783 matches found
CVE-2019-14778
The mkv::virtualsegmentc::seek method of demux/mkv/virtualsegment.cpp in VideoLAN VLC media player 3.0.7.1 has a use-after-free...
CVE-2019-14776
A heap-based buffer over-read exists in DemuxInit in demux/asf/asf.c in VideoLAN VLC media player 3.0.7.1 via a crafted .mkv file...
CVE-2019-14776
CVE-2019-14776 is a heap-based buffer over-read in DemuxInit() of demux/asf/asf.c in VideoLAN VLC media player
CVE-2019-14776
A heap-based buffer over-read exists in DemuxInit in demux/asf/asf.c in VideoLAN VLC media player 3.0.7.1 via a crafted .mkv file...
CVE-2019-14776
A heap-based buffer over-read exists in DemuxInit in demux/asf/asf.c in VideoLAN VLC media player 3.0.7.1 via a crafted .mkv file...
CVE-2019-14533
CVE-2019-14533 affects VideoLAN VLC media player 3.0.7.1, where the control function of demux/asf/asf.c has a use-after-free vulnerability. Public sources in the connected documents confirm this specific ASF demuxer use-after-free (notable in the 3.0.7.1 release) and document that the issue has b...
CVE-2019-14534
In VLC media player, CVE-2019-14534 is a NULL pointer dereference in the ASF demuxer (SeekPercent in demux/asf/asf.c) that can lead to a denial of service. Affected product: VLC up to version 3.0.7.1. Root cause: NULL pointer dereference in ASF demuxer code when seeking percent. Impact: DoS with ...
CVE-2019-14534
In VideoLAN VLC media player 3.0.7.1, there is a NULL pointer dereference at the function SeekPercent of demux/asf/asf.c that will lead to a denial of service attack...
CVE-2019-14498
A divide-by-zero error exists in the Control function of demux/caf.c in VideoLAN VLC media player 3.0.7.1. As a result, an FPE can be triggered via a crafted CAF file...
CVE-2019-14535
A divide-by-zero error exists in the SeekIndex function of demux/asf/asf.c in VideoLAN VLC media player 3.0.7.1. As a result, an FPE can be triggered via a crafted WMV file...
DEBIAN-CVE-2019-14438
A heap-based buffer over-read in xiphPackHeaders in modules/demux/xiph.h in VideoLAN VLC media player 3.0.7.1 allows remote attackers to trigger a heap-based buffer over-read via a crafted .ogg file...
DEBIAN-CVE-2019-14535
A divide-by-zero error exists in the SeekIndex function of demux/asf/asf.c in VideoLAN VLC media player 3.0.7.1. As a result, an FPE can be triggered via a crafted WMV file...
DEBIAN-CVE-2019-14498
A divide-by-zero error exists in the Control function of demux/caf.c in VideoLAN VLC media player 3.0.7.1. As a result, an FPE can be triggered via a crafted CAF file...
Design/Logic Flaw
A divide-by-zero error exists in the Control function of demux/caf.c in VideoLAN VLC media player 3.0.7.1. As a result, an FPE can be triggered via a crafted CAF file...
Heap overflow
The xiphSplitHeaders function in modules/demux/xiph.h in VideoLAN VLC media player 3.0.7.1 does not check array bounds properly. As a result, a heap-based buffer over-read can be triggered via a crafted .ogg file...
Input validation
A divide-by-zero error exists in the SeekIndex function of demux/asf/asf.c in VideoLAN VLC media player 3.0.7.1. As a result, an FPE can be triggered via a crafted WMV file...
CVE-2019-14498
CVE-2019-14498 affects VLC media player 3.0.7.1 and earlier, with a divide-by-zero vulnerability in the demux/caf.c Control function that can trigger a fault via crafted CAF files. The issue resides in the CAF demuxer code path and is associated with a numeric/division-by-zero condition. Multiple...
CVE-2019-14498
A divide-by-zero error exists in the Control function of demux/caf.c in VideoLAN VLC media player 3.0.7.1. As a result, an FPE can be triggered via a crafted CAF file...
CVE-2019-14438
CVE-2019-14438 affects VideoLAN VLC media player 3.0.7.1 and earlier, due to a heap-based buffer over-read in xiph_PackHeaders() within modules/demux/xiph.h, exploitable via crafted .ogg files. Multiple connected advisories confirm the issue and track fixes to VLC 3.0.8 (and related package updat...
CVE-2019-14437
The xiphSplitHeaders function in modules/demux/xiph.h in VideoLAN VLC media player 3.0.7.1 does not check array bounds properly. As a result, a heap-based buffer over-read can be triggered via a crafted .ogg file...