41 matches found
UBUNTU-CVE-2026-49130
Music Player Daemon MPD before version 0.24.11 contains a CRLF injection vulnerability in the xspfchardata function within the XSPF playlist plugin that allows attackers to embed literal CR/LF bytes in URI fields by supplying a malicious XSPF playlist with XML numeric character references...
CVE-2026-49130 Music Player Daemon < 0.24.11 CRLF Injection via XspfPlaylistPlugin.cxx
Music Player Daemon MPD before version 0.24.11 contains a CRLF injection vulnerability in the xspfchardata function within the XSPF playlist plugin that allows attackers to embed literal CR/LF bytes in URI fields by supplying a malicious XSPF playlist with XML numeric character references...
CVE-2026-49130
MPD (Music Player Daemon) prior to version 0.24.11 is affected by a CRLF injection vulnerability in the XSPF playlist plugin’s xspf_char_data function. By supplying a malicious XSPF playlist that exploits XML numeric character references, an attacker can cause Expat decoding to insert literal CR/...
CVE-2026-49130 Music Player Daemon < 0.24.11 CRLF Injection via XspfPlaylistPlugin.cxx
Music Player Daemon MPD before version 0.24.11 contains a CRLF injection vulnerability in the xspfchardata function within the XSPF playlist plugin that allows attackers to embed literal CR/LF bytes in URI fields by supplying a malicious XSPF playlist with XML numeric character references...
Music Player Daemon 安全漏洞
Music Player Daemon is an open-source music playback daemon. Versions of Music Player Daemon prior to 0.24.11 contained a security vulnerability. This vulnerability stemmed from an issue with the xspfchardata function in the XSPF playlist plugin, allowing attackers to embed text CR/LF bytes in...
CVE-2017-9355
XML external entity XXE vulnerability in the import playlist feature in Subsonic 6.1.1 might allow remote attackers to conduct server-side request forgery SSRF attacks via a crafted XSPF playlist file...
CVE-2010-1443
The parsetracknode function in modules/demux/playlist/xspf.c in the XSPF playlist parser in VideoLAN VLC media player before 1.0.6 allows remote attackers to cause a denial of service NULL pointer dereference and application crash via an empty location element in an XML Shareable Playlist Format...
Null pointer dereference
The parsetracknode function in modules/demux/playlist/xspf.c in the XSPF playlist parser in VideoLAN VLC media player before 1.0.6 allows remote attackers to cause a denial of service NULL pointer dereference and application crash via an empty location element in an XML Shareable Playlist Format...
CVE-2010-1443
The parsetracknode function in modules/demux/playlist/xspf.c in the XSPF playlist parser in VideoLAN VLC media player before 1.0.6 allows remote attackers to cause a denial of service NULL pointer dereference and application crash via an empty location element in an XML Shareable Playlist Format...
CVE-2010-1443
The parsetracknode function in modules/demux/playlist/xspf.c in the XSPF playlist parser in VideoLAN VLC media player before 1.0.6 allows remote attackers to cause a denial of service NULL pointer dereference and application crash via an empty location element in an XML Shareable Playlist Format...
VLC Media Player XSPF Playlist Integer Overflow Vulnerability (Linux)
The host is installed with VLC Media Player and is prone integer overflow vulnerability. OpenVAS Vulnerability Test $Id: secpodvlcmediaplayerxspfintoverflowvulnlin.nasl 7015 2017-08-28 11:51:24Z teissa $ VLC Media Player XSPF Playlist Integer Overflow Vulnerability Linux Authors: Shashi Kiran N...
VLC Media Player XSPF Playlist Integer Overflow Vulnerability - Windows
VLC Media Player is prone to an integer overflow vulnerability. SPDX-FileCopyrightText: 2011 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE =...
VLC Media Player XSPF Playlist Integer Overflow Vulnerability - Linux
VLC Media Player is prone to an integer overflow vulnerability. SPDX-FileCopyrightText: 2011 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
Integer overflow
Integer overflow in the XSPF playlist parser in VideoLAN VLC media player 0.8.5 through 1.1.9 allows remote attackers to cause a denial of service crash and possibly execute arbitrary code via unspecified vectors that trigger a heap-based buffer overflow...
CVE-2011-2194
Integer overflow in the XSPF playlist parser in VideoLAN VLC media player 0.8.5 through 1.1.9 allows remote attackers to cause a denial of service crash and possibly execute arbitrary code via unspecified vectors that trigger a heap-based buffer overflow...
CVE-2011-2194
Integer overflow in the XSPF playlist parser in VideoLAN VLC media player 0.8.5 through 1.1.9 allows remote attackers to cause a denial of service crash and possibly execute arbitrary code via unspecified vectors that trigger a heap-based buffer overflow...
CVE-2011-2194
CVE-2011-2194 describes a heap-based buffer overflow in VLC’s XSPF playlist parser that could allow a remote attacker to crash the player and potentially execute arbitrary code. Affected versions span VLC 0.8.5 through 1.1.9. Multiple open-source advisories corroborate the issue across platforms ...
CVE-2011-2194
Integer overflow in the XSPF playlist parser in VideoLAN VLC media player 0.8.5 through 1.1.9 allows remote attackers to cause a denial of service crash and possibly execute arbitrary code via unspecified vectors that trigger a heap-based buffer overflow...
Debian DSA-2257-1 : vlc - heap-based buffer overflow
Rocco Calvi discovered that the XSPF playlist parser of VLC, a multimedia player and streamer, is prone to an integer overflow resulting in a heap-based buffer overflow. This might allow an attacker to execute arbitrary code by tricking a victim into opening a specially crafted file. The oldstabl...
VLC Media Player < 1.1.10 XSPF Playlist Parser Integer Overflow (deprecated)
Binary data 5946.prm...