Search criteria
ⓘ
Use this form to refine search results.
Full-text search supports keyword queries with ranking and filtering.
You can combine vendor, product, and sources to narrow results.
Enable “Apply ordering” to sort by date instead of relevance.
28 vulnerabilities found for VLC by VideoLAN
CVE-2017-8313 (GCVE-0-2017-8313)
Vulnerability from nvd – Published: 2017-05-23 21:00 – Updated: 2024-08-05 16:34
VLAI?
Summary
Heap out-of-bound read in ParseJSS in VideoLAN VLC before 2.2.5 due to missing check of string termination allows attackers to read data beyond allocated memory and potentially crash the process via a crafted subtitles file.
Severity ?
No CVSS data available.
CWE
- Allows attacker to read data beyond allocated memory and potentially crash the process (causing a denial of service).
Assigner
References
| URL | Tags | |||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||
Date Public ?
2017-04-06 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T16:34:22.885Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "GLSA-201707-10",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO",
"x_transferred"
],
"url": "https://security.gentoo.org/glsa/201707-10"
},
{
"name": "98633",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/98633"
},
{
"name": "DSA-3899",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN",
"x_transferred"
],
"url": "http://www.debian.org/security/2017/dsa-3899"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://git.videolan.org/?p=vlc/vlc-2.2.git%3Ba=commitdiff%3Bh=05b653355ce303ada3b5e0e645ae717fea39186c"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "VLC",
"vendor": "VideoLAN",
"versions": [
{
"status": "affected",
"version": "\u003c 2.2.5"
}
]
}
],
"datePublic": "2017-04-06T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "Heap out-of-bound read in ParseJSS in VideoLAN VLC before 2.2.5 due to missing check of string termination allows attackers to read data beyond allocated memory and potentially crash the process via a crafted subtitles file."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Allows attacker to read data beyond allocated memory and potentially crash the process (causing a denial of service).",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-11-03T18:57:01.000Z",
"orgId": "897c38be-0345-43cd-b6cf-fe179e0c4f45",
"shortName": "checkpoint"
},
"references": [
{
"name": "GLSA-201707-10",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO"
],
"url": "https://security.gentoo.org/glsa/201707-10"
},
{
"name": "98633",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/98633"
},
{
"name": "DSA-3899",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN"
],
"url": "http://www.debian.org/security/2017/dsa-3899"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://git.videolan.org/?p=vlc/vlc-2.2.git%3Ba=commitdiff%3Bh=05b653355ce303ada3b5e0e645ae717fea39186c"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@checkpoint.com",
"ID": "CVE-2017-8313",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "VLC",
"version": {
"version_data": [
{
"version_value": "\u003c 2.2.5"
}
]
}
}
]
},
"vendor_name": "VideoLAN"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Heap out-of-bound read in ParseJSS in VideoLAN VLC before 2.2.5 due to missing check of string termination allows attackers to read data beyond allocated memory and potentially crash the process via a crafted subtitles file."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Allows attacker to read data beyond allocated memory and potentially crash the process (causing a denial of service)."
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "GLSA-201707-10",
"refsource": "GENTOO",
"url": "https://security.gentoo.org/glsa/201707-10"
},
{
"name": "98633",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/98633"
},
{
"name": "DSA-3899",
"refsource": "DEBIAN",
"url": "http://www.debian.org/security/2017/dsa-3899"
},
{
"name": "http://git.videolan.org/?p=vlc/vlc-2.2.git;a=commitdiff;h=05b653355ce303ada3b5e0e645ae717fea39186c",
"refsource": "CONFIRM",
"url": "http://git.videolan.org/?p=vlc/vlc-2.2.git;a=commitdiff;h=05b653355ce303ada3b5e0e645ae717fea39186c"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "897c38be-0345-43cd-b6cf-fe179e0c4f45",
"assignerShortName": "checkpoint",
"cveId": "CVE-2017-8313",
"datePublished": "2017-05-23T21:00:00.000Z",
"dateReserved": "2017-04-28T00:00:00.000Z",
"dateUpdated": "2024-08-05T16:34:22.885Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2017-8312 (GCVE-0-2017-8312)
Vulnerability from nvd – Published: 2017-05-23 21:00 – Updated: 2024-08-05 16:34
VLAI?
Summary
Heap out-of-bound read in ParseJSS in VideoLAN VLC due to missing check of string length allows attackers to read heap uninitialized data via a crafted subtitles file.
Severity ?
No CVSS data available.
CWE
- Allows attacker to read heap uninitialized data (potentially beyond allocated data - depends on heap implementation).
Assigner
References
| URL | Tags | |||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||
Date Public ?
2017-04-28 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T16:34:22.183Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "GLSA-201707-10",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO",
"x_transferred"
],
"url": "https://security.gentoo.org/glsa/201707-10"
},
{
"name": "98631",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/98631"
},
{
"name": "DSA-3899",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN",
"x_transferred"
],
"url": "http://www.debian.org/security/2017/dsa-3899"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://git.videolan.org/?p=vlc.git%3Ba=blobdiff%3Bf=modules/demux/subtitle.c%3Bh=5e4fcdb7f25b2819f5441156c7c0ea2a7d112ca3%3Bhp=2a75fbfb7c3f56b24b2e4498bbb8fe0aa2575974%3Bhb=611398fc8d32f3fe4331f60b220c52ba3557beaa%3Bhpb=075bc7169b05b004fa0250e4a4ce5516b05487a9"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "VLC",
"vendor": "VideoLAN",
"versions": [
{
"status": "affected",
"version": "All"
}
]
}
],
"datePublic": "2017-04-28T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "Heap out-of-bound read in ParseJSS in VideoLAN VLC due to missing check of string length allows attackers to read heap uninitialized data via a crafted subtitles file."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Allows attacker to read heap uninitialized data (potentially beyond allocated data - depends on heap implementation).",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-11-03T18:57:01.000Z",
"orgId": "897c38be-0345-43cd-b6cf-fe179e0c4f45",
"shortName": "checkpoint"
},
"references": [
{
"name": "GLSA-201707-10",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO"
],
"url": "https://security.gentoo.org/glsa/201707-10"
},
{
"name": "98631",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/98631"
},
{
"name": "DSA-3899",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN"
],
"url": "http://www.debian.org/security/2017/dsa-3899"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://git.videolan.org/?p=vlc.git%3Ba=blobdiff%3Bf=modules/demux/subtitle.c%3Bh=5e4fcdb7f25b2819f5441156c7c0ea2a7d112ca3%3Bhp=2a75fbfb7c3f56b24b2e4498bbb8fe0aa2575974%3Bhb=611398fc8d32f3fe4331f60b220c52ba3557beaa%3Bhpb=075bc7169b05b004fa0250e4a4ce5516b05487a9"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@checkpoint.com",
"ID": "CVE-2017-8312",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "VLC",
"version": {
"version_data": [
{
"version_value": "All"
}
]
}
}
]
},
"vendor_name": "VideoLAN"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Heap out-of-bound read in ParseJSS in VideoLAN VLC due to missing check of string length allows attackers to read heap uninitialized data via a crafted subtitles file."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Allows attacker to read heap uninitialized data (potentially beyond allocated data - depends on heap implementation)."
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "GLSA-201707-10",
"refsource": "GENTOO",
"url": "https://security.gentoo.org/glsa/201707-10"
},
{
"name": "98631",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/98631"
},
{
"name": "DSA-3899",
"refsource": "DEBIAN",
"url": "http://www.debian.org/security/2017/dsa-3899"
},
{
"name": "http://git.videolan.org/?p=vlc.git;a=blobdiff;f=modules/demux/subtitle.c;h=5e4fcdb7f25b2819f5441156c7c0ea2a7d112ca3;hp=2a75fbfb7c3f56b24b2e4498bbb8fe0aa2575974;hb=611398fc8d32f3fe4331f60b220c52ba3557beaa;hpb=075bc7169b05b004fa0250e4a4ce5516b05487a9",
"refsource": "CONFIRM",
"url": "http://git.videolan.org/?p=vlc.git;a=blobdiff;f=modules/demux/subtitle.c;h=5e4fcdb7f25b2819f5441156c7c0ea2a7d112ca3;hp=2a75fbfb7c3f56b24b2e4498bbb8fe0aa2575974;hb=611398fc8d32f3fe4331f60b220c52ba3557beaa;hpb=075bc7169b05b004fa0250e4a4ce5516b05487a9"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "897c38be-0345-43cd-b6cf-fe179e0c4f45",
"assignerShortName": "checkpoint",
"cveId": "CVE-2017-8312",
"datePublished": "2017-05-23T21:00:00.000Z",
"dateReserved": "2017-04-28T00:00:00.000Z",
"dateUpdated": "2024-08-05T16:34:22.183Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2017-8311 (GCVE-0-2017-8311)
Vulnerability from nvd – Published: 2017-05-23 21:00 – Updated: 2024-08-05 16:34
VLAI?
Summary
Potential heap based buffer overflow in ParseJSS in VideoLAN VLC before 2.2.5 due to skipping NULL terminator in an input string allows attackers to execute arbitrary code via a crafted subtitles file.
Severity ?
No CVSS data available.
CWE
- Allows attacker to execute arbitrary code.
Assigner
References
| URL | Tags | ||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||
Date Public ?
2017-04-06 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T16:34:22.584Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "GLSA-201707-10",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO",
"x_transferred"
],
"url": "https://security.gentoo.org/glsa/201707-10"
},
{
"name": "44514",
"tags": [
"exploit",
"x_refsource_EXPLOIT-DB",
"x_transferred"
],
"url": "https://www.exploit-db.com/exploits/44514/"
},
{
"name": "98634",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/98634"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://git.videolan.org/?p=vlc.git%3Ba=commitdiff%3Bh=775de716add17322f24b476439f903a829446eb6"
},
{
"name": "DSA-3899",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN",
"x_transferred"
],
"url": "http://www.debian.org/security/2017/dsa-3899"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "VLC",
"vendor": "VideoLAN",
"versions": [
{
"status": "affected",
"version": "\u003c2.2.5"
}
]
}
],
"datePublic": "2017-04-06T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "Potential heap based buffer overflow in ParseJSS in VideoLAN VLC before 2.2.5 due to skipping NULL terminator in an input string allows attackers to execute arbitrary code via a crafted subtitles file."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Allows attacker to execute arbitrary code.",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-04-26T09:57:01.000Z",
"orgId": "897c38be-0345-43cd-b6cf-fe179e0c4f45",
"shortName": "checkpoint"
},
"references": [
{
"name": "GLSA-201707-10",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO"
],
"url": "https://security.gentoo.org/glsa/201707-10"
},
{
"name": "44514",
"tags": [
"exploit",
"x_refsource_EXPLOIT-DB"
],
"url": "https://www.exploit-db.com/exploits/44514/"
},
{
"name": "98634",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/98634"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://git.videolan.org/?p=vlc.git%3Ba=commitdiff%3Bh=775de716add17322f24b476439f903a829446eb6"
},
{
"name": "DSA-3899",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN"
],
"url": "http://www.debian.org/security/2017/dsa-3899"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@checkpoint.com",
"ID": "CVE-2017-8311",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "VLC",
"version": {
"version_data": [
{
"version_value": "\u003c2.2.5"
}
]
}
}
]
},
"vendor_name": "VideoLAN"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Potential heap based buffer overflow in ParseJSS in VideoLAN VLC before 2.2.5 due to skipping NULL terminator in an input string allows attackers to execute arbitrary code via a crafted subtitles file."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Allows attacker to execute arbitrary code."
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "GLSA-201707-10",
"refsource": "GENTOO",
"url": "https://security.gentoo.org/glsa/201707-10"
},
{
"name": "44514",
"refsource": "EXPLOIT-DB",
"url": "https://www.exploit-db.com/exploits/44514/"
},
{
"name": "98634",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/98634"
},
{
"name": "http://git.videolan.org/?p=vlc.git;a=commitdiff;h=775de716add17322f24b476439f903a829446eb6",
"refsource": "CONFIRM",
"url": "http://git.videolan.org/?p=vlc.git;a=commitdiff;h=775de716add17322f24b476439f903a829446eb6"
},
{
"name": "DSA-3899",
"refsource": "DEBIAN",
"url": "http://www.debian.org/security/2017/dsa-3899"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "897c38be-0345-43cd-b6cf-fe179e0c4f45",
"assignerShortName": "checkpoint",
"cveId": "CVE-2017-8311",
"datePublished": "2017-05-23T21:00:00.000Z",
"dateReserved": "2017-04-28T00:00:00.000Z",
"dateUpdated": "2024-08-05T16:34:22.584Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2017-8310 (GCVE-0-2017-8310)
Vulnerability from nvd – Published: 2017-05-23 21:00 – Updated: 2024-08-05 16:34
VLAI?
Summary
Heap out-of-bound read in CreateHtmlSubtitle in VideoLAN VLC 2.2.x due to missing check of string termination allows attackers to read data beyond allocated memory and potentially crash the process (causing a denial of service) via a crafted subtitles file.
Severity ?
No CVSS data available.
CWE
- Allows attacker to read data beyond allocated memory and potentially crash the process (causing a denial of service)
Assigner
References
| URL | Tags | |||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||
Date Public ?
