CVE-2025-69771

CVE-2025-69771 is a Cross-Site Scripting (XSS) vulnerability in the subtitle loading function of the asbplayer Chrome Extension (version 1.14.0). The issue allows an attacker to host a crafted .srt subtitle file that executes arbitrary JavaScript in the active streaming platform’s context, bypass...

EUVD-2025-23944

Malicious code in bioql PyPI...

EUVD-2025-23943

Malicious code in bioql PyPI...

CVE-2025-47808

A flaw was found in gstreamer1-plugins-base. The subparse plugin's tmplayerparseline function incorrectly attempts to dereference a NULL pointer during subtitle file parsing. This flaw allows a local attacker to provide a specially crafted subtitle file, causing the program to crash. Mitigation...

CVE-2025-47807

A flaw was found in gstreamer1-plugins-base. The subparse plugin's subripunescapeformatting function contains a NULL pointer dereference when parsing a subtitle file, which can lead to a program crash. This vulnerability allows a local attacker to provide a specially crafted subtitle file, causin...

CVE-2025-47807

CVE-2025-47807 affects GStreamer up to 1.26.1: the subparse plugin’s subrip_unescape_formatting may dereference a NULL pointer while parsing subtitle files, causing a crash (DoS). Connected advisories confirm the issue across distributions: Debian DLA-4371-1 fixes gst-plugins-base1.0 on Debian 11...

CVE-2025-47807

In GStreamer through 1.26.1, the subparse plugin's subripunescapeformatting function may dereference a NULL pointer while parsing a subtitle file, leading to a crash...

CVE-2025-47808

In GStreamer through 1.26.1, the subparse plugin's tmplayerparseline function may dereference a NULL pointer while parsing a subtitle file, leading to a crash...

CVE-2025-47807

In GStreamer through 1.26.1, the subparse plugin's subripunescapeformatting function may dereference a NULL pointer while parsing a subtitle file, leading to a crash...

SUSE CVE-2008-1881

Stack-based buffer overflow in the ParseSSA function modules/demux/subtitle.c in VLC 0.8.6e allows remote attackers to execute arbitrary code via a long subtitle in an SSA file. NOTE: this issue is due to an incomplete fix for CVE-2007-6681...

The vulnerability of the ParseSSA function in the modules/demux/subtitle.c file of the Media Player software VideoLAN VLC allows a hacker to execute arbitrary code.

The vulnerability of the ParseSSA function in the modules/demux/subtitle.c file of the Media Player software VideoLAN VLC is related to buffer overflow in the dynamic memory. Exploiting this vulnerability allows a remote attacker to execute arbitrary code using a specially crafted .ssa extension...

Debian: Security Advisory (DLA-1243-1)

The remote host is missing an update for the Debian SPDX-FileCopyrightText: 2018 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

openSUSE Security Update : gstreamer-plugins-base (openSUSE-2017-512)

This update for gstreamer-plugins-base fixes the following security issues : - A crafted AVI file could have caused a floating point exception leading to DoS bsc1024076, CVE-2017-5837, bsc1024079, CVE-2017-5844 - A crafted AVI file could have caused a stack overflow leading to DoS bsc1024047,...

CVE-2011-3625

Stack-based buffer overflow in the subreadlinesami function in subreader.c in MPlayer, as used in SMPlayer 0.6.9, allows remote attackers to cause a denial of service crash and possibly execute arbitrary code via a long string in a SAMI subtitle file...

CVE-2011-3625

Stack-based buffer overflow in the subreadlinesami function in subreader.c in MPlayer, as used in SMPlayer 0.6.9, allows remote attackers to cause a denial of service crash and possibly execute arbitrary code via a long string in a SAMI subtitle file...

DEBIAN-CVE-2010-0364

Stack-based buffer overflow in VideoLAN VLC Media Player 0.8.6 allows user-assisted remote attackers to execute arbitrary code via an ogg file with a crafted Advanced SubStation Alpha Subtitle .ass file, probably involving the Dialogue field...

Heap overflow

Heap-based buffer overflow in the Preview/ Set Segment function in Gretech GOMlab GOM Encoder 1.0.0.11 and earlier allows user-assisted remote attackers to cause a denial of service memory corruption and application crash or execute arbitrary code via a long text field in a subtitle .srt file...

CVE-2009-1022

Heap-based buffer overflow in the Preview/ Set Segment function in Gretech GOMlab GOM Encoder 1.0.0.11 and earlier allows user-assisted remote attackers to cause a denial of service memory corruption and application crash or execute arbitrary code via a long text field in a subtitle .srt file...

CVE-2009-1022

Heap-based buffer overflow in the Preview/ Set Segment function in Gretech GOMlab GOM Encoder 1.0.0.11 and earlier allows user-assisted remote attackers to cause a denial of service memory corruption and application crash or execute arbitrary code via a long text field in a subtitle .srt file...

CVE-2009-1022

Gretech GOMlab GOM Encoder 1.0.0.11 and earlier contains a heap-based buffer overflow in the Preview/Set Segment function. A long text field in a subtitle (.srt) file can be used by a user‑assisted attacker to cause memory corruption and a crash (DoS) or to execute arbitrary code. This vulnerabil...