Search

Find a vulnerability

Search criteria

    28 vulnerabilities found for vlc by videolan

    CVE-2017-8313 (GCVE-0-2017-8313)

    Vulnerability from nvd – Published: 2017-05-23 21:00 – Updated: 2024-08-05 16:34
    VLAI
    Summary
    Heap out-of-bound read in ParseJSS in VideoLAN VLC before 2.2.5 due to missing check of string termination allows attackers to read data beyond allocated memory and potentially crash the process via a crafted subtitles file.
    Severity
    No CVSS data available.
    CWE
    • Allows attacker to read data beyond allocated memory and potentially crash the process (causing a denial of service).
    Assigner
    References
    URL Tags
    https://security.gentoo.org/glsa/201707-10 vendor-advisoryx_refsource_GENTOO
    http://www.securityfocus.com/bid/98633 vdb-entryx_refsource_BID
    http://www.debian.org/security/2017/dsa-3899 vendor-advisoryx_refsource_DEBIAN
    http://git.videolan.org/?p=vlc/vlc-2.2.git%3Ba=co… x_refsource_CONFIRM
    Impacted products
    Vendor Product Version
    VideoLAN VLC Affected: < 2.2.5
    Create a notification for this product.
    Date Public
    2017-04-06 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-05T16:34:22.885Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "name": "GLSA-201707-10",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_GENTOO",
                  "x_transferred"
                ],
                "url": "https://security.gentoo.org/glsa/201707-10"
              },
              {
                "name": "98633",
                "tags": [
                  "vdb-entry",
                  "x_refsource_BID",
                  "x_transferred"
                ],
                "url": "http://www.securityfocus.com/bid/98633"
              },
              {
                "name": "DSA-3899",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_DEBIAN",
                  "x_transferred"
                ],
                "url": "http://www.debian.org/security/2017/dsa-3899"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "http://git.videolan.org/?p=vlc/vlc-2.2.git%3Ba=commitdiff%3Bh=05b653355ce303ada3b5e0e645ae717fea39186c"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "VLC",
              "vendor": "VideoLAN",
              "versions": [
                {
                  "status": "affected",
                  "version": "\u003c 2.2.5"
                }
              ]
            }
          ],
          "datePublic": "2017-04-06T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "Heap out-of-bound read in ParseJSS in VideoLAN VLC before 2.2.5 due to missing check of string termination allows attackers to read data beyond allocated memory and potentially crash the process via a crafted subtitles file."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "Allows attacker to read data beyond allocated memory and potentially crash the process (causing a denial of service).",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2017-11-03T18:57:01.000Z",
            "orgId": "897c38be-0345-43cd-b6cf-fe179e0c4f45",
            "shortName": "checkpoint"
          },
          "references": [
            {
              "name": "GLSA-201707-10",
              "tags": [
                "vendor-advisory",
                "x_refsource_GENTOO"
              ],
              "url": "https://security.gentoo.org/glsa/201707-10"
            },
            {
              "name": "98633",
              "tags": [
                "vdb-entry",
                "x_refsource_BID"
              ],
              "url": "http://www.securityfocus.com/bid/98633"
            },
            {
              "name": "DSA-3899",
              "tags": [
                "vendor-advisory",
                "x_refsource_DEBIAN"
              ],
              "url": "http://www.debian.org/security/2017/dsa-3899"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "http://git.videolan.org/?p=vlc/vlc-2.2.git%3Ba=commitdiff%3Bh=05b653355ce303ada3b5e0e645ae717fea39186c"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "cve@checkpoint.com",
              "ID": "CVE-2017-8313",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "VLC",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "\u003c 2.2.5"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "VideoLAN"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "Heap out-of-bound read in ParseJSS in VideoLAN VLC before 2.2.5 due to missing check of string termination allows attackers to read data beyond allocated memory and potentially crash the process via a crafted subtitles file."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "Allows attacker to read data beyond allocated memory and potentially crash the process (causing a denial of service)."
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "GLSA-201707-10",
                  "refsource": "GENTOO",
                  "url": "https://security.gentoo.org/glsa/201707-10"
                },
                {
                  "name": "98633",
                  "refsource": "BID",
                  "url": "http://www.securityfocus.com/bid/98633"
                },
                {
                  "name": "DSA-3899",
                  "refsource": "DEBIAN",
                  "url": "http://www.debian.org/security/2017/dsa-3899"
                },
                {
                  "name": "http://git.videolan.org/?p=vlc/vlc-2.2.git;a=commitdiff;h=05b653355ce303ada3b5e0e645ae717fea39186c",
                  "refsource": "CONFIRM",
                  "url": "http://git.videolan.org/?p=vlc/vlc-2.2.git;a=commitdiff;h=05b653355ce303ada3b5e0e645ae717fea39186c"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "897c38be-0345-43cd-b6cf-fe179e0c4f45",
        "assignerShortName": "checkpoint",
        "cveId": "CVE-2017-8313",
        "datePublished": "2017-05-23T21:00:00.000Z",
        "dateReserved": "2017-04-28T00:00:00.000Z",
        "dateUpdated": "2024-08-05T16:34:22.885Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2017-8312 (GCVE-0-2017-8312)