2017-04-06 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T16:34:21.655Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "GLSA-201707-10",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO",
"x_transferred"
],
"url": "https://security.gentoo.org/glsa/201707-10"
},
{
"name": "98638",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/98638"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://git.videolan.org/?p=vlc/vlc-2.2.git%3Ba=blobdiff%3Bf=modules/codec/subsdec.c%3Bh=addd8c71f30d53558fffd19059b374be45cf0f8e%3Bhp=1b4276e299a2a6668047231d29ac705ae93076ba%3Bhb=7cac839692ab79dbfe5e4ebd4c4e37d9a8b1b328%3Bhpb=3477dba3d506de8d95bccef2c6b67861188f6c29"
},
{
"name": "DSA-3899",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN",
"x_transferred"
],
"url": "http://www.debian.org/security/2017/dsa-3899"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "VLC",
"vendor": "VideoLAN",
"versions": [
{
"status": "affected",
"version": "2.2.*"
}
]
}
],
"datePublic": "2017-04-06T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "Heap out-of-bound read in CreateHtmlSubtitle in VideoLAN VLC 2.2.x due to missing check of string termination allows attackers to read data beyond allocated memory and potentially crash the process (causing a denial of service) via a crafted subtitles file."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Allows attacker to read data beyond allocated memory and potentially crash the process (causing a denial of service)",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-11-03T18:57:01.000Z",
"orgId": "897c38be-0345-43cd-b6cf-fe179e0c4f45",
"shortName": "checkpoint"
},
"references": [
{
"name": "GLSA-201707-10",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO"
],
"url": "https://security.gentoo.org/glsa/201707-10"
},
{
"name": "98638",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/98638"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://git.videolan.org/?p=vlc/vlc-2.2.git%3Ba=blobdiff%3Bf=modules/codec/subsdec.c%3Bh=addd8c71f30d53558fffd19059b374be45cf0f8e%3Bhp=1b4276e299a2a6668047231d29ac705ae93076ba%3Bhb=7cac839692ab79dbfe5e4ebd4c4e37d9a8b1b328%3Bhpb=3477dba3d506de8d95bccef2c6b67861188f6c29"
},
{
"name": "DSA-3899",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN"
],
"url": "http://www.debian.org/security/2017/dsa-3899"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@checkpoint.com",
"ID": "CVE-2017-8310",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "VLC",
"version": {
"version_data": [
{
"version_value": "2.2.*"
}
]
}
}
]
},
"vendor_name": "VideoLAN"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Heap out-of-bound read in CreateHtmlSubtitle in VideoLAN VLC 2.2.x due to missing check of string termination allows attackers to read data beyond allocated memory and potentially crash the process (causing a denial of service) via a crafted subtitles file."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Allows attacker to read data beyond allocated memory and potentially crash the process (causing a denial of service)"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "GLSA-201707-10",
"refsource": "GENTOO",
"url": "https://security.gentoo.org/glsa/201707-10"
},
{
"name": "98638",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/98638"
},
{
"name": "http://git.videolan.org/?p=vlc/vlc-2.2.git;a=blobdiff;f=modules/codec/subsdec.c;h=addd8c71f30d53558fffd19059b374be45cf0f8e;hp=1b4276e299a2a6668047231d29ac705ae93076ba;hb=7cac839692ab79dbfe5e4ebd4c4e37d9a8b1b328;hpb=3477dba3d506de8d95bccef2c6b67861188f6c29",
"refsource": "CONFIRM",
"url": "http://git.videolan.org/?p=vlc/vlc-2.2.git;a=blobdiff;f=modules/codec/subsdec.c;h=addd8c71f30d53558fffd19059b374be45cf0f8e;hp=1b4276e299a2a6668047231d29ac705ae93076ba;hb=7cac839692ab79dbfe5e4ebd4c4e37d9a8b1b328;hpb=3477dba3d506de8d95bccef2c6b67861188f6c29"
},
{
"name": "DSA-3899",
"refsource": "DEBIAN",
"url": "http://www.debian.org/security/2017/dsa-3899"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "897c38be-0345-43cd-b6cf-fe179e0c4f45",
"assignerShortName": "checkpoint",
"cveId": "CVE-2017-8310",
"datePublished": "2017-05-23T21:00:00.000Z",
"dateReserved": "2017-04-28T00:00:00.000Z",
"dateUpdated": "2024-08-05T16:34:21.655Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2014-6440 (GCVE-0-2014-6440)
Vulnerability from nvd – Published: 2017-03-28 15:00 – Updated: 2024-08-06 12:17
VLAI?
Summary
VideoLAN VLC media player before 2.1.5 allows remote attackers to execute arbitrary code or cause a denial of service.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | ||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||
Date Public ?
2016-03-04 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T12:17:23.884Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://www.videolan.org/developers/vlc-branch/NEWS"
},
{
"name": "72950",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/72950"
},
{
"name": "GLSA-201603-08",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO",
"x_transferred"
],
"url": "https://security.gentoo.org/glsa/201603-08"
},
{
"name": "[oss-security] 20150304 CVE-2014-6440: Heap Overflow in VLC Transcode Module",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://seclists.org/oss-sec/2015/q1/751"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://billblough.net/blog/2015/03/04/cve-2014-6440-heap-overflow-in-vlc-transcode-module/"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2016-03-04T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "VideoLAN VLC media player before 2.1.5 allows remote attackers to execute arbitrary code or cause a denial of service."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-03-28T14:57:01.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "http://www.videolan.org/developers/vlc-branch/NEWS"
},
{
"name": "72950",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/72950"
},
{
"name": "GLSA-201603-08",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO"
],
"url": "https://security.gentoo.org/glsa/201603-08"
},
{
"name": "[oss-security] 20150304 CVE-2014-6440: Heap Overflow in VLC Transcode Module",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://seclists.org/oss-sec/2015/q1/751"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://billblough.net/blog/2015/03/04/cve-2014-6440-heap-overflow-in-vlc-transcode-module/"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2014-6440",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "VideoLAN VLC media player before 2.1.5 allows remote attackers to execute arbitrary code or cause a denial of service."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://www.videolan.org/developers/vlc-branch/NEWS",
"refsource": "MISC",
"url": "http://www.videolan.org/developers/vlc-branch/NEWS"
},
{
"name": "72950",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/72950"
},
{
"name": "GLSA-201603-08",
"refsource": "GENTOO",
"url": "https://security.gentoo.org/glsa/201603-08"
},
{
"name": "[oss-security] 20150304 CVE-2014-6440: Heap Overflow in VLC Transcode Module",
"refsource": "MLIST",
"url": "http://seclists.org/oss-sec/2015/q1/751"
},
{
"name": "http://billblough.net/blog/2015/03/04/cve-2014-6440-heap-overflow-in-vlc-transcode-module/",
"refsource": "MISC",
"url": "http://billblough.net/blog/2015/03/04/cve-2014-6440-heap-overflow-in-vlc-transcode-module/"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2014-6440",
"datePublished": "2017-03-28T15:00:00.000Z",
"dateReserved": "2014-09-16T00:00:00.000Z",
"dateUpdated": "2024-08-06T12:17:23.884Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2008-2147 (GCVE-0-2008-2147)
Vulnerability from nvd – Published: 2008-05-12 20:00 – Updated: 2024-08-07 08:49
VLAI?
Summary
Untrusted search path vulnerability in VideoLAN VLC before 0.9.0 allows local users to execute arbitrary code via a malicious library under the modules/ or plugins/ subdirectories of the current working directory.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | ||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||
Date Public ?
2008-05-10 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T08:49:58.575Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "31317",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/31317"
},
{
"name": "vlc-searchpath-code-execution(42377)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/42377"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://git.videolan.org/?p=vlc.git%3Ba=commit%3Bh=c7cef4fdd8dd72ce0a45be3cda8ba98df5e83181"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://trac.videolan.org/vlc/ticket/1578"
},
{
"name": "GLSA-200807-13",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO",
"x_transferred"
],
"url": "http://security.gentoo.org/glsa/glsa-200807-13.xml"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2008-05-10T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "Untrusted search path vulnerability in VideoLAN VLC before 0.9.0 allows local users to execute arbitrary code via a malicious library under the modules/ or plugins/ subdirectories of the current working directory."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-08-07T12:57:01.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "31317",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/31317"
},
{
"name": "vlc-searchpath-code-execution(42377)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/42377"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://git.videolan.org/?p=vlc.git%3Ba=commit%3Bh=c7cef4fdd8dd72ce0a45be3cda8ba98df5e83181"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://trac.videolan.org/vlc/ticket/1578"
},
{
"name": "GLSA-200807-13",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO"
],
"url": "http://security.gentoo.org/glsa/glsa-200807-13.xml"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2008-2147",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Untrusted search path vulnerability in VideoLAN VLC before 0.9.0 allows local users to execute arbitrary code via a malicious library under the modules/ or plugins/ subdirectories of the current working directory."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "31317",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/31317"
},
{
"name": "vlc-searchpath-code-execution(42377)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/42377"
},
{
"name": "http://git.videolan.org/?p=vlc.git;a=commit;h=c7cef4fdd8dd72ce0a45be3cda8ba98df5e83181",
"refsource": "CONFIRM",
"url": "http://git.videolan.org/?p=vlc.git;a=commit;h=c7cef4fdd8dd72ce0a45be3cda8ba98df5e83181"
},
{
"name": "http://trac.videolan.org/vlc/ticket/1578",
"refsource": "CONFIRM",
"url": "http://trac.videolan.org/vlc/ticket/1578"
},
{
"name": "GLSA-200807-13",
"refsource": "GENTOO",
"url": "http://security.gentoo.org/glsa/glsa-200807-13.xml"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2008-2147",
"datePublished": "2008-05-12T20:00:00.000Z",
"dateReserved": "2008-05-12T00:00:00.000Z",
"dateUpdated": "2024-08-07T08:49:58.575Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2008-1769 (GCVE-0-2008-1769)
Vulnerability from nvd – Published: 2008-04-24 18:00 – Updated: 2024-08-07 08:32
VLAI?
Summary
VLC before 0.8.6f allow remote attackers to cause a denial of service (crash) via a crafted Cinepak file that triggers an out-of-bounds array access and memory corruption.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | ||||||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||||||||||||||||||||
Date Public ?
2008-04-23 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T08:32:01.282Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.videolan.org/security/sa0803.php"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://git.videolan.org/gitweb.cgi/vlc.git/?a=commit%3Bh=cf489d7bff3c1b36b2d5501ecf21129c78104d98"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.videolan.org/developers/vlc/NEWS"
},
{
"name": "GLSA-200804-25",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO",
"x_transferred"
],
"url": "http://security.gentoo.org/glsa/glsa-200804-25.xml"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://wiki.videolan.org/Changelog/0.8.6f"
},
{
"name": "28904",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/28904"
},
{
"name": "29800",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/29800"
},
{
"name": "oval:org.mitre.oval:def:14445",
"tags": [
"vdb-entry",
"signature",
"x_refsource_OVAL",
"x_transferred"
],
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A14445"
},
{
"name": "29503",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/29503"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://bugs.gentoo.org/show_bug.cgi?id=214627#c3"
},
{
"name": "ADV-2008-0985",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2008/0985"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2008-04-23T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "VLC before 0.8.6f allow remote attackers to cause a denial of service (crash) via a crafted Cinepak file that triggers an out-of-bounds array access and memory corruption."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-09-28T12:57:01.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.videolan.org/security/sa0803.php"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://git.videolan.org/gitweb.cgi/vlc.git/?a=commit%3Bh=cf489d7bff3c1b36b2d5501ecf21129c78104d98"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.videolan.org/developers/vlc/NEWS"
},
{
"name": "GLSA-200804-25",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO"
],
"url": "http://security.gentoo.org/glsa/glsa-200804-25.xml"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://wiki.videolan.org/Changelog/0.8.6f"
},
{
"name": "28904",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/28904"
},
{
"name": "29800",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/29800"
},
{
"name": "oval:org.mitre.oval:def:14445",
"tags": [
"vdb-entry",
"signature",
"x_refsource_OVAL"
],
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A14445"
},
{
"name": "29503",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/29503"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://bugs.gentoo.org/show_bug.cgi?id=214627#c3"
},
{
"name": "ADV-2008-0985",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2008/0985"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2008-1769",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "VLC before 0.8.6f allow remote attackers to cause a denial of service (crash) via a crafted Cinepak file that triggers an out-of-bounds array access and memory corruption."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://www.videolan.org/security/sa0803.php",
"refsource": "CONFIRM",
"url": "http://www.videolan.org/security/sa0803.php"
},
{
"name": "http://git.videolan.org/gitweb.cgi/vlc.git/?a=commit;h=cf489d7bff3c1b36b2d5501ecf21129c78104d98",
"refsource": "MISC",
"url": "http://git.videolan.org/gitweb.cgi/vlc.git/?a=commit;h=cf489d7bff3c1b36b2d5501ecf21129c78104d98"
},
{
"name": "http://www.videolan.org/developers/vlc/NEWS",
"refsource": "CONFIRM",
"url": "http://www.videolan.org/developers/vlc/NEWS"
},
{
"name": "GLSA-200804-25",
"refsource": "GENTOO",
"url": "http://security.gentoo.org/glsa/glsa-200804-25.xml"
},
{
"name": "http://wiki.videolan.org/Changelog/0.8.6f",
"refsource": "CONFIRM",
"url": "http://wiki.videolan.org/Changelog/0.8.6f"
},
{
"name": "28904",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/28904"
},
{
"name": "29800",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/29800"
},
{
"name": "oval:org.mitre.oval:def:14445",
"refsource": "OVAL",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A14445"
},
{
"name": "29503",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/29503"
},
{
"name": "http://bugs.gentoo.org/show_bug.cgi?id=214627#c3",
"refsource": "MISC",
"url": "http://bugs.gentoo.org/show_bug.cgi?id=214627#c3"
},
{
"name": "ADV-2008-0985",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2008/0985"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2008-1769",
"datePublished": "2008-04-24T18:00:00.000Z",
"dateReserved": "2008-04-12T00:00:00.000Z",
"dateUpdated": "2024-08-07T08:32:01.282Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2008-1768 (GCVE-0-2008-1768)
Vulnerability from nvd – Published: 2008-04-24 18:00 – Updated: 2024-08-07 08:32
VLAI?
Summary
Multiple integer overflows in VLC before 0.8.6f allow remote attackers to cause a denial of service (crash) via the (1) MP4 demuxer, (2) Real demuxer, and (3) Cinepak codec, which triggers a buffer overflow.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | ||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||||||||||||||
Date Public ?
2008-04-23 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T08:32:01.266Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.videolan.org/security/sa0803.php"
},
{
"name": "28903",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/28903"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.videolan.org/developers/vlc/NEWS"
},
{
"name": "GLSA-200804-25",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO",
"x_transferred"
],
"url": "http://security.gentoo.org/glsa/glsa-200804-25.xml"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://wiki.videolan.org/Changelog/0.8.6f"
},
{
"name": "oval:org.mitre.oval:def:14412",
"tags": [
"vdb-entry",
"signature",
"x_refsource_OVAL",
"x_transferred"
],
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A14412"
},
{
"name": "29800",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/29800"
},
{
"name": "29503",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/29503"
},
{
"name": "ADV-2008-0985",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2008/0985"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2008-04-23T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "Multiple integer overflows in VLC before 0.8.6f allow remote attackers to cause a denial of service (crash) via the (1) MP4 demuxer, (2) Real demuxer, and (3) Cinepak codec, which triggers a buffer overflow."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-09-28T12:57:01.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.videolan.org/security/sa0803.php"
},
{
"name": "28903",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/28903"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.videolan.org/developers/vlc/NEWS"
},
{
"name": "GLSA-200804-25",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO"
],
"url": "http://security.gentoo.org/glsa/glsa-200804-25.xml"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://wiki.videolan.org/Changelog/0.8.6f"
},
{
"name": "oval:org.mitre.oval:def:14412",
"tags": [
"vdb-entry",
"signature",
"x_refsource_OVAL"
],
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A14412"
},
{
"name": "29800",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/29800"
},
{
"name": "29503",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/29503"
},
{
"name": "ADV-2008-0985",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2008/0985"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2008-1768",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Multiple integer overflows in VLC before 0.8.6f allow remote attackers to cause a denial of service (crash) via the (1) MP4 demuxer, (2) Real demuxer, and (3) Cinepak codec, which triggers a buffer overflow."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://www.videolan.org/security/sa0803.php",
"refsource": "CONFIRM",
"url": "http://www.videolan.org/security/sa0803.php"
},
{
"name": "28903",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/28903"
},
{
"name": "http://www.videolan.org/developers/vlc/NEWS",
"refsource": "CONFIRM",
"url": "http://www.videolan.org/developers/vlc/NEWS"
},
{
"name": "GLSA-200804-25",
"refsource": "GENTOO",
"url": "http://security.gentoo.org/glsa/glsa-200804-25.xml"
},
{
"name": "http://wiki.videolan.org/Changelog/0.8.6f",
"refsource": "CONFIRM",
"url": "http://wiki.videolan.org/Changelog/0.8.6f"
},
{
"name": "oval:org.mitre.oval:def:14412",
"refsource": "OVAL",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A14412"
},
{
"name": "29800",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/29800"
},
{
"name": "29503",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/29503"
},
{
"name": "ADV-2008-0985",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2008/0985"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2008-1768",
"datePublished": "2008-04-24T18:00:00.000Z",
"dateReserved": "2008-04-12T00:00:00.000Z",
"dateUpdated": "2024-08-07T08:32:01.266Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2008-1881 (GCVE-0-2008-1881)
Vulnerability from nvd – Published: 2008-04-17 23:00 – Updated: 2024-08-07 08:40
VLAI?
