VideoLAN VLC media player before 2.1.5 allows remote attackers to execute arbitrary code or cause a denial of service.
Max CVSS
9.8
EPSS Score
1.75%
Published
2017-03-28
Updated
2017-04-03
Untrusted search path vulnerability in VideoLAN VLC before 0.9.0 allows local users to execute arbitrary code via a malicious library under the modules/ or plugins/ subdirectories of the current working directory.
Max CVSS
4.6
EPSS Score
0.04%
Published
2008-05-12
Updated
2017-08-08
Stack-based buffer overflow in the ParseSSA function (modules/demux/subtitle.c) in VLC 0.8.6e allows remote attackers to execute arbitrary code via a long subtitle in an SSA file. NOTE: this issue is due to an incomplete fix for CVE-2007-6681.
Max CVSS
6.8
EPSS Score
21.91%
Published
2008-04-17
Updated
2017-09-29
VLC before 0.8.6f allow remote attackers to cause a denial of service (crash) via a crafted Cinepak file that triggers an out-of-bounds array access and memory corruption.
Max CVSS
6.8
EPSS Score
1.76%
Published
2008-04-25
Updated
2017-09-29
Multiple integer overflows in VLC before 0.8.6f allow remote attackers to cause a denial of service (crash) via the (1) MP4 demuxer, (2) Real demuxer, and (3) Cinepak codec, which triggers a buffer overflow.
Max CVSS
6.8
EPSS Score
2.51%
Published
2008-04-25
Updated
2017-09-29
Integer overflow in the MP4_ReadBox_rdrf function in libmp4.c for VLC 0.8.6e allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a crafted MP4 RDRF box that triggers a heap-based buffer overflow, a different vulnerability than CVE-2008-0984.
Max CVSS
6.8
EPSS Score
2.68%
Published
2008-03-25
Updated
2017-09-29
The RTSP module in VideoLAN VLC 0.8.6d allows remote attackers to cause a denial of service (crash) via a request without a Transport parameter, which triggers a NULL pointer dereference.
Max CVSS
5.0
EPSS Score
1.27%
Published
2008-01-17
Updated
2017-09-29
The browser plugin in VideoLAN VLC 0.8.6d allows remote attackers to overwrite arbitrary files via (1) the :demuxdump-file option in a filename in a playlist, or (2) a EXTVLCOPT statement in an MP3 file, possibly an argument injection vulnerability.
Max CVSS
5.0
EPSS Score
0.73%
Published
2008-01-17
Updated
2017-09-29
Format string vulnerability in the httpd_FileCallBack function (network/httpd.c) in VideoLAN VLC 0.8.6d allows remote attackers to execute arbitrary code via format string specifiers in the Connection parameter.
Max CVSS
7.5
EPSS Score
72.17%
Published
2008-01-17
Updated
2017-09-29
Stack-based buffer overflow in modules/demux/subtitle.c in VideoLAN VLC 0.8.6d allows remote attackers to execute arbitrary code via a long subtitle in a (1) MicroDvd, (2) SSA, and (3) Vplayer file.
Max CVSS
7.5
EPSS Score
25.03%
Published
2008-01-17
Updated
2017-09-29
10 vulnerabilities found
This web site uses cookies for managing your session, storing preferences, website analytics and additional purposes described in our privacy policy.
By using this web site you are agreeing to CVEdetails.com terms of use!