    Vulnerability from nvd – Published: 2017-05-23 21:00 – Updated: 2024-08-05 16:34
    VLAI
    Summary
    Heap out-of-bound read in ParseJSS in VideoLAN VLC due to missing check of string length allows attackers to read heap uninitialized data via a crafted subtitles file.
    Severity
    No CVSS data available.
    CWE
    • Allows attacker to read heap uninitialized data (potentially beyond allocated data - depends on heap implementation).
    Assigner
    References
    URL Tags
    https://security.gentoo.org/glsa/201707-10 vendor-advisoryx_refsource_GENTOO
    http://www.securityfocus.com/bid/98631 vdb-entryx_refsource_BID
    http://www.debian.org/security/2017/dsa-3899 vendor-advisoryx_refsource_DEBIAN
    http://git.videolan.org/?p=vlc.git%3Ba=blobdiff%3… x_refsource_CONFIRM
    Impacted products
    Vendor Product Version
    VideoLAN VLC Affected: All
    Create a notification for this product.
    Date Public
    2017-04-28 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-05T16:34:22.183Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "name": "GLSA-201707-10",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_GENTOO",
                  "x_transferred"
                ],
                "url": "https://security.gentoo.org/glsa/201707-10"
              },
              {
                "name": "98631",
                "tags": [
                  "vdb-entry",
                  "x_refsource_BID",
                  "x_transferred"
                ],
                "url": "http://www.securityfocus.com/bid/98631"
              },
              {
                "name": "DSA-3899",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_DEBIAN",
                  "x_transferred"
                ],
                "url": "http://www.debian.org/security/2017/dsa-3899"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "http://git.videolan.org/?p=vlc.git%3Ba=blobdiff%3Bf=modules/demux/subtitle.c%3Bh=5e4fcdb7f25b2819f5441156c7c0ea2a7d112ca3%3Bhp=2a75fbfb7c3f56b24b2e4498bbb8fe0aa2575974%3Bhb=611398fc8d32f3fe4331f60b220c52ba3557beaa%3Bhpb=075bc7169b05b004fa0250e4a4ce5516b05487a9"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "VLC",
              "vendor": "VideoLAN",
              "versions": [
                {
                  "status": "affected",
                  "version": "All"
                }
              ]
            }
          ],
          "datePublic": "2017-04-28T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "Heap out-of-bound read in ParseJSS in VideoLAN VLC due to missing check of string length allows attackers to read heap uninitialized data via a crafted subtitles file."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "Allows attacker to read heap uninitialized data (potentially beyond allocated data - depends on heap implementation).",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2017-11-03T18:57:01.000Z",
            "orgId": "897c38be-0345-43cd-b6cf-fe179e0c4f45",
            "shortName": "checkpoint"
          },
          "references": [
            {
              "name": "GLSA-201707-10",
              "tags": [
                "vendor-advisory",
                "x_refsource_GENTOO"
              ],
              "url": "https://security.gentoo.org/glsa/201707-10"
            },
            {
              "name": "98631",
              "tags": [
                "vdb-entry",
                "x_refsource_BID"
              ],
              "url": "http://www.securityfocus.com/bid/98631"
            },
            {
              "name": "DSA-3899",
              "tags": [
                "vendor-advisory",
                "x_refsource_DEBIAN"
              ],
              "url": "http://www.debian.org/security/2017/dsa-3899"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "http://git.videolan.org/?p=vlc.git%3Ba=blobdiff%3Bf=modules/demux/subtitle.c%3Bh=5e4fcdb7f25b2819f5441156c7c0ea2a7d112ca3%3Bhp=2a75fbfb7c3f56b24b2e4498bbb8fe0aa2575974%3Bhb=611398fc8d32f3fe4331f60b220c52ba3557beaa%3Bhpb=075bc7169b05b004fa0250e4a4ce5516b05487a9"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "cve@checkpoint.com",
              "ID": "CVE-2017-8312",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "VLC",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "All"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "VideoLAN"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "Heap out-of-bound read in ParseJSS in VideoLAN VLC due to missing check of string length allows attackers to read heap uninitialized data via a crafted subtitles file."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "Allows attacker to read heap uninitialized data (potentially beyond allocated data - depends on heap implementation)."
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "GLSA-201707-10",
                  "refsource": "GENTOO",
                  "url": "https://security.gentoo.org/glsa/201707-10"
                },
                {
                  "name": "98631",
                  "refsource": "BID",
                  "url": "http://www.securityfocus.com/bid/98631"
                },
                {
                  "name": "DSA-3899",
                  "refsource": "DEBIAN",
                  "url": "http://www.debian.org/security/2017/dsa-3899"
                },
                {
                  "name": "http://git.videolan.org/?p=vlc.git;a=blobdiff;f=modules/demux/subtitle.c;h=5e4fcdb7f25b2819f5441156c7c0ea2a7d112ca3;hp=2a75fbfb7c3f56b24b2e4498bbb8fe0aa2575974;hb=611398fc8d32f3fe4331f60b220c52ba3557beaa;hpb=075bc7169b05b004fa0250e4a4ce5516b05487a9",
                  "refsource": "CONFIRM",
                  "url": "http://git.videolan.org/?p=vlc.git;a=blobdiff;f=modules/demux/subtitle.c;h=5e4fcdb7f25b2819f5441156c7c0ea2a7d112ca3;hp=2a75fbfb7c3f56b24b2e4498bbb8fe0aa2575974;hb=611398fc8d32f3fe4331f60b220c52ba3557beaa;hpb=075bc7169b05b004fa0250e4a4ce5516b05487a9"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "897c38be-0345-43cd-b6cf-fe179e0c4f45",
        "assignerShortName": "checkpoint",
        "cveId": "CVE-2017-8312",
        "datePublished": "2017-05-23T21:00:00.000Z",
        "dateReserved": "2017-04-28T00:00:00.000Z",
        "dateUpdated": "2024-08-05T16:34:22.183Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2017-8311 (GCVE-0-2017-8311)

