c in the AVI demuxer in VideoLAN VLC media player before 1.1.11 allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a crafted AVI media file."
},
{
"lang": "es",
"value": "Desbordamiento de b\u00fafer basado en memoria din\u00e1mica en la funci\u00f3n AVI_ChunkRead_strf en libavi.c en el demulpiplexor AVI en el reproductor multimedia VideoLAN VLC anterior a v1.1.11 ,permite a atacantes remotos causar una denegaci\u00f3n de servicio (ca\u00edda de la aplicaci\u00f3n) o ejecutar c\u00f3digo arbitrario a trav\u00e9s de un fichero AVI manipulado."
}
],
"id": "CVE-2011-2588",
"lastModified": "2024-11-21T01:28:32.240",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 6.8,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
]
},
"published": "2011-07-27T02:55:02.273",
"references": [
{
"source": "PSIRT-CNA@flexerasoftware.com",
"url": "http://git.videolan.org/?p=vlc.git%3Ba=commit%3Bh=9c14964bd11482d5c1d6c0e223440f9f1e5b1831"
},
{
"source": "PSIRT-CNA@flexerasoftware.com",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/45066"
},
{
"source": "PSIRT-CNA@flexerasoftware.com",
"url": "http://www.securityfocus.com/bid/48664"
},
{
"source": "PSIRT-CNA@flexerasoftware.com",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://www.videolan.org/security/sa1106.html"
},
{
"source": "PSIRT-CNA@flexerasoftware.com",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/68532"
},
{
"source": "PSIRT-CNA@flexerasoftware.com",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A14858"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://git.videolan.org/?p=vlc.git%3Ba=commit%3Bh=9c14964bd11482d5c1d6c0e223440f9f1e5b1831"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/45066"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/bid/48664"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://www.videolan.org/security/sa1106.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/68532"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A14858"
}
],
"sourceIdentifier": "PSIRT-CNA@flexerasoftware.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-119"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2020-02-06 22:15
Modified
2024-11-21 01:53
Severity ?
Summary
The web interface in VideoLAN VLC media player before 2.0.7 has no access control which allows remote attackers to view directory listings via the 'dir' command or issue other commands without authenticating.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| cve@mitre.org | https://www3.trustwave.com/spiderlabs/advisories/TWSL2013-007.txt | Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://www3.trustwave.com/spiderlabs/advisories/TWSL2013-007.txt | Third Party Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| videolan | vlc_media_player | * |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:videolan:vlc_media_player:*:*:*:*:*:*:*:*",
"matchCriteriaId": "DC240283-0705-417E-80E1-3FB3E7407F3A",
"versionEndExcluding": "2.0.7",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "The web interface in VideoLAN VLC media player before 2.0.7 has no access control which allows remote attackers to view directory listings via the \u0027dir\u0027 command or issue other commands without authenticating."
},
{
"lang": "es",
"value": "La interfaz web en el reproductor multimedia VideoLAN VLC versiones anteriores a 2.0.7, no presentan un control de acceso, lo que permite a atacantes remotos visualizar los listados de directorios por medio del comando \"dir\" o emitir otros comandos sin autenticarse."
}
],
"id": "CVE-2013-3564",
"lastModified": "2024-11-21T01:53:53.777",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 5.0,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 1.4,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2020-02-06T22:15:10.497",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
],
"url": "https://www3.trustwave.com/spiderlabs/advisories/TWSL2013-007.txt"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://www3.trustwave.com/spiderlabs/advisories/TWSL2013-007.txt"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-200"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2017-05-23 21:29
Modified
2024-11-21 03:33
Severity ?
Summary
Heap out-of-bound read in ParseJSS in VideoLAN VLC before 2.2.5 due to missing check of string termination allows attackers to read data beyond allocated memory and potentially crash the process via a crafted subtitles file.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| videolan | vlc_media_player | * |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:videolan:vlc_media_player:*:*:*:*:*:*:*:*",
"matchCriteriaId": "60281829-AD27-4A95-B1A4-3D6008627406",
"versionEndIncluding": "2.2.4",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Heap out-of-bound read in ParseJSS in VideoLAN VLC before 2.2.5 due to missing check of string termination allows attackers to read data beyond allocated memory and potentially crash the process via a crafted subtitles file."
},
{
"lang": "es",
"value": "Lectura fuera de l\u00edmites del heap en ParseJSS en VLC anterior a versi\u00f3n 2.2.5 de VideoLAN, debido a la falta de comprobaci\u00f3n de terminaci\u00f3n de cadena permite a los atacantes leer datos m\u00e1s all\u00e1 de la memoria asignada y potencialmente bloquear el proceso por medio de un archivo de subt\u00edtulos especialmente dise\u00f1ado."
}
],
"id": "CVE-2017-8313",
"lastModified": "2024-11-21T03:33:45.250",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 4.3,
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:M/Au:N/C:N/I:N/A:P",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
"version": "3.0"
},
"exploitabilityScore": 1.8,
"impactScore": 3.6,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2017-05-23T21:29:00.307",
"references": [
{
"source": "cve@checkpoint.com",
"url": "http://git.videolan.org/?p=vlc/vlc-2.2.git%3Ba=commitdiff%3Bh=05b653355ce303ada3b5e0e645ae717fea39186c"
},
{
"source": "cve@checkpoint.com",
"url": "http://www.debian.org/security/2017/dsa-3899"
},
{
"source": "cve@checkpoint.com",
"url": "http://www.securityfocus.com/bid/98633"
},
{
"source": "cve@checkpoint.com",
"url": "https://security.gentoo.org/glsa/201707-10"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://git.videolan.org/?p=vlc/vlc-2.2.git%3Ba=commitdiff%3Bh=05b653355ce303ada3b5e0e645ae717fea39186c"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.debian.org/security/2017/dsa-3899"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/bid/98633"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://security.gentoo.org/glsa/201707-10"
}
],
"sourceIdentifier": "cve@checkpoint.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-125"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2020-06-08 19:15
Modified
2024-11-21 05:01
Severity ?
Summary
A heap-based buffer overflow in the hxxx_AnnexB_to_xVC function in modules/packetizer/hxxx_nal.c in VideoLAN VLC media player before 3.0.11 for macOS/iOS allows remote attackers to cause a denial of service (application crash) or execute arbitrary code via a crafted H.264 Annex-B video (.avi for example) file.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| videolan | vlc_media_player | * | |
| videolan | vlc_media_player | * | |
| debian | debian_linux | 9.0 | |
| debian | debian_linux | 10.0 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:videolan:vlc_media_player:*:*:*:*:*:iphone_os:*:*",
"matchCriteriaId": "02E30712-5A58-4DA5-95B5-6336DA1754F2",
"versionEndExcluding": "3.0.11",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:videolan:vlc_media_player:*:*:*:*:*:macos:*:*",
"matchCriteriaId": "472504D8-7E66-4B5E-B5FA-DCFC5D2D33FA",
"versionEndExcluding": "3.0.11",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*",
"matchCriteriaId": "DEECE5FC-CACF-4496-A3E7-164736409252",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:debian:debian_linux:10.0:*:*:*:*:*:*:*",
"matchCriteriaId": "07B237A9-69A3-4A9C-9DA0-4E06BD37AE73",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "A heap-based buffer overflow in the hxxx_AnnexB_to_xVC function in modules/packetizer/hxxx_nal.c in VideoLAN VLC media player before 3.0.11 for macOS/iOS allows remote attackers to cause a denial of service (application crash) or execute arbitrary code via a crafted H.264 Annex-B video (.avi for example) file."
},
{
"lang": "es",
"value": "Un desbordamiento del b\u00fafer en la regi\u00f3n heap de la memoria en la funci\u00f3n hxxx_AnnexB_to_xVC en el archivo modules/packetizer/hxxx_nal.c en el reproductor multimedia VideoLAN VLC en versines anteriores a la 3.0.11 para macOS/iOS permite a los atacantes remotos causar una denegaci\u00f3n de servicio (bloqueo de la aplicaci\u00f3n) o ejecutar un c\u00f3digo arbitrario a trav\u00e9s de un archivo de v\u00eddeo H.264 Anexo-B elaborado (.avi por ejemplo)"
}
],
"id": "CVE-2020-13428",
"lastModified": "2024-11-21T05:01:14.460",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 6.8,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 1.8,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2020-06-08T19:15:10.580",
"references": [
{
"source": "cve@mitre.org",
"url": "http://git.videolan.org/?p=vlc/vlc-3.0.git%3Ba=commit%3Bh=d5c43c21c747ff30ed19fcca745dea3481c733e0"
},
{
"source": "cve@mitre.org",
"tags": [
"Release Notes",
"Third Party Advisory"
],
"url": "https://github.com/videolan/vlc-3.0/releases/tag/3.0.11"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch",
"Third Party Advisory"
],
"url": "https://github.com/videolan/vlc/commits/master/modules/packetizer/hxxx_nal.c"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
],
"url": "https://www.debian.org/security/2020/dsa-4704"
},
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "https://www.videolan.org/security/sb-vlc3011.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://git.videolan.org/?p=vlc/vlc-3.0.git%3Ba=commit%3Bh=d5c43c21c747ff30ed19fcca745dea3481c733e0"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Release Notes",
"Third Party Advisory"
],
"url": "https://github.com/videolan/vlc-3.0/releases/tag/3.0.11"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Third Party Advisory"
],
"url": "https://github.com/videolan/vlc/commits/master/modules/packetizer/hxxx_nal.c"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://www.debian.org/security/2020/dsa-4704"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://www.videolan.org/security/sb-vlc3011.html"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-787"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2021-01-08 18:15
Modified
2024-11-21 05:20
Severity ?
Summary
A vulnerability in EbmlTypeDispatcher::send in VideoLAN VLC media player 3.0.11 allows attackers to trigger a heap-based buffer overflow via a crafted .mkv file.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| videolan | vlc_media_player | * | |
| debian | debian_linux | 9.0 | |
| debian | debian_linux | 10.0 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:videolan:vlc_media_player:*:*:*:*:*:*:*:*",
"matchCriteriaId": "A0721E05-5EEC-4D4F-862A-05DE55D494FC",
"versionEndExcluding": "3.0.12",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*",
"matchCriteriaId": "DEECE5FC-CACF-4496-A3E7-164736409252",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:debian:debian_linux:10.0:*:*:*:*:*:*:*",
"matchCriteriaId": "07B237A9-69A3-4A9C-9DA0-4E06BD37AE73",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "A vulnerability in EbmlTypeDispatcher::send in VideoLAN VLC media player 3.0.11 allows attackers to trigger a heap-based buffer overflow via a crafted .mkv file."
