Vulnerabilites related to VideoLAN - VLC
Vulnerability from fkie_nvd
Published
2008-04-25 06:05
Modified
2025-04-09 00:30
Severity ?
Summary
Multiple integer overflows in VLC before 0.8.6f allow remote attackers to cause a denial of service (crash) via the (1) MP4 demuxer, (2) Real demuxer, and (3) Cinepak codec, which triggers a buffer overflow.
References
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:videolan:vlc:0.1.99:*:*:*:*:*:*:*",
"matchCriteriaId": "929E49D1-B8F6-4A25-A93F-D8211520ED61",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:videolan:vlc:0.1.99a:*:*:*:*:*:*:*",
"matchCriteriaId": "B61BB1FD-6D2A-42EA-9824-9A8FD728B4CE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:videolan:vlc:0.1.99b:*:*:*:*:*:*:*",
"matchCriteriaId": "76DDF802-26C2-437E-BB01-F01209FFE0BB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:videolan:vlc:0.1.99c:*:*:*:*:*:*:*",
"matchCriteriaId": "546BAE28-5B2A-4856-8B2A-316D9AD2F5A8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:videolan:vlc:0.1.99d:*:*:*:*:*:*:*",
"matchCriteriaId": "56926B35-987F-4C12-9FBC-61BF7CEE1541",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:videolan:vlc:0.1.99e:*:*:*:*:*:*:*",
"matchCriteriaId": "2D8FAE03-C528-4BAD-823E-EEEC4368113D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:videolan:vlc:0.1.99f:*:*:*:*:*:*:*",
"matchCriteriaId": "1C5B604B-5A7A-450A-8252-60FDCB114283",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:videolan:vlc:0.1.99g:*:*:*:*:*:*:*",
"matchCriteriaId": "78FCD5D6-A4A9-48CD-BD0E-296FD1032907",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:videolan:vlc:0.1.99h:*:*:*:*:*:*:*",
"matchCriteriaId": "5624A925-C0D8-4E85-9B32-085BB9059FFE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:videolan:vlc:0.1.99i:*:*:*:*:*:*:*",
"matchCriteriaId": "28E35B1D-3191-4E18-B265-ACA736A87645",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:videolan:vlc:0.2.0:*:*:*:*:*:*:*",
"matchCriteriaId": "60FCBA5D-568F-424B-BFB1-1BA41DB0D6B6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:videolan:vlc:0.2.50:*:*:*:*:*:*:*",
"matchCriteriaId": "656BBC4D-8569-4A91-87DF-93D053BEEC57",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:videolan:vlc:0.2.60:*:*:*:*:*:*:*",
"matchCriteriaId": "0C9C7B19-59F4-43FB-8122-AAD36ABDF807",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:videolan:vlc:0.2.61:*:*:*:*:*:*:*",
"matchCriteriaId": "6E2DB4C0-CCEE-40D6-B227-E00A002D755B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:videolan:vlc:0.2.62:*:*:*:*:*:*:*",
"matchCriteriaId": "01BE9872-10B5-466E-BEE4-69B6451076C9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:videolan:vlc:0.2.63:*:*:*:*:*:*:*",
"matchCriteriaId": "C6125D6E-6416-49E8-8770-5C0590F3FA0A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:videolan:vlc:0.2.70:*:*:*:*:*:*:*",
"matchCriteriaId": "27122F7C-1D19-41D8-B323-A6941D0DE193",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:videolan:vlc:0.2.71:*:*:*:*:*:*:*",
"matchCriteriaId": "6068DB81-542B-43F0-9B42-CEA7689F61D8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:videolan:vlc:0.2.72:*:*:*:*:*:*:*",
"matchCriteriaId": "A009555D-CC59-4C6A-B350-E7F4730F5B7B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:videolan:vlc:0.2.73:*:*:*:*:*:*:*",
"matchCriteriaId": "3299D365-015F-4A95-80C3-977853E70E1D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:videolan:vlc:0.2.80:*:*:*:*:*:*:*",
"matchCriteriaId": "47EC751E-FB47-4263-B9ED-FBBAAEA677F7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:videolan:vlc:0.2.81:*:*:*:*:*:*:*",
"matchCriteriaId": "5BA7C125-989A-4727-9E59-44ACC1750E6B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:videolan:vlc:0.2.82:*:*:*:*:*:*:*",
"matchCriteriaId": "BC105DEB-DE1F-4183-8A4A-F7E58FBB82C6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:videolan:vlc:0.2.83:*:*:*:*:*:*:*",
"matchCriteriaId": "521F12A2-7785-48C9-BB11-E91CEF61584F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:videolan:vlc:0.2.90:*:*:*:*:*:*:*",
"matchCriteriaId": "25A412BA-A195-4893-B5F8-EE6FC9A53326",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:videolan:vlc:0.2.91:*:*:*:*:*:*:*",
"matchCriteriaId": "A6ADA95A-A8B2-4E3E-A3E4-AEA03B14C339",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:videolan:vlc:0.2.92:*:*:*:*:*:*:*",
"matchCriteriaId": "F7823310-E6C2-42D6-A0CC-8D2A0CA5EB6E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:videolan:vlc:0.3.0:*:*:*:*:*:*:*",
"matchCriteriaId": "EBE2DF23-1CF5-4371-82EF-7072B0FCC226",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:videolan:vlc:0.3.1:*:*:*:*:*:*:*",
"matchCriteriaId": "2F706E26-E58D-4B5C-98AC-A386BF7ABC24",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:videolan:vlc:0.4.0:*:*:*:*:*:*:*",
"matchCriteriaId": "E19F3E58-0D65-45AF-8024-E3A7CFD05142",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:videolan:vlc:0.4.1:*:*:*:*:*:*:*",
"matchCriteriaId": "4B24956D-A924-40BC-A340-3BE9DD3CCBA3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:videolan:vlc:0.4.2:*:*:*:*:*:*:*",
"matchCriteriaId": "F94AC83A-6790-4E26-A4B8-E2B4394CB3FA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:videolan:vlc:0.4.3:*:*:*:*:*:*:*",
"matchCriteriaId": "DD6F543A-8520-4F13-9C03-9520A6B92944",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:videolan:vlc:0.4.3_ac3:*:*:*:*:*:*:*",
"matchCriteriaId": "F3991F10-CFC4-4979-B5D4-F9EFB9992683",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:videolan:vlc:0.4.4:*:*:*:*:*:*:*",
"matchCriteriaId": "01FC4A5C-5A0A-40CF-891B-97443CC4A367",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:videolan:vlc:0.4.5:*:*:*:*:*:*:*",
"matchCriteriaId": "6656C05D-4A4B-47DE-9844-308FD98CFF04",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:videolan:vlc:0.4.6:*:*:*:*:*:*:*",
"matchCriteriaId": "8CBF1B20-1478-472C-B9A1-974A7A5333C6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:videolan:vlc:0.5.0:*:*:*:*:*:*:*",
"matchCriteriaId": "C29EDDF9-DE90-4AA7-8454-D42B4C37ECF0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:videolan:vlc:0.5.1:*:*:*:*:*:*:*",
"matchCriteriaId": "02AF1C9A-FD6F-4CA4-8275-8B7655F861F2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:videolan:vlc:0.5.2:*:*:*:*:*:*:*",
"matchCriteriaId": "5B56B15F-7504-4D55-8C31-1C28F1A8129D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:videolan:vlc:0.5.3:*:*:*:*:*:*:*",
"matchCriteriaId": "6C6BB497-20F6-4CCB-A24E-7228BE68CA5B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:videolan:vlc:0.6.0:*:*:*:*:*:*:*",
"matchCriteriaId": "0D2855B3-D0ED-4C8E-95A0-151E88F95057",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:videolan:vlc:0.6.1:*:*:*:*:*:*:*",
"matchCriteriaId": "56B90DCE-2EA9-49AA-9F63-0515C751E821",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:videolan:vlc:0.6.2:*:*:*:*:*:*:*",
"matchCriteriaId": "34C4F8C4-EEA4-4369-BBC8-C726059C8852",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:videolan:vlc:0.7.0:*:*:*:*:*:*:*",
"matchCriteriaId": "C2821324-7A44-40CD-95B8-F4B5B09E6D69",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:videolan:vlc:0.7.1:*:*:*:*:*:*:*",
"matchCriteriaId": "4A98AC34-2FAB-4CAE-9D14-B4E11CC2AFB3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:videolan:vlc:0.7.2:*:*:*:*:*:*:*",
"matchCriteriaId": "347E213C-83AF-4F98-8096-2113E00C1BC4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:videolan:vlc:0.8.0:*:*:*:*:*:*:*",
"matchCriteriaId": "6A26753D-44F2-49F6-8486-1DD61297C037",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:videolan:vlc:0.8.1:*:*:*:*:*:*:*",
"matchCriteriaId": "67C2B1C1-1606-411D-A9CA-D1A654FD4133",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:videolan:vlc:0.8.2:*:*:*:*:*:*:*",
"matchCriteriaId": "28BBBBAF-71F7-4F47-ADE6-FF7B590832E1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:videolan:vlc:0.8.4:*:*:*:*:*:*:*",
"matchCriteriaId": "5AC67A7B-21E0-45DA-A70F-EE97079140A7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:videolan:vlc:0.8.4a:*:*:*:*:*:*:*",
"matchCriteriaId": "1062EB82-2A6C-4770-A339-21686FF9E923",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:videolan:vlc:0.8.5:*:*:*:*:*:*:*",
"matchCriteriaId": "FEA7ECBE-1CAE-47C5-ACC1-F7BBA3946CCA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:videolan:vlc:0.8.6:*:*:*:*:*:*:*",
"matchCriteriaId": "50A23534-3DF7-422A-B997-1FB16D8564C9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:videolan:vlc:0.8.6a:*:*:*:*:*:*:*",
"matchCriteriaId": "9E85F765-D2DF-41C0-A90F-732861CA32F3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:videolan:vlc:0.8.6b:*:*:*:*:*:*:*",
"matchCriteriaId": "26981B0C-6A7E-40BA-8F50-0C19870258FE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:videolan:vlc:0.8.6c:*:*:*:*:*:*:*",
"matchCriteriaId": "89FAFEE4-35FE-44BE-90DD-1E067A1A2AAA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:videolan:vlc:0.8.6d:*:*:*:*:*:*:*",
"matchCriteriaId": "686E1C6D-CDE6-4615-B983-3BCDDDE921AD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:videolan:vlc:0.8.6e:*:*:*:*:*:*:*",
"matchCriteriaId": "6545867A-07ED-4E16-AED0-566C5CCD46FE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:videolan:vlc:0.8.1337:*:*:*:*:*:*:*",
"matchCriteriaId": "053BE4FF-4699-42E8-B480-DA2224EC2BDE",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Multiple integer overflows in VLC before 0.8.6f allow remote attackers to cause a denial of service (crash) via the (1) MP4 demuxer, (2) Real demuxer, and (3) Cinepak codec, which triggers a buffer overflow."
},
{
"lang": "es",
"value": "M\u00faltiples desbordamientos de enteros en VLC anterior a 0.8.6f, permite a atacantes remotos provocar una denegaci\u00f3n de servicio (ca\u00edda) a trav\u00e9s del demultiplexador (1) MP4, (2) Real y (3) el codec Cinepak, que inicia el desbordamiento de b\u00fafer."
}
],
"id": "CVE-2008-1768",
"lastModified": "2025-04-09T00:30:58.490",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 6.8,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
]
},
"published": "2008-04-25T06:05:00.000",
"references": [
{
"source": "cve@mitre.org",
"url": "http://secunia.com/advisories/29503"
},
{
"source": "cve@mitre.org",
"url": "http://secunia.com/advisories/29800"
},
{
"source": "cve@mitre.org",
"url": "http://security.gentoo.org/glsa/glsa-200804-25.xml"
},
{
"source": "cve@mitre.org",
"url": "http://wiki.videolan.org/Changelog/0.8.6f"
},
{
"source": "cve@mitre.org",
"url": "http://www.securityfocus.com/bid/28903"
},
{
"source": "cve@mitre.org",
"url": "http://www.videolan.org/developers/vlc/NEWS"
},
{
"source": "cve@mitre.org",
"url": "http://www.videolan.org/security/sa0803.php"
},
{
"source": "cve@mitre.org",
"url": "http://www.vupen.com/english/advisories/2008/0985"
},
{
"source": "cve@mitre.org",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A14412"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://secunia.com/advisories/29503"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://secunia.com/advisories/29800"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://security.gentoo.org/glsa/glsa-200804-25.xml"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://wiki.videolan.org/Changelog/0.8.6f"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/bid/28903"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.videolan.org/developers/vlc/NEWS"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.videolan.org/security/sa0803.php"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.vupen.com/english/advisories/2008/0985"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A14412"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-119"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2008-01-17 01:00
Modified
2025-04-09 00:30
Severity ?
Summary
The browser plugin in VideoLAN VLC 0.8.6d allows remote attackers to overwrite arbitrary files via (1) the :demuxdump-file option in a filename in a playlist, or (2) a EXTVLCOPT statement in an MP3 file, possibly an argument injection vulnerability.
References
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:videolan:vlc:0.8.6d:*:*:*:*:*:*:*",
"matchCriteriaId": "686E1C6D-CDE6-4615-B983-3BCDDDE921AD",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "The browser plugin in VideoLAN VLC 0.8.6d allows remote attackers to overwrite arbitrary files via (1) the :demuxdump-file option in a filename in a playlist, or (2) a EXTVLCOPT statement in an MP3 file, possibly an argument injection vulnerability."
},
{
"lang": "es",
"value": "La extensi\u00f3n de navegaci\u00f3n de VideoLAN VLC 0.8.6d permite a atacantes remotos sobrescribir ficheros de su elecci\u00f3n mediante (1) la opci\u00f3n :demuxdump-file en un nombre de fichero de una lista de reproducci\u00f3n, o (2) una sentencia EXTVLCOPT en un fichero MP3, posiblemente una vulnerabilidad de inyecci\u00f3n de argumento."