Summary
Stack-based buffer overflow in the ParseSSA function (modules/demux/subtitle.c) in VLC 0.8.6e allows remote attackers to execute arbitrary code via a long subtitle in an SSA file. NOTE: this issue is due to an incomplete fix for CVE-2007-6681.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | ||||||||||||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||||||||||||||||||||||||||
Date Public ?
2008-03-17 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T08:40:59.548Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "vlc-parsessa-bo(41936)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/41936"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://aluigi.org/adv/vlcboffs-adv.txt"
},
{
"name": "20080317 VLC highlander bug",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://www.securityfocus.com/archive/1/489698"
},
{
"name": "28233",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/28233"
},
{
"name": "GLSA-200804-25",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO",
"x_transferred"
],
"url": "http://security.gentoo.org/glsa/glsa-200804-25.xml"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://wiki.videolan.org/Changelog/0.8.6f"
},
{
"name": "28274",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/28274"
},
{
"name": "29800",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/29800"
},
{
"name": "oval:org.mitre.oval:def:14872",
"tags": [
"vdb-entry",
"signature",
"x_refsource_OVAL",
"x_transferred"
],
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A14872"
},
{
"name": "5250",
"tags": [
"exploit",
"x_refsource_EXPLOIT-DB",
"x_transferred"
],
"url": "https://www.exploit-db.com/exploits/5250"
},
{
"name": "vlcmediaplayer-subtitle-bo(41237)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/41237"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://aluigi.altervista.org/adv/vlcboffs-adv.txt"
},
{
"name": "28251",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/28251"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2008-03-17T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "Stack-based buffer overflow in the ParseSSA function (modules/demux/subtitle.c) in VLC 0.8.6e allows remote attackers to execute arbitrary code via a long subtitle in an SSA file. NOTE: this issue is due to an incomplete fix for CVE-2007-6681."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-09-28T12:57:01.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "vlc-parsessa-bo(41936)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/41936"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://aluigi.org/adv/vlcboffs-adv.txt"
},
{
"name": "20080317 VLC highlander bug",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://www.securityfocus.com/archive/1/489698"
},
{
"name": "28233",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/28233"
},
{
"name": "GLSA-200804-25",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO"
],
"url": "http://security.gentoo.org/glsa/glsa-200804-25.xml"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://wiki.videolan.org/Changelog/0.8.6f"
},
{
"name": "28274",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/28274"
},
{
"name": "29800",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/29800"
},
{
"name": "oval:org.mitre.oval:def:14872",
"tags": [
"vdb-entry",
"signature",
"x_refsource_OVAL"
],
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A14872"
},
{
"name": "5250",
"tags": [
"exploit",
"x_refsource_EXPLOIT-DB"
],
"url": "https://www.exploit-db.com/exploits/5250"
},
{
"name": "vlcmediaplayer-subtitle-bo(41237)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/41237"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://aluigi.altervista.org/adv/vlcboffs-adv.txt"
},
{
"name": "28251",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/28251"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2008-1881",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Stack-based buffer overflow in the ParseSSA function (modules/demux/subtitle.c) in VLC 0.8.6e allows remote attackers to execute arbitrary code via a long subtitle in an SSA file. NOTE: this issue is due to an incomplete fix for CVE-2007-6681."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "vlc-parsessa-bo(41936)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/41936"
},
{
"name": "http://aluigi.org/adv/vlcboffs-adv.txt",
"refsource": "MISC",
"url": "http://aluigi.org/adv/vlcboffs-adv.txt"
},
{
"name": "20080317 VLC highlander bug",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/489698"
},
{
"name": "28233",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/28233"
},
{
"name": "GLSA-200804-25",
"refsource": "GENTOO",
"url": "http://security.gentoo.org/glsa/glsa-200804-25.xml"
},
{
"name": "http://wiki.videolan.org/Changelog/0.8.6f",
"refsource": "CONFIRM",
"url": "http://wiki.videolan.org/Changelog/0.8.6f"
},
{
"name": "28274",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/28274"
},
{
"name": "29800",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/29800"
},
{
"name": "oval:org.mitre.oval:def:14872",
"refsource": "OVAL",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A14872"
},
{
"name": "5250",
"refsource": "EXPLOIT-DB",
"url": "https://www.exploit-db.com/exploits/5250"
},
{
"name": "vlcmediaplayer-subtitle-bo(41237)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/41237"
},
{
"name": "http://aluigi.altervista.org/adv/vlcboffs-adv.txt",
"refsource": "MISC",
"url": "http://aluigi.altervista.org/adv/vlcboffs-adv.txt"
},
{
"name": "28251",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/28251"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2008-1881",
"datePublished": "2008-04-17T23:00:00.000Z",
"dateReserved": "2008-04-17T00:00:00.000Z",
"dateUpdated": "2024-08-07T08:40:59.548Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2008-1489 (GCVE-0-2008-1489)
Vulnerability from nvd – Published: 2008-03-25 00:00 – Updated: 2024-08-07 08:24
VLAI?
Summary
Integer overflow in the MP4_ReadBox_rdrf function in libmp4.c for VLC 0.8.6e allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a crafted MP4 RDRF box that triggers a heap-based buffer overflow, a different vulnerability than CVE-2008-0984.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | |||||||||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||||||||||||||||||||
Date Public ?
2008-03-24 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T08:24:42.183Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "DSA-1543",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN",
"x_transferred"
],
"url": "http://www.debian.org/security/2008/dsa-1543"
},
{
"name": "28433",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/28433"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://trac.videolan.org/vlc/changeset/09572892df7e72c0d4e598c0b5e076cf330d8b0a"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.videolan.org/security/sa0803.php"
},
{
"name": "GLSA-200804-25",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO",
"x_transferred"
],
"url": "http://security.gentoo.org/glsa/glsa-200804-25.xml"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://wiki.videolan.org/Changelog/0.8.6f"
},
{
"name": "29800",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/29800"
},
{
"name": "oval:org.mitre.oval:def:14841",
"tags": [
"vdb-entry",
"signature",
"x_refsource_OVAL",
"x_transferred"
],
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A14841"
},
{
"name": "29766",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/29766"
},
{
"name": "29503",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/29503"
},
{
"name": "ADV-2008-0985",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2008/0985"
},
{
"name": "vlcmediaplayer-mp4readbox-rdrf-bo(41412)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/41412"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2008-03-24T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "Integer overflow in the MP4_ReadBox_rdrf function in libmp4.c for VLC 0.8.6e allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a crafted MP4 RDRF box that triggers a heap-based buffer overflow, a different vulnerability than CVE-2008-0984."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-09-28T12:57:01.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "DSA-1543",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN"
],
"url": "http://www.debian.org/security/2008/dsa-1543"
},
{
"name": "28433",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/28433"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://trac.videolan.org/vlc/changeset/09572892df7e72c0d4e598c0b5e076cf330d8b0a"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.videolan.org/security/sa0803.php"
},
{
"name": "GLSA-200804-25",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO"
],
"url": "http://security.gentoo.org/glsa/glsa-200804-25.xml"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://wiki.videolan.org/Changelog/0.8.6f"
},
{
"name": "29800",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/29800"
},
{
"name": "oval:org.mitre.oval:def:14841",
"tags": [
"vdb-entry",
"signature",
"x_refsource_OVAL"
],
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A14841"
},
{
"name": "29766",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/29766"
},
{
"name": "29503",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/29503"
},
{
"name": "ADV-2008-0985",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2008/0985"
},
{
"name": "vlcmediaplayer-mp4readbox-rdrf-bo(41412)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/41412"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2008-1489",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Integer overflow in the MP4_ReadBox_rdrf function in libmp4.c for VLC 0.8.6e allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a crafted MP4 RDRF box that triggers a heap-based buffer overflow, a different vulnerability than CVE-2008-0984."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "DSA-1543",
"refsource": "DEBIAN",
"url": "http://www.debian.org/security/2008/dsa-1543"
},
{
"name": "28433",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/28433"
},
{
"name": "http://trac.videolan.org/vlc/changeset/09572892df7e72c0d4e598c0b5e076cf330d8b0a",
"refsource": "CONFIRM",
"url": "http://trac.videolan.org/vlc/changeset/09572892df7e72c0d4e598c0b5e076cf330d8b0a"
},
{
"name": "http://www.videolan.org/security/sa0803.php",
"refsource": "CONFIRM",
"url": "http://www.videolan.org/security/sa0803.php"
},
{
"name": "GLSA-200804-25",
"refsource": "GENTOO",
"url": "http://security.gentoo.org/glsa/glsa-200804-25.xml"
},
{
"name": "http://wiki.videolan.org/Changelog/0.8.6f",
"refsource": "CONFIRM",
"url": "http://wiki.videolan.org/Changelog/0.8.6f"
},
{
"name": "29800",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/29800"
},
{
"name": "oval:org.mitre.oval:def:14841",
"refsource": "OVAL",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A14841"
},
{
"name": "29766",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/29766"
},
{
"name": "29503",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/29503"
},
{
"name": "ADV-2008-0985",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2008/0985"
},
{
"name": "vlcmediaplayer-mp4readbox-rdrf-bo(41412)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/41412"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2008-1489",
"datePublished": "2008-03-25T00:00:00.000Z",
"dateReserved": "2008-03-24T00:00:00.000Z",
"dateUpdated": "2024-08-07T08:24:42.183Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2007-6683 (GCVE-0-2007-6683)
Vulnerability from nvd – Published: 2008-01-17 00:00 – Updated: 2024-08-07 16:18
VLAI?
Summary
The browser plugin in VideoLAN VLC 0.8.6d allows remote attackers to overwrite arbitrary files via (1) the :demuxdump-file option in a filename in a playlist, or (2) a EXTVLCOPT statement in an MP3 file, possibly an argument injection vulnerability.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | ||||||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||||||||||||||||||||
Date Public ?
2007-12-26 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T16:18:20.281Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "28712",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/28712"
},
{
"name": "29284",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/29284"
},
{
"name": "42205",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://osvdb.org/42205"
},
{
"name": "DSA-1543",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN",
"x_transferred"
],
"url": "http://www.debian.org/security/2008/dsa-1543"
},
{
"name": "42206",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://osvdb.org/42206"
},
{
"name": "[vlc-devel] 20071226 Regarding \"obscure\" security problem",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://mailman.videolan.org/pipermail/vlc-devel/2007-December/037726.html"
},
{
"name": "oval:org.mitre.oval:def:14619",
"tags": [
"vdb-entry",
"signature",
"x_refsource_OVAL",
"x_transferred"
],
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A14619"
},
{
"name": "29766",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/29766"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://trac.videolan.org/vlc/ticket/1371"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://trac.videolan.org/vlc/changeset/23197"
},
{
"name": "GLSA-200803-13",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO",
"x_transferred"
],
"url": "http://www.gentoo.org/security/en/glsa/glsa-200803-13.xml"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2007-12-26T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "The browser plugin in VideoLAN VLC 0.8.6d allows remote attackers to overwrite arbitrary files via (1) the :demuxdump-file option in a filename in a playlist, or (2) a EXTVLCOPT statement in an MP3 file, possibly an argument injection vulnerability."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-09-28T12:57:01.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "28712",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/28712"
},
{
"name": "29284",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/29284"
},
{
"name": "42205",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://osvdb.org/42205"
},
{
"name": "DSA-1543",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN"
],
"url": "http://www.debian.org/security/2008/dsa-1543"
},
{
"name": "42206",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://osvdb.org/42206"
},
{
"name": "[vlc-devel] 20071226 Regarding \"obscure\" security problem",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://mailman.videolan.org/pipermail/vlc-devel/2007-December/037726.html"
},
{
"name": "oval:org.mitre.oval:def:14619",
"tags": [
"vdb-entry",
"signature",
"x_refsource_OVAL"
],
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A14619"
},
{
"name": "29766",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/29766"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://trac.videolan.org/vlc/ticket/1371"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://trac.videolan.org/vlc/changeset/23197"
},
{
"name": "GLSA-200803-13",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO"
],
"url": "http://www.gentoo.org/security/en/glsa/glsa-200803-13.xml"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2007-6683",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The browser plugin in VideoLAN VLC 0.8.6d allows remote attackers to overwrite arbitrary files via (1) the :demuxdump-file option in a filename in a playlist, or (2) a EXTVLCOPT statement in an MP3 file, possibly an argument injection vulnerability."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "28712",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/28712"
},
{
"name": "29284",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/29284"
},
{
"name": "42205",
"refsource": "OSVDB",
"url": "http://osvdb.org/42205"
},
{
"name": "DSA-1543",
"refsource": "DEBIAN",
"url": "http://www.debian.org/security/2008/dsa-1543"
},
{
"name": "42206",
"refsource": "OSVDB",
"url": "http://osvdb.org/42206"
},
{
"name": "[vlc-devel] 20071226 Regarding \"obscure\" security problem",
"refsource": "MLIST",
"url": "http://mailman.videolan.org/pipermail/vlc-devel/2007-December/037726.html"
},
{
"name": "oval:org.mitre.oval:def:14619",
"refsource": "OVAL",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A14619"
},
{
"name": "29766",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/29766"
},
{
"name": "https://trac.videolan.org/vlc/ticket/1371",
"refsource": "CONFIRM",
"url": "https://trac.videolan.org/vlc/ticket/1371"
},
{
"name": "https://trac.videolan.org/vlc/changeset/23197",
"refsource": "CONFIRM",
"url": "https://trac.videolan.org/vlc/changeset/23197"
},
{
"name": "GLSA-200803-13",
"refsource": "GENTOO",
"url": "http://www.gentoo.org/security/en/glsa/glsa-200803-13.xml"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2007-6683",
"datePublished": "2008-01-17T00:00:00.000Z",
"dateReserved": "2008-01-16T00:00:00.000Z",
"dateUpdated": "2024-08-07T16:18:20.281Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2007-6684 (GCVE-0-2007-6684)
Vulnerability from nvd – Published: 2008-01-17 00:00 – Updated: 2024-08-07 16:18
VLAI?
Summary
The RTSP module in VideoLAN VLC 0.8.6d allows remote attackers to cause a denial of service (crash) via a request without a Transport parameter, which triggers a NULL pointer dereference.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | ||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||
Date Public ?