},
{
"lang": "es",
"value": "Una vulnerabilidad en la funci\u00f3n EbmlTypeDispatcher::send en VideoLAN VLC media player versi\u00f3n 3.0.11, permite a atacantes desencadenar un desbordamiento del b\u00fafer en la regi\u00f3n heap de la memoria por medio de un archivo .mkv dise\u00f1ado"
}
],
"id": "CVE-2020-26664",
"lastModified": "2024-11-21T05:20:12.860",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 6.8,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 1.8,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2021-01-08T18:15:13.403",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Product",
"Vendor Advisory"
],
"url": "http://videolan.com"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
],
"url": "http://vlc.com"
},
{
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Third Party Advisory"
],
"url": "https://gist.githubusercontent.com/henices/db11664dd45b9f322f8514d182aef5ea/raw/d56940c8bf211992bf4f3309a85bb2b69383e511/CVE-2020-26664.txt"
},
{
"source": "cve@mitre.org",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "https://lists.debian.org/debian-lts-announce/2022/06/msg00012.html"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
],
"url": "https://security.gentoo.org/glsa/202101-37"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
],
"url": "https://www.debian.org/security/2021/dsa-4834"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Product",
"Vendor Advisory"
],
"url": "http://videolan.com"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "http://vlc.com"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Third Party Advisory"
],
"url": "https://gist.githubusercontent.com/henices/db11664dd45b9f322f8514d182aef5ea/raw/d56940c8bf211992bf4f3309a85bb2b69383e511/CVE-2020-26664.txt"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "https://lists.debian.org/debian-lts-announce/2022/06/msg00012.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://security.gentoo.org/glsa/202101-37"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://www.debian.org/security/2021/dsa-4834"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-787"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2015-01-21 15:17
Modified
2024-11-21 02:21
Severity ?
Summary
The picture_pool_Delete function in misc/picture_pool.c in VideoLAN VLC media player 2.1.5 allows remote attackers to execute arbitrary code or cause a denial of service (DEP violation and application crash) via a crafted FLV file.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| videolan | vlc_media_player | 2.1.5 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:videolan:vlc_media_player:2.1.5:*:*:*:*:*:*:*",
"matchCriteriaId": "1E7A286D-5BC7-4D8A-A33F-A1974B5FCA25",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "The picture_pool_Delete function in misc/picture_pool.c in VideoLAN VLC media player 2.1.5 allows remote attackers to execute arbitrary code or cause a denial of service (DEP violation and application crash) via a crafted FLV file."
},
{
"lang": "es",
"value": "La funci\u00f3n picture_pool_Delete en misc/picture_pool.c en el reproductor de video VideoLAN VLC 2.1.5 permite a atacantes remotos ejecutar c\u00f3digo arbitrario o causar una denegaci\u00f3n de servicio (violaci\u00f3n DEP y ca\u00edda de la aplicaci\u00f3n) a trav\u00e9s un archivo FLV modificado."
}
],
"id": "CVE-2014-9597",
"lastModified": "2024-11-21T02:21:12.600",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 6.8,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
]
},
"published": "2015-01-21T15:17:08.573",
"references": [
{
"source": "cve@mitre.org",
"url": "http://seclists.org/fulldisclosure/2015/Jan/72"
},
{
"source": "cve@mitre.org",
"tags": [
"URL Repurposed"
],
"url": "http://www.binarysniper.net/2015/01/vlc-media-player-215-memory-corruption.html"
},
{
"source": "cve@mitre.org",
"url": "https://security.gentoo.org/glsa/201603-08"
},
{
"source": "cve@mitre.org",
"url": "https://trac.videolan.org/vlc/attachment/ticket/13389/windbglog.txt"
},
{
"source": "cve@mitre.org",
"url": "https://trac.videolan.org/vlc/ticket/13389"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://seclists.org/fulldisclosure/2015/Jan/72"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"URL Repurposed"
],
"url": "http://www.binarysniper.net/2015/01/vlc-media-player-215-memory-corruption.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://security.gentoo.org/glsa/201603-08"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://trac.videolan.org/vlc/attachment/ticket/13389/windbglog.txt"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://trac.videolan.org/vlc/ticket/13389"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-20"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2007-01-03 02:28
Modified
2024-11-21 00:24
Severity ?
Summary
Multiple format string vulnerabilities in (1) the cdio_log_handler function in modules/access/cdda/access.c in the CDDA (libcdda_plugin) plugin, and the (2) cdio_log_handler and (3) vcd_log_handler functions in modules/access/vcdx/access.c in the VCDX (libvcdx_plugin) plugin, in VideoLAN VLC 0.7.0 through 0.8.6 allow user-assisted remote attackers to execute arbitrary code via format string specifiers in an invalid URI, as demonstrated by a udp://-- URI in an M3U file.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| videolan | vlc_media_player | 0.7.0 | |
| videolan | vlc_media_player | 0.7.1 | |
| videolan | vlc_media_player | 0.7.2 | |
| videolan | vlc_media_player | 0.8.0 | |
| videolan | vlc_media_player | 0.8.1 | |
| videolan | vlc_media_player | 0.8.2 | |
| videolan | vlc_media_player | 0.8.4 | |
| videolan | vlc_media_player | 0.8.4a | |
| videolan | vlc_media_player | 0.8.5 | |
| videolan | vlc_media_player | 0.8.6 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:videolan:vlc_media_player:0.7.0:*:*:*:*:*:*:*",
"matchCriteriaId": "F1707178-C378-4098-8C97-CBFB5DD8B4ED",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:videolan:vlc_media_player:0.7.1:*:*:*:*:*:*:*",
"matchCriteriaId": "08AD173D-10D1-4145-88E9-20053ADA7A6D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:videolan:vlc_media_player:0.7.2:*:*:*:*:*:*:*",
"matchCriteriaId": "46904EED-974A-4900-B676-DE298CB3ADE1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:videolan:vlc_media_player:0.8.0:*:*:*:*:*:*:*",
"matchCriteriaId": "4384C436-12AF-4051-B074-893BE6B4C7F2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:videolan:vlc_media_player:0.8.1:*:*:*:*:*:*:*",
"matchCriteriaId": "7EC2CEE6-A2E1-437A-947F-608EB7987758",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:videolan:vlc_media_player:0.8.2:*:*:*:*:*:*:*",
"matchCriteriaId": "C30A98A2-675A-4913-A425-2B9F8F06CEA8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:videolan:vlc_media_player:0.8.4:*:*:*:*:*:*:*",
"matchCriteriaId": "C6A360E5-501E-4A97-94A0-620FC5B2627A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:videolan:vlc_media_player:0.8.4a:*:*:*:*:*:*:*",
"matchCriteriaId": "8E9742E3-756B-418F-8F9F-D86BD37080DC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:videolan:vlc_media_player:0.8.5:*:*:*:*:*:*:*",
"matchCriteriaId": "D2845107-7D0C-4F72-AF0C-0E059E923826",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:videolan:vlc_media_player:0.8.6:*:*:*:*:*:*:*",
"matchCriteriaId": "18B68706-5A1F-479F-8A38-F93D98481F9C",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Multiple format string vulnerabilities in (1) the cdio_log_handler function in modules/access/cdda/access.c in the CDDA (libcdda_plugin) plugin, and the (2) cdio_log_handler and (3) vcd_log_handler functions in modules/access/vcdx/access.c in the VCDX (libvcdx_plugin) plugin, in VideoLAN VLC 0.7.0 through 0.8.6 allow user-assisted remote attackers to execute arbitrary code via format string specifiers in an invalid URI, as demonstrated by a udp://-- URI in an M3U file."
},
{
"lang": "es",
"value": "M\u00faltiples vulnerabilidades de cadena de formato en (1) la funci\u00f3n cdio_log_handler en el archivo modules/access/cdda/access.c en el plugin CDDA (libcdda_plugin) y las funciones (2) cdio_log_handler y (3) vcd_log_handler en el archivo modules/access/vcdx/access.c en el plugin VCDX (libvcdx_plugin), en VideoLAN VLC versiones 0.7.0 hasta 0.8.6, permite a atacantes remotos asistidos por el usuario ejecutar c\u00f3digo arbitrario por medio de especificadores de cadena de formato en un URI no v\u00e1lido, como es demostrado por un URI udp://-- en un archivo M3U."
}
],
"id": "CVE-2007-0017",
"lastModified": "2024-11-21T00:24:46.773",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 6.8,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": true,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
]
},
"published": "2007-01-03T02:28:00.000",
"references": [
{
"source": "cve@mitre.org",
"url": "http://applefun.blogspot.com/2007/01/moab-02-01-2007-vlc-media-player-udp.html"
},
{
"source": "cve@mitre.org",
"url": "http://landonf.bikemonkey.org/code/macosx/MOAB_Day_2.20070103045559.6753.timor.html"
},
{
"source": "cve@mitre.org",
"url": "http://osvdb.org/31163"
},
{
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Vendor Advisory"
],
"url": "http://projects.info-pull.com/moab/MOAB-02-01-2007.html"
},
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/23592"
},
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/23829"
},
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/23910"
},
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/23971"
},
{
"source": "cve@mitre.org",
"url": "http://security.gentoo.org/glsa/glsa-200701-24.xml"
},
{
"source": "cve@mitre.org",
"url": "http://securitytracker.com/id?1017464"
},
{
"source": "cve@mitre.org",
"url": "http://trac.videolan.org/vlc/changeset/18481"
},
{
"source": "cve@mitre.org",
"url": "http://www.debian.org/security/2007/dsa-1252"
},
{
"source": "cve@mitre.org",
"url": "http://www.novell.com/linux/security/advisories/2007_13_xine.html"
},
{
"source": "cve@mitre.org",
"url": "http://www.securityfocus.com/bid/21852"
},
{
"source": "cve@mitre.org",
"url": "http://www.via.ecp.fr/via/ml/vlc-devel/2007-01/msg00005.html"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch"
],
"url": "http://www.videolan.org/patches/vlc-0.8.6-MOAB-02-01-2007.patch"
},
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "http://www.videolan.org/sa0701.html"
},
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "http://www.vupen.com/english/advisories/2007/0026"
},
{
"source": "cve@mitre.org",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/31226"
},
{
"source": "cve@mitre.org",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A14313"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://applefun.blogspot.com/2007/01/moab-02-01-2007-vlc-media-player-udp.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://landonf.bikemonkey.org/code/macosx/MOAB_Day_2.20070103045559.6753.timor.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://osvdb.org/31163"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Vendor Advisory"
],
"url": "http://projects.info-pull.com/moab/MOAB-02-01-2007.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/23592"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/23829"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/23910"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/23971"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://security.gentoo.org/glsa/glsa-200701-24.xml"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://securitytracker.com/id?1017464"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://trac.videolan.org/vlc/changeset/18481"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.debian.org/security/2007/dsa-1252"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.novell.com/linux/security/advisories/2007_13_xine.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/bid/21852"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.via.ecp.fr/via/ml/vlc-devel/2007-01/msg00005.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch"
],
"url": "http://www.videolan.org/patches/vlc-0.8.6-MOAB-02-01-2007.patch"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://www.videolan.org/sa0701.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://www.vupen.com/english/advisories/2007/0026"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/31226"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A14313"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-134"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2008-08-26 15:41
Modified
2024-11-21 00:50
Severity ?