    Vulnerability from nvd – Published: 2017-05-23 21:00 – Updated: 2024-08-05 16:34
    VLAI
    Summary
    Potential heap based buffer overflow in ParseJSS in VideoLAN VLC before 2.2.5 due to skipping NULL terminator in an input string allows attackers to execute arbitrary code via a crafted subtitles file.
    Severity
    No CVSS data available.
    CWE
    • Allows attacker to execute arbitrary code.
    Assigner
    References
    URL Tags
    https://security.gentoo.org/glsa/201707-10 vendor-advisoryx_refsource_GENTOO
    https://www.exploit-db.com/exploits/44514/ exploitx_refsource_EXPLOIT-DB
    http://www.securityfocus.com/bid/98634 vdb-entryx_refsource_BID
    http://git.videolan.org/?p=vlc.git%3Ba=commitdiff… x_refsource_CONFIRM
    http://www.debian.org/security/2017/dsa-3899 vendor-advisoryx_refsource_DEBIAN
    Impacted products
    Vendor Product Version
    VideoLAN VLC Affected: <2.2.5
    Create a notification for this product.
    Date Public
    2017-04-06 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-05T16:34:22.584Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "name": "GLSA-201707-10",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_GENTOO",
                  "x_transferred"
                ],
                "url": "https://security.gentoo.org/glsa/201707-10"
              },
              {
                "name": "44514",
                "tags": [
                  "exploit",
                  "x_refsource_EXPLOIT-DB",
                  "x_transferred"
                ],
                "url": "https://www.exploit-db.com/exploits/44514/"
              },
              {
                "name": "98634",
                "tags": [
                  "vdb-entry",
                  "x_refsource_BID",
                  "x_transferred"
                ],
                "url": "http://www.securityfocus.com/bid/98634"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "http://git.videolan.org/?p=vlc.git%3Ba=commitdiff%3Bh=775de716add17322f24b476439f903a829446eb6"
              },
              {
                "name": "DSA-3899",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_DEBIAN",
                  "x_transferred"
                ],
                "url": "http://www.debian.org/security/2017/dsa-3899"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "VLC",
              "vendor": "VideoLAN",
              "versions": [
                {
                  "status": "affected",
                  "version": "\u003c2.2.5"
                }
              ]
            }
          ],
          "datePublic": "2017-04-06T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "Potential heap based buffer overflow in ParseJSS in VideoLAN VLC before 2.2.5 due to skipping NULL terminator in an input string allows attackers to execute arbitrary code via a crafted subtitles file."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "Allows attacker to execute arbitrary code.",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2018-04-26T09:57:01.000Z",
            "orgId": "897c38be-0345-43cd-b6cf-fe179e0c4f45",
            "shortName": "checkpoint"
          },
          "references": [
            {
              "name": "GLSA-201707-10",
              "tags": [
                "vendor-advisory",
                "x_refsource_GENTOO"
              ],
              "url": "https://security.gentoo.org/glsa/201707-10"
            },
            {
              "name": "44514",
              "tags": [
                "exploit",
                "x_refsource_EXPLOIT-DB"
              ],
              "url": "https://www.exploit-db.com/exploits/44514/"
            },
            {
              "name": "98634",
              "tags": [
                "vdb-entry",
                "x_refsource_BID"
              ],
              "url": "http://www.securityfocus.com/bid/98634"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "http://git.videolan.org/?p=vlc.git%3Ba=commitdiff%3Bh=775de716add17322f24b476439f903a829446eb6"
            },
            {
              "name": "DSA-3899",
              "tags": [
                "vendor-advisory",
                "x_refsource_DEBIAN"
              ],
              "url": "http://www.debian.org/security/2017/dsa-3899"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "cve@checkpoint.com",
              "ID": "CVE-2017-8311",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "VLC",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "\u003c2.2.5"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "VideoLAN"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "Potential heap based buffer overflow in ParseJSS in VideoLAN VLC before 2.2.5 due to skipping NULL terminator in an input string allows attackers to execute arbitrary code via a crafted subtitles file."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "Allows attacker to execute arbitrary code."
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "GLSA-201707-10",
                  "refsource": "GENTOO",
                  "url": "https://security.gentoo.org/glsa/201707-10"
                },
                {
                  "name": "44514",
                  "refsource": "EXPLOIT-DB",
                  "url": "https://www.exploit-db.com/exploits/44514/"
                },
                {
                  "name": "98634",
                  "refsource": "BID",
                  "url": "http://www.securityfocus.com/bid/98634"
                },
                {
                  "name": "http://git.videolan.org/?p=vlc.git;a=commitdiff;h=775de716add17322f24b476439f903a829446eb6",
                  "refsource": "CONFIRM",
                  "url": "http://git.videolan.org/?p=vlc.git;a=commitdiff;h=775de716add17322f24b476439f903a829446eb6"
                },
                {
                  "name": "DSA-3899",
                  "refsource": "DEBIAN",
                  "url": "http://www.debian.org/security/2017/dsa-3899"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "897c38be-0345-43cd-b6cf-fe179e0c4f45",
        "assignerShortName": "checkpoint",
        "cveId": "CVE-2017-8311",
        "datePublished": "2017-05-23T21:00:00.000Z",
        "dateReserved": "2017-04-28T00:00:00.000Z",
        "dateUpdated": "2024-08-05T16:34:22.584Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2017-8310 (GCVE-0-2017-8310)

