EUVD-2022-6377

Malicious code in bioql PyPI...

CVE-2024-41217

A heap-based buffer overflow in tsMuxer version nightly-2024-05-10-02-00-45 allows attackers to cause Denial of Service DoS via a crafted MKV video file...

SUSE CVE-2016-2464

libvpx in libwebm in mediaserver in Android 4.x before 4.4.4, 5.0.x before 5.0.2, 5.1.x before 5.1.1, and 6.x before 2016-06-01 allows remote attackers to execute arbitrary code or cause a denial of service memory corruption via a crafted mkv file, aka internal bug 23167726...

CVE-2022-36313

A flaw was found in the file-type npm package. A malformed MKV file could lead the file type detector to a denial of Service. This issue allows an attacker to input a malicious file and make the server unresponsive...

Denial Of Service (DoS)

file-type is vulnerable to denial of service. The vulnerability exists in the FileTypeParser function in core.js due to a lack of input sanitization in the file type detector which allows an attacker to cause an application crash by sending mkv file...

file-type vulnerable to Infinite Loop via malformed MKV file

An issue was discovered in the file-type package from 13.0.0 until 16.5.4 and 17.x before 17.1.3 for Node.js. A malformed MKV file could cause the file type detector to get caught in an infinite loop. This would make the application become unresponsive and could be used to cause a DoS attack when...

CVE-2022-36313

An issue was discovered in the file-type package before 16.5.4 and 17.x before 17.1.3 for Node.js. A malformed MKV file could cause the file type detector to get caught in an infinite loop. This would make the application become unresponsive and could be used to cause a DoS attack...

VLC: Buffer overflow

Background VLC is a cross-platform media player and streaming server. Description VLC was found to have a buffer overflow when handling crafted MKV files. Impact A remote attacker could entice a user to open a specially crafted MKV file using VLC possibly resulting in execution of arbitrary code...

Null pointer dereference

u'Null Pointer exception while playing crafted mkv file as data stream get deleted on secondary invalid configuration' in Snapdragon Auto, Snapdragon Consumer IOT, Snapdragon Mobile in APQ8098, Bitra, Kamorta, SA6155P, Saipan, SM6150, SM7150, SM8150, SM8250, SXR2130...

CVE-2020-11122

CVE-2020-11122 corresponds to a Null Pointer dereference in Snapdragon video handling when decoding a crafted MKV data stream. Affected products include Snapdragon Auto, Snapdragon Consumer IoT, and Snapdragon Mobile (APQ8098, Bitra, Kamorta, SA6155P, Saipan, SM6150, SM7150, SM8150, SM8250, SXR21...

Microsoft Windows hevcdecoder_store MKV File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability

This vulnerability allows remote attackers to execute arbitrary code on affected installations of Microsoft Windows. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of M...

VLC < 2.0.8 Multiple Vulnerabilities

The version of VLC media player installed on the remote Windows host is prior to 2.0.8. It is, therefore, affected by multiple vulnerabilities: - An exploitable denial of service vulnerability exists in plugins/demux/libmkvplugin.dll in VideoLAN VLC Media Player 2.0.7 and possibly other versions...

CVE-2019-14970

A vulnerability in mkv::eventthreadt in VideoLAN VLC media player 3.0.7.1 allows remote attackers to trigger a heap-based buffer overflow via a crafted .mkv file...

CVE-2019-14970

A vulnerability in mkv::eventthreadt in VideoLAN VLC media player 3.0.7.1 allows remote attackers to trigger a heap-based buffer overflow via a crafted .mkv file...

Heap overflow

A vulnerability in mkv::eventthreadt in VideoLAN VLC media player 3.0.7.1 allows remote attackers to trigger a heap-based buffer overflow via a crafted .mkv file...

CVE-2019-14776

A heap-based buffer over-read exists in DemuxInit in demux/asf/asf.c in VideoLAN VLC media player 3.0.7.1 via a crafted .mkv file...

CVE-2019-12874

CVE-2019-12874 affects VLC media player 3.x up to 3.0.7. The Matroska demuxer’s MKV parser has a double free in zlib_decompress_extra, with related MKV processing flaws that can, per advisory texts, lead to a crash or possibly arbitrary code execution. Some sources also describe related DoS risk....

CVE-2019-12874

An issue was discovered in zlibdecompressextra in modules/demux/mkv/util.cpp in VideoLAN VLC media player 3.x through 3.0.7. The Matroska demuxer, while parsing a malformed MKV file type, has a double free...

VLC (European Commission - DIGIT): Access Violation Reading EXPLOITABLE_0228

1 Basic info of application 1.1 Info of application Application NamevVLC media player for Windows Application Versionv4.0.0-dev Otto Chriek Download Address: http://nightlies.videolan.org/ Testing OS: Windows 8 2 Info of test file 2.1 Test file info Normal file name: normal.mkv Normal file type:...

VLC (European Commission - DIGIT): Access Violation Reading in libfaad_plugin

1 Basic info of application 1.1 Info of application Application Name VLC media player for Windows Application Version 4.0.0-dev Otto Chriek Download Address http://nightlies.videolan.org/ Testing OS Windows 8 2 Info of test file 2.1 Test file info Normal file name normal.mkv Normal file type...