2007-09-15 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T16:18:20.238Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "29284",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/29284"
},
{
"name": "oval:org.mitre.oval:def:14876",
"tags": [
"vdb-entry",
"signature",
"x_refsource_OVAL",
"x_transferred"
],
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A14876"
},
{
"name": "[vlc-devel] 20070915 vlc: svn commit r22023 (courmisch)",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://mailman.videolan.org/pipermail/vlc-devel/2007-September/034722.html"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://trac.videolan.org/vlc/changeset/22023"
},
{
"name": "GLSA-200803-13",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO",
"x_transferred"
],
"url": "http://www.gentoo.org/security/en/glsa/glsa-200803-13.xml"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2007-09-15T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "The RTSP module in VideoLAN VLC 0.8.6d allows remote attackers to cause a denial of service (crash) via a request without a Transport parameter, which triggers a NULL pointer dereference."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-09-28T12:57:01.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "29284",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/29284"
},
{
"name": "oval:org.mitre.oval:def:14876",
"tags": [
"vdb-entry",
"signature",
"x_refsource_OVAL"
],
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A14876"
},
{
"name": "[vlc-devel] 20070915 vlc: svn commit r22023 (courmisch)",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://mailman.videolan.org/pipermail/vlc-devel/2007-September/034722.html"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://trac.videolan.org/vlc/changeset/22023"
},
{
"name": "GLSA-200803-13",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO"
],
"url": "http://www.gentoo.org/security/en/glsa/glsa-200803-13.xml"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2007-6684",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The RTSP module in VideoLAN VLC 0.8.6d allows remote attackers to cause a denial of service (crash) via a request without a Transport parameter, which triggers a NULL pointer dereference."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "29284",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/29284"
},
{
"name": "oval:org.mitre.oval:def:14876",
"refsource": "OVAL",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A14876"
},
{
"name": "[vlc-devel] 20070915 vlc: svn commit r22023 (courmisch)",
"refsource": "MLIST",
"url": "http://mailman.videolan.org/pipermail/vlc-devel/2007-September/034722.html"
},
{
"name": "http://trac.videolan.org/vlc/changeset/22023",
"refsource": "CONFIRM",
"url": "http://trac.videolan.org/vlc/changeset/22023"
},
{
"name": "GLSA-200803-13",
"refsource": "GENTOO",
"url": "http://www.gentoo.org/security/en/glsa/glsa-200803-13.xml"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2007-6684",
"datePublished": "2008-01-17T00:00:00.000Z",
"dateReserved": "2008-01-16T00:00:00.000Z",
"dateUpdated": "2024-08-07T16:18:20.238Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2007-6681 (GCVE-0-2007-6681)
Vulnerability from nvd – Published: 2008-01-17 00:00 – Updated: 2024-08-07 16:18
VLAI?
Summary
Stack-based buffer overflow in modules/demux/subtitle.c in VideoLAN VLC 0.8.6d allows remote attackers to execute arbitrary code via a long subtitle in a (1) MicroDvd, (2) SSA, and (3) Vplayer file.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
Date Public ?
2006-06-26 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T16:18:20.564Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "29284",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/29284"
},
{
"name": "DSA-1543",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN",
"x_transferred"
],
"url": "http://www.debian.org/security/2008/dsa-1543"
},
{
"name": "3550",
"tags": [
"third-party-advisory",
"x_refsource_SREASON",
"x_transferred"
],
"url": "http://securityreason.com/securityalert/3550"
},
{
"name": "5667",
"tags": [
"exploit",
"x_refsource_EXPLOIT-DB",
"x_transferred"
],
"url": "https://www.exploit-db.com/exploits/5667"
},
{
"name": "oval:org.mitre.oval:def:14334",
"tags": [
"vdb-entry",
"signature",
"x_refsource_OVAL",
"x_transferred"
],
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A14334"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.videolan.org/security/sa0801.php"
},
{
"name": "28233",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/28233"
},
{
"name": "GLSA-200804-25",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO",
"x_transferred"
],
"url": "http://security.gentoo.org/glsa/glsa-200804-25.xml"
},
{
"name": "27015",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/27015"
},
{
"name": "[vlc-devel] 20070630 vlc: svn commit r20715 (fenrir)",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://mailman.videolan.org/pipermail/vlc-devel/2007-June/033394.html"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://wiki.videolan.org/Changelog/0.8.6f"
},
{
"name": "29800",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/29800"
},
{
"name": "[vlc-devel] 20070626 subtitle processing overflows",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://mailman.videolan.org/pipermail/vlc-devel/2007-June/032672.html"
},
{
"name": "20071224 Buffer-overflow and format string in VideoLAN VLC 0.8.6d",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://www.securityfocus.com/archive/1/485488/30/0/threaded"
},
{
"name": "29766",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/29766"
},
{
"name": "42207",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://osvdb.org/42207"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://aluigi.altervista.org/adv/vlcboffs-adv.txt"
},
{
"name": "GLSA-200803-13",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO",
"x_transferred"
],
"url": "http://www.gentoo.org/security/en/glsa/glsa-200803-13.xml"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2006-06-26T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "Stack-based buffer overflow in modules/demux/subtitle.c in VideoLAN VLC 0.8.6d allows remote attackers to execute arbitrary code via a long subtitle in a (1) MicroDvd, (2) SSA, and (3) Vplayer file."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-09-28T12:57:01.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "29284",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/29284"
},
{
"name": "DSA-1543",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN"
],
"url": "http://www.debian.org/security/2008/dsa-1543"
},
{
"name": "3550",
"tags": [
"third-party-advisory",
"x_refsource_SREASON"
],
"url": "http://securityreason.com/securityalert/3550"
},
{
"name": "5667",
"tags": [
"exploit",
"x_refsource_EXPLOIT-DB"
],
"url": "https://www.exploit-db.com/exploits/5667"
},
{
"name": "oval:org.mitre.oval:def:14334",
"tags": [
"vdb-entry",
"signature",
"x_refsource_OVAL"
],
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A14334"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.videolan.org/security/sa0801.php"
},
{
"name": "28233",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/28233"
},
{
"name": "GLSA-200804-25",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO"
],
"url": "http://security.gentoo.org/glsa/glsa-200804-25.xml"
},
{
"name": "27015",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/27015"
},
{
"name": "[vlc-devel] 20070630 vlc: svn commit r20715 (fenrir)",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://mailman.videolan.org/pipermail/vlc-devel/2007-June/033394.html"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://wiki.videolan.org/Changelog/0.8.6f"
},
{
"name": "29800",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/29800"
},
{
"name": "[vlc-devel] 20070626 subtitle processing overflows",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://mailman.videolan.org/pipermail/vlc-devel/2007-June/032672.html"
},
{
"name": "20071224 Buffer-overflow and format string in VideoLAN VLC 0.8.6d",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://www.securityfocus.com/archive/1/485488/30/0/threaded"
},
{
"name": "29766",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/29766"
},
{
"name": "42207",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://osvdb.org/42207"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://aluigi.altervista.org/adv/vlcboffs-adv.txt"
},
{
"name": "GLSA-200803-13",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO"
],
"url": "http://www.gentoo.org/security/en/glsa/glsa-200803-13.xml"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2007-6681",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Stack-based buffer overflow in modules/demux/subtitle.c in VideoLAN VLC 0.8.6d allows remote attackers to execute arbitrary code via a long subtitle in a (1) MicroDvd, (2) SSA, and (3) Vplayer file."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "29284",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/29284"
},
{
"name": "DSA-1543",
"refsource": "DEBIAN",
"url": "http://www.debian.org/security/2008/dsa-1543"
},
{
"name": "3550",
"refsource": "SREASON",
"url": "http://securityreason.com/securityalert/3550"
},
{
"name": "5667",
"refsource": "EXPLOIT-DB",
"url": "https://www.exploit-db.com/exploits/5667"
},
{
"name": "oval:org.mitre.oval:def:14334",
"refsource": "OVAL",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A14334"
},
{
"name": "http://www.videolan.org/security/sa0801.php",
"refsource": "CONFIRM",
"url": "http://www.videolan.org/security/sa0801.php"
},
{
"name": "28233",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/28233"
},
{
"name": "GLSA-200804-25",
"refsource": "GENTOO",
"url": "http://security.gentoo.org/glsa/glsa-200804-25.xml"
},
{
"name": "27015",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/27015"
},
{
"name": "[vlc-devel] 20070630 vlc: svn commit r20715 (fenrir)",
"refsource": "MLIST",
"url": "http://mailman.videolan.org/pipermail/vlc-devel/2007-June/033394.html"
},
{
"name": "http://wiki.videolan.org/Changelog/0.8.6f",
"refsource": "CONFIRM",
"url": "http://wiki.videolan.org/Changelog/0.8.6f"
},
{
"name": "29800",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/29800"
},
{
"name": "[vlc-devel] 20070626 subtitle processing overflows",
"refsource": "MLIST",
"url": "http://mailman.videolan.org/pipermail/vlc-devel/2007-June/032672.html"
},
{
"name": "20071224 Buffer-overflow and format string in VideoLAN VLC 0.8.6d",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/485488/30/0/threaded"
},
{
"name": "29766",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/29766"
},
{
"name": "42207",
"refsource": "OSVDB",
"url": "http://osvdb.org/42207"
},
{
"name": "http://aluigi.altervista.org/adv/vlcboffs-adv.txt",
"refsource": "MISC",
"url": "http://aluigi.altervista.org/adv/vlcboffs-adv.txt"
},
{
"name": "GLSA-200803-13",
"refsource": "GENTOO",
"url": "http://www.gentoo.org/security/en/glsa/glsa-200803-13.xml"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2007-6681",
"datePublished": "2008-01-17T00:00:00.000Z",
"dateReserved": "2008-01-16T00:00:00.000Z",
"dateUpdated": "2024-08-07T16:18:20.564Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2007-6682 (GCVE-0-2007-6682)
Vulnerability from nvd – Published: 2008-01-17 00:00 – Updated: 2024-08-07 16:18
VLAI?
Summary
Format string vulnerability in the httpd_FileCallBack function (network/httpd.c) in VideoLAN VLC 0.8.6d allows remote attackers to execute arbitrary code via format string specifiers in the Connection parameter.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | ||||||||||||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||||||||||||||||||||||||||
Date Public ?
2007-12-24 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T16:18:20.612Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "29284",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/29284"
},
{
"name": "DSA-1543",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN",
"x_transferred"
],
"url": "http://www.debian.org/security/2008/dsa-1543"
},
{
"name": "3550",
"tags": [
"third-party-advisory",
"x_refsource_SREASON",
"x_transferred"
],
"url": "http://securityreason.com/securityalert/3550"
},
{
"name": "28233",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/28233"
},
{
"name": "oval:org.mitre.oval:def:14790",
"tags": [
"vdb-entry",
"signature",
"x_refsource_OVAL",
"x_transferred"
],
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A14790"
},
{
"name": "5519",
"tags": [
"exploit",
"x_refsource_EXPLOIT-DB",
"x_transferred"
],
"url": "https://www.exploit-db.com/exploits/5519"
},
{
"name": "27015",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/27015"
},
{
"name": "42208",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://osvdb.org/42208"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://trac.videolan.org/vlc/changeset/23839"
},
{
"name": "20071224 Buffer-overflow and format string in VideoLAN VLC 0.8.6d",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://www.securityfocus.com/archive/1/485488/30/0/threaded"
},
{
"name": "29766",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/29766"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://aluigi.altervista.org/adv/vlcboffs-adv.txt"
},
{
"name": "GLSA-200803-13",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO",
"x_transferred"
],
"url": "http://www.gentoo.org/security/en/glsa/glsa-200803-13.xml"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2007-12-24T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "Format string vulnerability in the httpd_FileCallBack function (network/httpd.c) in VideoLAN VLC 0.8.6d allows remote attackers to execute arbitrary code via format string specifiers in the Connection parameter."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-09-28T12:57:01.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "29284",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/29284"
},
{
"name": "DSA-1543",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN"
],
"url": "http://www.debian.org/security/2008/dsa-1543"
},
{
"name": "3550",
"tags": [
"third-party-advisory",
"x_refsource_SREASON"
],
"url": "http://securityreason.com/securityalert/3550"
},
{
"name": "28233",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/28233"
},
{
"name": "oval:org.mitre.oval:def:14790",
"tags": [
"vdb-entry",
"signature",
"x_refsource_OVAL"
],
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A14790"
},
{
"name": "5519",
"tags": [
"exploit",
"x_refsource_EXPLOIT-DB"
],
"url": "https://www.exploit-db.com/exploits/5519"
},
{
"name": "27015",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/27015"
},
{
"name": "42208",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://osvdb.org/42208"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://trac.videolan.org/vlc/changeset/23839"
},
{
"name": "20071224 Buffer-overflow and format string in VideoLAN VLC 0.8.6d",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://www.securityfocus.com/archive/1/485488/30/0/threaded"
},
{
"name": "29766",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/29766"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://aluigi.altervista.org/adv/vlcboffs-adv.txt"
},
{
"name": "GLSA-200803-13",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO"
],
"url": "http://www.gentoo.org/security/en/glsa/glsa-200803-13.xml"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2007-6682",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Format string vulnerability in the httpd_FileCallBack function (network/httpd.c) in VideoLAN VLC 0.8.6d allows remote attackers to execute arbitrary code via format string specifiers in the Connection parameter."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "29284",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/29284"
},
{
"name": "DSA-1543",
"refsource": "DEBIAN",
"url": "http://www.debian.org/security/2008/dsa-1543"
},
{
"name": "3550",
"refsource": "SREASON",
"url": "http://securityreason.com/securityalert/3550"
},
{
"name": "28233",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/28233"
},
{
"name": "oval:org.mitre.oval:def:14790",
"refsource": "OVAL",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A14790"
},
{
"name": "5519",
"refsource": "EXPLOIT-DB",
"url": "https://www.exploit-db.com/exploits/5519"
},
{
"name": "27015",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/27015"
},
{
"name": "42208",
"refsource": "OSVDB",
"url": "http://osvdb.org/42208"
},
{
"name": "http://trac.videolan.org/vlc/changeset/23839",
"refsource": "CONFIRM",
"url": "http://trac.videolan.org/vlc/changeset/23839"
},
{
"name": "20071224 Buffer-overflow and format string in VideoLAN VLC 0.8.6d",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/485488/30/0/threaded"
},
{
"name": "29766",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/29766"
},
{
"name": "http://aluigi.altervista.org/adv/vlcboffs-adv.txt",
"refsource": "MISC",
"url": "http://aluigi.altervista.org/adv/vlcboffs-adv.txt"
},
{
"name": "GLSA-200803-13",
"refsource": "GENTOO",
"url": "http://www.gentoo.org/security/en/glsa/glsa-200803-13.xml"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2007-6682",
"datePublished": "2008-01-17T00:00:00.000Z",
"dateReserved": "2008-01-16T00:00:00.000Z",
"dateUpdated": "2024-08-07T16:18:20.612Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2017-8313 (GCVE-0-2017-8313)
Vulnerability from cvelistv5 – Published: 2017-05-23 21:00 – Updated: 2024-08-05 16:34
VLAI?