}
],
"id": "CVE-2007-6683",
"lastModified": "2025-04-09T00:30:58.490",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 5.0,
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:L/Au:N/C:N/I:P/A:N",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2008-01-17T01:00:00.000",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Exploit"
],
"url": "http://mailman.videolan.org/pipermail/vlc-devel/2007-December/037726.html"
},
{
"source": "cve@mitre.org",
"url": "http://osvdb.org/42205"
},
{
"source": "cve@mitre.org",
"url": "http://osvdb.org/42206"
},
{
"source": "cve@mitre.org",
"url": "http://secunia.com/advisories/29284"
},
{
"source": "cve@mitre.org",
"url": "http://secunia.com/advisories/29766"
},
{
"source": "cve@mitre.org",
"url": "http://www.debian.org/security/2008/dsa-1543"
},
{
"source": "cve@mitre.org",
"url": "http://www.gentoo.org/security/en/glsa/glsa-200803-13.xml"
},
{
"source": "cve@mitre.org",
"url": "http://www.securityfocus.com/bid/28712"
},
{
"source": "cve@mitre.org",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A14619"
},
{
"source": "cve@mitre.org",
"url": "https://trac.videolan.org/vlc/changeset/23197"
},
{
"source": "cve@mitre.org",
"url": "https://trac.videolan.org/vlc/ticket/1371"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit"
],
"url": "http://mailman.videolan.org/pipermail/vlc-devel/2007-December/037726.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://osvdb.org/42205"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://osvdb.org/42206"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://secunia.com/advisories/29284"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://secunia.com/advisories/29766"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.debian.org/security/2008/dsa-1543"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.gentoo.org/security/en/glsa/glsa-200803-13.xml"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/bid/28712"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A14619"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://trac.videolan.org/vlc/changeset/23197"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://trac.videolan.org/vlc/ticket/1371"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-Other"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2008-01-17 01:00
Modified
2025-04-09 00:30
Severity ?
Summary
The RTSP module in VideoLAN VLC 0.8.6d allows remote attackers to cause a denial of service (crash) via a request without a Transport parameter, which triggers a NULL pointer dereference.
References
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:videolan:vlc:0.8.6d:*:*:*:*:*:*:*",
"matchCriteriaId": "686E1C6D-CDE6-4615-B983-3BCDDDE921AD",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "The RTSP module in VideoLAN VLC 0.8.6d allows remote attackers to cause a denial of service (crash) via a request without a Transport parameter, which triggers a NULL pointer dereference."
},
{
"lang": "es",
"value": "El m\u00f3dulo RTSP de VideoLAN VLC 0.8.6d permite a atacantes remotos provocar una denegaci\u00f3n de servicio (ca\u00edda) mediante una petici\u00f3n sin el par\u00e1metro Transfer, lo cual provoca una referencia a un puntero nulo."
}
],
"id": "CVE-2007-6684",
"lastModified": "2025-04-09T00:30:58.490",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 5.0,
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2008-01-17T01:00:00.000",
"references": [
{
"source": "cve@mitre.org",
"url": "http://mailman.videolan.org/pipermail/vlc-devel/2007-September/034722.html"
},
{
"source": "cve@mitre.org",
"url": "http://secunia.com/advisories/29284"
},
{
"source": "cve@mitre.org",
"url": "http://trac.videolan.org/vlc/changeset/22023"
},
{
"source": "cve@mitre.org",
"url": "http://www.gentoo.org/security/en/glsa/glsa-200803-13.xml"
},
{
"source": "cve@mitre.org",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A14876"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://mailman.videolan.org/pipermail/vlc-devel/2007-September/034722.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://secunia.com/advisories/29284"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://trac.videolan.org/vlc/changeset/22023"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.gentoo.org/security/en/glsa/glsa-200803-13.xml"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A14876"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-20"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2008-05-12 20:20
Modified
2025-04-09 00:30
Severity ?
Summary
Untrusted search path vulnerability in VideoLAN VLC before 0.9.0 allows local users to execute arbitrary code via a malicious library under the modules/ or plugins/ subdirectories of the current working directory.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| videolan | vlc | * | |
| videolan | vlc | 0.4.6 | |
| videolan | vlc | 0.5.0 | |
| videolan | vlc | 0.5.1 | |
| videolan | vlc | 0.5.1a | |
| videolan | vlc | 0.5.2 | |
| videolan | vlc | 0.5.3 | |
| videolan | vlc | 0.6.0 | |
| videolan | vlc | 0.6.1 | |
| videolan | vlc | 0.6.2 | |
| videolan | vlc | 0.7.0 | |
| videolan | vlc | 0.7.1 | |
| videolan | vlc | 0.7.2 | |
| videolan | vlc | 0.8.0 | |
| videolan | vlc | 0.8.1 | |
| videolan | vlc | 0.8.2 | |
| videolan | vlc | 0.8.4 | |
| videolan | vlc | 0.8.4a | |
| videolan | vlc | 0.8.5 | |
| videolan | vlc | 0.8.6a | |
| videolan | vlc | 0.8.6b | |
| videolan | vlc | 0.8.6c | |
| videolan | vlc | 0.8.6d | |
| videolan | vlc | 0.8.6e |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:videolan:vlc:*:*:*:*:*:*:*:*",
"matchCriteriaId": "6C5ACEC7-D436-49F2-821B-EE4B1D982A55",
"versionEndIncluding": "0.8.6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:videolan:vlc:0.4.6:*:*:*:*:*:*:*",
"matchCriteriaId": "8CBF1B20-1478-472C-B9A1-974A7A5333C6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:videolan:vlc:0.5.0:*:*:*:*:*:*:*",
"matchCriteriaId": "C29EDDF9-DE90-4AA7-8454-D42B4C37ECF0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:videolan:vlc:0.5.1:*:*:*:*:*:*:*",
"matchCriteriaId": "02AF1C9A-FD6F-4CA4-8275-8B7655F861F2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:videolan:vlc:0.5.1a:*:*:*:*:*:*:*",
"matchCriteriaId": "26768501-C17C-4ABF-AB47-D4BE2C902D51",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:videolan:vlc:0.5.2:*:*:*:*:*:*:*",
"matchCriteriaId": "5B56B15F-7504-4D55-8C31-1C28F1A8129D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:videolan:vlc:0.5.3:*:*:*:*:*:*:*",
"matchCriteriaId": "6C6BB497-20F6-4CCB-A24E-7228BE68CA5B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:videolan:vlc:0.6.0:*:*:*:*:*:*:*",
"matchCriteriaId": "0D2855B3-D0ED-4C8E-95A0-151E88F95057",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:videolan:vlc:0.6.1:*:*:*:*:*:*:*",
"matchCriteriaId": "56B90DCE-2EA9-49AA-9F63-0515C751E821",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:videolan:vlc:0.6.2:*:*:*:*:*:*:*",
"matchCriteriaId": "34C4F8C4-EEA4-4369-BBC8-C726059C8852",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:videolan:vlc:0.7.0:*:*:*:*:*:*:*",
"matchCriteriaId": "C2821324-7A44-40CD-95B8-F4B5B09E6D69",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:videolan:vlc:0.7.1:*:*:*:*:*:*:*",
"matchCriteriaId": "4A98AC34-2FAB-4CAE-9D14-B4E11CC2AFB3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:videolan:vlc:0.7.2:*:*:*:*:*:*:*",
"matchCriteriaId": "347E213C-83AF-4F98-8096-2113E00C1BC4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:videolan:vlc:0.8.0:*:*:*:*:*:*:*",
"matchCriteriaId": "6A26753D-44F2-49F6-8486-1DD61297C037",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:videolan:vlc:0.8.1:*:*:*:*:*:*:*",
"matchCriteriaId": "67C2B1C1-1606-411D-A9CA-D1A654FD4133",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:videolan:vlc:0.8.2:*:*:*:*:*:*:*",
"matchCriteriaId": "28BBBBAF-71F7-4F47-ADE6-FF7B590832E1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:videolan:vlc:0.8.4:*:*:*:*:*:*:*",
"matchCriteriaId": "5AC67A7B-21E0-45DA-A70F-EE97079140A7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:videolan:vlc:0.8.4a:*:*:*:*:*:*:*",
"matchCriteriaId": "1062EB82-2A6C-4770-A339-21686FF9E923",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:videolan:vlc:0.8.5:*:*:*:*:*:*:*",
"matchCriteriaId": "FEA7ECBE-1CAE-47C5-ACC1-F7BBA3946CCA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:videolan:vlc:0.8.6a:*:*:*:*:*:*:*",
"matchCriteriaId": "9E85F765-D2DF-41C0-A90F-732861CA32F3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:videolan:vlc:0.8.6b:*:*:*:*:*:*:*",
"matchCriteriaId": "26981B0C-6A7E-40BA-8F50-0C19870258FE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:videolan:vlc:0.8.6c:*:*:*:*:*:*:*",
"matchCriteriaId": "89FAFEE4-35FE-44BE-90DD-1E067A1A2AAA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:videolan:vlc:0.8.6d:*:*:*:*:*:*:*",
"matchCriteriaId": "686E1C6D-CDE6-4615-B983-3BCDDDE921AD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:videolan:vlc:0.8.6e:*:*:*:*:*:*:*",
"matchCriteriaId": "6545867A-07ED-4E16-AED0-566C5CCD46FE",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Untrusted search path vulnerability in VideoLAN VLC before 0.9.0 allows local users to execute arbitrary code via a malicious library under the modules/ or plugins/ subdirectories of the current working directory."
},
{
"lang": "es",
"value": "Vulnerabilidad de b\u00fasqueda en ruta no confiable en VideoLAN VLC anterior a 0.9.0 permite a usuarios locales ejecutar c\u00f3digo de su elecci\u00f3n a trav\u00e9s de una librer\u00eda bajo los subdirectorios modules/ o plugins/ del directorio actual."
}
],
"id": "CVE-2008-2147",
"lastModified": "2025-04-09T00:30:58.490",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "LOCAL",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 4.6,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:L/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 3.9,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": true,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2008-05-12T20:20:00.000",
"references": [
{
"source": "cve@mitre.org",
"url": "http://git.videolan.org/?p=vlc.git%3Ba=commit%3Bh=c7cef4fdd8dd72ce0a45be3cda8ba98df5e83181"
},
{
"source": "cve@mitre.org",
"url": "http://secunia.com/advisories/31317"
},
{
"source": "cve@mitre.org",
"url": "http://security.gentoo.org/glsa/glsa-200807-13.xml"
},
{
"source": "cve@mitre.org",
"url": "http://trac.videolan.org/vlc/ticket/1578"
},
{
"source": "cve@mitre.org",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/42377"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://git.videolan.org/?p=vlc.git%3Ba=commit%3Bh=c7cef4fdd8dd72ce0a45be3cda8ba98df5e83181"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://secunia.com/advisories/31317"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://security.gentoo.org/glsa/glsa-200807-13.xml"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://trac.videolan.org/vlc/ticket/1578"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/42377"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-264"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2008-03-25 00:44
Modified
2025-04-09 00:30
Severity ?
Summary
Integer overflow in the MP4_ReadBox_rdrf function in libmp4.c for VLC 0.8.6e allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a crafted MP4 RDRF box that triggers a heap-based buffer overflow, a different vulnerability than CVE-2008-0984.
References
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:videolan:vlc:0.8.6e:*:*:*:*:*:*:*",
"matchCriteriaId": "6545867A-07ED-4E16-AED0-566C5CCD46FE",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Integer overflow in the MP4_ReadBox_rdrf function in libmp4.c for VLC 0.8.6e allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a crafted MP4 RDRF box that triggers a heap-based buffer overflow, a different vulnerability than CVE-2008-0984."
},
{
"lang": "es",
"value": "Desbordamiento de entero en la funci\u00f3n MP4_ReadBox_rdrf de libmp4.c para VLC 0.8.6e permite a atacantes remotos provocar una denegaci\u00f3n de servicio (ca\u00edda) y posiblemente ejecutar c\u00f3digo de su elecci\u00f3n a trav\u00e9s de una MP4 RDRF box manipulada que dispara un desbordamiento de b\u00fafer basado en mont\u00edculo, una vulnerabilidad distinta a CVE-2008-0984."
}
],
"id": "CVE-2008-1489",
"lastModified": "2025-04-09T00:30:58.490",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 6.8,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": true,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
]
},
"published": "2008-03-25T00:44:00.000",
"references": [
{
"source": "cve@mitre.org",
"url": "http://secunia.com/advisories/29503"
},
{
"source": "cve@mitre.org",
"url": "http://secunia.com/advisories/29766"
},
{
"source": "cve@mitre.org",
"url": "http://secunia.com/advisories/29800"
},
{
"source": "cve@mitre.org",
"url": "http://security.gentoo.org/glsa/glsa-200804-25.xml"
},
{
"source": "cve@mitre.org",
"tags": [
"Exploit"
],
"url": "http://trac.videolan.org/vlc/changeset/09572892df7e72c0d4e598c0b5e076cf330d8b0a"
},
{
"source": "cve@mitre.org",
"url": "http://wiki.videolan.org/Changelog/0.8.6f"
},
{
"source": "cve@mitre.org",
"url": "http://www.debian.org/security/2008/dsa-1543"
},
{
"source": "cve@mitre.org",
"url": "http://www.securityfocus.com/bid/28433"
},
{
"source": "cve@mitre.org",
"url": "http://www.videolan.org/security/sa0803.php"
},
{
"source": "cve@mitre.org",
"url": "http://www.vupen.com/english/advisories/2008/0985"
},
{
"source": "cve@mitre.org",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/41412"
},
{
"source": "cve@mitre.org",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A14841"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://secunia.com/advisories/29503"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://secunia.com/advisories/29766"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://secunia.com/advisories/29800"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://security.gentoo.org/glsa/glsa-200804-25.xml"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit"
],
"url": "http://trac.videolan.org/vlc/changeset/09572892df7e72c0d4e598c0b5e076cf330d8b0a"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://wiki.videolan.org/Changelog/0.8.6f"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.debian.org/security/2008/dsa-1543"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/bid/28433"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.videolan.org/security/sa0803.php"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.vupen.com/english/advisories/2008/0985"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/41412"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A14841"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-189"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2008-01-17 01:00
Modified
2025-04-09 00:30
Severity ?