Summary
Integer signedness error in the mms_ReceiveCommand function in modules/access/mms/mmstu.c in VLC Media Player 0.8.6i allows remote attackers to execute arbitrary code via a crafted mmst link with a negative size value, which bypasses a size check and triggers an integer overflow followed by a heap-based buffer overflow.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| videolan | vlc_media_player | 0.8.6i |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:videolan:vlc_media_player:0.8.6i:*:*:*:*:*:*:*",
"matchCriteriaId": "FD824C10-CB0B-4988-99E9-1B8A2B52C5A3",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Integer signedness error in the mms_ReceiveCommand function in modules/access/mms/mmstu.c in VLC Media Player 0.8.6i allows remote attackers to execute arbitrary code via a crafted mmst link with a negative size value, which bypasses a size check and triggers an integer overflow followed by a heap-based buffer overflow."
},
{
"lang": "es",
"value": "Un error en la propiedad signedness de enteros en la funci\u00f3n mms_ReceiveCommand en el archivo modules/access/mms/mmstu.c en Reproductor Multimedia VLC versi\u00f3n 0.8.6i, permite a los atacantes remotos ejecutar c\u00f3digo arbitrario por medio de un enlace mmst dise\u00f1ado con un valor size negativo, que omite una comprobaci\u00f3n de tama\u00f1o y desencadena un desbordamiento de enteros seguido de un desbordamiento de b\u00fafer en la regi\u00f3n heap de la memoria."
}
],
"id": "CVE-2008-3794",
"lastModified": "2024-11-21T00:50:08.913",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 6.8,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": true,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
]
},
"published": "2008-08-26T15:41:00.000",
"references": [
{
"source": "cve@mitre.org",
"url": "http://mailman.videolan.org/pipermail/vlc-devel/2008-August/048488.html"
},
{
"source": "cve@mitre.org",
"url": "http://security.gentoo.org/glsa/glsa-200809-06.xml"
},
{
"source": "cve@mitre.org",
"url": "http://securityreason.com/securityalert/4190"
},
{
"source": "cve@mitre.org",
"url": "http://www.openwall.com/lists/oss-security/2008/08/24/3"
},
{
"source": "cve@mitre.org",
"tags": [
"Exploit"
],
"url": "http://www.orange-bat.com/adv/2008/adv.08.24.txt"
},
{
"source": "cve@mitre.org",
"url": "http://www.securityfocus.com/bid/30806"
},
{
"source": "cve@mitre.org",
"url": "http://www.securitytracker.com/id?1020759"
},
{
"source": "cve@mitre.org",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/44659"
},
{
"source": "cve@mitre.org",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A14531"
},
{
"source": "cve@mitre.org",
"url": "https://www.exploit-db.com/exploits/6293"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://mailman.videolan.org/pipermail/vlc-devel/2008-August/048488.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://security.gentoo.org/glsa/glsa-200809-06.xml"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://securityreason.com/securityalert/4190"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.openwall.com/lists/oss-security/2008/08/24/3"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit"
],
"url": "http://www.orange-bat.com/adv/2008/adv.08.24.txt"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/bid/30806"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securitytracker.com/id?1020759"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/44659"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A14531"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://www.exploit-db.com/exploits/6293"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-189"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2013-07-10 19:55
Modified
2024-11-21 01:50
Severity ?
Summary
Multiple buffer overflows in VideoLAN VLC media player 2.0.4 and earlier allow remote attackers to cause a denial of service (crash) and execute arbitrary code via vectors related to the (1) freetype renderer and (2) HTML subtitle parser.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| videolan | vlc_media_player | * | |
| videolan | vlc_media_player | 2.0.0 | |
| videolan | vlc_media_player | 2.0.1 | |
| videolan | vlc_media_player | 2.0.2 | |
| videolan | vlc_media_player | 2.0.3 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:videolan:vlc_media_player:*:*:*:*:*:*:*:*",
"matchCriteriaId": "E5C76C9C-1161-49AA-8108-167DC868473D",
"versionEndIncluding": "2.0.4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:videolan:vlc_media_player:2.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "1928547F-4689-43CD-9C66-7097AE360669",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:videolan:vlc_media_player:2.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "A3FD4FB1-A4E7-4712-B864-0F85D957E81D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:videolan:vlc_media_player:2.0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "2A6AE8D3-46C9-441B-886C-63D9A28DB918",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:videolan:vlc_media_player:2.0.3:*:*:*:*:*:*:*",
"matchCriteriaId": "99D5CFF3-0643-4AFD-B5D9-7C7C3B18C29B",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Multiple buffer overflows in VideoLAN VLC media player 2.0.4 and earlier allow remote attackers to cause a denial of service (crash) and execute arbitrary code via vectors related to the (1) freetype renderer and (2) HTML subtitle parser."
},
{
"lang": "es",
"value": "M\u00faltiples desbordamientos de b\u00fafer en VideoLAN VLC media player v2.0.4 y anteriores permite a atacantes remotos provocar una denegaci\u00f3n de servicio (ca\u00edda) y ejecutar c\u00f3digo arbitrario a trav\u00e9s de vectores relacionados con el (1) procesador freetype y (2) el analizador (parser) de subtitulos HTML."
}
],
"id": "CVE-2013-1868",
"lastModified": "2024-11-21T01:50:33.610",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "COMPLETE",
"baseScore": 9.3,
"confidentialityImpact": "COMPLETE",
"integrityImpact": "COMPLETE",
"vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 10.0,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
]
},
"published": "2013-07-10T19:55:04.607",
"references": [
{
"source": "secalert@redhat.com",
"url": "http://marc.info/?l=oss-security\u0026m=136367945627336\u0026w=2"
},
{
"source": "secalert@redhat.com",
"url": "http://secunia.com/advisories/59793"
},
{
"source": "secalert@redhat.com",
"url": "http://www.securityfocus.com/bid/57079"
},
{
"source": "secalert@redhat.com",
"url": "http://www.videolan.org/security/sa1301.html"
},
{
"source": "secalert@redhat.com",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A17226"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://marc.info/?l=oss-security\u0026m=136367945627336\u0026w=2"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://secunia.com/advisories/59793"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/bid/57079"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.videolan.org/security/sa1301.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A17226"
}
],
"sourceIdentifier": "secalert@redhat.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-119"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2011-03-28 16:55
Modified
2024-11-21 01:18
Severity ?
Summary
libdirectx_plugin.dll in VideoLAN VLC Media Player before 1.1.8 allows remote attackers to execute arbitrary code via a crafted width in an NSV file.
References
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:videolan:vlc_media_player:*:*:*:*:*:*:*:*",
"matchCriteriaId": "5F99F1B7-6879-4FE2-87F6-5C3079E6D4E6",
"versionEndIncluding": "1.1.7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:videolan:vlc_media_player:0.1.99b:*:*:*:*:*:*:*",
"matchCriteriaId": "10A23C59-433E-467A-9FDD-7D18CC1AC0AB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:videolan:vlc_media_player:0.1.99e:*:*:*:*:*:*:*",
"matchCriteriaId": "35E2E373-13F6-405D-8866-ECADE118C2F3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:videolan:vlc_media_player:0.1.99f:*:*:*:*:*:*:*",
"matchCriteriaId": "7B9447EA-6F39-4B10-A0E1-C094CF3E1BB3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:videolan:vlc_media_player:0.1.99g:*:*:*:*:*:*:*",
"matchCriteriaId": "D9D2A6B8-B75C-42B5-962F-28DB013D65E3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:videolan:vlc_media_player:0.1.99h:*:*:*:*:*:*:*",
"matchCriteriaId": "9BA4C098-F2B1-496E-B872-90774C7D105C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:videolan:vlc_media_player:0.1.99i:*:*:*:*:*:*:*",
"matchCriteriaId": "E9C2006D-FA5A-4002-B81B-54FC35B46DB0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:videolan:vlc_media_player:0.2.0:*:*:*:*:*:*:*",
"matchCriteriaId": "AC8DE917-7328-4D01-9736-0567963F4D17",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:videolan:vlc_media_player:0.2.60:*:*:*:*:*:*:*",
"matchCriteriaId": "8197F279-8411-4E9A-9840-BCC625D636C1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:videolan:vlc_media_player:0.2.61:*:*:*:*:*:*:*",
"matchCriteriaId": "3F7AF897-3B0C-4CA0-86C7-93C9AA26CD0B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:videolan:vlc_media_player:0.2.62:*:*:*:*:*:*:*",
"matchCriteriaId": "A7B2C78E-8399-404C-97E5-CDAB93587757",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:videolan:vlc_media_player:0.2.63:*:*:*:*:*:*:*",
"matchCriteriaId": "D1D6BE69-725A-4CE1-BD42-D3FA10126BF3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:videolan:vlc_media_player:0.2.70:*:*:*:*:*:*:*",
"matchCriteriaId": "7CC1414B-3733-4B29-AC06-E6788E29C7ED",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:videolan:vlc_media_player:0.2.71:*:*:*:*:*:*:*",
"matchCriteriaId": "DBDEEC2D-8ACD-4C6B-944A-F0952498E511",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:videolan:vlc_media_player:0.2.72:*:*:*:*:*:*:*",
"matchCriteriaId": "3DC59E17-D647-4F91-B9B7-D9949921DFC9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:videolan:vlc_media_player:0.2.73:*:*:*:*:*:*:*",
"matchCriteriaId": "BDC4F928-FD5D-4C11-BF39-B068A5630DF6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:videolan:vlc_media_player:0.2.80:*:*:*:*:*:*:*",
"matchCriteriaId": "398EC30A-ABC6-4474-9516-63769F71E8A7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:videolan:vlc_media_player:0.2.81:*:*:*:*:*:*:*",
"matchCriteriaId": "86EB8260-DCAA-4261-BFF7-8FE3628CE13E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:videolan:vlc_media_player:0.2.82:*:*:*:*:*:*:*",
"matchCriteriaId": "F37BDFCB-3171-44A6-8F0A-0FCCCA876801",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:videolan:vlc_media_player:0.2.83:*:*:*:*:*:*:*",
"matchCriteriaId": "7A26CC61-7D20-4F99-A774-C5FF4AD1F249",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:videolan:vlc_media_player:0.2.90:*:*:*:*:*:*:*",
"matchCriteriaId": "069BA9C0-7B3F-4B6D-B433-2D618F826438",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:videolan:vlc_media_player:0.2.91:*:*:*:*:*:*:*",
"matchCriteriaId": "0B04A969-0645-41D4-AEA4-9AC47725F593",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:videolan:vlc_media_player:0.2.92:*:*:*:*:*:*:*",