Summary
Heap out-of-bound read in ParseJSS in VideoLAN VLC before 2.2.5 due to missing check of string termination allows attackers to read data beyond allocated memory and potentially crash the process via a crafted subtitles file.
Severity ?
No CVSS data available.
CWE
- Allows attacker to read data beyond allocated memory and potentially crash the process (causing a denial of service).
Assigner
References
| URL | Tags | |||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||
Date Public ?
2017-04-06 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T16:34:22.885Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "GLSA-201707-10",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO",
"x_transferred"
],
"url": "https://security.gentoo.org/glsa/201707-10"
},
{
"name": "98633",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/98633"
},
{
"name": "DSA-3899",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN",
"x_transferred"
],
"url": "http://www.debian.org/security/2017/dsa-3899"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://git.videolan.org/?p=vlc/vlc-2.2.git%3Ba=commitdiff%3Bh=05b653355ce303ada3b5e0e645ae717fea39186c"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "VLC",
"vendor": "VideoLAN",
"versions": [
{
"status": "affected",
"version": "\u003c 2.2.5"
}
]
}
],
"datePublic": "2017-04-06T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "Heap out-of-bound read in ParseJSS in VideoLAN VLC before 2.2.5 due to missing check of string termination allows attackers to read data beyond allocated memory and potentially crash the process via a crafted subtitles file."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Allows attacker to read data beyond allocated memory and potentially crash the process (causing a denial of service).",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-11-03T18:57:01.000Z",
"orgId": "897c38be-0345-43cd-b6cf-fe179e0c4f45",
"shortName": "checkpoint"
},
"references": [
{
"name": "GLSA-201707-10",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO"
],
"url": "https://security.gentoo.org/glsa/201707-10"
},
{
"name": "98633",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/98633"
},
{
"name": "DSA-3899",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN"
],
"url": "http://www.debian.org/security/2017/dsa-3899"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://git.videolan.org/?p=vlc/vlc-2.2.git%3Ba=commitdiff%3Bh=05b653355ce303ada3b5e0e645ae717fea39186c"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@checkpoint.com",
"ID": "CVE-2017-8313",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "VLC",
"version": {
"version_data": [
{
"version_value": "\u003c 2.2.5"
}
]
}
}
]
},
"vendor_name": "VideoLAN"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Heap out-of-bound read in ParseJSS in VideoLAN VLC before 2.2.5 due to missing check of string termination allows attackers to read data beyond allocated memory and potentially crash the process via a crafted subtitles file."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Allows attacker to read data beyond allocated memory and potentially crash the process (causing a denial of service)."
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "GLSA-201707-10",
"refsource": "GENTOO",
"url": "https://security.gentoo.org/glsa/201707-10"
},
{
"name": "98633",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/98633"
},
{
"name": "DSA-3899",
"refsource": "DEBIAN",
"url": "http://www.debian.org/security/2017/dsa-3899"
},
{
"name": "http://git.videolan.org/?p=vlc/vlc-2.2.git;a=commitdiff;h=05b653355ce303ada3b5e0e645ae717fea39186c",
"refsource": "CONFIRM",
"url": "http://git.videolan.org/?p=vlc/vlc-2.2.git;a=commitdiff;h=05b653355ce303ada3b5e0e645ae717fea39186c"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "897c38be-0345-43cd-b6cf-fe179e0c4f45",
"assignerShortName": "checkpoint",
"cveId": "CVE-2017-8313",
"datePublished": "2017-05-23T21:00:00.000Z",
"dateReserved": "2017-04-28T00:00:00.000Z",
"dateUpdated": "2024-08-05T16:34:22.885Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2017-8310 (GCVE-0-2017-8310)
Vulnerability from cvelistv5 – Published: 2017-05-23 21:00 – Updated: 2024-08-05 16:34
VLAI?
Summary
Heap out-of-bound read in CreateHtmlSubtitle in VideoLAN VLC 2.2.x due to missing check of string termination allows attackers to read data beyond allocated memory and potentially crash the process (causing a denial of service) via a crafted subtitles file.
Severity ?
No CVSS data available.
CWE
- Allows attacker to read data beyond allocated memory and potentially crash the process (causing a denial of service)
Assigner
References
| URL | Tags | |||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||
Date Public ?
2017-04-06 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T16:34:21.655Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "GLSA-201707-10",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO",
"x_transferred"
],
"url": "https://security.gentoo.org/glsa/201707-10"
},
{
"name": "98638",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/98638"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://git.videolan.org/?p=vlc/vlc-2.2.git%3Ba=blobdiff%3Bf=modules/codec/subsdec.c%3Bh=addd8c71f30d53558fffd19059b374be45cf0f8e%3Bhp=1b4276e299a2a6668047231d29ac705ae93076ba%3Bhb=7cac839692ab79dbfe5e4ebd4c4e37d9a8b1b328%3Bhpb=3477dba3d506de8d95bccef2c6b67861188f6c29"
},
{
"name": "DSA-3899",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN",
"x_transferred"
],
"url": "http://www.debian.org/security/2017/dsa-3899"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "VLC",
"vendor": "VideoLAN",
"versions": [
{
"status": "affected",
"version": "2.2.*"
}
]
}
],
"datePublic": "2017-04-06T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "Heap out-of-bound read in CreateHtmlSubtitle in VideoLAN VLC 2.2.x due to missing check of string termination allows attackers to read data beyond allocated memory and potentially crash the process (causing a denial of service) via a crafted subtitles file."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Allows attacker to read data beyond allocated memory and potentially crash the process (causing a denial of service)",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-11-03T18:57:01.000Z",
"orgId": "897c38be-0345-43cd-b6cf-fe179e0c4f45",
"shortName": "checkpoint"
},
"references": [
{
"name": "GLSA-201707-10",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO"
],
"url": "https://security.gentoo.org/glsa/201707-10"
},
{
"name": "98638",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/98638"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://git.videolan.org/?p=vlc/vlc-2.2.git%3Ba=blobdiff%3Bf=modules/codec/subsdec.c%3Bh=addd8c71f30d53558fffd19059b374be45cf0f8e%3Bhp=1b4276e299a2a6668047231d29ac705ae93076ba%3Bhb=7cac839692ab79dbfe5e4ebd4c4e37d9a8b1b328%3Bhpb=3477dba3d506de8d95bccef2c6b67861188f6c29"
},
{
"name": "DSA-3899",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN"
],
"url": "http://www.debian.org/security/2017/dsa-3899"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@checkpoint.com",
"ID": "CVE-2017-8310",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "VLC",
"version": {
"version_data": [
{
"version_value": "2.2.*"
}
]
}
}
]
},
"vendor_name": "VideoLAN"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Heap out-of-bound read in CreateHtmlSubtitle in VideoLAN VLC 2.2.x due to missing check of string termination allows attackers to read data beyond allocated memory and potentially crash the process (causing a denial of service) via a crafted subtitles file."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Allows attacker to read data beyond allocated memory and potentially crash the process (causing a denial of service)"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "GLSA-201707-10",
"refsource": "GENTOO",
"url": "https://security.gentoo.org/glsa/201707-10"
},
{
"name": "98638",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/98638"
},
{
"name": "http://git.videolan.org/?p=vlc/vlc-2.2.git;a=blobdiff;f=modules/codec/subsdec.c;h=addd8c71f30d53558fffd19059b374be45cf0f8e;hp=1b4276e299a2a6668047231d29ac705ae93076ba;hb=7cac839692ab79dbfe5e4ebd4c4e37d9a8b1b328;hpb=3477dba3d506de8d95bccef2c6b67861188f6c29",
"refsource": "CONFIRM",
"url": "http://git.videolan.org/?p=vlc/vlc-2.2.git;a=blobdiff;f=modules/codec/subsdec.c;h=addd8c71f30d53558fffd19059b374be45cf0f8e;hp=1b4276e299a2a6668047231d29ac705ae93076ba;hb=7cac839692ab79dbfe5e4ebd4c4e37d9a8b1b328;hpb=3477dba3d506de8d95bccef2c6b67861188f6c29"
},
{
"name": "DSA-3899",
"refsource": "DEBIAN",
"url": "http://www.debian.org/security/2017/dsa-3899"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "897c38be-0345-43cd-b6cf-fe179e0c4f45",
"assignerShortName": "checkpoint",
"cveId": "CVE-2017-8310",
"datePublished": "2017-05-23T21:00:00.000Z",
"dateReserved": "2017-04-28T00:00:00.000Z",
"dateUpdated": "2024-08-05T16:34:21.655Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2017-8311 (GCVE-0-2017-8311)
Vulnerability from cvelistv5 – Published: 2017-05-23 21:00 – Updated: 2024-08-05 16:34
VLAI?
Summary
Potential heap based buffer overflow in ParseJSS in VideoLAN VLC before 2.2.5 due to skipping NULL terminator in an input string allows attackers to execute arbitrary code via a crafted subtitles file.
Severity ?
No CVSS data available.
CWE
- Allows attacker to execute arbitrary code.
Assigner
References
| URL | Tags | ||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||
Date Public ?
2017-04-06 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T16:34:22.584Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "GLSA-201707-10",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO",
"x_transferred"
],
"url": "https://security.gentoo.org/glsa/201707-10"
},
{
"name": "44514",
"tags": [
"exploit",
"x_refsource_EXPLOIT-DB",
"x_transferred"
],
"url": "https://www.exploit-db.com/exploits/44514/"
},
{
"name": "98634",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/98634"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://git.videolan.org/?p=vlc.git%3Ba=commitdiff%3Bh=775de716add17322f24b476439f903a829446eb6"
},
{
"name": "DSA-3899",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN",
"x_transferred"
],
"url": "http://www.debian.org/security/2017/dsa-3899"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "VLC",
"vendor": "VideoLAN",
"versions": [
{
"status": "affected",
"version": "\u003c2.2.5"
}
]
}
],
"datePublic": "2017-04-06T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "Potential heap based buffer overflow in ParseJSS in VideoLAN VLC before 2.2.5 due to skipping NULL terminator in an input string allows attackers to execute arbitrary code via a crafted subtitles file."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Allows attacker to execute arbitrary code.",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-04-26T09:57:01.000Z",
"orgId": "897c38be-0345-43cd-b6cf-fe179e0c4f45",
"shortName": "checkpoint"
},
"references": [
{
"name": "GLSA-201707-10",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO"
],
"url": "https://security.gentoo.org/glsa/201707-10"
},
{
"name": "44514",
"tags": [
"exploit",
"x_refsource_EXPLOIT-DB"
],
"url": "https://www.exploit-db.com/exploits/44514/"
},
{
"name": "98634",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/98634"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://git.videolan.org/?p=vlc.git%3Ba=commitdiff%3Bh=775de716add17322f24b476439f903a829446eb6"
},
{
"name": "DSA-3899",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN"
],
"url": "http://www.debian.org/security/2017/dsa-3899"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@checkpoint.com",
"ID": "CVE-2017-8311",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "VLC",
"version": {
"version_data": [
{
"version_value": "\u003c2.2.5"
}
]
}
}
]
},
"vendor_name": "VideoLAN"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Potential heap based buffer overflow in ParseJSS in VideoLAN VLC before 2.2.5 due to skipping NULL terminator in an input string allows attackers to execute arbitrary code via a crafted subtitles file."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Allows attacker to execute arbitrary code."
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "GLSA-201707-10",
"refsource": "GENTOO",
"url": "https://security.gentoo.org/glsa/201707-10"
},
{
"name": "44514",
"refsource": "EXPLOIT-DB",
"url": "https://www.exploit-db.com/exploits/44514/"
},
{
"name": "98634",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/98634"
},
{
"name": "http://git.videolan.org/?p=vlc.git;a=commitdiff;h=775de716add17322f24b476439f903a829446eb6",
"refsource": "CONFIRM",
"url": "http://git.videolan.org/?p=vlc.git;a=commitdiff;h=775de716add17322f24b476439f903a829446eb6"
},
{
"name": "DSA-3899",
"refsource": "DEBIAN",
"url": "http://www.debian.org/security/2017/dsa-3899"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "897c38be-0345-43cd-b6cf-fe179e0c4f45",
"assignerShortName": "checkpoint",
"cveId": "CVE-2017-8311",
"datePublished": "2017-05-23T21:00:00.000Z",
"dateReserved": "2017-04-28T00:00:00.000Z",
"dateUpdated": "2024-08-05T16:34:22.584Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2017-8312 (GCVE-0-2017-8312)
Vulnerability from cvelistv5 – Published: 2017-05-23 21:00 – Updated: 2024-08-05 16:34
VLAI?
Summary
Heap out-of-bound read in ParseJSS in VideoLAN VLC due to missing check of string length allows attackers to read heap uninitialized data via a crafted subtitles file.
Severity ?
No CVSS data available.
CWE
- Allows attacker to read heap uninitialized data (potentially beyond allocated data - depends on heap implementation).
Assigner
References
| URL | Tags | |||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||
Date Public ?
2017-04-28 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T16:34:22.183Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "GLSA-201707-10",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO",
"x_transferred"
],
"url": "https://security.gentoo.org/glsa/201707-10"
},
{
"name": "98631",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/98631"
},
{
"name": "DSA-3899",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN",
"x_transferred"
],
"url": "http://www.debian.org/security/2017/dsa-3899"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://git.videolan.org/?p=vlc.git%3Ba=blobdiff%3Bf=modules/demux/subtitle.c%3Bh=5e4fcdb7f25b2819f5441156c7c0ea2a7d112ca3%3Bhp=2a75fbfb7c3f56b24b2e4498bbb8fe0aa2575974%3Bhb=611398fc8d32f3fe4331f60b220c52ba3557beaa%3Bhpb=075bc7169b05b004fa0250e4a4ce5516b05487a9"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "VLC",
"vendor": "VideoLAN",
"versions": [
{
"status": "affected",
"version": "All"
}
]
}
],
"datePublic": "2017-04-28T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "Heap out-of-bound read in ParseJSS in VideoLAN VLC due to missing check of string length allows attackers to read heap uninitialized data via a crafted subtitles file."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Allows attacker to read heap uninitialized data (potentially beyond allocated data - depends on heap implementation).",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-11-03T18:57:01.000Z",
"orgId": "897c38be-0345-43cd-b6cf-fe179e0c4f45",
"shortName": "checkpoint"
},
"references": [
{
"name": "GLSA-201707-10",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO"
],
"url": "https://security.gentoo.org/glsa/201707-10"
},
{
"name": "98631",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/98631"
},
{
"name": "DSA-3899",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN"
],
"url": "http://www.debian.org/security/2017/dsa-3899"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://git.videolan.org/?p=vlc.git%3Ba=blobdiff%3Bf=modules/demux/subtitle.c%3Bh=5e4fcdb7f25b2819f5441156c7c0ea2a7d112ca3%3Bhp=2a75fbfb7c3f56b24b2e4498bbb8fe0aa2575974%3Bhb=611398fc8d32f3fe4331f60b220c52ba3557beaa%3Bhpb=075bc7169b05b004fa0250e4a4ce5516b05487a9"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@checkpoint.com",
"ID": "CVE-2017-8312",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "VLC",
"version": {
"version_data": [
{
"version_value": "All"
}
]
}
}
]
},
"vendor_name": "VideoLAN"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Heap out-of-bound read in ParseJSS in VideoLAN VLC due to missing check of string length allows attackers to read heap uninitialized data via a crafted subtitles file."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Allows attacker to read heap uninitialized data (potentially beyond allocated data - depends on heap implementation)."