Summary
Format string vulnerability in the httpd_FileCallBack function (network/httpd.c) in VideoLAN VLC 0.8.6d allows remote attackers to execute arbitrary code via format string specifiers in the Connection parameter.
References
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:videolan:vlc:*:*:*:*:*:*:*:*",
"matchCriteriaId": "51E219A8-7A7C-49A5-9978-A1470CEF3702",
"versionEndIncluding": "0.8.6d",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Format string vulnerability in the httpd_FileCallBack function (network/httpd.c) in VideoLAN VLC 0.8.6d allows remote attackers to execute arbitrary code via format string specifiers in the Connection parameter."
},
{
"lang": "es",
"value": "Vulnerabilidad de cadena de formato en la funci\u00f3n httpd_FileCallBack (network/httpd.c) de VideoLAN VLC 0.8.6d permite a atacantes remotos ejecutar c\u00f3digo de su elecci\u00f3n mediante especificadores de cadenas de formato en el par\u00e1metro Connection."
}
],
"id": "CVE-2007-6682",
"lastModified": "2025-04-09T00:30:58.490",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2008-01-17T01:00:00.000",
"references": [
{
"source": "cve@mitre.org",
"url": "http://aluigi.altervista.org/adv/vlcboffs-adv.txt"
},
{
"source": "cve@mitre.org",
"url": "http://osvdb.org/42208"
},
{
"source": "cve@mitre.org",
"url": "http://secunia.com/advisories/28233"
},
{
"source": "cve@mitre.org",
"url": "http://secunia.com/advisories/29284"
},
{
"source": "cve@mitre.org",
"url": "http://secunia.com/advisories/29766"
},
{
"source": "cve@mitre.org",
"url": "http://securityreason.com/securityalert/3550"
},
{
"source": "cve@mitre.org",
"url": "http://trac.videolan.org/vlc/changeset/23839"
},
{
"source": "cve@mitre.org",
"url": "http://www.debian.org/security/2008/dsa-1543"
},
{
"source": "cve@mitre.org",
"url": "http://www.gentoo.org/security/en/glsa/glsa-200803-13.xml"
},
{
"source": "cve@mitre.org",
"tags": [
"Exploit"
],
"url": "http://www.securityfocus.com/archive/1/485488/30/0/threaded"
},
{
"source": "cve@mitre.org",
"url": "http://www.securityfocus.com/bid/27015"
},
{
"source": "cve@mitre.org",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A14790"
},
{
"source": "cve@mitre.org",
"url": "https://www.exploit-db.com/exploits/5519"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://aluigi.altervista.org/adv/vlcboffs-adv.txt"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://osvdb.org/42208"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://secunia.com/advisories/28233"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://secunia.com/advisories/29284"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://secunia.com/advisories/29766"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://securityreason.com/securityalert/3550"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://trac.videolan.org/vlc/changeset/23839"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.debian.org/security/2008/dsa-1543"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.gentoo.org/security/en/glsa/glsa-200803-13.xml"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit"
],
"url": "http://www.securityfocus.com/archive/1/485488/30/0/threaded"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/bid/27015"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A14790"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://www.exploit-db.com/exploits/5519"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-Other"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2008-01-17 01:00
Modified
2025-04-09 00:30
Severity ?
Summary
Stack-based buffer overflow in modules/demux/subtitle.c in VideoLAN VLC 0.8.6d allows remote attackers to execute arbitrary code via a long subtitle in a (1) MicroDvd, (2) SSA, and (3) Vplayer file.
References
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:videolan:vlc:*:*:*:*:*:*:*:*",
"matchCriteriaId": "51E219A8-7A7C-49A5-9978-A1470CEF3702",
"versionEndIncluding": "0.8.6d",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Stack-based buffer overflow in modules/demux/subtitle.c in VideoLAN VLC 0.8.6d allows remote attackers to execute arbitrary code via a long subtitle in a (1) MicroDvd, (2) SSA, and (3) Vplayer file."
},
{
"lang": "es",
"value": "Desbordamiento de b\u00fafer basado en pila en modules/demux/subtitle.c de VideoLAN VLC 0.8.6d permite a atacantes remotos ejecutar c\u00f3digo de su elecci\u00f3n mediante un subt\u00edtulo largo en un fichero (1) MicroDvd, (2) SSA, y (3) Vplayer."
}
],
"id": "CVE-2007-6681",
"lastModified": "2025-04-09T00:30:58.490",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2008-01-17T01:00:00.000",
"references": [
{
"source": "cve@mitre.org",
"url": "http://aluigi.altervista.org/adv/vlcboffs-adv.txt"
},
{
"source": "cve@mitre.org",
"url": "http://mailman.videolan.org/pipermail/vlc-devel/2007-June/032672.html"
},
{
"source": "cve@mitre.org",
"url": "http://mailman.videolan.org/pipermail/vlc-devel/2007-June/033394.html"
},
{
"source": "cve@mitre.org",
"url": "http://osvdb.org/42207"
},
{
"source": "cve@mitre.org",
"url": "http://secunia.com/advisories/28233"
},
{
"source": "cve@mitre.org",
"url": "http://secunia.com/advisories/29284"
},
{
"source": "cve@mitre.org",
"url": "http://secunia.com/advisories/29766"
},
{
"source": "cve@mitre.org",
"url": "http://secunia.com/advisories/29800"
},
{
"source": "cve@mitre.org",
"url": "http://security.gentoo.org/glsa/glsa-200804-25.xml"
},
{
"source": "cve@mitre.org",
"url": "http://securityreason.com/securityalert/3550"
},
{
"source": "cve@mitre.org",
"url": "http://wiki.videolan.org/Changelog/0.8.6f"
},
{
"source": "cve@mitre.org",
"url": "http://www.debian.org/security/2008/dsa-1543"
},
{
"source": "cve@mitre.org",
"url": "http://www.gentoo.org/security/en/glsa/glsa-200803-13.xml"
},
{
"source": "cve@mitre.org",
"url": "http://www.securityfocus.com/archive/1/485488/30/0/threaded"
},
{
"source": "cve@mitre.org",
"url": "http://www.securityfocus.com/bid/27015"
},
{
"source": "cve@mitre.org",
"url": "http://www.videolan.org/security/sa0801.php"
},
{
"source": "cve@mitre.org",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A14334"
},
{
"source": "cve@mitre.org",
"url": "https://www.exploit-db.com/exploits/5667"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://aluigi.altervista.org/adv/vlcboffs-adv.txt"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://mailman.videolan.org/pipermail/vlc-devel/2007-June/032672.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://mailman.videolan.org/pipermail/vlc-devel/2007-June/033394.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://osvdb.org/42207"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://secunia.com/advisories/28233"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://secunia.com/advisories/29284"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://secunia.com/advisories/29766"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://secunia.com/advisories/29800"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://security.gentoo.org/glsa/glsa-200804-25.xml"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://securityreason.com/securityalert/3550"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://wiki.videolan.org/Changelog/0.8.6f"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.debian.org/security/2008/dsa-1543"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.gentoo.org/security/en/glsa/glsa-200803-13.xml"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/archive/1/485488/30/0/threaded"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/bid/27015"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.videolan.org/security/sa0801.php"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A14334"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://www.exploit-db.com/exploits/5667"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-119"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2017-03-28 15:59
Modified
2025-04-20 01:37
Severity ?
Summary
VideoLAN VLC media player before 2.1.5 allows remote attackers to execute arbitrary code or cause a denial of service.
References
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:videolan:vlc:*:*:*:*:*:*:*:*",
"matchCriteriaId": "F659207F-B405-40C2-8508-E32CBD916E0D",
"versionEndIncluding": "2.1.4",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "VideoLAN VLC media player before 2.1.5 allows remote attackers to execute arbitrary code or cause a denial of service."
},
{
"lang": "es",
"value": "VideoLAN VLC media player en versiones anteriores a 2.1.5 permite a atacantes remotos ejecutar c\u00f3digo arbitrario o provocar una denegaci\u00f3n de servicio."
}
],
"id": "CVE-2014-6440",
"lastModified": "2025-04-20T01:37:25.860",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": true,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
},
"exploitabilityScore": 3.9,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2017-03-28T15:59:00.160",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Patch",
"Technical Description",
"Third Party Advisory"
],
"url": "http://billblough.net/blog/2015/03/04/cve-2014-6440-heap-overflow-in-vlc-transcode-module/"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch",
"Third Party Advisory",
"VDB Entry"
],
"url": "http://seclists.org/oss-sec/2015/q1/751"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securityfocus.com/bid/72950"
},
{
"source": "cve@mitre.org",
"tags": [
"Release Notes",
"Vendor Advisory"
],
"url": "http://www.videolan.org/developers/vlc-branch/NEWS"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "https://security.gentoo.org/glsa/201603-08"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Patch",
"Technical Description",
"Third Party Advisory"
],
"url": "http://billblough.net/blog/2015/03/04/cve-2014-6440-heap-overflow-in-vlc-transcode-module/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Third Party Advisory",
"VDB Entry"
],
"url": "http://seclists.org/oss-sec/2015/q1/751"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securityfocus.com/bid/72950"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Release Notes",
"Vendor Advisory"
],
"url": "http://www.videolan.org/developers/vlc-branch/NEWS"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "https://security.gentoo.org/glsa/201603-08"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-119"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2008-04-25 06:05
Modified
2025-04-09 00:30
Severity ?
Summary
VLC before 0.8.6f allow remote attackers to cause a denial of service (crash) via a crafted Cinepak file that triggers an out-of-bounds array access and memory corruption.
References
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:videolan:vlc:0.1.99:*:*:*:*:*:*:*",
"matchCriteriaId": "929E49D1-B8F6-4A25-A93F-D8211520ED61",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:videolan:vlc:0.1.99a:*:*:*:*:*:*:*",
"matchCriteriaId": "B61BB1FD-6D2A-42EA-9824-9A8FD728B4CE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:videolan:vlc:0.1.99b:*:*:*:*:*:*:*",
"matchCriteriaId": "76DDF802-26C2-437E-BB01-F01209FFE0BB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:videolan:vlc:0.1.99c:*:*:*:*:*:*:*",
"matchCriteriaId": "546BAE28-5B2A-4856-8B2A-316D9AD2F5A8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:videolan:vlc:0.1.99d:*:*:*:*:*:*:*",
"matchCriteriaId": "56926B35-987F-4C12-9FBC-61BF7CEE1541",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:videolan:vlc:0.1.99e:*:*:*:*:*:*:*",
"matchCriteriaId": "2D8FAE03-C528-4BAD-823E-EEEC4368113D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:videolan:vlc:0.1.99f:*:*:*:*:*:*:*",
"matchCriteriaId": "1C5B604B-5A7A-450A-8252-60FDCB114283",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:videolan:vlc:0.1.99g:*:*:*:*:*:*:*",
"matchCriteriaId": "78FCD5D6-A4A9-48CD-BD0E-296FD1032907",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:videolan:vlc:0.1.99h:*:*:*:*:*:*:*",
"matchCriteriaId": "5624A925-C0D8-4E85-9B32-085BB9059FFE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:videolan:vlc:0.1.99i:*:*:*:*:*:*:*",
"matchCriteriaId": "28E35B1D-3191-4E18-B265-ACA736A87645",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:videolan:vlc:0.2.0:*:*:*:*:*:*:*",
"matchCriteriaId": "60FCBA5D-568F-424B-BFB1-1BA41DB0D6B6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:videolan:vlc:0.2.50:*:*:*:*:*:*:*",
"matchCriteriaId": "656BBC4D-8569-4A91-87DF-93D053BEEC57",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:videolan:vlc:0.2.60:*:*:*:*:*:*:*",
"matchCriteriaId": "0C9C7B19-59F4-43FB-8122-AAD36ABDF807",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:videolan:vlc:0.2.61:*:*:*:*:*:*:*",
"matchCriteriaId": "6E2DB4C0-CCEE-40D6-B227-E00A002D755B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:videolan:vlc:0.2.62:*:*:*:*:*:*:*",
"matchCriteriaId": "01BE9872-10B5-466E-BEE4-69B6451076C9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:videolan:vlc:0.2.63:*:*:*:*:*:*:*",
"matchCriteriaId": "C6125D6E-6416-49E8-8770-5C0590F3FA0A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:videolan:vlc:0.2.70:*:*:*:*:*:*:*",
"matchCriteriaId": "27122F7C-1D19-41D8-B323-A6941D0DE193",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:videolan:vlc:0.2.71:*:*:*:*:*:*:*",
"matchCriteriaId": "6068DB81-542B-43F0-9B42-CEA7689F61D8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:videolan:vlc:0.2.72:*:*:*:*:*:*:*",
"matchCriteriaId": "A009555D-CC59-4C6A-B350-E7F4730F5B7B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:videolan:vlc:0.2.73:*:*:*:*:*:*:*",
"matchCriteriaId": "3299D365-015F-4A95-80C3-977853E70E1D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:videolan:vlc:0.2.80:*:*:*:*:*:*:*",
"matchCriteriaId": "47EC751E-FB47-4263-B9ED-FBBAAEA677F7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:videolan:vlc:0.2.81:*:*:*:*:*:*:*",
"matchCriteriaId": "5BA7C125-989A-4727-9E59-44ACC1750E6B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:videolan:vlc:0.2.82:*:*:*:*:*:*:*",
"matchCriteriaId": "BC105DEB-DE1F-4183-8A4A-F7E58FBB82C6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:videolan:vlc:0.2.83:*:*:*:*:*:*:*",
"matchCriteriaId": "521F12A2-7785-48C9-BB11-E91CEF61584F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:videolan:vlc:0.2.90:*:*:*:*:*:*:*",
"matchCriteriaId": "25A412BA-A195-4893-B5F8-EE6FC9A53326",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:videolan:vlc:0.2.91:*:*:*:*:*:*:*",
"matchCriteriaId": "A6ADA95A-A8B2-4E3E-A3E4-AEA03B14C339",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:videolan:vlc:0.2.92:*:*:*:*:*:*:*",
"matchCriteriaId": "F7823310-E6C2-42D6-A0CC-8D2A0CA5EB6E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:videolan:vlc:0.3.0:*:*:*:*:*:*:*",