"matchCriteriaId": "984C1ABC-B155-417A-AA0E-78B13A263650",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:videolan:vlc_media_player:0.3.0:*:*:*:*:*:*:*",
"matchCriteriaId": "3913F6C0-22E2-4FFC-AFF6-417F286C36F5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:videolan:vlc_media_player:0.3.1:*:*:*:*:*:*:*",
"matchCriteriaId": "205B275E-1E9E-4558-BD8B-1B3E3B349886",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:videolan:vlc_media_player:0.4.0:*:*:*:*:*:*:*",
"matchCriteriaId": "DA909414-DA30-4DAD-A342-3588B0840251",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:videolan:vlc_media_player:0.4.1:*:*:*:*:*:*:*",
"matchCriteriaId": "028CDDD1-BFB7-438F-811D-7549713F45E3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:videolan:vlc_media_player:0.4.2:*:*:*:*:*:*:*",
"matchCriteriaId": "97B959F2-501C-4365-88CD-8231BF36297E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:videolan:vlc_media_player:0.4.3:*:*:*:*:*:*:*",
"matchCriteriaId": "3F5C7D12-3521-4398-AB5C-CBFB6A500DEE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:videolan:vlc_media_player:0.4.4:*:*:*:*:*:*:*",
"matchCriteriaId": "DEFD6C6D-05FC-437E-92B7-848C9112FD42",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:videolan:vlc_media_player:0.4.5:*:*:*:*:*:*:*",
"matchCriteriaId": "C9C45418-8946-4DFE-8D78-CBE3432600BF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:videolan:vlc_media_player:0.4.6:*:*:*:*:*:*:*",
"matchCriteriaId": "3C5F3996-3AE2-4690-84A5-F258BC07596E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:videolan:vlc_media_player:0.5.0:*:*:*:*:*:*:*",
"matchCriteriaId": "12602EC1-07DE-4A40-9897-E7E6A23D4B42",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:videolan:vlc_media_player:0.5.1:*:*:*:*:*:*:*",
"matchCriteriaId": "6726FF43-2330-444C-86F0-FB774F8470C8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:videolan:vlc_media_player:0.5.2:*:*:*:*:*:*:*",
"matchCriteriaId": "90D485D0-BBF8-4A0F-91A1-52835EF876A1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:videolan:vlc_media_player:0.5.3:*:*:*:*:*:*:*",
"matchCriteriaId": "DC23A94C-3611-41BA-9043-22C477B8020B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:videolan:vlc_media_player:0.6.0:*:*:*:*:*:*:*",
"matchCriteriaId": "01118457-9068-48F7-B2A4-BABB354E1449",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:videolan:vlc_media_player:0.6.1:*:*:*:*:*:*:*",
"matchCriteriaId": "EB851F73-D444-4316-9AA0-4556068ADED2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:videolan:vlc_media_player:0.6.2:*:*:*:*:*:*:*",
"matchCriteriaId": "6221A983-B4AC-4646-A939-FAA021EE7F20",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:videolan:vlc_media_player:0.7.0:*:*:*:*:*:*:*",
"matchCriteriaId": "F1707178-C378-4098-8C97-CBFB5DD8B4ED",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:videolan:vlc_media_player:0.7.2:*:*:*:*:*:*:*",
"matchCriteriaId": "46904EED-974A-4900-B676-DE298CB3ADE1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:videolan:vlc_media_player:0.8.0:*:*:*:*:*:*:*",
"matchCriteriaId": "4384C436-12AF-4051-B074-893BE6B4C7F2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:videolan:vlc_media_player:0.8.1:*:*:*:*:*:*:*",
"matchCriteriaId": "7EC2CEE6-A2E1-437A-947F-608EB7987758",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:videolan:vlc_media_player:0.8.2:*:*:*:*:*:*:*",
"matchCriteriaId": "C30A98A2-675A-4913-A425-2B9F8F06CEA8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:videolan:vlc_media_player:0.8.4:*:*:*:*:*:*:*",
"matchCriteriaId": "C6A360E5-501E-4A97-94A0-620FC5B2627A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:videolan:vlc_media_player:0.8.5:*:*:*:*:*:*:*",
"matchCriteriaId": "D2845107-7D0C-4F72-AF0C-0E059E923826",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:videolan:vlc_media_player:0.8.6:*:*:*:*:*:*:*",
"matchCriteriaId": "18B68706-5A1F-479F-8A38-F93D98481F9C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:videolan:vlc_media_player:0.9.2:*:*:*:*:*:*:*",
"matchCriteriaId": "B3B32073-DBD5-4344-8498-A132B99807A8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:videolan:vlc_media_player:0.9.3:*:*:*:*:*:*:*",
"matchCriteriaId": "5330E5C4-BF18-498A-9AE2-1C57E2494AAF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:videolan:vlc_media_player:0.9.4:*:*:*:*:*:*:*",
"matchCriteriaId": "86D31A16-94EE-45D6-8C54-4F27D466A29E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:videolan:vlc_media_player:0.9.5:*:*:*:*:*:*:*",
"matchCriteriaId": "117C896C-1C61-440E-B0F4-A871828CD095",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:videolan:vlc_media_player:0.9.6:*:*:*:*:*:*:*",
"matchCriteriaId": "53C17E1A-2E3A-4765-92DE-55CFEE5E4CB0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:videolan:vlc_media_player:0.9.8a:*:*:*:*:*:*:*",
"matchCriteriaId": "A218DA63-4334-4C9F-BB47-44CC00630613",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:videolan:vlc_media_player:0.9.9:*:*:*:*:*:*:*",
"matchCriteriaId": "3CD809FD-E893-4921-83CE-D34008670F8F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:videolan:vlc_media_player:0.9.10:*:*:*:*:*:*:*",
"matchCriteriaId": "8F60ACBF-E7C6-4184-9B91-8ED3840A7BEA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:videolan:vlc_media_player:1.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "D1925D17-564A-4D8C-87FB-D3C731FA0612",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:videolan:vlc_media_player:1.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "70BD6170-AD0D-4E95-8998-8B5CE8F0E3AF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:videolan:vlc_media_player:1.0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "9B06DCD7-56C5-4B25-936E-07D766109FB8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:videolan:vlc_media_player:1.0.3:*:*:*:*:*:*:*",
"matchCriteriaId": "29AD31C5-B119-44EF-8627-2C480860BAD2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:videolan:vlc_media_player:1.0.4:*:*:*:*:*:*:*",
"matchCriteriaId": "692C36B2-2A55-44EA-B80E-D7EDE384BA7D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:videolan:vlc_media_player:1.0.5:*:*:*:*:*:*:*",
"matchCriteriaId": "CEAD1ED9-4FA1-47D9-87A0-9D6B4C6771DE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:videolan:vlc_media_player:1.0.6:*:*:*:*:*:*:*",
"matchCriteriaId": "B8E2A762-C13C-4BDD-AD86-7A52609D693D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:videolan:vlc_media_player:1.1.0:*:*:*:*:*:*:*",
"matchCriteriaId": "0042DAC1-A91B-40A6-A379-9C345CF13E4B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:videolan:vlc_media_player:1.1.1:*:*:*:*:*:*:*",
"matchCriteriaId": "8D13741F-8A82-44F6-8D73-98451A180529",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:videolan:vlc_media_player:1.1.2:*:*:*:*:*:*:*",
"matchCriteriaId": "E52C6189-71F1-4A3A-BC08-94087AE1FCE6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:videolan:vlc_media_player:1.1.3:*:*:*:*:*:*:*",
"matchCriteriaId": "591C6696-07C0-463A-B986-AD4FA6985AC1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:videolan:vlc_media_player:1.1.4:*:*:*:*:*:*:*",
"matchCriteriaId": "8342E310-43DE-46C0-85D9-E1D1F9F554E8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:videolan:vlc_media_player:1.1.5:*:*:*:*:*:*:*",
"matchCriteriaId": "E74E71F3-984E-4CF3-900A-F80E7103D3C5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:videolan:vlc_media_player:1.1.6:*:*:*:*:*:*:*",
"matchCriteriaId": "B8596527-4778-4CCD-ABBB-90CA434D91E1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:videolan:vlc_media_player:1.1.6.1:*:*:*:*:*:*:*",
"matchCriteriaId": "7CA6D5F5-8EB7-4DA7-BD6C-CAF45052DCB1",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "libdirectx_plugin.dll in VideoLAN VLC Media Player before 1.1.8 allows remote attackers to execute arbitrary code via a crafted width in an NSV file."
},
{
"lang": "es",
"value": "libdirectx_plugin.dll de VideoLAN VLC Media Player en versiones anteriores a v1.1.8 permite a atacantes remotos la ejecuci\u00f3n de c\u00f3digo arbitrario mediante la manipulaci\u00f3n de la anchura en ficheros NSV"
}
],
"id": "CVE-2010-3276",
"lastModified": "2024-11-21T01:18:25.300",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "COMPLETE",
"baseScore": 9.3,
"confidentialityImpact": "COMPLETE",
"integrityImpact": "COMPLETE",
"vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 10.0,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
]
},
"published": "2011-03-28T16:55:02.593",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/43826"
},
{
"source": "cve@mitre.org",
"url": "http://securityreason.com/securityalert/8162"
},
{
"source": "cve@mitre.org",
"url": "http://securitytracker.com/id?1025250"
},
{
"source": "cve@mitre.org",
"url": "http://www.coresecurity.com/content/vlc-vulnerabilities-amv-nsv-files"
},
{
"source": "cve@mitre.org",
"url": "http://www.debian.org/security/2011/dsa-2211"
},
{
"source": "cve@mitre.org",
"url": "http://www.osvdb.org/71278"
},
{
"source": "cve@mitre.org",
"url": "http://www.securityfocus.com/archive/1/517150/100/0/threaded"
},
{
"source": "cve@mitre.org",
"tags": [
"Exploit"
],
"url": "http://www.securityfocus.com/bid/47012"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch"
],
"url": "http://www.videolan.org/vlc/releases/1.1.8.html"
},
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "http://www.vupen.com/english/advisories/2011/0759"
},
{
"source": "cve@mitre.org",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/66260"
},
{
"source": "cve@mitre.org",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A14873"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/43826"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://securityreason.com/securityalert/8162"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://securitytracker.com/id?1025250"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.coresecurity.com/content/vlc-vulnerabilities-amv-nsv-files"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.debian.org/security/2011/dsa-2211"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.osvdb.org/71278"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/archive/1/517150/100/0/threaded"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit"
],
"url": "http://www.securityfocus.com/bid/47012"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch"
],
"url": "http://www.videolan.org/vlc/releases/1.1.8.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://www.vupen.com/english/advisories/2011/0759"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/66260"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A14873"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-119"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2014-12-26 20:59
Modified
2024-11-21 01:30
Severity ?
Summary
Multiple stack-based buffer overflows in VideoLAN VLC media player before 1.0.2 allow remote attackers to execute arbitrary code via (1) a crafted ASF file, related to the ASF_ObjectDumpDebug function in modules/demux/asf/libasf.c; (2) a crafted AVI file, related to the AVI_ChunkDumpDebug_level function in modules/demux/avi/libavi.c; or (3) a crafted MP4 file, related to the __MP4_BoxDumpStructure function in modules/demux/mp4/libmp4.c.