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "GLSA-201707-10",
"refsource": "GENTOO",
"url": "https://security.gentoo.org/glsa/201707-10"
},
{
"name": "98631",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/98631"
},
{
"name": "DSA-3899",
"refsource": "DEBIAN",
"url": "http://www.debian.org/security/2017/dsa-3899"
},
{
"name": "http://git.videolan.org/?p=vlc.git;a=blobdiff;f=modules/demux/subtitle.c;h=5e4fcdb7f25b2819f5441156c7c0ea2a7d112ca3;hp=2a75fbfb7c3f56b24b2e4498bbb8fe0aa2575974;hb=611398fc8d32f3fe4331f60b220c52ba3557beaa;hpb=075bc7169b05b004fa0250e4a4ce5516b05487a9",
"refsource": "CONFIRM",
"url": "http://git.videolan.org/?p=vlc.git;a=blobdiff;f=modules/demux/subtitle.c;h=5e4fcdb7f25b2819f5441156c7c0ea2a7d112ca3;hp=2a75fbfb7c3f56b24b2e4498bbb8fe0aa2575974;hb=611398fc8d32f3fe4331f60b220c52ba3557beaa;hpb=075bc7169b05b004fa0250e4a4ce5516b05487a9"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "897c38be-0345-43cd-b6cf-fe179e0c4f45",
"assignerShortName": "checkpoint",
"cveId": "CVE-2017-8312",
"datePublished": "2017-05-23T21:00:00.000Z",
"dateReserved": "2017-04-28T00:00:00.000Z",
"dateUpdated": "2024-08-05T16:34:22.183Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2014-6440 (GCVE-0-2014-6440)
Vulnerability from cvelistv5 – Published: 2017-03-28 15:00 – Updated: 2024-08-06 12:17
VLAI?
Summary
VideoLAN VLC media player before 2.1.5 allows remote attackers to execute arbitrary code or cause a denial of service.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | ||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||
Date Public ?
2016-03-04 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T12:17:23.884Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://www.videolan.org/developers/vlc-branch/NEWS"
},
{
"name": "72950",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/72950"
},
{
"name": "GLSA-201603-08",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO",
"x_transferred"
],
"url": "https://security.gentoo.org/glsa/201603-08"
},
{
"name": "[oss-security] 20150304 CVE-2014-6440: Heap Overflow in VLC Transcode Module",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://seclists.org/oss-sec/2015/q1/751"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://billblough.net/blog/2015/03/04/cve-2014-6440-heap-overflow-in-vlc-transcode-module/"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2016-03-04T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "VideoLAN VLC media player before 2.1.5 allows remote attackers to execute arbitrary code or cause a denial of service."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-03-28T14:57:01.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "http://www.videolan.org/developers/vlc-branch/NEWS"
},
{
"name": "72950",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/72950"
},
{
"name": "GLSA-201603-08",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO"
],
"url": "https://security.gentoo.org/glsa/201603-08"
},
{
"name": "[oss-security] 20150304 CVE-2014-6440: Heap Overflow in VLC Transcode Module",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://seclists.org/oss-sec/2015/q1/751"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://billblough.net/blog/2015/03/04/cve-2014-6440-heap-overflow-in-vlc-transcode-module/"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2014-6440",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "VideoLAN VLC media player before 2.1.5 allows remote attackers to execute arbitrary code or cause a denial of service."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://www.videolan.org/developers/vlc-branch/NEWS",
"refsource": "MISC",
"url": "http://www.videolan.org/developers/vlc-branch/NEWS"
},
{
"name": "72950",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/72950"
},
{
"name": "GLSA-201603-08",
"refsource": "GENTOO",
"url": "https://security.gentoo.org/glsa/201603-08"
},
{
"name": "[oss-security] 20150304 CVE-2014-6440: Heap Overflow in VLC Transcode Module",
"refsource": "MLIST",
"url": "http://seclists.org/oss-sec/2015/q1/751"
},
{
"name": "http://billblough.net/blog/2015/03/04/cve-2014-6440-heap-overflow-in-vlc-transcode-module/",
"refsource": "MISC",
"url": "http://billblough.net/blog/2015/03/04/cve-2014-6440-heap-overflow-in-vlc-transcode-module/"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2014-6440",
"datePublished": "2017-03-28T15:00:00.000Z",
"dateReserved": "2014-09-16T00:00:00.000Z",
"dateUpdated": "2024-08-06T12:17:23.884Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2008-2147 (GCVE-0-2008-2147)
Vulnerability from cvelistv5 – Published: 2008-05-12 20:00 – Updated: 2024-08-07 08:49
VLAI?
Summary
Untrusted search path vulnerability in VideoLAN VLC before 0.9.0 allows local users to execute arbitrary code via a malicious library under the modules/ or plugins/ subdirectories of the current working directory.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | ||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||
Date Public ?
2008-05-10 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T08:49:58.575Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "31317",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/31317"
},
{
"name": "vlc-searchpath-code-execution(42377)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/42377"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://git.videolan.org/?p=vlc.git%3Ba=commit%3Bh=c7cef4fdd8dd72ce0a45be3cda8ba98df5e83181"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://trac.videolan.org/vlc/ticket/1578"
},
{
"name": "GLSA-200807-13",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO",
"x_transferred"
],
"url": "http://security.gentoo.org/glsa/glsa-200807-13.xml"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2008-05-10T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "Untrusted search path vulnerability in VideoLAN VLC before 0.9.0 allows local users to execute arbitrary code via a malicious library under the modules/ or plugins/ subdirectories of the current working directory."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-08-07T12:57:01.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "31317",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/31317"
},
{
"name": "vlc-searchpath-code-execution(42377)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/42377"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://git.videolan.org/?p=vlc.git%3Ba=commit%3Bh=c7cef4fdd8dd72ce0a45be3cda8ba98df5e83181"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://trac.videolan.org/vlc/ticket/1578"
},
{
"name": "GLSA-200807-13",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO"
],
"url": "http://security.gentoo.org/glsa/glsa-200807-13.xml"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2008-2147",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Untrusted search path vulnerability in VideoLAN VLC before 0.9.0 allows local users to execute arbitrary code via a malicious library under the modules/ or plugins/ subdirectories of the current working directory."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "31317",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/31317"
},
{
"name": "vlc-searchpath-code-execution(42377)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/42377"
},
{
"name": "http://git.videolan.org/?p=vlc.git;a=commit;h=c7cef4fdd8dd72ce0a45be3cda8ba98df5e83181",
"refsource": "CONFIRM",
"url": "http://git.videolan.org/?p=vlc.git;a=commit;h=c7cef4fdd8dd72ce0a45be3cda8ba98df5e83181"
},
{
"name": "http://trac.videolan.org/vlc/ticket/1578",
"refsource": "CONFIRM",
"url": "http://trac.videolan.org/vlc/ticket/1578"
},
{
"name": "GLSA-200807-13",
"refsource": "GENTOO",
"url": "http://security.gentoo.org/glsa/glsa-200807-13.xml"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2008-2147",
"datePublished": "2008-05-12T20:00:00.000Z",
"dateReserved": "2008-05-12T00:00:00.000Z",
"dateUpdated": "2024-08-07T08:49:58.575Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2008-1769 (GCVE-0-2008-1769)
Vulnerability from cvelistv5 – Published: 2008-04-24 18:00 – Updated: 2024-08-07 08:32
VLAI?
Summary
VLC before 0.8.6f allow remote attackers to cause a denial of service (crash) via a crafted Cinepak file that triggers an out-of-bounds array access and memory corruption.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | ||||||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||||||||||||||||||||
Date Public ?
2008-04-23 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T08:32:01.282Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.videolan.org/security/sa0803.php"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://git.videolan.org/gitweb.cgi/vlc.git/?a=commit%3Bh=cf489d7bff3c1b36b2d5501ecf21129c78104d98"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.videolan.org/developers/vlc/NEWS"
},
{
"name": "GLSA-200804-25",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO",
"x_transferred"
],
"url": "http://security.gentoo.org/glsa/glsa-200804-25.xml"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://wiki.videolan.org/Changelog/0.8.6f"
},
{
"name": "28904",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/28904"
},
{
"name": "29800",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/29800"
},
{
"name": "oval:org.mitre.oval:def:14445",
"tags": [
"vdb-entry",
"signature",
"x_refsource_OVAL",
"x_transferred"
],
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A14445"
},
{
"name": "29503",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/29503"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://bugs.gentoo.org/show_bug.cgi?id=214627#c3"
},
{
"name": "ADV-2008-0985",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2008/0985"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2008-04-23T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "VLC before 0.8.6f allow remote attackers to cause a denial of service (crash) via a crafted Cinepak file that triggers an out-of-bounds array access and memory corruption."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-09-28T12:57:01.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.videolan.org/security/sa0803.php"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://git.videolan.org/gitweb.cgi/vlc.git/?a=commit%3Bh=cf489d7bff3c1b36b2d5501ecf21129c78104d98"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.videolan.org/developers/vlc/NEWS"
},
{
"name": "GLSA-200804-25",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO"
],
"url": "http://security.gentoo.org/glsa/glsa-200804-25.xml"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://wiki.videolan.org/Changelog/0.8.6f"
},
{
"name": "28904",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/28904"
},
{
"name": "29800",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/29800"
},
{
"name": "oval:org.mitre.oval:def:14445",
"tags": [
"vdb-entry",
"signature",
"x_refsource_OVAL"
],
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A14445"
},
{
"name": "29503",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/29503"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://bugs.gentoo.org/show_bug.cgi?id=214627#c3"
},
{
"name": "ADV-2008-0985",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2008/0985"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2008-1769",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "VLC before 0.8.6f allow remote attackers to cause a denial of service (crash) via a crafted Cinepak file that triggers an out-of-bounds array access and memory corruption."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://www.videolan.org/security/sa0803.php",
"refsource": "CONFIRM",
"url": "http://www.videolan.org/security/sa0803.php"
},
{
"name": "http://git.videolan.org/gitweb.cgi/vlc.git/?a=commit;h=cf489d7bff3c1b36b2d5501ecf21129c78104d98",
"refsource": "MISC",
"url": "http://git.videolan.org/gitweb.cgi/vlc.git/?a=commit;h=cf489d7bff3c1b36b2d5501ecf21129c78104d98"
},
{
"name": "http://www.videolan.org/developers/vlc/NEWS",
"refsource": "CONFIRM",
"url": "http://www.videolan.org/developers/vlc/NEWS"
},
{
"name": "GLSA-200804-25",
"refsource": "GENTOO",
"url": "http://security.gentoo.org/glsa/glsa-200804-25.xml"
},
{
"name": "http://wiki.videolan.org/Changelog/0.8.6f",
"refsource": "CONFIRM",
"url": "http://wiki.videolan.org/Changelog/0.8.6f"
},
{
"name": "28904",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/28904"
},
{
"name": "29800",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/29800"
},
{
"name": "oval:org.mitre.oval:def:14445",
"refsource": "OVAL",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A14445"
},
{
"name": "29503",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/29503"
},
{
"name": "http://bugs.gentoo.org/show_bug.cgi?id=214627#c3",
"refsource": "MISC",
"url": "http://bugs.gentoo.org/show_bug.cgi?id=214627#c3"
},
{
"name": "ADV-2008-0985",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2008/0985"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2008-1769",
"datePublished": "2008-04-24T18:00:00.000Z",
"dateReserved": "2008-04-12T00:00:00.000Z",
"dateUpdated": "2024-08-07T08:32:01.282Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2008-1768 (GCVE-0-2008-1768)
Vulnerability from cvelistv5 – Published: 2008-04-24 18:00 – Updated: 2024-08-07 08:32
VLAI?
Summary
Multiple integer overflows in VLC before 0.8.6f allow remote attackers to cause a denial of service (crash) via the (1) MP4 demuxer, (2) Real demuxer, and (3) Cinepak codec, which triggers a buffer overflow.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | ||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||||||||||||||
Date Public ?
2008-04-23 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T08:32:01.266Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.videolan.org/security/sa0803.php"
},
{
"name": "28903",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/28903"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.videolan.org/developers/vlc/NEWS"
},
{
"name": "GLSA-200804-25",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO",
"x_transferred"
],
"url": "http://security.gentoo.org/glsa/glsa-200804-25.xml"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://wiki.videolan.org/Changelog/0.8.6f"
},
{
"name": "oval:org.mitre.oval:def:14412",
"tags": [
"vdb-entry",
"signature",
"x_refsource_OVAL",
"x_transferred"
],
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A14412"
},
{
"name": "29800",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/29800"
},
{
"name": "29503",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/29503"
},
{
"name": "ADV-2008-0985",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2008/0985"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2008-04-23T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "Multiple integer overflows in VLC before 0.8.6f allow remote attackers to cause a denial of service (crash) via the (1) MP4 demuxer, (2) Real demuxer, and (3) Cinepak codec, which triggers a buffer overflow."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-09-28T12:57:01.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.videolan.org/security/sa0803.php"
},
{
"name": "28903",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/28903"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.videolan.org/developers/vlc/NEWS"
},
{
"name": "GLSA-200804-25",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO"
],
"url": "http://security.gentoo.org/glsa/glsa-200804-25.xml"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://wiki.videolan.org/Changelog/0.8.6f"
},
{
"name": "oval:org.mitre.oval:def:14412",
"tags": [
"vdb-entry",
"signature",
"x_refsource_OVAL"
],
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A14412"
},
{
"name": "29800",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/29800"
},
{
"name": "29503",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/29503"
},
{
"name": "ADV-2008-0985",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2008/0985"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2008-1768",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Multiple integer overflows in VLC before 0.8.6f allow remote attackers to cause a denial of service (crash) via the (1) MP4 demuxer, (2) Real demuxer, and (3) Cinepak codec, which triggers a buffer overflow."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://www.videolan.org/security/sa0803.php",
"refsource": "CONFIRM",
"url": "http://www.videolan.org/security/sa0803.php"
},
{
"name": "28903",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/28903"
},
{
"name": "http://www.videolan.org/developers/vlc/NEWS",
"refsource": "CONFIRM",
"url": "http://www.videolan.org/developers/vlc/NEWS"
},
{
"name": "GLSA-200804-25",
"refsource": "GENTOO",
"url": "http://security.gentoo.org/glsa/glsa-200804-25.xml"
},
{
"name": "http://wiki.videolan.org/Changelog/0.8.6f",
"refsource": "CONFIRM",
"url": "http://wiki.videolan.org/Changelog/0.8.6f"
},
{
"name": "oval:org.mitre.oval:def:14412",
"refsource": "OVAL",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A14412"
},
{
"name": "29800",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/29800"
},
{
"name": "29503",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/29503"
},
{
"name": "ADV-2008-0985",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2008/0985"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2008-1768",
"datePublished": "2008-04-24T18:00:00.000Z",
"dateReserved": "2008-04-12T00:00:00.000Z",
"dateUpdated": "2024-08-07T08:32:01.266Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2008-1881 (GCVE-0-2008-1881)
Vulnerability from cvelistv5 – Published: 2008-04-17 23:00 – Updated: 2024-08-07 08:40
VLAI?