"matchCriteriaId": "EBE2DF23-1CF5-4371-82EF-7072B0FCC226",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:videolan:vlc:0.3.1:*:*:*:*:*:*:*",
"matchCriteriaId": "2F706E26-E58D-4B5C-98AC-A386BF7ABC24",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:videolan:vlc:0.4.0:*:*:*:*:*:*:*",
"matchCriteriaId": "E19F3E58-0D65-45AF-8024-E3A7CFD05142",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:videolan:vlc:0.4.1:*:*:*:*:*:*:*",
"matchCriteriaId": "4B24956D-A924-40BC-A340-3BE9DD3CCBA3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:videolan:vlc:0.4.2:*:*:*:*:*:*:*",
"matchCriteriaId": "F94AC83A-6790-4E26-A4B8-E2B4394CB3FA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:videolan:vlc:0.4.3:*:*:*:*:*:*:*",
"matchCriteriaId": "DD6F543A-8520-4F13-9C03-9520A6B92944",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:videolan:vlc:0.4.3_ac3:*:*:*:*:*:*:*",
"matchCriteriaId": "F3991F10-CFC4-4979-B5D4-F9EFB9992683",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:videolan:vlc:0.4.4:*:*:*:*:*:*:*",
"matchCriteriaId": "01FC4A5C-5A0A-40CF-891B-97443CC4A367",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:videolan:vlc:0.4.5:*:*:*:*:*:*:*",
"matchCriteriaId": "6656C05D-4A4B-47DE-9844-308FD98CFF04",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:videolan:vlc:0.4.6:*:*:*:*:*:*:*",
"matchCriteriaId": "8CBF1B20-1478-472C-B9A1-974A7A5333C6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:videolan:vlc:0.5.0:*:*:*:*:*:*:*",
"matchCriteriaId": "C29EDDF9-DE90-4AA7-8454-D42B4C37ECF0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:videolan:vlc:0.5.1:*:*:*:*:*:*:*",
"matchCriteriaId": "02AF1C9A-FD6F-4CA4-8275-8B7655F861F2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:videolan:vlc:0.5.2:*:*:*:*:*:*:*",
"matchCriteriaId": "5B56B15F-7504-4D55-8C31-1C28F1A8129D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:videolan:vlc:0.5.3:*:*:*:*:*:*:*",
"matchCriteriaId": "6C6BB497-20F6-4CCB-A24E-7228BE68CA5B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:videolan:vlc:0.6.0:*:*:*:*:*:*:*",
"matchCriteriaId": "0D2855B3-D0ED-4C8E-95A0-151E88F95057",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:videolan:vlc:0.6.1:*:*:*:*:*:*:*",
"matchCriteriaId": "56B90DCE-2EA9-49AA-9F63-0515C751E821",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:videolan:vlc:0.6.2:*:*:*:*:*:*:*",
"matchCriteriaId": "34C4F8C4-EEA4-4369-BBC8-C726059C8852",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:videolan:vlc:0.7.0:*:*:*:*:*:*:*",
"matchCriteriaId": "C2821324-7A44-40CD-95B8-F4B5B09E6D69",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:videolan:vlc:0.7.1:*:*:*:*:*:*:*",
"matchCriteriaId": "4A98AC34-2FAB-4CAE-9D14-B4E11CC2AFB3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:videolan:vlc:0.7.2:*:*:*:*:*:*:*",
"matchCriteriaId": "347E213C-83AF-4F98-8096-2113E00C1BC4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:videolan:vlc:0.8.0:*:*:*:*:*:*:*",
"matchCriteriaId": "6A26753D-44F2-49F6-8486-1DD61297C037",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:videolan:vlc:0.8.1:*:*:*:*:*:*:*",
"matchCriteriaId": "67C2B1C1-1606-411D-A9CA-D1A654FD4133",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:videolan:vlc:0.8.2:*:*:*:*:*:*:*",
"matchCriteriaId": "28BBBBAF-71F7-4F47-ADE6-FF7B590832E1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:videolan:vlc:0.8.4:*:*:*:*:*:*:*",
"matchCriteriaId": "5AC67A7B-21E0-45DA-A70F-EE97079140A7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:videolan:vlc:0.8.4a:*:*:*:*:*:*:*",
"matchCriteriaId": "1062EB82-2A6C-4770-A339-21686FF9E923",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:videolan:vlc:0.8.5:*:*:*:*:*:*:*",
"matchCriteriaId": "FEA7ECBE-1CAE-47C5-ACC1-F7BBA3946CCA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:videolan:vlc:0.8.6:*:*:*:*:*:*:*",
"matchCriteriaId": "50A23534-3DF7-422A-B997-1FB16D8564C9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:videolan:vlc:0.8.6a:*:*:*:*:*:*:*",
"matchCriteriaId": "9E85F765-D2DF-41C0-A90F-732861CA32F3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:videolan:vlc:0.8.6b:*:*:*:*:*:*:*",
"matchCriteriaId": "26981B0C-6A7E-40BA-8F50-0C19870258FE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:videolan:vlc:0.8.6c:*:*:*:*:*:*:*",
"matchCriteriaId": "89FAFEE4-35FE-44BE-90DD-1E067A1A2AAA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:videolan:vlc:0.8.6d:*:*:*:*:*:*:*",
"matchCriteriaId": "686E1C6D-CDE6-4615-B983-3BCDDDE921AD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:videolan:vlc:0.8.6e:*:*:*:*:*:*:*",
"matchCriteriaId": "6545867A-07ED-4E16-AED0-566C5CCD46FE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:videolan:vlc:0.8.1337:*:*:*:*:*:*:*",
"matchCriteriaId": "053BE4FF-4699-42E8-B480-DA2224EC2BDE",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "VLC before 0.8.6f allow remote attackers to cause a denial of service (crash) via a crafted Cinepak file that triggers an out-of-bounds array access and memory corruption."
},
{
"lang": "es",
"value": "VLC versions anteriores a la 0.8.6f, permite a atacantes remotos provocar una denegaci\u00f3n de servicio (ca\u00edda) a trav\u00e9s de un Cinepak manipulado que dispara un acceso a array fuera de l\u00edmite y una corrupci\u00f3n de memoria."
}
],
"id": "CVE-2008-1769",
"lastModified": "2025-04-09T00:30:58.490",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 6.8,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
]
},
"published": "2008-04-25T06:05:00.000",
"references": [
{
"source": "cve@mitre.org",
"url": "http://bugs.gentoo.org/show_bug.cgi?id=214627#c3"
},
{
"source": "cve@mitre.org",
"url": "http://git.videolan.org/gitweb.cgi/vlc.git/?a=commit%3Bh=cf489d7bff3c1b36b2d5501ecf21129c78104d98"
},
{
"source": "cve@mitre.org",
"url": "http://secunia.com/advisories/29503"
},
{
"source": "cve@mitre.org",
"url": "http://secunia.com/advisories/29800"
},
{
"source": "cve@mitre.org",
"url": "http://security.gentoo.org/glsa/glsa-200804-25.xml"
},
{
"source": "cve@mitre.org",
"url": "http://wiki.videolan.org/Changelog/0.8.6f"
},
{
"source": "cve@mitre.org",
"url": "http://www.securityfocus.com/bid/28904"
},
{
"source": "cve@mitre.org",
"url": "http://www.videolan.org/developers/vlc/NEWS"
},
{
"source": "cve@mitre.org",
"url": "http://www.videolan.org/security/sa0803.php"
},
{
"source": "cve@mitre.org",
"url": "http://www.vupen.com/english/advisories/2008/0985"
},
{
"source": "cve@mitre.org",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A14445"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://bugs.gentoo.org/show_bug.cgi?id=214627#c3"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://git.videolan.org/gitweb.cgi/vlc.git/?a=commit%3Bh=cf489d7bff3c1b36b2d5501ecf21129c78104d98"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://secunia.com/advisories/29503"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://secunia.com/advisories/29800"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://security.gentoo.org/glsa/glsa-200804-25.xml"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://wiki.videolan.org/Changelog/0.8.6f"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/bid/28904"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.videolan.org/developers/vlc/NEWS"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.videolan.org/security/sa0803.php"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.vupen.com/english/advisories/2008/0985"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A14445"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-399"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2008-04-17 23:05
Modified
2025-04-09 00:30
Severity ?
Summary
Stack-based buffer overflow in the ParseSSA function (modules/demux/subtitle.c) in VLC 0.8.6e allows remote attackers to execute arbitrary code via a long subtitle in an SSA file. NOTE: this issue is due to an incomplete fix for CVE-2007-6681.
References
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:videolan:vlc:0.8.6e:*:*:*:*:*:*:*",
"matchCriteriaId": "6545867A-07ED-4E16-AED0-566C5CCD46FE",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Stack-based buffer overflow in the ParseSSA function (modules/demux/subtitle.c) in VLC 0.8.6e allows remote attackers to execute arbitrary code via a long subtitle in an SSA file. NOTE: this issue is due to an incomplete fix for CVE-2007-6681."
},
{
"lang": "es",
"value": "Desbordamiento de b\u00fafer basado en pila en la funci\u00f3n ParseSSA (modules/demux/subtitle.c) en VLC 0.8.6e permite a atacantes remotos ejecutar c\u00f3digo de su elecci\u00f3n mediante un subtitulo largeo en un archivo SSA. NOTA: este problema es debido a una correcci\u00f3n incompleta para CVE-2007-6681."
}
],
"id": "CVE-2008-1881",
"lastModified": "2025-04-09T00:30:58.490",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 6.8,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": true,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2008-04-17T23:05:00.000",
"references": [
{
"source": "cve@mitre.org",
"url": "http://aluigi.altervista.org/adv/vlcboffs-adv.txt"
},
{
"source": "cve@mitre.org",
"url": "http://aluigi.org/adv/vlcboffs-adv.txt"
},
{
"source": "cve@mitre.org",
"url": "http://secunia.com/advisories/28233"
},
{
"source": "cve@mitre.org",
"url": "http://secunia.com/advisories/29800"
},
{
"source": "cve@mitre.org",
"url": "http://security.gentoo.org/glsa/glsa-200804-25.xml"
},
{
"source": "cve@mitre.org",
"url": "http://wiki.videolan.org/Changelog/0.8.6f"
},
{
"source": "cve@mitre.org",
"url": "http://www.securityfocus.com/archive/1/489698"
},
{
"source": "cve@mitre.org",
"url": "http://www.securityfocus.com/bid/28251"
},
{
"source": "cve@mitre.org",
"url": "http://www.securityfocus.com/bid/28274"
},
{
"source": "cve@mitre.org",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/41237"
},
{
"source": "cve@mitre.org",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/41936"
},
{
"source": "cve@mitre.org",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A14872"
},
{
"source": "cve@mitre.org",
"url": "https://www.exploit-db.com/exploits/5250"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://aluigi.altervista.org/adv/vlcboffs-adv.txt"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://aluigi.org/adv/vlcboffs-adv.txt"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://secunia.com/advisories/28233"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://secunia.com/advisories/29800"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://security.gentoo.org/glsa/glsa-200804-25.xml"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://wiki.videolan.org/Changelog/0.8.6f"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/archive/1/489698"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/bid/28251"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/bid/28274"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/41237"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/41936"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A14872"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://www.exploit-db.com/exploits/5250"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-119"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
CVE-2014-6440 (GCVE-0-2014-6440)
Vulnerability from cvelistv5
Published
2017-03-28 15:00
Modified
2024-08-06 12:17
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
VideoLAN VLC media player before 2.1.5 allows remote attackers to execute arbitrary code or cause a denial of service.
References
| ► | URL | Tags | |||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T12:17:23.884Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://www.videolan.org/developers/vlc-branch/NEWS"
},
{
"name": "72950",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/72950"
},
{
"name": "GLSA-201603-08",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO",
"x_transferred"
],
"url": "https://security.gentoo.org/glsa/201603-08"
},
{
"name": "[oss-security] 20150304 CVE-2014-6440: Heap Overflow in VLC Transcode Module",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://seclists.org/oss-sec/2015/q1/751"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://billblough.net/blog/2015/03/04/cve-2014-6440-heap-overflow-in-vlc-transcode-module/"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2016-03-04T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "VideoLAN VLC media player before 2.1.5 allows remote attackers to execute arbitrary code or cause a denial of service."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-03-28T14:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "http://www.videolan.org/developers/vlc-branch/NEWS"
},
{
"name": "72950",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/72950"
},
{
"name": "GLSA-201603-08",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO"
],
"url": "https://security.gentoo.org/glsa/201603-08"
},
{
"name": "[oss-security] 20150304 CVE-2014-6440: Heap Overflow in VLC Transcode Module",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://seclists.org/oss-sec/2015/q1/751"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://billblough.net/blog/2015/03/04/cve-2014-6440-heap-overflow-in-vlc-transcode-module/"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2014-6440",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "VideoLAN VLC media player before 2.1.5 allows remote attackers to execute arbitrary code or cause a denial of service."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://www.videolan.org/developers/vlc-branch/NEWS",
"refsource": "MISC",
"url": "http://www.videolan.org/developers/vlc-branch/NEWS"
},
{
"name": "72950",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/72950"
},
{
"name": "GLSA-201603-08",
"refsource": "GENTOO",
"url": "https://security.gentoo.org/glsa/201603-08"
},
{
"name": "[oss-security] 20150304 CVE-2014-6440: Heap Overflow in VLC Transcode Module",
"refsource": "MLIST",
"url": "http://seclists.org/oss-sec/2015/q1/751"
},
{
"name": "http://billblough.net/blog/2015/03/04/cve-2014-6440-heap-overflow-in-vlc-transcode-module/",
"refsource": "MISC",
"url": "http://billblough.net/blog/2015/03/04/cve-2014-6440-heap-overflow-in-vlc-transcode-module/"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2014-6440",
"datePublished": "2017-03-28T15:00:00",
"dateReserved": "2014-09-16T00:00:00",
"dateUpdated": "2024-08-06T12:17:23.884Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2017-8311 (GCVE-0-2017-8311)
Vulnerability from cvelistv5
Published
2017-05-23 21:00
Modified
2024-08-05 16:34
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- Allows attacker to execute arbitrary code.