References
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:videolan:vlc_media_player:*:*:*:*:*:*:*:*",
"matchCriteriaId": "12298FD6-34BB-411F-B2D2-D06DDE7A8D60",
"versionEndIncluding": "1.0.1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:videolan:vlc_media_player:0.5.0:*:*:*:*:*:*:*",
"matchCriteriaId": "12602EC1-07DE-4A40-9897-E7E6A23D4B42",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:videolan:vlc_media_player:0.5.1:*:*:*:*:*:*:*",
"matchCriteriaId": "6726FF43-2330-444C-86F0-FB774F8470C8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:videolan:vlc_media_player:0.5.2:*:*:*:*:*:*:*",
"matchCriteriaId": "90D485D0-BBF8-4A0F-91A1-52835EF876A1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:videolan:vlc_media_player:0.5.3:*:*:*:*:*:*:*",
"matchCriteriaId": "DC23A94C-3611-41BA-9043-22C477B8020B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:videolan:vlc_media_player:0.6.0:*:*:*:*:*:*:*",
"matchCriteriaId": "01118457-9068-48F7-B2A4-BABB354E1449",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:videolan:vlc_media_player:0.6.1:*:*:*:*:*:*:*",
"matchCriteriaId": "EB851F73-D444-4316-9AA0-4556068ADED2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:videolan:vlc_media_player:0.6.2:*:*:*:*:*:*:*",
"matchCriteriaId": "6221A983-B4AC-4646-A939-FAA021EE7F20",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:videolan:vlc_media_player:0.7.0:*:*:*:*:*:*:*",
"matchCriteriaId": "F1707178-C378-4098-8C97-CBFB5DD8B4ED",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:videolan:vlc_media_player:0.7.1:*:*:*:*:*:*:*",
"matchCriteriaId": "08AD173D-10D1-4145-88E9-20053ADA7A6D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:videolan:vlc_media_player:0.7.2:*:*:*:*:*:*:*",
"matchCriteriaId": "46904EED-974A-4900-B676-DE298CB3ADE1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:videolan:vlc_media_player:0.8.0:*:*:*:*:*:*:*",
"matchCriteriaId": "4384C436-12AF-4051-B074-893BE6B4C7F2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:videolan:vlc_media_player:0.8.1:*:*:*:*:*:*:*",
"matchCriteriaId": "7EC2CEE6-A2E1-437A-947F-608EB7987758",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:videolan:vlc_media_player:0.8.2:*:*:*:*:*:*:*",
"matchCriteriaId": "C30A98A2-675A-4913-A425-2B9F8F06CEA8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:videolan:vlc_media_player:0.8.4:*:*:*:*:*:*:*",
"matchCriteriaId": "C6A360E5-501E-4A97-94A0-620FC5B2627A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:videolan:vlc_media_player:0.8.4a:*:*:*:*:*:*:*",
"matchCriteriaId": "8E9742E3-756B-418F-8F9F-D86BD37080DC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:videolan:vlc_media_player:0.8.5:*:*:*:*:*:*:*",
"matchCriteriaId": "D2845107-7D0C-4F72-AF0C-0E059E923826",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:videolan:vlc_media_player:0.8.6:*:*:*:*:*:*:*",
"matchCriteriaId": "18B68706-5A1F-479F-8A38-F93D98481F9C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:videolan:vlc_media_player:0.8.6a:*:*:*:*:*:*:*",
"matchCriteriaId": "06BB94C4-9315-48FB-8859-425993D42973",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:videolan:vlc_media_player:0.8.6b:*:*:*:*:*:*:*",
"matchCriteriaId": "97E4572E-337D-43F3-81AE-54E496F04E49",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:videolan:vlc_media_player:0.8.6c:*:*:*:*:*:*:*",
"matchCriteriaId": "DDB2DD0B-7D95-4391-8881-4A22F4AA1778",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:videolan:vlc_media_player:0.8.6d:*:*:*:*:*:*:*",
"matchCriteriaId": "AAFBA7B6-0227-4E0F-AF95-FC02FE84654D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:videolan:vlc_media_player:0.8.6e:*:*:*:*:*:*:*",
"matchCriteriaId": "9D387A08-1B84-46BB-87E2-51E3E9567B8B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:videolan:vlc_media_player:0.8.6f:*:*:*:*:*:*:*",
"matchCriteriaId": "8D26B400-DAF1-4602-9AF7-ECF97919529A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:videolan:vlc_media_player:0.8.6g:*:*:*:*:*:*:*",
"matchCriteriaId": "2150E50E-C00A-407B-9D14-444124D6AD01",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:videolan:vlc_media_player:0.8.6h:*:*:*:*:*:*:*",
"matchCriteriaId": "725D145D-C3F6-4810-96D8-E8AC871093F0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:videolan:vlc_media_player:0.8.6i:*:*:*:*:*:*:*",
"matchCriteriaId": "FD824C10-CB0B-4988-99E9-1B8A2B52C5A3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:videolan:vlc_media_player:0.8.1337:*:*:*:*:*:*:*",
"matchCriteriaId": "714D8595-BFA8-48CE-8563-1CCFF959F8AE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:videolan:vlc_media_player:0.9.0:*:*:*:*:*:*:*",
"matchCriteriaId": "C13FF305-2547-4E85-9007-0A89F5E34BD4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:videolan:vlc_media_player:0.9.1:*:*:*:*:*:*:*",
"matchCriteriaId": "3E93836E-E9D1-4180-A589-43602647741C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:videolan:vlc_media_player:0.9.2:*:*:*:*:*:*:*",
"matchCriteriaId": "B3B32073-DBD5-4344-8498-A132B99807A8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:videolan:vlc_media_player:0.9.3:*:*:*:*:*:*:*",
"matchCriteriaId": "5330E5C4-BF18-498A-9AE2-1C57E2494AAF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:videolan:vlc_media_player:0.9.4:*:*:*:*:*:*:*",
"matchCriteriaId": "86D31A16-94EE-45D6-8C54-4F27D466A29E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:videolan:vlc_media_player:0.9.5:*:*:*:*:*:*:*",
"matchCriteriaId": "117C896C-1C61-440E-B0F4-A871828CD095",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:videolan:vlc_media_player:0.9.6:*:*:*:*:*:*:*",
"matchCriteriaId": "53C17E1A-2E3A-4765-92DE-55CFEE5E4CB0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:videolan:vlc_media_player:0.9.8a:*:*:*:*:*:*:*",
"matchCriteriaId": "A218DA63-4334-4C9F-BB47-44CC00630613",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:videolan:vlc_media_player:0.9.9:*:*:*:*:*:*:*",
"matchCriteriaId": "3CD809FD-E893-4921-83CE-D34008670F8F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:videolan:vlc_media_player:0.9.9a:*:*:*:*:*:*:*",
"matchCriteriaId": "9F8A163E-3578-4BF5-A278-A267D9B9CE82",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:videolan:vlc_media_player:0.9.10:*:*:*:*:*:*:*",
"matchCriteriaId": "8F60ACBF-E7C6-4184-9B91-8ED3840A7BEA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:videolan:vlc_media_player:1.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "D1925D17-564A-4D8C-87FB-D3C731FA0612",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Multiple stack-based buffer overflows in VideoLAN VLC media player before 1.0.2 allow remote attackers to execute arbitrary code via (1) a crafted ASF file, related to the ASF_ObjectDumpDebug function in modules/demux/asf/libasf.c; (2) a crafted AVI file, related to the AVI_ChunkDumpDebug_level function in modules/demux/avi/libavi.c; or (3) a crafted MP4 file, related to the __MP4_BoxDumpStructure function in modules/demux/mp4/libmp4.c."
},
{
"lang": "es",
"value": "Desbordamiento de buffer basado en memoria din\u00e1mica en el reproductor multimedia VideoLAN VLC anterior a 1.0.2 permite a atacantes remotos ejecutar c\u00f3digo arbitrario a trav\u00e9s de (1) un archivo modificado ASF, relacionado a la funci\u00f3n ASF_ObjectDumpDebug en modules/demux/asf/libasf.c; (2) un archivo modificado AVI, relacionado a la funci\u00f3n AVI_ChunkDumpDebug_level en modules/demux/avi/libavi.c; o (3) un archivo modificado MP4, relacionado a la funci\u00f3n __MP4_BoxDumpStructure en modules/demux/mp4/libmp4.c."
}
],
"id": "CVE-2011-3623",
"lastModified": "2024-11-21T01:30:52.223",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2014-12-26T20:59:08.463",
"references": [
{
"source": "secalert@redhat.com",
"url": "http://git.videolan.org/?p=vlc.git%3Ba=commit%3Bh=861e374d03e6c60c7d3c98428c632fe3b9e371b2"
},
{
"source": "secalert@redhat.com",
"url": "http://git.videolan.org/?p=vlc.git%3Ba=commit%3Bh=c5b02d011b8c634d041167f4d2936b55eca4d18d"
},
{
"source": "secalert@redhat.com",
"url": "http://git.videolan.org/?p=vlc.git%3Ba=commit%3Bh=dfe7084e8cc64e9b7a87cd37065b59cba2064823"
},
{
"source": "secalert@redhat.com",
"url": "http://openwall.com/lists/oss-security/2011/10/18/10"
},
{
"source": "secalert@redhat.com",
"tags": [
"Vendor Advisory"
],
"url": "http://www.videolan.org/security/sa0901.html"
},
{
"source": "secalert@redhat.com",
"url": "https://bugs.gentoo.org/show_bug.cgi?id=285370"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://git.videolan.org/?p=vlc.git%3Ba=commit%3Bh=861e374d03e6c60c7d3c98428c632fe3b9e371b2"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://git.videolan.org/?p=vlc.git%3Ba=commit%3Bh=c5b02d011b8c634d041167f4d2936b55eca4d18d"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://git.videolan.org/?p=vlc.git%3Ba=commit%3Bh=dfe7084e8cc64e9b7a87cd37065b59cba2064823"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://openwall.com/lists/oss-security/2011/10/18/10"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://www.videolan.org/security/sa0901.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://bugs.gentoo.org/show_bug.cgi?id=285370"
}
],
"sourceIdentifier": "secalert@redhat.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-119"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2018-07-11 16:29
Modified
2024-11-21 03:43
Severity ?
Summary
VideoLAN VLC media player 2.2.x is prone to a use after free vulnerability which an attacker can leverage to execute arbitrary code via crafted MKV files. Failed exploit attempts will likely result in denial of service conditions.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| cve@mitre.org | http://seclists.org/fulldisclosure/2018/Jul/28 | Exploit, Mailing List, Third Party Advisory | |
| cve@mitre.org | http://www.securitytracker.com/id/1041311 | Third Party Advisory, VDB Entry | |
| cve@mitre.org | https://www.debian.org/security/2018/dsa-4251 | Third Party Advisory | |
| cve@mitre.org | https://www.exploit-db.com/exploits/45626/ | Exploit, Third Party Advisory, VDB Entry | |
| af854a3a-2127-422b-91ae-364da2661108 | http://seclists.org/fulldisclosure/2018/Jul/28 | Exploit, Mailing List, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.securitytracker.com/id/1041311 | Third Party Advisory, VDB Entry | |
| af854a3a-2127-422b-91ae-364da2661108 | https://www.debian.org/security/2018/dsa-4251 | Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://www.exploit-db.com/exploits/45626/ | Exploit, Third Party Advisory, VDB Entry |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| debian | debian_linux | 9.0 | |
| videolan | vlc_media_player | * |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*",
"matchCriteriaId": "DEECE5FC-CACF-4496-A3E7-164736409252",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:videolan:vlc_media_player:*:*:*:*:*:*:*:*",
"matchCriteriaId": "BB3504B1-D1E2-40BC-B565-C5390061580B",
"versionEndIncluding": "2.2.8",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "VideoLAN VLC media player 2.2.x is prone to a use after free vulnerability which an attacker can leverage to execute arbitrary code via crafted MKV files. Failed exploit attempts will likely result in denial of service conditions."