Summary
Stack-based buffer overflow in the ParseSSA function (modules/demux/subtitle.c) in VLC 0.8.6e allows remote attackers to execute arbitrary code via a long subtitle in an SSA file. NOTE: this issue is due to an incomplete fix for CVE-2007-6681.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | ||||||||||||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||||||||||||||||||||||||||
Date Public ?
2008-03-17 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T08:40:59.548Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "vlc-parsessa-bo(41936)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/41936"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://aluigi.org/adv/vlcboffs-adv.txt"
},
{
"name": "20080317 VLC highlander bug",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://www.securityfocus.com/archive/1/489698"
},
{
"name": "28233",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/28233"
},
{
"name": "GLSA-200804-25",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO",
"x_transferred"
],
"url": "http://security.gentoo.org/glsa/glsa-200804-25.xml"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://wiki.videolan.org/Changelog/0.8.6f"
},
{
"name": "28274",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/28274"
},
{
"name": "29800",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/29800"
},
{
"name": "oval:org.mitre.oval:def:14872",
"tags": [
"vdb-entry",
"signature",
"x_refsource_OVAL",
"x_transferred"
],
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A14872"
},
{
"name": "5250",
"tags": [
"exploit",
"x_refsource_EXPLOIT-DB",
"x_transferred"
],
"url": "https://www.exploit-db.com/exploits/5250"
},
{
"name": "vlcmediaplayer-subtitle-bo(41237)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/41237"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://aluigi.altervista.org/adv/vlcboffs-adv.txt"
},
{
"name": "28251",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/28251"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2008-03-17T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "Stack-based buffer overflow in the ParseSSA function (modules/demux/subtitle.c) in VLC 0.8.6e allows remote attackers to execute arbitrary code via a long subtitle in an SSA file. NOTE: this issue is due to an incomplete fix for CVE-2007-6681."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-09-28T12:57:01.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "vlc-parsessa-bo(41936)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/41936"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://aluigi.org/adv/vlcboffs-adv.txt"
},
{
"name": "20080317 VLC highlander bug",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://www.securityfocus.com/archive/1/489698"
},
{
"name": "28233",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/28233"
},
{
"name": "GLSA-200804-25",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO"
],
"url": "http://security.gentoo.org/glsa/glsa-200804-25.xml"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://wiki.videolan.org/Changelog/0.8.6f"
},
{
"name": "28274",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/28274"
},
{
"name": "29800",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/29800"
},
{
"name": "oval:org.mitre.oval:def:14872",
"tags": [
"vdb-entry",
"signature",
"x_refsource_OVAL"
],
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A14872"
},
{
"name": "5250",
"tags": [
"exploit",
"x_refsource_EXPLOIT-DB"
],
"url": "https://www.exploit-db.com/exploits/5250"
},
{
"name": "vlcmediaplayer-subtitle-bo(41237)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/41237"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://aluigi.altervista.org/adv/vlcboffs-adv.txt"
},
{
"name": "28251",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/28251"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2008-1881",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Stack-based buffer overflow in the ParseSSA function (modules/demux/subtitle.c) in VLC 0.8.6e allows remote attackers to execute arbitrary code via a long subtitle in an SSA file. NOTE: this issue is due to an incomplete fix for CVE-2007-6681."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "vlc-parsessa-bo(41936)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/41936"
},
{
"name": "http://aluigi.org/adv/vlcboffs-adv.txt",
"refsource": "MISC",
"url": "http://aluigi.org/adv/vlcboffs-adv.txt"
},
{
"name": "20080317 VLC highlander bug",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/489698"
},
{
"name": "28233",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/28233"
},
{
"name": "GLSA-200804-25",
"refsource": "GENTOO",
"url": "http://security.gentoo.org/glsa/glsa-200804-25.xml"
},
{
"name": "http://wiki.videolan.org/Changelog/0.8.6f",
"refsource": "CONFIRM",
"url": "http://wiki.videolan.org/Changelog/0.8.6f"
},
{
"name": "28274",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/28274"
},
{
"name": "29800",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/29800"
},
{
"name": "oval:org.mitre.oval:def:14872",
"refsource": "OVAL",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A14872"
},
{
"name": "5250",
"refsource": "EXPLOIT-DB",
"url": "https://www.exploit-db.com/exploits/5250"
},
{
"name": "vlcmediaplayer-subtitle-bo(41237)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/41237"
},
{
"name": "http://aluigi.altervista.org/adv/vlcboffs-adv.txt",
"refsource": "MISC",
"url": "http://aluigi.altervista.org/adv/vlcboffs-adv.txt"
},
{
"name": "28251",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/28251"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2008-1881",
"datePublished": "2008-04-17T23:00:00.000Z",
"dateReserved": "2008-04-17T00:00:00.000Z",
"dateUpdated": "2024-08-07T08:40:59.548Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2008-1489 (GCVE-0-2008-1489)
Vulnerability from cvelistv5 – Published: 2008-03-25 00:00 – Updated: 2024-08-07 08:24
VLAI?
Summary
Integer overflow in the MP4_ReadBox_rdrf function in libmp4.c for VLC 0.8.6e allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a crafted MP4 RDRF box that triggers a heap-based buffer overflow, a different vulnerability than CVE-2008-0984.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | |||||||||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||||||||||||||||||||
Date Public ?
2008-03-24 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T08:24:42.183Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "DSA-1543",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN",
"x_transferred"
],
"url": "http://www.debian.org/security/2008/dsa-1543"
},
{
"name": "28433",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/28433"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://trac.videolan.org/vlc/changeset/09572892df7e72c0d4e598c0b5e076cf330d8b0a"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.videolan.org/security/sa0803.php"
},
{
"name": "GLSA-200804-25",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO",
"x_transferred"
],
"url": "http://security.gentoo.org/glsa/glsa-200804-25.xml"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://wiki.videolan.org/Changelog/0.8.6f"
},
{
"name": "29800",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/29800"
},
{
"name": "oval:org.mitre.oval:def:14841",
"tags": [
"vdb-entry",
"signature",
"x_refsource_OVAL",
"x_transferred"
],
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A14841"
},
{
"name": "29766",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/29766"
},
{
"name": "29503",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/29503"
},
{
"name": "ADV-2008-0985",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2008/0985"
},
{
"name": "vlcmediaplayer-mp4readbox-rdrf-bo(41412)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/41412"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2008-03-24T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "Integer overflow in the MP4_ReadBox_rdrf function in libmp4.c for VLC 0.8.6e allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a crafted MP4 RDRF box that triggers a heap-based buffer overflow, a different vulnerability than CVE-2008-0984."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-09-28T12:57:01.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "DSA-1543",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN"
],
"url": "http://www.debian.org/security/2008/dsa-1543"
},
{
"name": "28433",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/28433"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://trac.videolan.org/vlc/changeset/09572892df7e72c0d4e598c0b5e076cf330d8b0a"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.videolan.org/security/sa0803.php"
},
{
"name": "GLSA-200804-25",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO"
],
"url": "http://security.gentoo.org/glsa/glsa-200804-25.xml"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://wiki.videolan.org/Changelog/0.8.6f"
},
{
"name": "29800",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/29800"
},
{
"name": "oval:org.mitre.oval:def:14841",
"tags": [
"vdb-entry",
"signature",
"x_refsource_OVAL"
],
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A14841"
},
{
"name": "29766",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/29766"
},
{
"name": "29503",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/29503"
},
{
"name": "ADV-2008-0985",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2008/0985"
},
{
"name": "vlcmediaplayer-mp4readbox-rdrf-bo(41412)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/41412"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2008-1489",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Integer overflow in the MP4_ReadBox_rdrf function in libmp4.c for VLC 0.8.6e allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a crafted MP4 RDRF box that triggers a heap-based buffer overflow, a different vulnerability than CVE-2008-0984."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "DSA-1543",
"refsource": "DEBIAN",
"url": "http://www.debian.org/security/2008/dsa-1543"
},
{
"name": "28433",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/28433"
},
{
"name": "http://trac.videolan.org/vlc/changeset/09572892df7e72c0d4e598c0b5e076cf330d8b0a",
"refsource": "CONFIRM",
"url": "http://trac.videolan.org/vlc/changeset/09572892df7e72c0d4e598c0b5e076cf330d8b0a"
},
{
"name": "http://www.videolan.org/security/sa0803.php",
"refsource": "CONFIRM",
"url": "http://www.videolan.org/security/sa0803.php"
},
{
"name": "GLSA-200804-25",
"refsource": "GENTOO",
"url": "http://security.gentoo.org/glsa/glsa-200804-25.xml"
},
{
"name": "http://wiki.videolan.org/Changelog/0.8.6f",
"refsource": "CONFIRM",
"url": "http://wiki.videolan.org/Changelog/0.8.6f"
},
{
"name": "29800",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/29800"
},
{
"name": "oval:org.mitre.oval:def:14841",
"refsource": "OVAL",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A14841"
},
{
"name": "29766",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/29766"
},
{
"name": "29503",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/29503"
},
{
"name": "ADV-2008-0985",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2008/0985"
},
{
"name": "vlcmediaplayer-mp4readbox-rdrf-bo(41412)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/41412"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2008-1489",
"datePublished": "2008-03-25T00:00:00.000Z",
"dateReserved": "2008-03-24T00:00:00.000Z",
"dateUpdated": "2024-08-07T08:24:42.183Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2007-6683 (GCVE-0-2007-6683)
Vulnerability from cvelistv5 – Published: 2008-01-17 00:00 – Updated: 2024-08-07 16:18
VLAI?
Summary
The browser plugin in VideoLAN VLC 0.8.6d allows remote attackers to overwrite arbitrary files via (1) the :demuxdump-file option in a filename in a playlist, or (2) a EXTVLCOPT statement in an MP3 file, possibly an argument injection vulnerability.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | ||||||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||||||||||||||||||||
Date Public ?
2007-12-26 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T16:18:20.281Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "28712",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/28712"
},
{
"name": "29284",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/29284"
},
{
"name": "42205",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://osvdb.org/42205"
},
{
"name": "DSA-1543",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN",
"x_transferred"
],
"url": "http://www.debian.org/security/2008/dsa-1543"
},
{
"name": "42206",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://osvdb.org/42206"
},
{
"name": "[vlc-devel] 20071226 Regarding \"obscure\" security problem",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://mailman.videolan.org/pipermail/vlc-devel/2007-December/037726.html"
},
{
"name": "oval:org.mitre.oval:def:14619",
"tags": [
"vdb-entry",
"signature",
"x_refsource_OVAL",
"x_transferred"
],
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A14619"
},
{
"name": "29766",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/29766"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://trac.videolan.org/vlc/ticket/1371"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://trac.videolan.org/vlc/changeset/23197"
},
{
"name": "GLSA-200803-13",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO",
"x_transferred"
],
"url": "http://www.gentoo.org/security/en/glsa/glsa-200803-13.xml"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2007-12-26T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "The browser plugin in VideoLAN VLC 0.8.6d allows remote attackers to overwrite arbitrary files via (1) the :demuxdump-file option in a filename in a playlist, or (2) a EXTVLCOPT statement in an MP3 file, possibly an argument injection vulnerability."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-09-28T12:57:01.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "28712",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/28712"
},
{
"name": "29284",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/29284"
},
{
"name": "42205",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://osvdb.org/42205"
},
{
"name": "DSA-1543",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN"
],
"url": "http://www.debian.org/security/2008/dsa-1543"
},
{
"name": "42206",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://osvdb.org/42206"
},
{
"name": "[vlc-devel] 20071226 Regarding \"obscure\" security problem",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://mailman.videolan.org/pipermail/vlc-devel/2007-December/037726.html"
},
{
"name": "oval:org.mitre.oval:def:14619",
"tags": [
"vdb-entry",
"signature",
"x_refsource_OVAL"
],
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A14619"
},
{
"name": "29766",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/29766"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://trac.videolan.org/vlc/ticket/1371"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://trac.videolan.org/vlc/changeset/23197"
},
{
"name": "GLSA-200803-13",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO"
],
"url": "http://www.gentoo.org/security/en/glsa/glsa-200803-13.xml"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2007-6683",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The browser plugin in VideoLAN VLC 0.8.6d allows remote attackers to overwrite arbitrary files via (1) the :demuxdump-file option in a filename in a playlist, or (2) a EXTVLCOPT statement in an MP3 file, possibly an argument injection vulnerability."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "28712",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/28712"
},
{
"name": "29284",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/29284"
},
{
"name": "42205",
"refsource": "OSVDB",
"url": "http://osvdb.org/42205"
},
{
"name": "DSA-1543",
"refsource": "DEBIAN",
"url": "http://www.debian.org/security/2008/dsa-1543"
},
{
"name": "42206",
"refsource": "OSVDB",
"url": "http://osvdb.org/42206"
},
{
"name": "[vlc-devel] 20071226 Regarding \"obscure\" security problem",
"refsource": "MLIST",
"url": "http://mailman.videolan.org/pipermail/vlc-devel/2007-December/037726.html"
},
{
"name": "oval:org.mitre.oval:def:14619",
"refsource": "OVAL",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A14619"
},
{
"name": "29766",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/29766"
},
{
"name": "https://trac.videolan.org/vlc/ticket/1371",
"refsource": "CONFIRM",
"url": "https://trac.videolan.org/vlc/ticket/1371"
},
{
"name": "https://trac.videolan.org/vlc/changeset/23197",
"refsource": "CONFIRM",
"url": "https://trac.videolan.org/vlc/changeset/23197"
},
{
"name": "GLSA-200803-13",
"refsource": "GENTOO",
"url": "http://www.gentoo.org/security/en/glsa/glsa-200803-13.xml"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2007-6683",
"datePublished": "2008-01-17T00:00:00.000Z",
"dateReserved": "2008-01-16T00:00:00.000Z",
"dateUpdated": "2024-08-07T16:18:20.281Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2007-6684 (GCVE-0-2007-6684)
Vulnerability from cvelistv5 – Published: 2008-01-17 00:00 – Updated: 2024-08-07 16:18
VLAI?
Summary
The RTSP module in VideoLAN VLC 0.8.6d allows remote attackers to cause a denial of service (crash) via a request without a Transport parameter, which triggers a NULL pointer dereference.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | ||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||
Date Public ?