Summary
Potential heap based buffer overflow in ParseJSS in VideoLAN VLC before 2.2.5 due to skipping NULL terminator in an input string allows attackers to execute arbitrary code via a crafted subtitles file.
References
| ► | URL | Tags | |||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T16:34:22.584Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "GLSA-201707-10",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO",
"x_transferred"
],
"url": "https://security.gentoo.org/glsa/201707-10"
},
{
"name": "44514",
"tags": [
"exploit",
"x_refsource_EXPLOIT-DB",
"x_transferred"
],
"url": "https://www.exploit-db.com/exploits/44514/"
},
{
"name": "98634",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/98634"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://git.videolan.org/?p=vlc.git%3Ba=commitdiff%3Bh=775de716add17322f24b476439f903a829446eb6"
},
{
"name": "DSA-3899",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN",
"x_transferred"
],
"url": "http://www.debian.org/security/2017/dsa-3899"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "VLC",
"vendor": "VideoLAN",
"versions": [
{
"status": "affected",
"version": "\u003c2.2.5"
}
]
}
],
"datePublic": "2017-04-06T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Potential heap based buffer overflow in ParseJSS in VideoLAN VLC before 2.2.5 due to skipping NULL terminator in an input string allows attackers to execute arbitrary code via a crafted subtitles file."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Allows attacker to execute arbitrary code.",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-04-26T09:57:01",
"orgId": "897c38be-0345-43cd-b6cf-fe179e0c4f45",
"shortName": "checkpoint"
},
"references": [
{
"name": "GLSA-201707-10",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO"
],
"url": "https://security.gentoo.org/glsa/201707-10"
},
{
"name": "44514",
"tags": [
"exploit",
"x_refsource_EXPLOIT-DB"
],
"url": "https://www.exploit-db.com/exploits/44514/"
},
{
"name": "98634",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/98634"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://git.videolan.org/?p=vlc.git%3Ba=commitdiff%3Bh=775de716add17322f24b476439f903a829446eb6"
},
{
"name": "DSA-3899",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN"
],
"url": "http://www.debian.org/security/2017/dsa-3899"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@checkpoint.com",
"ID": "CVE-2017-8311",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "VLC",
"version": {
"version_data": [
{
"version_value": "\u003c2.2.5"
}
]
}
}
]
},
"vendor_name": "VideoLAN"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Potential heap based buffer overflow in ParseJSS in VideoLAN VLC before 2.2.5 due to skipping NULL terminator in an input string allows attackers to execute arbitrary code via a crafted subtitles file."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Allows attacker to execute arbitrary code."
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "GLSA-201707-10",
"refsource": "GENTOO",
"url": "https://security.gentoo.org/glsa/201707-10"
},
{
"name": "44514",
"refsource": "EXPLOIT-DB",
"url": "https://www.exploit-db.com/exploits/44514/"
},
{
"name": "98634",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/98634"
},
{
"name": "http://git.videolan.org/?p=vlc.git;a=commitdiff;h=775de716add17322f24b476439f903a829446eb6",
"refsource": "CONFIRM",
"url": "http://git.videolan.org/?p=vlc.git;a=commitdiff;h=775de716add17322f24b476439f903a829446eb6"
},
{
"name": "DSA-3899",
"refsource": "DEBIAN",
"url": "http://www.debian.org/security/2017/dsa-3899"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "897c38be-0345-43cd-b6cf-fe179e0c4f45",
"assignerShortName": "checkpoint",
"cveId": "CVE-2017-8311",
"datePublished": "2017-05-23T21:00:00",
"dateReserved": "2017-04-28T00:00:00",
"dateUpdated": "2024-08-05T16:34:22.584Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2007-6683 (GCVE-0-2007-6683)
Vulnerability from cvelistv5
Published
2008-01-17 00:00
Modified
2024-08-07 16:18
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
The browser plugin in VideoLAN VLC 0.8.6d allows remote attackers to overwrite arbitrary files via (1) the :demuxdump-file option in a filename in a playlist, or (2) a EXTVLCOPT statement in an MP3 file, possibly an argument injection vulnerability.
References
| ► | URL | Tags | |||||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||||||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T16:18:20.281Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "28712",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/28712"
},
{
"name": "29284",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/29284"
},
{
"name": "42205",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://osvdb.org/42205"
},
{
"name": "DSA-1543",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN",
"x_transferred"
],
"url": "http://www.debian.org/security/2008/dsa-1543"
},
{
"name": "42206",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://osvdb.org/42206"
},
{
"name": "[vlc-devel] 20071226 Regarding \"obscure\" security problem",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://mailman.videolan.org/pipermail/vlc-devel/2007-December/037726.html"
},
{
"name": "oval:org.mitre.oval:def:14619",
"tags": [
"vdb-entry",
"signature",
"x_refsource_OVAL",
"x_transferred"
],
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A14619"
},
{
"name": "29766",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/29766"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://trac.videolan.org/vlc/ticket/1371"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://trac.videolan.org/vlc/changeset/23197"
},
{
"name": "GLSA-200803-13",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO",
"x_transferred"
],
"url": "http://www.gentoo.org/security/en/glsa/glsa-200803-13.xml"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2007-12-26T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "The browser plugin in VideoLAN VLC 0.8.6d allows remote attackers to overwrite arbitrary files via (1) the :demuxdump-file option in a filename in a playlist, or (2) a EXTVLCOPT statement in an MP3 file, possibly an argument injection vulnerability."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-09-28T12:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "28712",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/28712"
},
{
"name": "29284",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/29284"
},
{
"name": "42205",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://osvdb.org/42205"
},
{
"name": "DSA-1543",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN"
],
"url": "http://www.debian.org/security/2008/dsa-1543"
},
{
"name": "42206",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://osvdb.org/42206"
},
{
"name": "[vlc-devel] 20071226 Regarding \"obscure\" security problem",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://mailman.videolan.org/pipermail/vlc-devel/2007-December/037726.html"
},
{
"name": "oval:org.mitre.oval:def:14619",
"tags": [
"vdb-entry",
"signature",
"x_refsource_OVAL"
],
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A14619"
},
{
"name": "29766",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/29766"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://trac.videolan.org/vlc/ticket/1371"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://trac.videolan.org/vlc/changeset/23197"
},
{
"name": "GLSA-200803-13",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO"
],
"url": "http://www.gentoo.org/security/en/glsa/glsa-200803-13.xml"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2007-6683",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The browser plugin in VideoLAN VLC 0.8.6d allows remote attackers to overwrite arbitrary files via (1) the :demuxdump-file option in a filename in a playlist, or (2) a EXTVLCOPT statement in an MP3 file, possibly an argument injection vulnerability."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "28712",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/28712"
},
{
"name": "29284",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/29284"
},
{
"name": "42205",
"refsource": "OSVDB",
"url": "http://osvdb.org/42205"
},
{
"name": "DSA-1543",
"refsource": "DEBIAN",
"url": "http://www.debian.org/security/2008/dsa-1543"
},
{
"name": "42206",
"refsource": "OSVDB",
"url": "http://osvdb.org/42206"
},
{
"name": "[vlc-devel] 20071226 Regarding \"obscure\" security problem",
"refsource": "MLIST",
"url": "http://mailman.videolan.org/pipermail/vlc-devel/2007-December/037726.html"
},
{
"name": "oval:org.mitre.oval:def:14619",
"refsource": "OVAL",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A14619"
},
{
"name": "29766",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/29766"
},
{
"name": "https://trac.videolan.org/vlc/ticket/1371",
"refsource": "CONFIRM",
"url": "https://trac.videolan.org/vlc/ticket/1371"
},
{
"name": "https://trac.videolan.org/vlc/changeset/23197",
"refsource": "CONFIRM",
"url": "https://trac.videolan.org/vlc/changeset/23197"
},
{
"name": "GLSA-200803-13",
"refsource": "GENTOO",
"url": "http://www.gentoo.org/security/en/glsa/glsa-200803-13.xml"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2007-6683",
"datePublished": "2008-01-17T00:00:00",
"dateReserved": "2008-01-16T00:00:00",
"dateUpdated": "2024-08-07T16:18:20.281Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2008-1489 (GCVE-0-2008-1489)
Vulnerability from cvelistv5
Published
2008-03-25 00:00
Modified
2024-08-07 08:24
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
Integer overflow in the MP4_ReadBox_rdrf function in libmp4.c for VLC 0.8.6e allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a crafted MP4 RDRF box that triggers a heap-based buffer overflow, a different vulnerability than CVE-2008-0984.
References
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T08:24:42.183Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "DSA-1543",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN",
"x_transferred"
],
"url": "http://www.debian.org/security/2008/dsa-1543"
},
{
"name": "28433",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/28433"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://trac.videolan.org/vlc/changeset/09572892df7e72c0d4e598c0b5e076cf330d8b0a"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.videolan.org/security/sa0803.php"
},
{
"name": "GLSA-200804-25",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO",
"x_transferred"
],
"url": "http://security.gentoo.org/glsa/glsa-200804-25.xml"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://wiki.videolan.org/Changelog/0.8.6f"
},
{
"name": "29800",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/29800"
},
{
"name": "oval:org.mitre.oval:def:14841",
"tags": [
"vdb-entry",
"signature",
"x_refsource_OVAL",
"x_transferred"
],
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A14841"
},
{
"name": "29766",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/29766"
},
{
"name": "29503",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/29503"
},
{
"name": "ADV-2008-0985",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2008/0985"
},
{
"name": "vlcmediaplayer-mp4readbox-rdrf-bo(41412)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/41412"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2008-03-24T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Integer overflow in the MP4_ReadBox_rdrf function in libmp4.c for VLC 0.8.6e allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a crafted MP4 RDRF box that triggers a heap-based buffer overflow, a different vulnerability than CVE-2008-0984."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-09-28T12:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "DSA-1543",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN"
],
"url": "http://www.debian.org/security/2008/dsa-1543"
},
{
"name": "28433",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/28433"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://trac.videolan.org/vlc/changeset/09572892df7e72c0d4e598c0b5e076cf330d8b0a"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.videolan.org/security/sa0803.php"
},
{
"name": "GLSA-200804-25",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO"
],
"url": "http://security.gentoo.org/glsa/glsa-200804-25.xml"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://wiki.videolan.org/Changelog/0.8.6f"
},
{
"name": "29800",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/29800"
},
{
"name": "oval:org.mitre.oval:def:14841",
"tags": [
"vdb-entry",
"signature",
"x_refsource_OVAL"
],
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A14841"
},
{
"name": "29766",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/29766"
},
{
"name": "29503",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/29503"
},
{
"name": "ADV-2008-0985",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2008/0985"
},
{
"name": "vlcmediaplayer-mp4readbox-rdrf-bo(41412)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/41412"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2008-1489",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Integer overflow in the MP4_ReadBox_rdrf function in libmp4.c for VLC 0.8.6e allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a crafted MP4 RDRF box that triggers a heap-based buffer overflow, a different vulnerability than CVE-2008-0984."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "DSA-1543",
"refsource": "DEBIAN",
"url": "http://www.debian.org/security/2008/dsa-1543"
},
{
"name": "28433",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/28433"
},
{
"name": "http://trac.videolan.org/vlc/changeset/09572892df7e72c0d4e598c0b5e076cf330d8b0a",
"refsource": "CONFIRM",
"url": "http://trac.videolan.org/vlc/changeset/09572892df7e72c0d4e598c0b5e076cf330d8b0a"
},
{
"name": "http://www.videolan.org/security/sa0803.php",
"refsource": "CONFIRM",
"url": "http://www.videolan.org/security/sa0803.php"
},
{
"name": "GLSA-200804-25",
"refsource": "GENTOO",
"url": "http://security.gentoo.org/glsa/glsa-200804-25.xml"
},
{
"name": "http://wiki.videolan.org/Changelog/0.8.6f",
"refsource": "CONFIRM",
"url": "http://wiki.videolan.org/Changelog/0.8.6f"
},
{
"name": "29800",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/29800"
},
{
"name": "oval:org.mitre.oval:def:14841",
"refsource": "OVAL",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A14841"
},
{
"name": "29766",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/29766"
},
{
"name": "29503",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/29503"
},
{
"name": "ADV-2008-0985",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2008/0985"
},
{
"name": "vlcmediaplayer-mp4readbox-rdrf-bo(41412)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/41412"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2008-1489",
"datePublished": "2008-03-25T00:00:00",
"dateReserved": "2008-03-24T00:00:00",
"dateUpdated": "2024-08-07T08:24:42.183Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2017-8310 (GCVE-0-2017-8310)
Vulnerability from cvelistv5
Published
2017-05-23 21:00
Modified
2024-08-05 16:34
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- Allows attacker to read data beyond allocated memory and potentially crash the process (causing a denial of service)
Summary
Heap out-of-bound read in CreateHtmlSubtitle in VideoLAN VLC 2.2.x due to missing check of string termination allows attackers to read data beyond allocated memory and potentially crash the process (causing a denial of service) via a crafted subtitles file.
