Lucene search
+L

10 matches found

CVE
CVE
added 2017/03/28 3:0 p.m.2468 views

CVE-2014-6440

VLC media player, affected up to versions before 2.1.5, is affected by CVE-2014-6440 due to a heap overflow in the transcode module that could allow remote code execution or a denial of service. Public references in OpenVAS/Gentoo advisories confirm a heap-based overflow/remote code execution vec...

9.8CVSS8.9AI score0.04985EPSS
CVE
CVE
added 2008/05/12 8:0 p.m.82 views

CVE-2008-2147

CVE-2008-2147 affects VLC media player and relates to an untrusted search path vulnerability that could allow local privilege escalation via a malicious library placed in modules/ or plugins/ within the current working directory. Public disclosures in 2008-2009 reference VLC and related Debian/Ge...

4.6CVSS6.8AI score0.00416EPSS
CVE
CVE
added 2008/01/17 12:0 a.m.76 views

CVE-2007-6681

CVE-2007-6681 affects VideoLAN VLC 0.8.6d, due to a stack-based buffer overflow in the subtitle demux path (modules/demux/subtitle.c) when parsing long subtitle formats (MicroDvd, SSA, VPlayer). This remote code execution vulnerability was discussed in VLC-related GLSA advisories (GLSA 200803-13 ...

7.5CVSS7.6AI score0.17358EPSS
CVE
CVE
added 2008/01/17 12:0 a.m.72 views

CVE-2007-6682

CVE-2007-6682 affects VLC 0.8.6d with a format string vulnerability in the httpd_FileCallBack function (network/httpd.c). The vulnerability allows remote, unauthenticated attackers to execute arbitrary code via format string specifiers in the Connection header of HTTP requests. Public references ...

7.5CVSS7.3AI score0.15138EPSS
Web
CVE
CVE
added 2008/03/25 12:0 a.m.72 views

CVE-2008-1489

CVE-2008-1489 is an integer overflow in VLC’s MP4 handling (MP4_ReadBox_rdrf in libmp4.c) that can cause a heap-based buffer overflow, potentially crashing or executing code. The VLC GLSA entries indicate this was addressed by upgrading to VLC 0.8.6f (fixed in later 0.8.6x builds). Connected advi...

6.8CVSS7.7AI score0.11865EPSS
CVE
CVE
added 2008/04/24 6:0 p.m.71 views

CVE-2008-1769

VLC (before 0.8.6f) is affected by CVE-2008-1769 due to a crafted Cinepak file that triggers an out-of-bounds memory access in the Cinepak codec, causing a denial of service. The OpenVAS/OpenBSD/Debian entries corroborate that this vulnerability can be triggered remotely via a crafted Cinepak str...

6.8CVSS6.2AI score0.07162EPSS
CVE
CVE
added 2008/01/17 12:0 a.m.69 views

CVE-2007-6683

VLC 0.8.6d is affected by CVE-2007-6683 due to insecure argument validation that can allow remote overwriting of files writable by the user when opening a malicious M3U playlist or MP3 with a crafted EXTVLCOPT or demuxdump-file filename. Descriptions across sources (Debian GLSA/DSA, OpenVAS, Gent...

5CVSS6.8AI score0.02778EPSS
CVE
CVE
added 2008/04/17 11:0 p.m.69 views

CVE-2008-1881

VLC 0.8.6e contains a stack-based buffer overflow in ParseSSA (modules/demux/subtitle.c) that can be triggered by a long SSA subtitle, allowing remote code execution. This CVE is CVE-2008-1881; related OpenVAS and Debian advisories document the issue as a real vulnerability and note Debian/ Gento...

6.8CVSS7.7AI score0.11778EPSS
CVE
CVE
added 2008/01/17 12:0 a.m.68 views

CVE-2007-6684

CVE-2007-6684 affects VideoLAN VLC 0.8.6d: the RTSP module can crash a remote host by processing a request without a Transport parameter, triggering a NULL pointer dereference (DoS). Gentoo GLSA 200803-13 recommends upgrading to VLC 0.8.6e; other entries corroborate the same issue. No exploit det...

5CVSS6.3AI score0.02234EPSS
CVE
CVE
added 2008/04/24 6:0 p.m.66 views

CVE-2008-1768

CVE-2008-1768 affects VLC media player prior to 0.8.6f. The vulnerability arises from multiple integer overflows in the MP4 demuxer, Real demuxer, and Cinepak codec, which can trigger a buffer overflow and cause a remote attack to crash the player (DoS). Related advisories confirm these problems ...

6.8CVSS6.5AI score0.02711EPSS