10 matches found
CVE-2014-6440
VLC media player, affected up to versions before 2.1.5, is affected by CVE-2014-6440 due to a heap overflow in the transcode module that could allow remote code execution or a denial of service. Public references in OpenVAS/Gentoo advisories confirm a heap-based overflow/remote code execution vec...
CVE-2008-2147
CVE-2008-2147 affects VLC media player and relates to an untrusted search path vulnerability that could allow local privilege escalation via a malicious library placed in modules/ or plugins/ within the current working directory. Public disclosures in 2008-2009 reference VLC and related Debian/Ge...
CVE-2007-6681
CVE-2007-6681 affects VideoLAN VLC 0.8.6d, due to a stack-based buffer overflow in the subtitle demux path (modules/demux/subtitle.c) when parsing long subtitle formats (MicroDvd, SSA, VPlayer). This remote code execution vulnerability was discussed in VLC-related GLSA advisories (GLSA 200803-13 ...
CVE-2007-6682
CVE-2007-6682 affects VLC 0.8.6d with a format string vulnerability in the httpd_FileCallBack function (network/httpd.c). The vulnerability allows remote, unauthenticated attackers to execute arbitrary code via format string specifiers in the Connection header of HTTP requests. Public references ...
CVE-2008-1489
CVE-2008-1489 is an integer overflow in VLC’s MP4 handling (MP4_ReadBox_rdrf in libmp4.c) that can cause a heap-based buffer overflow, potentially crashing or executing code. The VLC GLSA entries indicate this was addressed by upgrading to VLC 0.8.6f (fixed in later 0.8.6x builds). Connected advi...
CVE-2008-1769
VLC (before 0.8.6f) is affected by CVE-2008-1769 due to a crafted Cinepak file that triggers an out-of-bounds memory access in the Cinepak codec, causing a denial of service. The OpenVAS/OpenBSD/Debian entries corroborate that this vulnerability can be triggered remotely via a crafted Cinepak str...
CVE-2007-6683
VLC 0.8.6d is affected by CVE-2007-6683 due to insecure argument validation that can allow remote overwriting of files writable by the user when opening a malicious M3U playlist or MP3 with a crafted EXTVLCOPT or demuxdump-file filename. Descriptions across sources (Debian GLSA/DSA, OpenVAS, Gent...
CVE-2008-1881
VLC 0.8.6e contains a stack-based buffer overflow in ParseSSA (modules/demux/subtitle.c) that can be triggered by a long SSA subtitle, allowing remote code execution. This CVE is CVE-2008-1881; related OpenVAS and Debian advisories document the issue as a real vulnerability and note Debian/ Gento...
CVE-2007-6684
CVE-2007-6684 affects VideoLAN VLC 0.8.6d: the RTSP module can crash a remote host by processing a request without a Transport parameter, triggering a NULL pointer dereference (DoS). Gentoo GLSA 200803-13 recommends upgrading to VLC 0.8.6e; other entries corroborate the same issue. No exploit det...
CVE-2008-1768
CVE-2008-1768 affects VLC media player prior to 0.8.6f. The vulnerability arises from multiple integer overflows in the MP4 demuxer, Real demuxer, and Cinepak codec, which can trigger a buffer overflow and cause a remote attack to crash the player (DoS). Related advisories confirm these problems ...