References
| ► | URL | Tags | ||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T16:34:21.655Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "GLSA-201707-10",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO",
"x_transferred"
],
"url": "https://security.gentoo.org/glsa/201707-10"
},
{
"name": "98638",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/98638"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://git.videolan.org/?p=vlc/vlc-2.2.git%3Ba=blobdiff%3Bf=modules/codec/subsdec.c%3Bh=addd8c71f30d53558fffd19059b374be45cf0f8e%3Bhp=1b4276e299a2a6668047231d29ac705ae93076ba%3Bhb=7cac839692ab79dbfe5e4ebd4c4e37d9a8b1b328%3Bhpb=3477dba3d506de8d95bccef2c6b67861188f6c29"
},
{
"name": "DSA-3899",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN",
"x_transferred"
],
"url": "http://www.debian.org/security/2017/dsa-3899"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "VLC",
"vendor": "VideoLAN",
"versions": [
{
"status": "affected",
"version": "2.2.*"
}
]
}
],
"datePublic": "2017-04-06T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Heap out-of-bound read in CreateHtmlSubtitle in VideoLAN VLC 2.2.x due to missing check of string termination allows attackers to read data beyond allocated memory and potentially crash the process (causing a denial of service) via a crafted subtitles file."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Allows attacker to read data beyond allocated memory and potentially crash the process (causing a denial of service)",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-11-03T18:57:01",
"orgId": "897c38be-0345-43cd-b6cf-fe179e0c4f45",
"shortName": "checkpoint"
},
"references": [
{
"name": "GLSA-201707-10",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO"
],
"url": "https://security.gentoo.org/glsa/201707-10"
},
{
"name": "98638",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/98638"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://git.videolan.org/?p=vlc/vlc-2.2.git%3Ba=blobdiff%3Bf=modules/codec/subsdec.c%3Bh=addd8c71f30d53558fffd19059b374be45cf0f8e%3Bhp=1b4276e299a2a6668047231d29ac705ae93076ba%3Bhb=7cac839692ab79dbfe5e4ebd4c4e37d9a8b1b328%3Bhpb=3477dba3d506de8d95bccef2c6b67861188f6c29"
},
{
"name": "DSA-3899",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN"
],
"url": "http://www.debian.org/security/2017/dsa-3899"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@checkpoint.com",
"ID": "CVE-2017-8310",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "VLC",
"version": {
"version_data": [
{
"version_value": "2.2.*"
}
]
}
}
]
},
"vendor_name": "VideoLAN"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Heap out-of-bound read in CreateHtmlSubtitle in VideoLAN VLC 2.2.x due to missing check of string termination allows attackers to read data beyond allocated memory and potentially crash the process (causing a denial of service) via a crafted subtitles file."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Allows attacker to read data beyond allocated memory and potentially crash the process (causing a denial of service)"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "GLSA-201707-10",
"refsource": "GENTOO",
"url": "https://security.gentoo.org/glsa/201707-10"
},
{
"name": "98638",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/98638"
},
{
"name": "http://git.videolan.org/?p=vlc/vlc-2.2.git;a=blobdiff;f=modules/codec/subsdec.c;h=addd8c71f30d53558fffd19059b374be45cf0f8e;hp=1b4276e299a2a6668047231d29ac705ae93076ba;hb=7cac839692ab79dbfe5e4ebd4c4e37d9a8b1b328;hpb=3477dba3d506de8d95bccef2c6b67861188f6c29",
"refsource": "CONFIRM",
"url": "http://git.videolan.org/?p=vlc/vlc-2.2.git;a=blobdiff;f=modules/codec/subsdec.c;h=addd8c71f30d53558fffd19059b374be45cf0f8e;hp=1b4276e299a2a6668047231d29ac705ae93076ba;hb=7cac839692ab79dbfe5e4ebd4c4e37d9a8b1b328;hpb=3477dba3d506de8d95bccef2c6b67861188f6c29"
},
{
"name": "DSA-3899",
"refsource": "DEBIAN",
"url": "http://www.debian.org/security/2017/dsa-3899"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "897c38be-0345-43cd-b6cf-fe179e0c4f45",
"assignerShortName": "checkpoint",
"cveId": "CVE-2017-8310",
"datePublished": "2017-05-23T21:00:00",
"dateReserved": "2017-04-28T00:00:00",
"dateUpdated": "2024-08-05T16:34:21.655Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2017-8312 (GCVE-0-2017-8312)
Vulnerability from cvelistv5
Published
2017-05-23 21:00
Modified
2024-08-05 16:34
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- Allows attacker to read heap uninitialized data (potentially beyond allocated data - depends on heap implementation).
Summary
Heap out-of-bound read in ParseJSS in VideoLAN VLC due to missing check of string length allows attackers to read heap uninitialized data via a crafted subtitles file.
References
| ► | URL | Tags | ||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T16:34:22.183Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "GLSA-201707-10",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO",
"x_transferred"
],
"url": "https://security.gentoo.org/glsa/201707-10"
},
{
"name": "98631",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/98631"
},
{
"name": "DSA-3899",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN",
"x_transferred"
],
"url": "http://www.debian.org/security/2017/dsa-3899"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://git.videolan.org/?p=vlc.git%3Ba=blobdiff%3Bf=modules/demux/subtitle.c%3Bh=5e4fcdb7f25b2819f5441156c7c0ea2a7d112ca3%3Bhp=2a75fbfb7c3f56b24b2e4498bbb8fe0aa2575974%3Bhb=611398fc8d32f3fe4331f60b220c52ba3557beaa%3Bhpb=075bc7169b05b004fa0250e4a4ce5516b05487a9"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "VLC",
"vendor": "VideoLAN",
"versions": [
{
"status": "affected",
"version": "All"
}
]
}
],
"datePublic": "2017-04-28T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Heap out-of-bound read in ParseJSS in VideoLAN VLC due to missing check of string length allows attackers to read heap uninitialized data via a crafted subtitles file."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Allows attacker to read heap uninitialized data (potentially beyond allocated data - depends on heap implementation).",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-11-03T18:57:01",
"orgId": "897c38be-0345-43cd-b6cf-fe179e0c4f45",
"shortName": "checkpoint"
},
"references": [
{
"name": "GLSA-201707-10",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO"
],
"url": "https://security.gentoo.org/glsa/201707-10"
},
{
"name": "98631",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/98631"
},
{
"name": "DSA-3899",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN"
],
"url": "http://www.debian.org/security/2017/dsa-3899"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://git.videolan.org/?p=vlc.git%3Ba=blobdiff%3Bf=modules/demux/subtitle.c%3Bh=5e4fcdb7f25b2819f5441156c7c0ea2a7d112ca3%3Bhp=2a75fbfb7c3f56b24b2e4498bbb8fe0aa2575974%3Bhb=611398fc8d32f3fe4331f60b220c52ba3557beaa%3Bhpb=075bc7169b05b004fa0250e4a4ce5516b05487a9"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@checkpoint.com",
"ID": "CVE-2017-8312",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "VLC",
"version": {
"version_data": [
{
"version_value": "All"
}
]
}
}
]
},
"vendor_name": "VideoLAN"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Heap out-of-bound read in ParseJSS in VideoLAN VLC due to missing check of string length allows attackers to read heap uninitialized data via a crafted subtitles file."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Allows attacker to read heap uninitialized data (potentially beyond allocated data - depends on heap implementation)."
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "GLSA-201707-10",
"refsource": "GENTOO",
"url": "https://security.gentoo.org/glsa/201707-10"
},
{
"name": "98631",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/98631"
},
{
"name": "DSA-3899",
"refsource": "DEBIAN",
"url": "http://www.debian.org/security/2017/dsa-3899"
},
{
"name": "http://git.videolan.org/?p=vlc.git;a=blobdiff;f=modules/demux/subtitle.c;h=5e4fcdb7f25b2819f5441156c7c0ea2a7d112ca3;hp=2a75fbfb7c3f56b24b2e4498bbb8fe0aa2575974;hb=611398fc8d32f3fe4331f60b220c52ba3557beaa;hpb=075bc7169b05b004fa0250e4a4ce5516b05487a9",
"refsource": "CONFIRM",
"url": "http://git.videolan.org/?p=vlc.git;a=blobdiff;f=modules/demux/subtitle.c;h=5e4fcdb7f25b2819f5441156c7c0ea2a7d112ca3;hp=2a75fbfb7c3f56b24b2e4498bbb8fe0aa2575974;hb=611398fc8d32f3fe4331f60b220c52ba3557beaa;hpb=075bc7169b05b004fa0250e4a4ce5516b05487a9"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "897c38be-0345-43cd-b6cf-fe179e0c4f45",
"assignerShortName": "checkpoint",
"cveId": "CVE-2017-8312",
"datePublished": "2017-05-23T21:00:00",
"dateReserved": "2017-04-28T00:00:00",
"dateUpdated": "2024-08-05T16:34:22.183Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2007-6684 (GCVE-0-2007-6684)
Vulnerability from cvelistv5
Published
2008-01-17 00:00
Modified
2024-08-07 16:18
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
The RTSP module in VideoLAN VLC 0.8.6d allows remote attackers to cause a denial of service (crash) via a request without a Transport parameter, which triggers a NULL pointer dereference.
References
| ► | URL | Tags | |||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T16:18:20.238Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "29284",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/29284"
},
{
"name": "oval:org.mitre.oval:def:14876",
"tags": [
"vdb-entry",
"signature",
"x_refsource_OVAL",
"x_transferred"
],
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A14876"
},
{
"name": "[vlc-devel] 20070915 vlc: svn commit r22023 (courmisch)",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://mailman.videolan.org/pipermail/vlc-devel/2007-September/034722.html"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://trac.videolan.org/vlc/changeset/22023"
},
{
"name": "GLSA-200803-13",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO",
"x_transferred"
],
"url": "http://www.gentoo.org/security/en/glsa/glsa-200803-13.xml"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2007-09-15T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "The RTSP module in VideoLAN VLC 0.8.6d allows remote attackers to cause a denial of service (crash) via a request without a Transport parameter, which triggers a NULL pointer dereference."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-09-28T12:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "29284",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/29284"
},
{
"name": "oval:org.mitre.oval:def:14876",
"tags": [
"vdb-entry",
"signature",
"x_refsource_OVAL"
],
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A14876"
},
{
"name": "[vlc-devel] 20070915 vlc: svn commit r22023 (courmisch)",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://mailman.videolan.org/pipermail/vlc-devel/2007-September/034722.html"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://trac.videolan.org/vlc/changeset/22023"
},
{
"name": "GLSA-200803-13",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO"
],
"url": "http://www.gentoo.org/security/en/glsa/glsa-200803-13.xml"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2007-6684",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The RTSP module in VideoLAN VLC 0.8.6d allows remote attackers to cause a denial of service (crash) via a request without a Transport parameter, which triggers a NULL pointer dereference."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "29284",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/29284"
},
{
"name": "oval:org.mitre.oval:def:14876",
"refsource": "OVAL",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A14876"
},
{
"name": "[vlc-devel] 20070915 vlc: svn commit r22023 (courmisch)",
"refsource": "MLIST",
"url": "http://mailman.videolan.org/pipermail/vlc-devel/2007-September/034722.html"
},
{
"name": "http://trac.videolan.org/vlc/changeset/22023",
"refsource": "CONFIRM",
"url": "http://trac.videolan.org/vlc/changeset/22023"
},
{
"name": "GLSA-200803-13",
"refsource": "GENTOO",
"url": "http://www.gentoo.org/security/en/glsa/glsa-200803-13.xml"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2007-6684",
"datePublished": "2008-01-17T00:00:00",
"dateReserved": "2008-01-16T00:00:00",
"dateUpdated": "2024-08-07T16:18:20.238Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2007-6682 (GCVE-0-2007-6682)
Vulnerability from cvelistv5
Published
2008-01-17 00:00
Modified
2024-08-07 16:18
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
Format string vulnerability in the httpd_FileCallBack function (network/httpd.c) in VideoLAN VLC 0.8.6d allows remote attackers to execute arbitrary code via format string specifiers in the Connection parameter.
References
| ► | URL | Tags | |||||||||||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||||||||||||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T16:18:20.612Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "29284",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/29284"
},
{
"name": "DSA-1543",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN",
"x_transferred"
],
"url": "http://www.debian.org/security/2008/dsa-1543"
},
{
"name": "3550",
"tags": [
"third-party-advisory",
"x_refsource_SREASON",
"x_transferred"
],
"url": "http://securityreason.com/securityalert/3550"
},
{
"name": "28233",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/28233"
},
{
"name": "oval:org.mitre.oval:def:14790",
"tags": [
"vdb-entry",
"signature",
"x_refsource_OVAL",
"x_transferred"
],
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A14790"
},
{
"name": "5519",
"tags": [
"exploit",
"x_refsource_EXPLOIT-DB",
"x_transferred"
],
"url": "https://www.exploit-db.com/exploits/5519"
},
{
"name": "27015",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/27015"
},
{
"name": "42208",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://osvdb.org/42208"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://trac.videolan.org/vlc/changeset/23839"
},
{
"name": "20071224 Buffer-overflow and format string in VideoLAN VLC 0.8.6d",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://www.securityfocus.com/archive/1/485488/30/0/threaded"
},
{
"name": "29766",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/29766"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://aluigi.altervista.org/adv/vlcboffs-adv.txt"
},
{
"name": "GLSA-200803-13",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO",
"x_transferred"
],
"url": "http://www.gentoo.org/security/en/glsa/glsa-200803-13.xml"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2007-12-24T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Format string vulnerability in the httpd_FileCallBack function (network/httpd.c) in VideoLAN VLC 0.8.6d allows remote attackers to execute arbitrary code via format string specifiers in the Connection parameter."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-09-28T12:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "29284",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/29284"
},
{
"name": "DSA-1543",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN"
],
"url": "http://www.debian.org/security/2008/dsa-1543"
},
{
"name": "3550",
"tags": [
"third-party-advisory",
"x_refsource_SREASON"
],
"url": "http://securityreason.com/securityalert/3550"
},
{
"name": "28233",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/28233"
},
{
"name": "oval:org.mitre.oval:def:14790",
"tags": [
"vdb-entry",
"signature",
"x_refsource_OVAL"
],
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A14790"
},
{
"name": "5519",
"tags": [
"exploit",
"x_refsource_EXPLOIT-DB"
],
"url": "https://www.exploit-db.com/exploits/5519"
},
{
"name": "27015",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/27015"
},
{
"name": "42208",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://osvdb.org/42208"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://trac.videolan.org/vlc/changeset/23839"
},
{
"name": "20071224 Buffer-overflow and format string in VideoLAN VLC 0.8.6d",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://www.securityfocus.com/archive/1/485488/30/0/threaded"
},
{
"name": "29766",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/29766"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://aluigi.altervista.org/adv/vlcboffs-adv.txt"
},
{
"name": "GLSA-200803-13",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO"
],
"url": "http://www.gentoo.org/security/en/glsa/glsa-200803-13.xml"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2007-6682",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Format string vulnerability in the httpd_FileCallBack function (network/httpd.c) in VideoLAN VLC 0.8.6d allows remote attackers to execute arbitrary code via format string specifiers in the Connection parameter."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "29284",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/29284"
},
{
"name": "DSA-1543",
"refsource": "DEBIAN",
"url": "http://www.debian.org/security/2008/dsa-1543"
},
{
"name": "3550",
"refsource": "SREASON",
"url": "http://securityreason.com/securityalert/3550"
},
{
"name": "28233",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/28233"
},
{
"name": "oval:org.mitre.oval:def:14790",
"refsource": "OVAL",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A14790"
},
{
"name": "5519",
"refsource": "EXPLOIT-DB",
"url": "https://www.exploit-db.com/exploits/5519"
},
{
"name": "27015",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/27015"
},
{
"name": "42208",
"refsource": "OSVDB",
"url": "http://osvdb.org/42208"
},
{
"name": "http://trac.videolan.org/vlc/changeset/23839",
"refsource": "CONFIRM",
"url": "http://trac.videolan.org/vlc/changeset/23839"
},
{
"name": "20071224 Buffer-overflow and format string in VideoLAN VLC 0.8.6d",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/485488/30/0/threaded"
},
{
"name": "29766",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/29766"
},
{
"name": "http://aluigi.altervista.org/adv/vlcboffs-adv.txt",
"refsource": "MISC",
"url": "http://aluigi.altervista.org/adv/vlcboffs-adv.txt"
},
{
"name": "GLSA-200803-13",
"refsource": "GENTOO",
"url": "http://www.gentoo.org/security/en/glsa/glsa-200803-13.xml"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2007-6682",
"datePublished": "2008-01-17T00:00:00",
"dateReserved": "2008-01-16T00:00:00",
"dateUpdated": "2024-08-07T16:18:20.612Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2017-8313 (GCVE-0-2017-8313)
Vulnerability from cvelistv5
Published
2017-05-23 21:00
Modified
2024-08-05 16:34
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- Allows attacker to read data beyond allocated memory and potentially crash the process (causing a denial of service).
