asbplayer 安全漏洞

ASBPlayer is a language learning tool developed by Raphael-Joel Lim. Version 1.13.0 of ASBPlayer contains a security vulnerability. This vulnerability stems from the subtitle loading function allowing arbitrary file uploads, which could enable attackers to execute arbitrary code by uploading...

CVE-2025-29845

A vulnerability in VideoPlayer2 subtitle cgi allows remote authenticated users to read .srt files...

EUVD-2025-201173

A vulnerability in VideoPlayer2 subtitle cgi allows remote authenticated users to read .srt files...

EUVD-2004-1469

Malware in sbrugna...

The vulnerability of the subtitle rendering components in Microsoft Edge and Google Chrome allows a perpetrator to access confidential data, compromise its integrity, and cause service failures.

The vulnerability of the subtitle rendering components in Microsoft Edge and Google Chrome relates to the use of memory after it is freed. Exploiting this vulnerability allows an attacker to gain access to confidential data, compromise its integrity, and cause service interruptions...

AZL-43777 CVE-2023-37329 affecting package gstreamer1-plugins-base 1.20.0-3

GStreamer SRT File Parsing Heap-based Buffer Overflow Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of GStreamer. Interaction with this library is required to exploit this vulnerability but attack vectors may va...

VideoLAN VLC Heap Buffer Overflow Vulnerability

VideoLAN VLC is a free and open source cross-platform multimedia player also a multimedia framework developed by the French organization VideoLAN. It supports playback of multiple media files, CD-ROMs, etc., multiple audio and video formats WMV, MP3, etc., etc. ParseJSS is one of the subtitle fil...

Subtitle Hack Leaves 200 Million Vulnerable to Remote Code Execution

A proof of concept attack using malicious video subtitle files reveals how adversaries can execute remote code on PCs, Smart TVs and mobile devices using popular video players and services such as VLC Media Player, Kodi, Stremio and Popcorn Time. “This is a brand new attack vector. We haven’t see...

Memory corruption

The StripTags function in 1 the USF decoder modules/codec/subtitles/subsdec.c and 2 the Text decoder modules/codec/subtitles/subsusf.c in VideoLAN VLC Media Player 1.1 before 1.1.6-rc allows remote attackers to execute arbitrary code via a subtitle with an opening "" in an MKV file, which trigger...

Stack overflow

Stack-based buffer overflow in DivX Player 6.7 build 6.7.0.22 and earlier allows user-assisted remote attackers to cause a denial of service application crash or execute arbitrary code via a long subtitle in a .SRT file...

Stack overflow

Stack-based buffer overflow in modules/demux/subtitle.c in VideoLAN VLC 0.8.6d allows remote attackers to execute arbitrary code via a long subtitle in a 1 MicroDvd, 2 SSA, and 3 Vplayer file...