Unity Linux 20.1070e Security Update: mpv (UTSA-2026-021502)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-021502 advisory. A format string vulnerability in mpv through 0.33.0 allows user-assisted remote attackers to achieve code execution via a crafted m3u playlist file. Tenable has...

CVE-2019-25350

XMedia Recode 3.4.8.6 contains a denial of service vulnerability that allows attackers to crash the application by loading a specially crafted .m3u playlist file. Attackers can create a malicious .m3u file with an oversized buffer to trigger an application crash when the file is opened...

CVE-2019-25350 XMedia Recode 3.4.8.6 - '.m3u' Denial Of Service

XMedia Recode 3.4.8.6 contains a denial of service vulnerability that allows attackers to crash the application by loading a specially crafted .m3u playlist file. Attackers can create a malicious .m3u file with an oversized buffer to trigger an application crash when the file is opened...

USN-7890-1: FFmpeg vulnerability

It was discovered that FFmpeg did not properly handle the parsing of certain malformed HLS playlists. If a user were tricked into opening a specially crafted HLS playlist, an attacker could possibly use this issue to cause FFmpeg to crash, resulting in a denial of service...

JLSEC-2025-143 A flaw was found in FFmpeg's HLS playlist parsing

A flaw was found in FFmpeg's HLS playlist parsing. This vulnerability allows a denial of service via a maliciously crafted HLS playlist that triggers a null pointer dereference during initialization...

EUVD-2009-5123

Malware in sbrugna...

NewStart CGSL MAIN 6.06 : python-pip Vulnerability (NS-SA-2025-0244)

The remote NewStart CGSL host, running version MAIN 6.06, has python-pip packages installed that are affected by a vulnerability: - Stack-based buffer overflow in RealNetworks RealPlayer 10 and possibly 10.5, and RealOne Player 1 and 2, for Windows allows remote attackers to execute arbitrary cod...

CVE-2010-10017

WM Downloader version 3.1.2.2 is vulnerable to a buffer overflow when processing a specially crafted .m3u playlist file. The application fails to properly validate input length, allowing an attacker to overwrite structured exception handler SEH records and execute arbitrary code. Exploitation...

CVE-2010-10017

WM Downloader version 3.1.2.2 is vulnerable to a buffer overflow when processing a specially crafted .m3u playlist file. The application fails to properly validate input length, allowing an attacker to overwrite structured exception handler SEH records and execute arbitrary code. Exploitation...

CVE-2011-10025

Subtitle Processor 7.7.1 contains a buffer overflow vulnerability in its .m3u file parser. When a crafted playlist file is opened, the application converts input to Unicode and copies it to a fixed-size stack buffer without proper bounds checking. This allows an attacker to overwrite the Structur...

CVE-2010-20042

CVE-2010-20042 affects Xion Audio Player prior to version 1.0.126, which is vulnerable to a Unicode-based stack buffer overflow triggered by processing specially crafted .m3u playlists. The overflow overwrites the SEH chain, allowing an attacker to hijack execution flow and run arbitrary code. Im...

CVE-2022-41325

An integer overflow in the VNC module in VideoLAN VLC Media Player through 3.0.17.4 allows attackers, by tricking a user into opening a crafted playlist or connecting to a rogue VNC server, to crash VLC or execute code under some conditions...

CVE-2013-7340

VideoLAN VLC Media Player before 2.0.7 allows remote attackers to cause a denial of service memory consumption via a crafted playlist file...

DEBIAN-CVE-2023-6605

A flaw was found in FFmpeg's DASH playlist support. This vulnerability allows arbitrary HTTP GET requests to be made on behalf of the machine running FFmpeg via a crafted DASH playlist containing malicious URLs...

CVE-2023-6605

A flaw was found in FFmpeg's DASH playlist support. This vulnerability allows arbitrary HTTP GET requests to be made on behalf of the machine running FFmpeg via a crafted DASH playlist containing malicious URLs...

VLC < 3.0.18 Multiple Vulnerabilities

The version of VLC media player installed on the remote host is prior to 3.0.18. It is, therefore, affected by multiple vulnerabilities: - VideoLAN VLC prior to version 3.0.18 contains a potential buffer overflow that allows attackers, by tricking a user into opening a crafted playlist or...

OESA-2024-1929 mpv security update

Mpv is a movie player based on MPlayer and mplayer2. It supports a wide variety of video file formats, audio and video codecs, and subtitle types. Special input URL types are available to read input from a variety of sources other than disk files. Depending on platform, a variety of different vid...

SUSE CVE-2013-7340

VideoLAN VLC Media Player before 2.0.7 allows remote attackers to cause a denial of service memory consumption via a crafted playlist file...

SUSE CVE-2022-41325

An integer overflow in the VNC module in VideoLAN VLC Media Player through 3.0.17.4 allows attackers, by tricking a user into opening a crafted playlist or connecting to a rogue VNC server, to crash VLC or execute code under some conditions...

Debian DSA-5297-1 : vlc - security update

The remote Debian 11 host has packages installed that are affected by a vulnerability as referenced in the dsa-5297 advisory. - An integer overflow in the VNC module in VideoLAN VLC Media Player through 3.0.17.4 allows attackers, by tricking a user into opening a crafted playlist or connecting to...