Summary
Heap out-of-bound read in ParseJSS in VideoLAN VLC before 2.2.5 due to missing check of string termination allows attackers to read data beyond allocated memory and potentially crash the process via a crafted subtitles file.
References
| ► | URL | Tags | ||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T16:34:22.885Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "GLSA-201707-10",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO",
"x_transferred"
],
"url": "https://security.gentoo.org/glsa/201707-10"
},
{
"name": "98633",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/98633"
},
{
"name": "DSA-3899",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN",
"x_transferred"
],
"url": "http://www.debian.org/security/2017/dsa-3899"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://git.videolan.org/?p=vlc/vlc-2.2.git%3Ba=commitdiff%3Bh=05b653355ce303ada3b5e0e645ae717fea39186c"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "VLC",
"vendor": "VideoLAN",
"versions": [
{
"status": "affected",
"version": "\u003c 2.2.5"
}
]
}
],
"datePublic": "2017-04-06T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Heap out-of-bound read in ParseJSS in VideoLAN VLC before 2.2.5 due to missing check of string termination allows attackers to read data beyond allocated memory and potentially crash the process via a crafted subtitles file."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Allows attacker to read data beyond allocated memory and potentially crash the process (causing a denial of service).",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-11-03T18:57:01",
"orgId": "897c38be-0345-43cd-b6cf-fe179e0c4f45",
"shortName": "checkpoint"
},
"references": [
{
"name": "GLSA-201707-10",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO"
],
"url": "https://security.gentoo.org/glsa/201707-10"
},
{
"name": "98633",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/98633"
},
{
"name": "DSA-3899",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN"
],
"url": "http://www.debian.org/security/2017/dsa-3899"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://git.videolan.org/?p=vlc/vlc-2.2.git%3Ba=commitdiff%3Bh=05b653355ce303ada3b5e0e645ae717fea39186c"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@checkpoint.com",
"ID": "CVE-2017-8313",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "VLC",
"version": {
"version_data": [
{
"version_value": "\u003c 2.2.5"
}
]
}
}
]
},
"vendor_name": "VideoLAN"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Heap out-of-bound read in ParseJSS in VideoLAN VLC before 2.2.5 due to missing check of string termination allows attackers to read data beyond allocated memory and potentially crash the process via a crafted subtitles file."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Allows attacker to read data beyond allocated memory and potentially crash the process (causing a denial of service)."
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "GLSA-201707-10",
"refsource": "GENTOO",
"url": "https://security.gentoo.org/glsa/201707-10"
},
{
"name": "98633",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/98633"
},
{
"name": "DSA-3899",
"refsource": "DEBIAN",
"url": "http://www.debian.org/security/2017/dsa-3899"
},
{
"name": "http://git.videolan.org/?p=vlc/vlc-2.2.git;a=commitdiff;h=05b653355ce303ada3b5e0e645ae717fea39186c",
"refsource": "CONFIRM",
"url": "http://git.videolan.org/?p=vlc/vlc-2.2.git;a=commitdiff;h=05b653355ce303ada3b5e0e645ae717fea39186c"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "897c38be-0345-43cd-b6cf-fe179e0c4f45",
"assignerShortName": "checkpoint",
"cveId": "CVE-2017-8313",
"datePublished": "2017-05-23T21:00:00",
"dateReserved": "2017-04-28T00:00:00",
"dateUpdated": "2024-08-05T16:34:22.885Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2007-6681 (GCVE-0-2007-6681)
Vulnerability from cvelistv5
Published
2008-01-17 00:00
Modified
2024-08-07 16:18
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
Stack-based buffer overflow in modules/demux/subtitle.c in VideoLAN VLC 0.8.6d allows remote attackers to execute arbitrary code via a long subtitle in a (1) MicroDvd, (2) SSA, and (3) Vplayer file.
References
| ► | URL | Tags | ||||||||||||||||||||||||||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T16:18:20.564Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "29284",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/29284"
},
{
"name": "DSA-1543",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN",
"x_transferred"
],
"url": "http://www.debian.org/security/2008/dsa-1543"
},
{
"name": "3550",
"tags": [
"third-party-advisory",
"x_refsource_SREASON",
"x_transferred"
],
"url": "http://securityreason.com/securityalert/3550"
},
{
"name": "5667",
"tags": [
"exploit",
"x_refsource_EXPLOIT-DB",
"x_transferred"
],
"url": "https://www.exploit-db.com/exploits/5667"
},
{
"name": "oval:org.mitre.oval:def:14334",
"tags": [
"vdb-entry",
"signature",
"x_refsource_OVAL",
"x_transferred"
],
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A14334"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.videolan.org/security/sa0801.php"
},
{
"name": "28233",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/28233"
},
{
"name": "GLSA-200804-25",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO",
"x_transferred"
],
"url": "http://security.gentoo.org/glsa/glsa-200804-25.xml"
},
{
"name": "27015",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/27015"
},
{
"name": "[vlc-devel] 20070630 vlc: svn commit r20715 (fenrir)",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://mailman.videolan.org/pipermail/vlc-devel/2007-June/033394.html"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://wiki.videolan.org/Changelog/0.8.6f"
},
{
"name": "29800",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/29800"
},
{
"name": "[vlc-devel] 20070626 subtitle processing overflows",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://mailman.videolan.org/pipermail/vlc-devel/2007-June/032672.html"
},
{
"name": "20071224 Buffer-overflow and format string in VideoLAN VLC 0.8.6d",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://www.securityfocus.com/archive/1/485488/30/0/threaded"
},
{
"name": "29766",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/29766"
},
{
"name": "42207",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://osvdb.org/42207"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://aluigi.altervista.org/adv/vlcboffs-adv.txt"
},
{
"name": "GLSA-200803-13",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO",
"x_transferred"
],
"url": "http://www.gentoo.org/security/en/glsa/glsa-200803-13.xml"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2006-06-26T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Stack-based buffer overflow in modules/demux/subtitle.c in VideoLAN VLC 0.8.6d allows remote attackers to execute arbitrary code via a long subtitle in a (1) MicroDvd, (2) SSA, and (3) Vplayer file."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-09-28T12:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "29284",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/29284"
},
{
"name": "DSA-1543",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN"
],
"url": "http://www.debian.org/security/2008/dsa-1543"
},
{
"name": "3550",
"tags": [
"third-party-advisory",
"x_refsource_SREASON"
],
"url": "http://securityreason.com/securityalert/3550"
},
{
"name": "5667",
"tags": [
"exploit",
"x_refsource_EXPLOIT-DB"
],
"url": "https://www.exploit-db.com/exploits/5667"
},
{
"name": "oval:org.mitre.oval:def:14334",
"tags": [
"vdb-entry",
"signature",
"x_refsource_OVAL"
],
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A14334"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.videolan.org/security/sa0801.php"
},
{
"name": "28233",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/28233"
},
{
"name": "GLSA-200804-25",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO"
],
"url": "http://security.gentoo.org/glsa/glsa-200804-25.xml"
},
{
"name": "27015",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/27015"
},
{
"name": "[vlc-devel] 20070630 vlc: svn commit r20715 (fenrir)",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://mailman.videolan.org/pipermail/vlc-devel/2007-June/033394.html"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://wiki.videolan.org/Changelog/0.8.6f"
},
{
"name": "29800",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/29800"
},
{
"name": "[vlc-devel] 20070626 subtitle processing overflows",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://mailman.videolan.org/pipermail/vlc-devel/2007-June/032672.html"
},
{
"name": "20071224 Buffer-overflow and format string in VideoLAN VLC 0.8.6d",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://www.securityfocus.com/archive/1/485488/30/0/threaded"
},
{
"name": "29766",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/29766"
},
{
"name": "42207",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://osvdb.org/42207"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://aluigi.altervista.org/adv/vlcboffs-adv.txt"
},
{
"name": "GLSA-200803-13",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO"
],
"url": "http://www.gentoo.org/security/en/glsa/glsa-200803-13.xml"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2007-6681",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Stack-based buffer overflow in modules/demux/subtitle.c in VideoLAN VLC 0.8.6d allows remote attackers to execute arbitrary code via a long subtitle in a (1) MicroDvd, (2) SSA, and (3) Vplayer file."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "29284",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/29284"
},
{
"name": "DSA-1543",
"refsource": "DEBIAN",
"url": "http://www.debian.org/security/2008/dsa-1543"
},
{
"name": "3550",
"refsource": "SREASON",
"url": "http://securityreason.com/securityalert/3550"
},
{
"name": "5667",
"refsource": "EXPLOIT-DB",
"url": "https://www.exploit-db.com/exploits/5667"
},
{
"name": "oval:org.mitre.oval:def:14334",
"refsource": "OVAL",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A14334"
},
{
"name": "http://www.videolan.org/security/sa0801.php",
"refsource": "CONFIRM",
"url": "http://www.videolan.org/security/sa0801.php"
},
{
"name": "28233",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/28233"
},
{
"name": "GLSA-200804-25",
"refsource": "GENTOO",
"url": "http://security.gentoo.org/glsa/glsa-200804-25.xml"
},
{
"name": "27015",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/27015"
},
{
"name": "[vlc-devel] 20070630 vlc: svn commit r20715 (fenrir)",
"refsource": "MLIST",
"url": "http://mailman.videolan.org/pipermail/vlc-devel/2007-June/033394.html"
},
{
"name": "http://wiki.videolan.org/Changelog/0.8.6f",
"refsource": "CONFIRM",
"url": "http://wiki.videolan.org/Changelog/0.8.6f"
},
{
"name": "29800",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/29800"
},
{
"name": "[vlc-devel] 20070626 subtitle processing overflows",
"refsource": "MLIST",
"url": "http://mailman.videolan.org/pipermail/vlc-devel/2007-June/032672.html"
},
{
"name": "20071224 Buffer-overflow and format string in VideoLAN VLC 0.8.6d",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/485488/30/0/threaded"
},
{
"name": "29766",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/29766"
},
{
"name": "42207",
"refsource": "OSVDB",
"url": "http://osvdb.org/42207"
},
{
"name": "http://aluigi.altervista.org/adv/vlcboffs-adv.txt",
"refsource": "MISC",
"url": "http://aluigi.altervista.org/adv/vlcboffs-adv.txt"
},
{
"name": "GLSA-200803-13",
"refsource": "GENTOO",
"url": "http://www.gentoo.org/security/en/glsa/glsa-200803-13.xml"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2007-6681",
"datePublished": "2008-01-17T00:00:00",
"dateReserved": "2008-01-16T00:00:00",
"dateUpdated": "2024-08-07T16:18:20.564Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2008-1769 (GCVE-0-2008-1769)
Vulnerability from cvelistv5
Published
2008-04-24 18:00
Modified
2024-08-07 08:32
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
VLC before 0.8.6f allow remote attackers to cause a denial of service (crash) via a crafted Cinepak file that triggers an out-of-bounds array access and memory corruption.