2007-09-15 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T16:18:20.238Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "29284",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/29284"
},
{
"name": "oval:org.mitre.oval:def:14876",
"tags": [
"vdb-entry",
"signature",
"x_refsource_OVAL",
"x_transferred"
],
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A14876"
},
{
"name": "[vlc-devel] 20070915 vlc: svn commit r22023 (courmisch)",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://mailman.videolan.org/pipermail/vlc-devel/2007-September/034722.html"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://trac.videolan.org/vlc/changeset/22023"
},
{
"name": "GLSA-200803-13",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO",
"x_transferred"
],
"url": "http://www.gentoo.org/security/en/glsa/glsa-200803-13.xml"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2007-09-15T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "The RTSP module in VideoLAN VLC 0.8.6d allows remote attackers to cause a denial of service (crash) via a request without a Transport parameter, which triggers a NULL pointer dereference."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-09-28T12:57:01.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "29284",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/29284"
},
{
"name": "oval:org.mitre.oval:def:14876",
"tags": [
"vdb-entry",
"signature",
"x_refsource_OVAL"
],
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A14876"
},
{
"name": "[vlc-devel] 20070915 vlc: svn commit r22023 (courmisch)",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://mailman.videolan.org/pipermail/vlc-devel/2007-September/034722.html"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://trac.videolan.org/vlc/changeset/22023"
},
{
"name": "GLSA-200803-13",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO"
],
"url": "http://www.gentoo.org/security/en/glsa/glsa-200803-13.xml"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2007-6684",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The RTSP module in VideoLAN VLC 0.8.6d allows remote attackers to cause a denial of service (crash) via a request without a Transport parameter, which triggers a NULL pointer dereference."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "29284",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/29284"
},
{
"name": "oval:org.mitre.oval:def:14876",
"refsource": "OVAL",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A14876"
},
{
"name": "[vlc-devel] 20070915 vlc: svn commit r22023 (courmisch)",
"refsource": "MLIST",
"url": "http://mailman.videolan.org/pipermail/vlc-devel/2007-September/034722.html"
},
{
"name": "http://trac.videolan.org/vlc/changeset/22023",
"refsource": "CONFIRM",
"url": "http://trac.videolan.org/vlc/changeset/22023"
},
{
"name": "GLSA-200803-13",
"refsource": "GENTOO",
"url": "http://www.gentoo.org/security/en/glsa/glsa-200803-13.xml"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2007-6684",
"datePublished": "2008-01-17T00:00:00.000Z",
"dateReserved": "2008-01-16T00:00:00.000Z",
"dateUpdated": "2024-08-07T16:18:20.238Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2007-6681 (GCVE-0-2007-6681)
Vulnerability from cvelistv5 – Published: 2008-01-17 00:00 – Updated: 2024-08-07 16:18
VLAI?
Summary
Stack-based buffer overflow in modules/demux/subtitle.c in VideoLAN VLC 0.8.6d allows remote attackers to execute arbitrary code via a long subtitle in a (1) MicroDvd, (2) SSA, and (3) Vplayer file.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | |||||||||||||||||||||||||||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
Date Public ?
2006-06-26 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T16:18:20.564Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "29284",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/29284"
},
{
"name": "DSA-1543",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN",
"x_transferred"
],
"url": "http://www.debian.org/security/2008/dsa-1543"
},
{
"name": "3550",
"tags": [
"third-party-advisory",
"x_refsource_SREASON",
"x_transferred"
],
"url": "http://securityreason.com/securityalert/3550"
},
{
"name": "5667",
"tags": [
"exploit",
"x_refsource_EXPLOIT-DB",
"x_transferred"
],
"url": "https://www.exploit-db.com/exploits/5667"
},
{
"name": "oval:org.mitre.oval:def:14334",
"tags": [
"vdb-entry",
"signature",
"x_refsource_OVAL",
"x_transferred"
],
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A14334"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.videolan.org/security/sa0801.php"
},
{
"name": "28233",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/28233"
},
{
"name": "GLSA-200804-25",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO",
"x_transferred"
],
"url": "http://security.gentoo.org/glsa/glsa-200804-25.xml"
},
{
"name": "27015",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/27015"
},
{
"name": "[vlc-devel] 20070630 vlc: svn commit r20715 (fenrir)",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://mailman.videolan.org/pipermail/vlc-devel/2007-June/033394.html"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://wiki.videolan.org/Changelog/0.8.6f"
},
{
"name": "29800",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/29800"
},
{
"name": "[vlc-devel] 20070626 subtitle processing overflows",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://mailman.videolan.org/pipermail/vlc-devel/2007-June/032672.html"
},
{
"name": "20071224 Buffer-overflow and format string in VideoLAN VLC 0.8.6d",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://www.securityfocus.com/archive/1/485488/30/0/threaded"
},
{
"name": "29766",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/29766"
},
{
"name": "42207",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://osvdb.org/42207"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://aluigi.altervista.org/adv/vlcboffs-adv.txt"
},
{
"name": "GLSA-200803-13",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO",
"x_transferred"
],
"url": "http://www.gentoo.org/security/en/glsa/glsa-200803-13.xml"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2006-06-26T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "Stack-based buffer overflow in modules/demux/subtitle.c in VideoLAN VLC 0.8.6d allows remote attackers to execute arbitrary code via a long subtitle in a (1) MicroDvd, (2) SSA, and (3) Vplayer file."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-09-28T12:57:01.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "29284",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/29284"
},
{
"name": "DSA-1543",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN"
],
"url": "http://www.debian.org/security/2008/dsa-1543"
},
{
"name": "3550",
"tags": [
"third-party-advisory",
"x_refsource_SREASON"
],
"url": "http://securityreason.com/securityalert/3550"
},
{
"name": "5667",
"tags": [
"exploit",
"x_refsource_EXPLOIT-DB"
],
"url": "https://www.exploit-db.com/exploits/5667"
},
{
"name": "oval:org.mitre.oval:def:14334",
"tags": [
"vdb-entry",
"signature",
"x_refsource_OVAL"
],
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A14334"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.videolan.org/security/sa0801.php"
},
{
"name": "28233",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/28233"
},
{
"name": "GLSA-200804-25",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO"
],
"url": "http://security.gentoo.org/glsa/glsa-200804-25.xml"
},
{
"name": "27015",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/27015"
},
{
"name": "[vlc-devel] 20070630 vlc: svn commit r20715 (fenrir)",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://mailman.videolan.org/pipermail/vlc-devel/2007-June/033394.html"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://wiki.videolan.org/Changelog/0.8.6f"
},
{
"name": "29800",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/29800"
},
{
"name": "[vlc-devel] 20070626 subtitle processing overflows",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://mailman.videolan.org/pipermail/vlc-devel/2007-June/032672.html"
},
{
"name": "20071224 Buffer-overflow and format string in VideoLAN VLC 0.8.6d",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://www.securityfocus.com/archive/1/485488/30/0/threaded"
},
{
"name": "29766",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/29766"
},
{
"name": "42207",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://osvdb.org/42207"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://aluigi.altervista.org/adv/vlcboffs-adv.txt"
},
{
"name": "GLSA-200803-13",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO"
],
"url": "http://www.gentoo.org/security/en/glsa/glsa-200803-13.xml"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2007-6681",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Stack-based buffer overflow in modules/demux/subtitle.c in VideoLAN VLC 0.8.6d allows remote attackers to execute arbitrary code via a long subtitle in a (1) MicroDvd, (2) SSA, and (3) Vplayer file."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "29284",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/29284"
},
{
"name": "DSA-1543",
"refsource": "DEBIAN",
"url": "http://www.debian.org/security/2008/dsa-1543"
},
{
"name": "3550",
"refsource": "SREASON",
"url": "http://securityreason.com/securityalert/3550"
},
{
"name": "5667",
"refsource": "EXPLOIT-DB",
"url": "https://www.exploit-db.com/exploits/5667"
},
{
"name": "oval:org.mitre.oval:def:14334",
"refsource": "OVAL",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A14334"
},
{
"name": "http://www.videolan.org/security/sa0801.php",
"refsource": "CONFIRM",
"url": "http://www.videolan.org/security/sa0801.php"
},
{
"name": "28233",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/28233"
},
{
"name": "GLSA-200804-25",
"refsource": "GENTOO",
"url": "http://security.gentoo.org/glsa/glsa-200804-25.xml"
},
{
"name": "27015",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/27015"
},
{
"name": "[vlc-devel] 20070630 vlc: svn commit r20715 (fenrir)",
"refsource": "MLIST",
"url": "http://mailman.videolan.org/pipermail/vlc-devel/2007-June/033394.html"
},
{
"name": "http://wiki.videolan.org/Changelog/0.8.6f",
"refsource": "CONFIRM",
"url": "http://wiki.videolan.org/Changelog/0.8.6f"
},
{
"name": "29800",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/29800"
},
{
"name": "[vlc-devel] 20070626 subtitle processing overflows",
"refsource": "MLIST",
"url": "http://mailman.videolan.org/pipermail/vlc-devel/2007-June/032672.html"
},
{
"name": "20071224 Buffer-overflow and format string in VideoLAN VLC 0.8.6d",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/485488/30/0/threaded"
},
{
"name": "29766",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/29766"
},
{
"name": "42207",
"refsource": "OSVDB",
"url": "http://osvdb.org/42207"
},
{
"name": "http://aluigi.altervista.org/adv/vlcboffs-adv.txt",
"refsource": "MISC",
"url": "http://aluigi.altervista.org/adv/vlcboffs-adv.txt"
},
{
"name": "GLSA-200803-13",
"refsource": "GENTOO",
"url": "http://www.gentoo.org/security/en/glsa/glsa-200803-13.xml"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2007-6681",
"datePublished": "2008-01-17T00:00:00.000Z",
"dateReserved": "2008-01-16T00:00:00.000Z",
"dateUpdated": "2024-08-07T16:18:20.564Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2007-6682 (GCVE-0-2007-6682)
Vulnerability from cvelistv5 – Published: 2008-01-17 00:00 – Updated: 2024-08-07 16:18
VLAI?
Summary
Format string vulnerability in the httpd_FileCallBack function (network/httpd.c) in VideoLAN VLC 0.8.6d allows remote attackers to execute arbitrary code via format string specifiers in the Connection parameter.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | ||||||||||||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||||||||||||||||||||||||||
Date Public ?
2007-12-24 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T16:18:20.612Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "29284",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/29284"
},
{
"name": "DSA-1543",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN",
"x_transferred"
],
"url": "http://www.debian.org/security/2008/dsa-1543"
},
{
"name": "3550",
"tags": [
"third-party-advisory",
"x_refsource_SREASON",
"x_transferred"
],
"url": "http://securityreason.com/securityalert/3550"
},
{
"name": "28233",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/28233"
},
{
"name": "oval:org.mitre.oval:def:14790",
"tags": [
"vdb-entry",
"signature",
"x_refsource_OVAL",
"x_transferred"
],
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A14790"
},
{
"name": "5519",
"tags": [
"exploit",
"x_refsource_EXPLOIT-DB",
"x_transferred"
],
"url": "https://www.exploit-db.com/exploits/5519"
},
{
"name": "27015",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/27015"
},
{
"name": "42208",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://osvdb.org/42208"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://trac.videolan.org/vlc/changeset/23839"
},
{
"name": "20071224 Buffer-overflow and format string in VideoLAN VLC 0.8.6d",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://www.securityfocus.com/archive/1/485488/30/0/threaded"
},
{
"name": "29766",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/29766"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://aluigi.altervista.org/adv/vlcboffs-adv.txt"
},
{
"name": "GLSA-200803-13",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO",
"x_transferred"
],
"url": "http://www.gentoo.org/security/en/glsa/glsa-200803-13.xml"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2007-12-24T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "Format string vulnerability in the httpd_FileCallBack function (network/httpd.c) in VideoLAN VLC 0.8.6d allows remote attackers to execute arbitrary code via format string specifiers in the Connection parameter."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-09-28T12:57:01.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "29284",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/29284"
},
{
"name": "DSA-1543",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN"
],
"url": "http://www.debian.org/security/2008/dsa-1543"
},
{
"name": "3550",
"tags": [
"third-party-advisory",
"x_refsource_SREASON"
],
"url": "http://securityreason.com/securityalert/3550"
},
{
"name": "28233",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/28233"
},
{
"name": "oval:org.mitre.oval:def:14790",
"tags": [
"vdb-entry",
"signature",
"x_refsource_OVAL"
],
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A14790"
},
{
"name": "5519",
"tags": [
"exploit",
"x_refsource_EXPLOIT-DB"
],
"url": "https://www.exploit-db.com/exploits/5519"
},
{
"name": "27015",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/27015"
},
{
"name": "42208",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://osvdb.org/42208"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://trac.videolan.org/vlc/changeset/23839"
},
{
"name": "20071224 Buffer-overflow and format string in VideoLAN VLC 0.8.6d",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://www.securityfocus.com/archive/1/485488/30/0/threaded"
},
{
"name": "29766",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/29766"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://aluigi.altervista.org/adv/vlcboffs-adv.txt"
},
{
"name": "GLSA-200803-13",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO"
],
"url": "http://www.gentoo.org/security/en/glsa/glsa-200803-13.xml"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2007-6682",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Format string vulnerability in the httpd_FileCallBack function (network/httpd.c) in VideoLAN VLC 0.8.6d allows remote attackers to execute arbitrary code via format string specifiers in the Connection parameter."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "29284",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/29284"
},
{
"name": "DSA-1543",
"refsource": "DEBIAN",
"url": "http://www.debian.org/security/2008/dsa-1543"
},
{
"name": "3550",
"refsource": "SREASON",
"url": "http://securityreason.com/securityalert/3550"
},
{
"name": "28233",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/28233"
},
{
"name": "oval:org.mitre.oval:def:14790",
"refsource": "OVAL",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A14790"
},
{
"name": "5519",
"refsource": "EXPLOIT-DB",
"url": "https://www.exploit-db.com/exploits/5519"
},
{
"name": "27015",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/27015"
},
{
"name": "42208",
"refsource": "OSVDB",
"url": "http://osvdb.org/42208"
},
{
"name": "http://trac.videolan.org/vlc/changeset/23839",
"refsource": "CONFIRM",
"url": "http://trac.videolan.org/vlc/changeset/23839"
},
{
"name": "20071224 Buffer-overflow and format string in VideoLAN VLC 0.8.6d",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/485488/30/0/threaded"
},
{
"name": "29766",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/29766"
},
{
"name": "http://aluigi.altervista.org/adv/vlcboffs-adv.txt",
"refsource": "MISC",
"url": "http://aluigi.altervista.org/adv/vlcboffs-adv.txt"
},
{
"name": "GLSA-200803-13",
"refsource": "GENTOO",
"url": "http://www.gentoo.org/security/en/glsa/glsa-200803-13.xml"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2007-6682",
"datePublished": "2008-01-17T00:00:00.000Z",
"dateReserved": "2008-01-16T00:00:00.000Z",
"dateUpdated": "2024-08-07T16:18:20.612Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}