471 matches found
VLC media player: Format string vulnerabilities
Background VLC media player is a multimedia player for various audio and video formats. Description David Thiel from iSEC Partners Inc. discovered format string errors in various plugins when parsing data. The affected plugins include Vorbis, Theora, CDDA and SAP. Impact A remote attacker could...
CVE-2007-3316
Multiple format string vulnerabilities in plugins in VideoLAN VLC Media Player before 0.8.6c allow remote attackers to cause a denial of service crash or execute arbitrary code via format string specifiers in 1 an Ogg/Vorbis file, 2 an Ogg/Theora file, 3 a CDDB entry for a CD Digital Audio CDDA...
CVE-2007-3316
Multiple format string vulnerabilities in plugins in VideoLAN VLC Media Player before 0.8.6c allow remote attackers to cause a denial of service crash or execute arbitrary code via format string specifiers in 1 an Ogg/Vorbis file, 2 an Ogg/Theora file, 3 a CDDB entry for a CD Digital Audio CDDA...
CVE-2007-3316
Multiple format string vulnerabilities in plugins in VideoLAN VLC Media Player before 0.8.6c allow remote attackers to cause a denial of service crash or execute arbitrary code via format string specifiers in 1 an Ogg/Vorbis file, 2 an Ogg/Theora file, 3 a CDDB entry for a CD Digital Audio CDDA...
CVE-2007-3316
Multiple format string vulnerabilities in plugins in VideoLAN VLC Media Player before 0.8.6c allow remote attackers to cause a denial of service crash or execute arbitrary code via format string specifiers in 1 an Ogg/Vorbis file, 2 an Ogg/Theora file, 3 a CDDB entry for a CD Digital Audio CDDA...
CVE-2007-3316
Multiple format string vulnerabilities in plugins in VideoLAN VLC Media Player before 0.8.6c allow remote attackers to cause a denial of service crash or execute arbitrary code via format string specifiers in 1 an Ogg/Vorbis file, 2 an Ogg/Theora file, 3 a CDDB entry for a CD Digital Audio CDDA...
CVE-2007-3316
VLC media player (before version 0.8.6c) is affected by multiple format-string vulnerabilities in plugins for Ogg Vorbis, Ogg Theora, CDDA, and SAP. The underlying issue is a C-style format string error in parsing the media data stream, which could allow a remote attacker to crash the player or e...
CVE-2007-2054
AFFLIB 2.2.6 and earlier contains multiple format-string vulnerabilities exposing several command-line utilities (lib/s3.cpp, tools/afconvert.cpp, tools/afcopy.cpp, tools/afinfo.cpp, aimage/aimage.cpp, aimage/imager.cpp, tools/afxml.cpp) to remote code execution via parameters used as format stri...
CVE-2007-2352
Multiple format string vulnerabilities in AFFLIB 2.2.6 allow remote attackers to execute arbitrary code via certain command line parameters, which are used in 1 warn and 2 err calls, possibly involving a lib/s3.cpp, b tools/afconvert.cpp, c tools/afcopy.cpp, d tools/afinfo.cpp, e aimage/imager.cp...
CVE-2007-2352
Summary (CVE-2007-2352): AFFLIB before 2.2.6 contains multiple format-string vulnerabilities exploitable via command-line inputs that are used as format strings in warn/err calls. Affected components include lib/s3.cpp, tools/afconvert.cpp, tools/afcopy.cpp, tools/afinfo.cpp, aimage/imager.cpp, a...
CVE-2007-2318
Multiple format string vulnerabilities in FileZilla before 2.2.32 allow remote attackers to execute arbitrary code via format string specifiers in 1 FTP server responses or 2 data sent by an FTP server. NOTE: some of these details are obtained from third party information...
CVE-2007-2318
Multiple format string vulnerabilities in FileZilla before 2.2.32 allow remote attackers to execute arbitrary code via format string specifiers in 1 FTP server responses or 2 data sent by an FTP server. NOTE: some of these details are obtained from third party information...
CVE-2007-2318
Multiple format string vulnerabilities in FileZilla before 2.2.32 allow remote attackers to execute arbitrary code via format string specifiers in 1 FTP server responses or 2 data sent by an FTP server. NOTE: some of these details are obtained from third party information...
PHP < 4.4.5 Multiple Vulnerabilities
According to its banner, the version of PHP installed on the remote host is older than 4.4.5. Such versions may be affected by several issues, including buffer overflows, format string vulnerabilities, arbitrary code execution, 'safemode' and 'openbasedir' bypasses, and clobbering of super-global...
PHP < 5.2.1 Multiple Vulnerabilities
According to its banner, the version of PHP installed on the remote host is older than 5.2.1. Such versions may be affected by several issues, including buffer overflows, format string vulnerabilities, arbitrary code execution, 'safemode' and 'openbasedir' bypasses, and clobbering of super-global...
CVE-2007-1503
Multiple format string vulnerabilities in comm.c in Rhapsody IRC 0.28b allow remote attackers to execute arbitrary code via format string specifiers to the createctcpmessage function using the message argument to the 1 me or 2 ctcp commands, and possibly related vectors involving the 3 whois, 4...
CVE-2007-1503
Multiple format string vulnerabilities in comm.c in Rhapsody IRC 0.28b allow remote attackers to execute arbitrary code via format string specifiers to the createctcpmessage function using the message argument to the 1 me or 2 ctcp commands, and possibly related vectors involving the 3 whois, 4...
CVE-2007-1503
CVE-2007-1503 concerns the Rhapsody IRC client (version 0.28b) with multiple format string vulnerabilities in comm.c, specifically in create_ctcp_message used by (1) me and (2) ctcp commands, and potentially vectors involving (3) whois, (4) mode, and (5) topic. The defect allows remote attackers ...
CVE-2007-0909
PHP 5.2.1 and earlier versions are affected by CVE-2007-0909 due to format string vulnerabilities in 64‑bit print functions and odbc_result_all, enabling arbitrary code execution. OpenVAS/Nessus references confirm this is fixed in later PHP releases by backported patches (PHP 5.2.1+). Affected co...
xine-ui: Format string vulnerabilities
Background xine-ui is a skin-based user interface for xine. xine is a free multimedia player. It plays CDs, DVDs, and VCDs, and can also decode other common multimedia formats. Description Due to the improper handling and use of format strings, the errorscreatewindow function in errors.c does not...