},
{
"lang": "es",
"value": "VideoLAN VLC media player en versiones 2.2.x es propenso a una vulnerabilidad de uso de memoria previamente liberada, que podr\u00eda ser aprovechada por un atacante para ejecutar c\u00f3digo arbitrario mediante archivos MKV manipulados. Los intentos de explotaci\u00f3n fallidos podr\u00edan resultar en condiciones de denegaci\u00f3n de servicio (DoS)."
}
],
"id": "CVE-2018-11529",
"lastModified": "2024-11-21T03:43:33.350",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 6.8,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "ADJACENT_NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.0,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:A/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.0"
},
"exploitabilityScore": 2.1,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2018-07-11T16:29:00.627",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Mailing List",
"Third Party Advisory"
],
"url": "http://seclists.org/fulldisclosure/2018/Jul/28"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securitytracker.com/id/1041311"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
],
"url": "https://www.debian.org/security/2018/dsa-4251"
},
{
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Third Party Advisory",
"VDB Entry"
],
"url": "https://www.exploit-db.com/exploits/45626/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Mailing List",
"Third Party Advisory"
],
"url": "http://seclists.org/fulldisclosure/2018/Jul/28"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securitytracker.com/id/1041311"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://www.debian.org/security/2018/dsa-4251"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Third Party Advisory",
"VDB Entry"
],
"url": "https://www.exploit-db.com/exploits/45626/"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-416"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2017-05-29 19:29
Modified
2024-11-21 03:35
Severity ?
Summary
plugins\audio_filter\libmpgatofixed32_plugin.dll in VideoLAN VLC media player 2.2.4 allows remote attackers to cause a denial of service (invalid read and application crash) or possibly have unspecified other impact via a crafted file.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| cve@mitre.org | http://code610.blogspot.com/2017/04/multiple-crashes-in-vlc-224.html | Exploit, Third Party Advisory | |
| cve@mitre.org | http://www.securityfocus.com/bid/98746 | Third Party Advisory, VDB Entry | |
| af854a3a-2127-422b-91ae-364da2661108 | http://code610.blogspot.com/2017/04/multiple-crashes-in-vlc-224.html | Exploit, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.securityfocus.com/bid/98746 | Third Party Advisory, VDB Entry |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| videolan | vlc_media_player | * |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:videolan:vlc_media_player:*:*:*:*:*:*:*:*",
"matchCriteriaId": "60281829-AD27-4A95-B1A4-3D6008627406",
"versionEndIncluding": "2.2.4",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "plugins\\audio_filter\\libmpgatofixed32_plugin.dll in VideoLAN VLC media player 2.2.4 allows remote attackers to cause a denial of service (invalid read and application crash) or possibly have unspecified other impact via a crafted file."
},
{
"lang": "es",
"value": "plugins/audio_filter/libmpgatofixed32_plugin.dll en VideoLAN VLC media player 2.2.4 permite a un atacante remoto causar una denegaci\u00f3n de servicio (lectura invalida y fallo de aplicaci\u00f3n) o posiblemente tener otro impacto no especificado a trav\u00e9s de un archivo especialmente dise\u00f1ado."
}
],
"id": "CVE-2017-9301",
"lastModified": "2024-11-21T03:35:47.540",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 6.8,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.0"
},
"exploitabilityScore": 1.8,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2017-05-29T19:29:00.390",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Third Party Advisory"
],
"url": "http://code610.blogspot.com/2017/04/multiple-crashes-in-vlc-224.html"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securityfocus.com/bid/98746"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Third Party Advisory"
],
"url": "http://code610.blogspot.com/2017/04/multiple-crashes-in-vlc-224.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securityfocus.com/bid/98746"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-125"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2014-12-26 20:59
Modified
2024-11-21 01:14
Severity ?
Summary
VideoLAN VLC media player before 1.0.6 allows remote attackers to cause a denial of service (invalid memory access and application crash) or possibly execute arbitrary code via a crafted byte stream to the (1) AVI, (2) ASF, or (3) Matroska (aka MKV) demuxer.
References
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:videolan:vlc_media_player:*:*:*:*:*:*:*:*",
"matchCriteriaId": "573B6617-9109-43AA-BD92-B211B6AB7BC4",
"versionEndIncluding": "1.0.5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:videolan:vlc_media_player:0.5.0:*:*:*:*:*:*:*",
"matchCriteriaId": "12602EC1-07DE-4A40-9897-E7E6A23D4B42",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:videolan:vlc_media_player:0.5.1:*:*:*:*:*:*:*",
"matchCriteriaId": "6726FF43-2330-444C-86F0-FB774F8470C8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:videolan:vlc_media_player:0.5.2:*:*:*:*:*:*:*",
"matchCriteriaId": "90D485D0-BBF8-4A0F-91A1-52835EF876A1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:videolan:vlc_media_player:0.5.3:*:*:*:*:*:*:*",
"matchCriteriaId": "DC23A94C-3611-41BA-9043-22C477B8020B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:videolan:vlc_media_player:0.6.0:*:*:*:*:*:*:*",
"matchCriteriaId": "01118457-9068-48F7-B2A4-BABB354E1449",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:videolan:vlc_media_player:0.6.1:*:*:*:*:*:*:*",
"matchCriteriaId": "EB851F73-D444-4316-9AA0-4556068ADED2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:videolan:vlc_media_player:0.6.2:*:*:*:*:*:*:*",
"matchCriteriaId": "6221A983-B4AC-4646-A939-FAA021EE7F20",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:videolan:vlc_media_player:0.7.0:*:*:*:*:*:*:*",
"matchCriteriaId": "F1707178-C378-4098-8C97-CBFB5DD8B4ED",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:videolan:vlc_media_player:0.7.1:*:*:*:*:*:*:*",
"matchCriteriaId": "08AD173D-10D1-4145-88E9-20053ADA7A6D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:videolan:vlc_media_player:0.7.2:*:*:*:*:*:*:*",
"matchCriteriaId": "46904EED-974A-4900-B676-DE298CB3ADE1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:videolan:vlc_media_player:0.8.0:*:*:*:*:*:*:*",
"matchCriteriaId": "4384C436-12AF-4051-B074-893BE6B4C7F2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:videolan:vlc_media_player:0.8.1:*:*:*:*:*:*:*",
"matchCriteriaId": "7EC2CEE6-A2E1-437A-947F-608EB7987758",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:videolan:vlc_media_player:0.8.2:*:*:*:*:*:*:*",
"matchCriteriaId": "C30A98A2-675A-4913-A425-2B9F8F06CEA8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:videolan:vlc_media_player:0.8.4:*:*:*:*:*:*:*",
"matchCriteriaId": "C6A360E5-501E-4A97-94A0-620FC5B2627A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:videolan:vlc_media_player:0.8.4a:*:*:*:*:*:*:*",
"matchCriteriaId": "8E9742E3-756B-418F-8F9F-D86BD37080DC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:videolan:vlc_media_player:0.8.5:*:*:*:*:*:*:*",
"matchCriteriaId": "D2845107-7D0C-4F72-AF0C-0E059E923826",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:videolan:vlc_media_player:0.8.6:*:*:*:*:*:*:*",
"matchCriteriaId": "18B68706-5A1F-479F-8A38-F93D98481F9C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:videolan:vlc_media_player:0.8.6a:*:*:*:*:*:*:*",
"matchCriteriaId": "06BB94C4-9315-48FB-8859-425993D42973",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:videolan:vlc_media_player:0.8.6b:*:*:*:*:*:*:*",
"matchCriteriaId": "97E4572E-337D-43F3-81AE-54E496F04E49",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:videolan:vlc_media_player:0.8.6c:*:*:*:*:*:*:*",
"matchCriteriaId": "DDB2DD0B-7D95-4391-8881-4A22F4AA1778",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:videolan:vlc_media_player:0.8.6d:*:*:*:*:*:*:*",
"matchCriteriaId": "AAFBA7B6-0227-4E0F-AF95-FC02FE84654D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:videolan:vlc_media_player:0.8.6e:*:*:*:*:*:*:*",
"matchCriteriaId": "9D387A08-1B84-46BB-87E2-51E3E9567B8B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:videolan:vlc_media_player:0.8.6f:*:*:*:*:*:*:*",
"matchCriteriaId": "8D26B400-DAF1-4602-9AF7-ECF97919529A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:videolan:vlc_media_player:0.8.6g:*:*:*:*:*:*:*",
"matchCriteriaId": "2150E50E-C00A-407B-9D14-444124D6AD01",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:videolan:vlc_media_player:0.8.6h:*:*:*:*:*:*:*",
"matchCriteriaId": "725D145D-C3F6-4810-96D8-E8AC871093F0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:videolan:vlc_media_player:0.8.6i:*:*:*:*:*:*:*",
"matchCriteriaId": "FD824C10-CB0B-4988-99E9-1B8A2B52C5A3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:videolan:vlc_media_player:0.8.1337:*:*:*:*:*:*:*",
"matchCriteriaId": "714D8595-BFA8-48CE-8563-1CCFF959F8AE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:videolan:vlc_media_player:0.9.0:*:*:*:*:*:*:*",
"matchCriteriaId": "C13FF305-2547-4E85-9007-0A89F5E34BD4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:videolan:vlc_media_player:0.9.1:*:*:*:*:*:*:*",
"matchCriteriaId": "3E93836E-E9D1-4180-A589-43602647741C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:videolan:vlc_media_player:0.9.2:*:*:*:*:*:*:*",
"matchCriteriaId": "B3B32073-DBD5-4344-8498-A132B99807A8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:videolan:vlc_media_player:0.9.3:*:*:*:*:*:*:*",
"matchCriteriaId": "5330E5C4-BF18-498A-9AE2-1C57E2494AAF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:videolan:vlc_media_player:0.9.4:*:*:*:*:*:*:*",
"matchCriteriaId": "86D31A16-94EE-45D6-8C54-4F27D466A29E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:videolan:vlc_media_player:0.9.5:*:*:*:*:*:*:*",
"matchCriteriaId": "117C896C-1C61-440E-B0F4-A871828CD095",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:videolan:vlc_media_player:0.9.6:*:*:*:*:*:*:*",
"matchCriteriaId": "53C17E1A-2E3A-4765-92DE-55CFEE5E4CB0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:videolan:vlc_media_player:0.9.8a:*:*:*:*:*:*:*",
"matchCriteriaId": "A218DA63-4334-4C9F-BB47-44CC00630613",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:videolan:vlc_media_player:0.9.9:*:*:*:*:*:*:*",
"matchCriteriaId": "3CD809FD-E893-4921-83CE-D34008670F8F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:videolan:vlc_media_player:0.9.9a:*:*:*:*:*:*:*",
"matchCriteriaId": "9F8A163E-3578-4BF5-A278-A267D9B9CE82",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:videolan:vlc_media_player:0.9.10:*:*:*:*:*:*:*",
"matchCriteriaId": "8F60ACBF-E7C6-4184-9B91-8ED3840A7BEA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:videolan:vlc_media_player:1.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "D1925D17-564A-4D8C-87FB-D3C731FA0612",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:videolan:vlc_media_player:1.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "70BD6170-AD0D-4E95-8998-8B5CE8F0E3AF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:videolan:vlc_media_player:1.0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "9B06DCD7-56C5-4B25-936E-07D766109FB8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:videolan:vlc_media_player:1.0.3:*:*:*:*:*:*:*",
"matchCriteriaId": "29AD31C5-B119-44EF-8627-2C480860BAD2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:videolan:vlc_media_player:1.0.4:*:*:*:*:*:*:*",
"matchCriteriaId": "692C36B2-2A55-44EA-B80E-D7EDE384BA7D",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "VideoLAN VLC media player before 1.0.6 allows remote attackers to cause a denial of service (invalid memory access and application crash) or possibly execute arbitrary code via a crafted byte stream to the (1) AVI, (2) ASF, or (3) Matroska (aka MKV) demuxer."
