41 matches found
UBUNTU-CVE-2026-49130
Music Player Daemon MPD before version 0.24.11 contains a CRLF injection vulnerability in the xspfchardata function within the XSPF playlist plugin that allows attackers to embed literal CR/LF bytes in URI fields by supplying a malicious XSPF playlist with XML numeric character references...
CVE-2026-49130 Music Player Daemon < 0.24.11 CRLF Injection via XspfPlaylistPlugin.cxx
Music Player Daemon MPD before version 0.24.11 contains a CRLF injection vulnerability in the xspfchardata function within the XSPF playlist plugin that allows attackers to embed literal CR/LF bytes in URI fields by supplying a malicious XSPF playlist with XML numeric character references...
CVE-2026-49130
MPD (Music Player Daemon) prior to version 0.24.11 is affected by a CRLF injection vulnerability in the XSPF playlist plugin’s xspf_char_data function. By supplying a malicious XSPF playlist that exploits XML numeric character references, an attacker can cause Expat decoding to insert literal CR/...
CVE-2026-49130 Music Player Daemon < 0.24.11 CRLF Injection via XspfPlaylistPlugin.cxx
Music Player Daemon MPD before version 0.24.11 contains a CRLF injection vulnerability in the xspfchardata function within the XSPF playlist plugin that allows attackers to embed literal CR/LF bytes in URI fields by supplying a malicious XSPF playlist with XML numeric character references...
Music Player Daemon 安全漏洞
Music Player Daemon is an open-source music playback daemon. Versions of Music Player Daemon prior to 0.24.11 contained a security vulnerability. This vulnerability stemmed from an issue with the xspfchardata function in the XSPF playlist plugin, allowing attackers to embed text CR/LF bytes in...
CVE-2017-9355
XML external entity XXE vulnerability in the import playlist feature in Subsonic 6.1.1 might allow remote attackers to conduct server-side request forgery SSRF attacks via a crafted XSPF playlist file...
CVE-2010-1443
The parsetracknode function in modules/demux/playlist/xspf.c in the XSPF playlist parser in VideoLAN VLC media player before 1.0.6 allows remote attackers to cause a denial of service NULL pointer dereference and application crash via an empty location element in an XML Shareable Playlist Format...
Null pointer dereference
The parsetracknode function in modules/demux/playlist/xspf.c in the XSPF playlist parser in VideoLAN VLC media player before 1.0.6 allows remote attackers to cause a denial of service NULL pointer dereference and application crash via an empty location element in an XML Shareable Playlist Format...
CVE-2010-1443
The parsetracknode function in modules/demux/playlist/xspf.c in the XSPF playlist parser in VideoLAN VLC media player before 1.0.6 allows remote attackers to cause a denial of service NULL pointer dereference and application crash via an empty location element in an XML Shareable Playlist Format...
CVE-2010-1443
The parsetracknode function in modules/demux/playlist/xspf.c in the XSPF playlist parser in VideoLAN VLC media player before 1.0.6 allows remote attackers to cause a denial of service NULL pointer dereference and application crash via an empty location element in an XML Shareable Playlist Format...
VLC Media Player XSPF Playlist Integer Overflow Vulnerability - Windows
VLC Media Player is prone to an integer overflow vulnerability. SPDX-FileCopyrightText: 2011 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE =...
VLC Media Player XSPF Playlist Integer Overflow Vulnerability (Linux)
The host is installed with VLC Media Player and is prone integer overflow vulnerability. OpenVAS Vulnerability Test $Id: secpodvlcmediaplayerxspfintoverflowvulnlin.nasl 7015 2017-08-28 11:51:24Z teissa $ VLC Media Player XSPF Playlist Integer Overflow Vulnerability Linux Authors: Shashi Kiran N...
VLC Media Player XSPF Playlist Integer Overflow Vulnerability - Linux
VLC Media Player is prone to an integer overflow vulnerability. SPDX-FileCopyrightText: 2011 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
Integer overflow
Integer overflow in the XSPF playlist parser in VideoLAN VLC media player 0.8.5 through 1.1.9 allows remote attackers to cause a denial of service crash and possibly execute arbitrary code via unspecified vectors that trigger a heap-based buffer overflow...
CVE-2011-2194
Integer overflow in the XSPF playlist parser in VideoLAN VLC media player 0.8.5 through 1.1.9 allows remote attackers to cause a denial of service crash and possibly execute arbitrary code via unspecified vectors that trigger a heap-based buffer overflow...
CVE-2011-2194
Integer overflow in the XSPF playlist parser in VideoLAN VLC media player 0.8.5 through 1.1.9 allows remote attackers to cause a denial of service crash and possibly execute arbitrary code via unspecified vectors that trigger a heap-based buffer overflow...
CVE-2011-2194
CVE-2011-2194 describes a heap-based buffer overflow in VLC’s XSPF playlist parser that could allow a remote attacker to crash the player and potentially execute arbitrary code. Affected versions span VLC 0.8.5 through 1.1.9. Multiple open-source advisories corroborate the issue across platforms ...
CVE-2011-2194
Integer overflow in the XSPF playlist parser in VideoLAN VLC media player 0.8.5 through 1.1.9 allows remote attackers to cause a denial of service crash and possibly execute arbitrary code via unspecified vectors that trigger a heap-based buffer overflow...
Debian DSA-2257-1 : vlc - heap-based buffer overflow
Rocco Calvi discovered that the XSPF playlist parser of VLC, a multimedia player and streamer, is prone to an integer overflow resulting in a heap-based buffer overflow. This might allow an attacker to execute arbitrary code by tricking a victim into opening a specially crafted file. The oldstabl...
VLC Media Player < 1.1.10 XSPF Playlist Parser Integer Overflow
Binary data 801174.prm...