References
| ► | URL | Tags | |||||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||||||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T08:32:01.282Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.videolan.org/security/sa0803.php"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://git.videolan.org/gitweb.cgi/vlc.git/?a=commit%3Bh=cf489d7bff3c1b36b2d5501ecf21129c78104d98"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.videolan.org/developers/vlc/NEWS"
},
{
"name": "GLSA-200804-25",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO",
"x_transferred"
],
"url": "http://security.gentoo.org/glsa/glsa-200804-25.xml"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://wiki.videolan.org/Changelog/0.8.6f"
},
{
"name": "28904",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/28904"
},
{
"name": "29800",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/29800"
},
{
"name": "oval:org.mitre.oval:def:14445",
"tags": [
"vdb-entry",
"signature",
"x_refsource_OVAL",
"x_transferred"
],
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A14445"
},
{
"name": "29503",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/29503"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://bugs.gentoo.org/show_bug.cgi?id=214627#c3"
},
{
"name": "ADV-2008-0985",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2008/0985"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2008-04-23T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "VLC before 0.8.6f allow remote attackers to cause a denial of service (crash) via a crafted Cinepak file that triggers an out-of-bounds array access and memory corruption."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-09-28T12:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.videolan.org/security/sa0803.php"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://git.videolan.org/gitweb.cgi/vlc.git/?a=commit%3Bh=cf489d7bff3c1b36b2d5501ecf21129c78104d98"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.videolan.org/developers/vlc/NEWS"
},
{
"name": "GLSA-200804-25",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO"
],
"url": "http://security.gentoo.org/glsa/glsa-200804-25.xml"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://wiki.videolan.org/Changelog/0.8.6f"
},
{
"name": "28904",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/28904"
},
{
"name": "29800",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/29800"
},
{
"name": "oval:org.mitre.oval:def:14445",
"tags": [
"vdb-entry",
"signature",
"x_refsource_OVAL"
],
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A14445"
},
{
"name": "29503",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/29503"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://bugs.gentoo.org/show_bug.cgi?id=214627#c3"
},
{
"name": "ADV-2008-0985",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2008/0985"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2008-1769",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "VLC before 0.8.6f allow remote attackers to cause a denial of service (crash) via a crafted Cinepak file that triggers an out-of-bounds array access and memory corruption."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://www.videolan.org/security/sa0803.php",
"refsource": "CONFIRM",
"url": "http://www.videolan.org/security/sa0803.php"
},
{
"name": "http://git.videolan.org/gitweb.cgi/vlc.git/?a=commit;h=cf489d7bff3c1b36b2d5501ecf21129c78104d98",
"refsource": "MISC",
"url": "http://git.videolan.org/gitweb.cgi/vlc.git/?a=commit;h=cf489d7bff3c1b36b2d5501ecf21129c78104d98"
},
{
"name": "http://www.videolan.org/developers/vlc/NEWS",
"refsource": "CONFIRM",
"url": "http://www.videolan.org/developers/vlc/NEWS"
},
{
"name": "GLSA-200804-25",
"refsource": "GENTOO",
"url": "http://security.gentoo.org/glsa/glsa-200804-25.xml"
},
{
"name": "http://wiki.videolan.org/Changelog/0.8.6f",
"refsource": "CONFIRM",
"url": "http://wiki.videolan.org/Changelog/0.8.6f"
},
{
"name": "28904",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/28904"
},
{
"name": "29800",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/29800"
},
{
"name": "oval:org.mitre.oval:def:14445",
"refsource": "OVAL",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A14445"
},
{
"name": "29503",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/29503"
},
{
"name": "http://bugs.gentoo.org/show_bug.cgi?id=214627#c3",
"refsource": "MISC",
"url": "http://bugs.gentoo.org/show_bug.cgi?id=214627#c3"
},
{
"name": "ADV-2008-0985",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2008/0985"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2008-1769",
"datePublished": "2008-04-24T18:00:00",
"dateReserved": "2008-04-12T00:00:00",
"dateUpdated": "2024-08-07T08:32:01.282Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2008-1768 (GCVE-0-2008-1768)
Vulnerability from cvelistv5
Published
2008-04-24 18:00
Modified
2024-08-07 08:32
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
Multiple integer overflows in VLC before 0.8.6f allow remote attackers to cause a denial of service (crash) via the (1) MP4 demuxer, (2) Real demuxer, and (3) Cinepak codec, which triggers a buffer overflow.
References
| ► | URL | Tags | |||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T08:32:01.266Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.videolan.org/security/sa0803.php"
},
{
"name": "28903",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/28903"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.videolan.org/developers/vlc/NEWS"
},
{
"name": "GLSA-200804-25",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO",
"x_transferred"
],
"url": "http://security.gentoo.org/glsa/glsa-200804-25.xml"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://wiki.videolan.org/Changelog/0.8.6f"
},
{
"name": "oval:org.mitre.oval:def:14412",
"tags": [
"vdb-entry",
"signature",
"x_refsource_OVAL",
"x_transferred"
],
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A14412"
},
{
"name": "29800",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/29800"
},
{
"name": "29503",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/29503"
},
{
"name": "ADV-2008-0985",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2008/0985"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2008-04-23T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Multiple integer overflows in VLC before 0.8.6f allow remote attackers to cause a denial of service (crash) via the (1) MP4 demuxer, (2) Real demuxer, and (3) Cinepak codec, which triggers a buffer overflow."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-09-28T12:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.videolan.org/security/sa0803.php"
},
{
"name": "28903",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/28903"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.videolan.org/developers/vlc/NEWS"
},
{
"name": "GLSA-200804-25",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO"
],
"url": "http://security.gentoo.org/glsa/glsa-200804-25.xml"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://wiki.videolan.org/Changelog/0.8.6f"
},
{
"name": "oval:org.mitre.oval:def:14412",
"tags": [
"vdb-entry",
"signature",
"x_refsource_OVAL"
],
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A14412"
},
{
"name": "29800",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/29800"
},
{
"name": "29503",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/29503"
},
{
"name": "ADV-2008-0985",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2008/0985"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2008-1768",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Multiple integer overflows in VLC before 0.8.6f allow remote attackers to cause a denial of service (crash) via the (1) MP4 demuxer, (2) Real demuxer, and (3) Cinepak codec, which triggers a buffer overflow."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://www.videolan.org/security/sa0803.php",
"refsource": "CONFIRM",
"url": "http://www.videolan.org/security/sa0803.php"
},
{
"name": "28903",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/28903"
},
{
"name": "http://www.videolan.org/developers/vlc/NEWS",
"refsource": "CONFIRM",
"url": "http://www.videolan.org/developers/vlc/NEWS"
},
{
"name": "GLSA-200804-25",
"refsource": "GENTOO",
"url": "http://security.gentoo.org/glsa/glsa-200804-25.xml"
},
{
"name": "http://wiki.videolan.org/Changelog/0.8.6f",
"refsource": "CONFIRM",
"url": "http://wiki.videolan.org/Changelog/0.8.6f"
},
{
"name": "oval:org.mitre.oval:def:14412",
"refsource": "OVAL",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A14412"
},
{
"name": "29800",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/29800"
},
{
"name": "29503",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/29503"
},
{
"name": "ADV-2008-0985",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2008/0985"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2008-1768",
"datePublished": "2008-04-24T18:00:00",
"dateReserved": "2008-04-12T00:00:00",
"dateUpdated": "2024-08-07T08:32:01.266Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2008-1881 (GCVE-0-2008-1881)
Vulnerability from cvelistv5
Published
2008-04-17 23:00
Modified
2024-08-07 08:40
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
Stack-based buffer overflow in the ParseSSA function (modules/demux/subtitle.c) in VLC 0.8.6e allows remote attackers to execute arbitrary code via a long subtitle in an SSA file. NOTE: this issue is due to an incomplete fix for CVE-2007-6681.
References
| ► | URL | Tags | |||||||||||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||||||||||||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T08:40:59.548Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "vlc-parsessa-bo(41936)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/41936"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://aluigi.org/adv/vlcboffs-adv.txt"
},
{
"name": "20080317 VLC highlander bug",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://www.securityfocus.com/archive/1/489698"
},
{
"name": "28233",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/28233"
},
{
"name": "GLSA-200804-25",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO",
"x_transferred"
],
"url": "http://security.gentoo.org/glsa/glsa-200804-25.xml"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://wiki.videolan.org/Changelog/0.8.6f"
},
{
"name": "28274",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/28274"
},
{
"name": "29800",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/29800"
},
{
"name": "oval:org.mitre.oval:def:14872",
"tags": [
"vdb-entry",
"signature",
"x_refsource_OVAL",
"x_transferred"
],
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A14872"
},
{
"name": "5250",
"tags": [
"exploit",
"x_refsource_EXPLOIT-DB",
"x_transferred"
],
"url": "https://www.exploit-db.com/exploits/5250"
},
{
"name": "vlcmediaplayer-subtitle-bo(41237)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/41237"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://aluigi.altervista.org/adv/vlcboffs-adv.txt"
},
{
"name": "28251",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/28251"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2008-03-17T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Stack-based buffer overflow in the ParseSSA function (modules/demux/subtitle.c) in VLC 0.8.6e allows remote attackers to execute arbitrary code via a long subtitle in an SSA file. NOTE: this issue is due to an incomplete fix for CVE-2007-6681."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-09-28T12:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "vlc-parsessa-bo(41936)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/41936"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://aluigi.org/adv/vlcboffs-adv.txt"
},
{
"name": "20080317 VLC highlander bug",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://www.securityfocus.com/archive/1/489698"
},
{
"name": "28233",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/28233"
},
{
"name": "GLSA-200804-25",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO"
],
"url": "http://security.gentoo.org/glsa/glsa-200804-25.xml"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://wiki.videolan.org/Changelog/0.8.6f"
},
{
"name": "28274",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/28274"
},
{
"name": "29800",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/29800"
},
{
"name": "oval:org.mitre.oval:def:14872",
"tags": [
"vdb-entry",
"signature",
"x_refsource_OVAL"
],
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A14872"
},
{
"name": "5250",
"tags": [
"exploit",
"x_refsource_EXPLOIT-DB"
],
"url": "https://www.exploit-db.com/exploits/5250"
},
{
"name": "vlcmediaplayer-subtitle-bo(41237)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/41237"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://aluigi.altervista.org/adv/vlcboffs-adv.txt"
},
{
"name": "28251",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/28251"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2008-1881",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Stack-based buffer overflow in the ParseSSA function (modules/demux/subtitle.c) in VLC 0.8.6e allows remote attackers to execute arbitrary code via a long subtitle in an SSA file. NOTE: this issue is due to an incomplete fix for CVE-2007-6681."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "vlc-parsessa-bo(41936)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/41936"
},
{
"name": "http://aluigi.org/adv/vlcboffs-adv.txt",
"refsource": "MISC",
"url": "http://aluigi.org/adv/vlcboffs-adv.txt"
},
{
"name": "20080317 VLC highlander bug",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/489698"
},
{
"name": "28233",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/28233"
},
{
"name": "GLSA-200804-25",
"refsource": "GENTOO",
"url": "http://security.gentoo.org/glsa/glsa-200804-25.xml"
},
{
"name": "http://wiki.videolan.org/Changelog/0.8.6f",
"refsource": "CONFIRM",
"url": "http://wiki.videolan.org/Changelog/0.8.6f"
},
{
"name": "28274",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/28274"
},
{
"name": "29800",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/29800"
},
{
"name": "oval:org.mitre.oval:def:14872",
"refsource": "OVAL",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A14872"
},
{
"name": "5250",
"refsource": "EXPLOIT-DB",
"url": "https://www.exploit-db.com/exploits/5250"
},
{
"name": "vlcmediaplayer-subtitle-bo(41237)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/41237"
},
{
"name": "http://aluigi.altervista.org/adv/vlcboffs-adv.txt",
"refsource": "MISC",
"url": "http://aluigi.altervista.org/adv/vlcboffs-adv.txt"
},
{
"name": "28251",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/28251"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2008-1881",
"datePublished": "2008-04-17T23:00:00",
"dateReserved": "2008-04-17T00:00:00",
"dateUpdated": "2024-08-07T08:40:59.548Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2008-2147 (GCVE-0-2008-2147)
Vulnerability from cvelistv5
Published
2008-05-12 20:00
Modified
2024-08-07 08:49
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
Untrusted search path vulnerability in VideoLAN VLC before 0.9.0 allows local users to execute arbitrary code via a malicious library under the modules/ or plugins/ subdirectories of the current working directory.
References
| ► | URL | Tags | |||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T08:49:58.575Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "31317",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/31317"
},
{
"name": "vlc-searchpath-code-execution(42377)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/42377"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://git.videolan.org/?p=vlc.git%3Ba=commit%3Bh=c7cef4fdd8dd72ce0a45be3cda8ba98df5e83181"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://trac.videolan.org/vlc/ticket/1578"
},
{
"name": "GLSA-200807-13",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO",
"x_transferred"
],
"url": "http://security.gentoo.org/glsa/glsa-200807-13.xml"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2008-05-10T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Untrusted search path vulnerability in VideoLAN VLC before 0.9.0 allows local users to execute arbitrary code via a malicious library under the modules/ or plugins/ subdirectories of the current working directory."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-08-07T12:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "31317",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/31317"
},
{
"name": "vlc-searchpath-code-execution(42377)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/42377"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://git.videolan.org/?p=vlc.git%3Ba=commit%3Bh=c7cef4fdd8dd72ce0a45be3cda8ba98df5e83181"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://trac.videolan.org/vlc/ticket/1578"
},
{
"name": "GLSA-200807-13",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO"
],
"url": "http://security.gentoo.org/glsa/glsa-200807-13.xml"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2008-2147",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Untrusted search path vulnerability in VideoLAN VLC before 0.9.0 allows local users to execute arbitrary code via a malicious library under the modules/ or plugins/ subdirectories of the current working directory."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "31317",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/31317"
},
{
"name": "vlc-searchpath-code-execution(42377)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/42377"
},
{
"name": "http://git.videolan.org/?p=vlc.git;a=commit;h=c7cef4fdd8dd72ce0a45be3cda8ba98df5e83181",
"refsource": "CONFIRM",
"url": "http://git.videolan.org/?p=vlc.git;a=commit;h=c7cef4fdd8dd72ce0a45be3cda8ba98df5e83181"
},
{
"name": "http://trac.videolan.org/vlc/ticket/1578",
"refsource": "CONFIRM",
"url": "http://trac.videolan.org/vlc/ticket/1578"
},
{
"name": "GLSA-200807-13",
"refsource": "GENTOO",
"url": "http://security.gentoo.org/glsa/glsa-200807-13.xml"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2008-2147",
"datePublished": "2008-05-12T20:00:00",
"dateReserved": "2008-05-12T00:00:00",
"dateUpdated": "2024-08-07T08:49:58.575Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}