},
{
"lang": "es",
"value": "El reproductor multimedia VideoLAN VLC 1.0.6 permite a atacantes remotos causar una denegaci\u00f3n de servicio (acceso inv\u00e1lido a memoria y ca\u00edda de la aplicaci\u00f3n) o la posibilidad de ejecutar c\u00f3digo arbitrario a trav\u00e9s de un flujo de bytes modificados a (1) AVI, (2) ASF, o (3) demultiplexador Matroska (tambi\u00e9n conocido como MKV)."
}
],
"id": "CVE-2010-1442",
"lastModified": "2024-11-21T01:14:26.217",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2014-12-26T20:59:03.307",
"references": [
{
"source": "secalert@redhat.com",
"url": "http://openwall.com/lists/oss-security/2010/04/28/4"
},
{
"source": "secalert@redhat.com",
"tags": [
"Vendor Advisory"
],
"url": "http://www.videolan.org/security/sa1003.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://openwall.com/lists/oss-security/2010/04/28/4"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://www.videolan.org/security/sa1003.html"
}
],
"sourceIdentifier": "secalert@redhat.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-119"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2014-03-21 04:38
Modified
2024-11-21 02:00
Severity ?
Summary
VideoLAN VLC Media Player before 2.0.7 allows remote attackers to cause a denial of service (memory consumption) via a crafted playlist file.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| cve@mitre.org | http://www.videolan.org/developers/vlc-branch/NEWS | Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.videolan.org/developers/vlc-branch/NEWS | Vendor Advisory |
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:videolan:vlc_media_player:*:*:*:*:*:*:*:*",
"matchCriteriaId": "C8CC049C-6889-469D-8530-A1D46346465B",
"versionEndIncluding": "2.0.6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:videolan:vlc_media_player:0.1.99a:*:*:*:*:*:*:*",
"matchCriteriaId": "EF646283-FBEF-4B71-865F-83D69E5B5348",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:videolan:vlc_media_player:0.1.99b:*:*:*:*:*:*:*",
"matchCriteriaId": "10A23C59-433E-467A-9FDD-7D18CC1AC0AB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:videolan:vlc_media_player:0.1.99c:*:*:*:*:*:*:*",
"matchCriteriaId": "A6EB97D6-20A7-4BAC-BB23-AEF4F9801718",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:videolan:vlc_media_player:0.1.99d:*:*:*:*:*:*:*",
"matchCriteriaId": "BAE3E03E-4F93-4C4B-9748-BBB461E77EB6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:videolan:vlc_media_player:0.1.99e:*:*:*:*:*:*:*",
"matchCriteriaId": "35E2E373-13F6-405D-8866-ECADE118C2F3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:videolan:vlc_media_player:0.1.99f:*:*:*:*:*:*:*",
"matchCriteriaId": "7B9447EA-6F39-4B10-A0E1-C094CF3E1BB3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:videolan:vlc_media_player:0.1.99g:*:*:*:*:*:*:*",
"matchCriteriaId": "D9D2A6B8-B75C-42B5-962F-28DB013D65E3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:videolan:vlc_media_player:0.1.99h:*:*:*:*:*:*:*",
"matchCriteriaId": "9BA4C098-F2B1-496E-B872-90774C7D105C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:videolan:vlc_media_player:0.1.99i:*:*:*:*:*:*:*",
"matchCriteriaId": "E9C2006D-FA5A-4002-B81B-54FC35B46DB0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:videolan:vlc_media_player:0.2.0:*:*:*:*:*:*:*",
"matchCriteriaId": "AC8DE917-7328-4D01-9736-0567963F4D17",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:videolan:vlc_media_player:0.2.50:*:*:*:*:*:*:*",
"matchCriteriaId": "D471A44E-78FB-47E2-A4D9-26148842D4B4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:videolan:vlc_media_player:0.2.60:*:*:*:*:*:*:*",
"matchCriteriaId": "8197F279-8411-4E9A-9840-BCC625D636C1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:videolan:vlc_media_player:0.2.61:*:*:*:*:*:*:*",
"matchCriteriaId": "3F7AF897-3B0C-4CA0-86C7-93C9AA26CD0B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:videolan:vlc_media_player:0.2.62:*:*:*:*:*:*:*",
"matchCriteriaId": "A7B2C78E-8399-404C-97E5-CDAB93587757",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:videolan:vlc_media_player:0.2.63:*:*:*:*:*:*:*",
"matchCriteriaId": "D1D6BE69-725A-4CE1-BD42-D3FA10126BF3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:videolan:vlc_media_player:0.2.70:*:*:*:*:*:*:*",
"matchCriteriaId": "7CC1414B-3733-4B29-AC06-E6788E29C7ED",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:videolan:vlc_media_player:0.2.71:*:*:*:*:*:*:*",
"matchCriteriaId": "DBDEEC2D-8ACD-4C6B-944A-F0952498E511",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:videolan:vlc_media_player:0.2.72:*:*:*:*:*:*:*",
"matchCriteriaId": "3DC59E17-D647-4F91-B9B7-D9949921DFC9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:videolan:vlc_media_player:0.2.73:*:*:*:*:*:*:*",
"matchCriteriaId": "BDC4F928-FD5D-4C11-BF39-B068A5630DF6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:videolan:vlc_media_player:0.2.80:*:*:*:*:*:*:*",
"matchCriteriaId": "398EC30A-ABC6-4474-9516-63769F71E8A7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:videolan:vlc_media_player:0.2.81:*:*:*:*:*:*:*",
"matchCriteriaId": "86EB8260-DCAA-4261-BFF7-8FE3628CE13E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:videolan:vlc_media_player:0.2.82:*:*:*:*:*:*:*",
"matchCriteriaId": "F37BDFCB-3171-44A6-8F0A-0FCCCA876801",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:videolan:vlc_media_player:0.2.83:*:*:*:*:*:*:*",
"matchCriteriaId": "7A26CC61-7D20-4F99-A774-C5FF4AD1F249",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:videolan:vlc_media_player:0.2.90:*:*:*:*:*:*:*",
"matchCriteriaId": "069BA9C0-7B3F-4B6D-B433-2D618F826438",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:videolan:vlc_media_player:0.2.91:*:*:*:*:*:*:*",
"matchCriteriaId": "0B04A969-0645-41D4-AEA4-9AC47725F593",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:videolan:vlc_media_player:0.2.92:*:*:*:*:*:*:*",
"matchCriteriaId": "984C1ABC-B155-417A-AA0E-78B13A263650",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:videolan:vlc_media_player:0.3.0:*:*:*:*:*:*:*",
"matchCriteriaId": "3913F6C0-22E2-4FFC-AFF6-417F286C36F5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:videolan:vlc_media_player:0.3.1:*:*:*:*:*:*:*",
"matchCriteriaId": "205B275E-1E9E-4558-BD8B-1B3E3B349886",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:videolan:vlc_media_player:0.4.0:*:*:*:*:*:*:*",
"matchCriteriaId": "DA909414-DA30-4DAD-A342-3588B0840251",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:videolan:vlc_media_player:0.4.1:*:*:*:*:*:*:*",
"matchCriteriaId": "028CDDD1-BFB7-438F-811D-7549713F45E3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:videolan:vlc_media_player:0.4.2:*:*:*:*:*:*:*",
"matchCriteriaId": "97B959F2-501C-4365-88CD-8231BF36297E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:videolan:vlc_media_player:0.4.3:*:*:*:*:*:*:*",
"matchCriteriaId": "3F5C7D12-3521-4398-AB5C-CBFB6A500DEE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:videolan:vlc_media_player:0.4.3-ac3:*:*:*:*:*:*:*",
"matchCriteriaId": "55159344-9F98-4896-BB2D-D500102BE04E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:videolan:vlc_media_player:0.4.4:*:*:*:*:*:*:*",
"matchCriteriaId": "DEFD6C6D-05FC-437E-92B7-848C9112FD42",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:videolan:vlc_media_player:0.4.5:*:*:*:*:*:*:*",
"matchCriteriaId": "C9C45418-8946-4DFE-8D78-CBE3432600BF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:videolan:vlc_media_player:0.4.6:*:*:*:*:*:*:*",
"matchCriteriaId": "3C5F3996-3AE2-4690-84A5-F258BC07596E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:videolan:vlc_media_player:0.5.0:*:*:*:*:*:*:*",
"matchCriteriaId": "12602EC1-07DE-4A40-9897-E7E6A23D4B42",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:videolan:vlc_media_player:0.5.1:*:*:*:*:*:*:*",
"matchCriteriaId": "6726FF43-2330-444C-86F0-FB774F8470C8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:videolan:vlc_media_player:0.5.2:*:*:*:*:*:*:*",
"matchCriteriaId": "90D485D0-BBF8-4A0F-91A1-52835EF876A1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:videolan:vlc_media_player:0.5.3:*:*:*:*:*:*:*",
"matchCriteriaId": "DC23A94C-3611-41BA-9043-22C477B8020B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:videolan:vlc_media_player:0.6.0:*:*:*:*:*:*:*",
"matchCriteriaId": "01118457-9068-48F7-B2A4-BABB354E1449",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:videolan:vlc_media_player:0.6.1:*:*:*:*:*:*:*",
"matchCriteriaId": "EB851F73-D444-4316-9AA0-4556068ADED2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:videolan:vlc_media_player:0.6.2:*:*:*:*:*:*:*",
"matchCriteriaId": "6221A983-B4AC-4646-A939-FAA021EE7F20",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:videolan:vlc_media_player:0.7.0:*:*:*:*:*:*:*",
"matchCriteriaId": "F1707178-C378-4098-8C97-CBFB5DD8B4ED",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:videolan:vlc_media_player:0.7.1:*:*:*:*:*:*:*",
"matchCriteriaId": "08AD173D-10D1-4145-88E9-20053ADA7A6D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:videolan:vlc_media_player:0.7.2:*:*:*:*:*:*:*",
"matchCriteriaId": "46904EED-974A-4900-B676-DE298CB3ADE1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:videolan:vlc_media_player:0.8.0:*:*:*:*:*:*:*",
"matchCriteriaId": "4384C436-12AF-4051-B074-893BE6B4C7F2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:videolan:vlc_media_player:0.8.1:*:*:*:*:*:*:*",
"matchCriteriaId": "7EC2CEE6-A2E1-437A-947F-608EB7987758",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:videolan:vlc_media_player:0.8.2:*:*:*:*:*:*:*",
"matchCriteriaId": "C30A98A2-675A-4913-A425-2B9F8F06CEA8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:videolan:vlc_media_player:0.8.4:*:*:*:*:*:*:*",
"matchCriteriaId": "C6A360E5-501E-4A97-94A0-620FC5B2627A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:videolan:vlc_media_player:0.8.4a:*:*:*:*:*:*:*",
"matchCriteriaId": "8E9742E3-756B-418F-8F9F-D86BD37080DC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:videolan:vlc_media_player:0.8.5:*:*:*:*:*:*:*",
"matchCriteriaId": "D2845107-7D0C-4F72-AF0C-0E059E923826",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:videolan:vlc_media_player:0.8.6:*:*:*:*:*:*:*",
"matchCriteriaId": "18B68706-5A1F-479F-8A38-F93D98481F9C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:videolan:vlc_media_player:0.8.6a:*:*:*:*:*:*:*",
"matchCriteriaId": "06BB94C4-9315-48FB-8859-425993D42973",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:videolan:vlc_media_player:0.8.6b:*:*:*:*:*:*:*",
"matchCriteriaId": "97E4572E-337D-43F3-81AE-54E496F04E49",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:videolan:vlc_media_player:0.8.6c:*:*:*:*:*:*:*",
"matchCriteriaId": "DDB2DD0B-7D95-4391-8881-4A22F4AA1778",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:videolan:vlc_media_player:0.8.6d:*:*:*:*:*:*:*",
"matchCriteriaId": "AAFBA7B6-0227-4E0F-AF95-FC02FE84654D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:videolan:vlc_media_player:0.8.6e:*:*:*:*:*:*:*",
"matchCriteriaId": "9D387A08-1B84-46BB-87E2-51E3E9567B8B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:videolan:vlc_media_player:0.8.6f:*:*:*:*:*:*:*",
"matchCriteriaId": "8D26B400-DAF1-4602-9AF7-ECF97919529A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:videolan:vlc_media_player:0.8.6g:*:*:*:*:*:*:*",
"matchCriteriaId": "2150E50E-C00A-407B-9D14-444124D6AD01",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:videolan:vlc_media_player:0.8.6h:*:*:*:*:*:*:*",
"matchCriteriaId": "725D145D-C3F6-4810-96D8-E8AC871093F0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:videolan:vlc_media_player:0.8.6i:*:*:*:*:*:*:*",
"matchCriteriaId": "FD824C10-CB0B-4988-99E9-1B8A2B52C5A3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:videolan:vlc_media_player:0.8.1337:*:*:*:*:*:*:*",
"matchCriteriaId": "714D8595-BFA8-48CE-8563-1CCFF959F8AE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:videolan:vlc_media_player:0.9.0:*:*:*:*:*:*:*",
"matchCriteriaId": "C13FF305-2547-4E85-9007-0A89F5E34BD4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:videolan:vlc_media_player:0.9.1:*:*:*:*:*:*:*",
"matchCriteriaId": "3E93836E-E9D1-4180-A589-43602647741C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:videolan:vlc_media_player:0.9.2:*:*:*:*:*:*:*",
"matchCriteriaId": "B3B32073-DBD5-4344-8498-A132B99807A8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:videolan:vlc_media_player:0.9.3:*:*:*:*:*:*:*",
"matchCriteriaId": "5330E5C4-BF18-498A-9AE2-1C57E2494AAF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:videolan:vlc_media_player:0.9.4:*:*:*:*:*:*:*",
"matchCriteriaId": "86D31A16-94EE-45D6-8C54-4F27D466A29E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:videolan:vlc_media_player:0.9.5:*:*:*:*:*:*:*",
"matchCriteriaId": "117C896C-1C61-440E-B0F4-A871828CD095",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:videolan:vlc_media_player:0.9.6:*:*:*:*:*:*:*",
"matchCriteriaId": "53C17E1A-2E3A-4765-92DE-55CFEE5E4CB0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:videolan:vlc_media_player:0.9.8a:*:*:*:*:*:*:*",
"matchCriteriaId": "A218DA63-4334-4C9F-BB47-44CC00630613",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:videolan:vlc_media_player:0.9.9:*:*:*:*:*:*:*",
"matchCriteriaId": "3CD809FD-E893-4921-83CE-D34008670F8F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:videolan:vlc_media_player:0.9.9a:*:*:*:*:*:*:*",
"matchCriteriaId": "9F8A163E-3578-4BF5-A278-A267D9B9CE82",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:videolan:vlc_media_player:0.9.10:*:*:*:*:*:*:*",
"matchCriteriaId": "8F60ACBF-E7C6-4184-9B91-8ED3840A7BEA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:videolan:vlc_media_player:1.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "D1925D17-564A-4D8C-87FB-D3C731FA0612",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:videolan:vlc_media_player:1.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "70BD6170-AD0D-4E95-8998-8B5CE8F0E3AF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:videolan:vlc_media_player:1.0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "9B06DCD7-56C5-4B25-936E-07D766109FB8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:videolan:vlc_media_player:1.0.3:*:*:*:*:*:*:*",
"matchCriteriaId": "29AD31C5-B119-44EF-8627-2C480860BAD2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:videolan:vlc_media_player:1.0.4:*:*:*:*:*:*:*",
"matchCriteriaId": "692C36B2-2A55-44EA-B80E-D7EDE384BA7D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:videolan:vlc_media_player:1.0.5:*:*:*:*:*:*:*",
"matchCriteriaId": "CEAD1ED9-4FA1-47D9-87A0-9D6B4C6771DE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:videolan:vlc_media_player:1.0.6:*:*:*:*:*:*:*",
"matchCriteriaId": "B8E2A762-C13C-4BDD-AD86-7A52609D693D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:videolan:vlc_media_player:1.1.0:*:*:*:*:*:*:*",
"matchCriteriaId": "0042DAC1-A91B-40A6-A379-9C345CF13E4B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:videolan:vlc_media_player:1.1.1:*:*:*:*:*:*:*",
"matchCriteriaId": "8D13741F-8A82-44F6-8D73-98451A180529",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:videolan:vlc_media_player:1.1.2:*:*:*:*:*:*:*",
"matchCriteriaId": "E52C6189-71F1-4A3A-BC08-94087AE1FCE6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:videolan:vlc_media_player:1.1.3:*:*:*:*:*:*:*",
"matchCriteriaId": "591C6696-07C0-463A-B986-AD4FA6985AC1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:videolan:vlc_media_player:1.1.4:*:*:*:*:*:*:*",
"matchCriteriaId": "8342E310-43DE-46C0-85D9-E1D1F9F554E8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:videolan:vlc_media_player:1.1.4.1:*:*:*:*:*:*:*",
"matchCriteriaId": "FAFBBE61-2E34-4CD2-96D2-89A85E66C9AF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:videolan:vlc_media_player:1.1.5:*:*:*:*:*:*:*",
"matchCriteriaId": "E74E71F3-984E-4CF3-900A-F80E7103D3C5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:videolan:vlc_media_player:1.1.6:*:*:*:*:*:*:*",
"matchCriteriaId": "B8596527-4778-4CCD-ABBB-90CA434D91E1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:videolan:vlc_media_player:1.1.6.1:*:*:*:*:*:*:*",
"matchCriteriaId": "7CA6D5F5-8EB7-4DA7-BD6C-CAF45052DCB1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:videolan:vlc_media_player:1.1.7:*:*:*:*:*:*:*",
"matchCriteriaId": "6DF8ED57-EE37-4B1D-B094-B3CA22E45127",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:videolan:vlc_media_player:1.1.8:*:*:*:*:*:*:*",
"matchCriteriaId": "E42A1C4B-91EE-417B-A254-9D0E93FCF3B6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:videolan:vlc_media_player:1.1.9:*:*:*:*:*:*:*",
"matchCriteriaId": "4A0D56A0-6217-4DCF-807A-A17349D63D6B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:videolan:vlc_media_player:1.1.10:*:*:*:*:*:*:*",
"matchCriteriaId": "AC9CA897-FAD0-41AF-97B0-1F44D8C89CF7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:videolan:vlc_media_player:1.1.10.1:*:*:*:*:*:*:*",
"matchCriteriaId": "7CA6FC57-C7FA-4F6E-8B39-083EE477D4DB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:videolan:vlc_media_player:1.1.11:*:*:*:*:*:*:*",
"matchCriteriaId": "D442FC10-1527-4736-AE94-8B65F3601F70",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:videolan:vlc_media_player:1.1.12:*:*:*:*:*:*:*",
"matchCriteriaId": "2AA85720-8DE1-49C8-8A23-1739FBF42B86",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:videolan:vlc_media_player:1.1.13:*:*:*:*:*:*:*",
"matchCriteriaId": "F1161807-F82D-4B4B-BF1A-27FEBD7F8715",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:videolan:vlc_media_player:2.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "1928547F-4689-43CD-9C66-7097AE360669",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:videolan:vlc_media_player:2.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "A3FD4FB1-A4E7-4712-B864-0F85D957E81D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:videolan:vlc_media_player:2.0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "2A6AE8D3-46C9-441B-886C-63D9A28DB918",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:videolan:vlc_media_player:2.0.3:*:*:*:*:*:*:*",
"matchCriteriaId": "99D5CFF3-0643-4AFD-B5D9-7C7C3B18C29B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:videolan:vlc_media_player:2.0.4:*:*:*:*:*:*:*",
"matchCriteriaId": "8F2132F9-D49A-468F-94F0-BBEC3C4D4E24",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:videolan:vlc_media_player:2.0.5:*:*:*:*:*:*:*",
"matchCriteriaId": "E695AC57-C61E-4EE7-A5F1-94B086C03130",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "VideoLAN VLC Media Player before 2.0.7 allows remote attackers to cause a denial of service (memory consumption) via a crafted playlist file."
},
{
"lang": "es",
"value": "VideoLAN VLC Media Player anterior a 2.0.7 permite a atacantes remotos causar una denegaci\u00f3n de servicio (consumo de memoria) a trav\u00e9s de un archivo de lista de reproducci\u00f3n manipulado."
}
],
"id": "CVE-2013-7340",
"lastModified": "2024-11-21T02:00:47.180",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 4.3,
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:M/Au:N/C:N/I:N/A:P",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
]
},
"published": "2014-03-21T04:38:59.010",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "http://www.videolan.org/developers/vlc-branch/NEWS"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://www.videolan.org/developers/vlc-branch/NEWS"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-399"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}