    Vulnerability from nvd – Published: 2017-05-23 21:00 – Updated: 2024-08-05 16:34
    VLAI
    Summary
    Heap out-of-bound read in CreateHtmlSubtitle in VideoLAN VLC 2.2.x due to missing check of string termination allows attackers to read data beyond allocated memory and potentially crash the process (causing a denial of service) via a crafted subtitles file.
    Severity
    No CVSS data available.
    CWE
    • Allows attacker to read data beyond allocated memory and potentially crash the process (causing a denial of service)
    Assigner
    References
    URL Tags
    https://security.gentoo.org/glsa/201707-10 vendor-advisoryx_refsource_GENTOO
    http://www.securityfocus.com/bid/98638 vdb-entryx_refsource_BID
    http://git.videolan.org/?p=vlc/vlc-2.2.git%3Ba=bl… x_refsource_CONFIRM
    http://www.debian.org/security/2017/dsa-3899 vendor-advisoryx_refsource_DEBIAN
    Impacted products
    Vendor Product Version
    VideoLAN VLC Affected: 2.2.*
    Create a notification for this product.
    Date Public
    2017-04-06 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-05T16:34:21.655Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "name": "GLSA-201707-10",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_GENTOO",
                  "x_transferred"
                ],
                "url": "https://security.gentoo.org/glsa/201707-10"
              },
              {
                "name": "98638",
                "tags": [
                  "vdb-entry",
                  "x_refsource_BID",
                  "x_transferred"
                ],
                "url": "http://www.securityfocus.com/bid/98638"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "http://git.videolan.org/?p=vlc/vlc-2.2.git%3Ba=blobdiff%3Bf=modules/codec/subsdec.c%3Bh=addd8c71f30d53558fffd19059b374be45cf0f8e%3Bhp=1b4276e299a2a6668047231d29ac705ae93076ba%3Bhb=7cac839692ab79dbfe5e4ebd4c4e37d9a8b1b328%3Bhpb=3477dba3d506de8d95bccef2c6b67861188f6c29"
              },
              {
                "name": "DSA-3899",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_DEBIAN",
                  "x_transferred"
                ],
                "url": "http://www.debian.org/security/2017/dsa-3899"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "VLC",
              "vendor": "VideoLAN",
              "versions": [
                {
                  "status": "affected",
                  "version": "2.2.*"
                }
              ]
            }
          ],
          "datePublic": "2017-04-06T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "Heap out-of-bound read in CreateHtmlSubtitle in VideoLAN VLC 2.2.x due to missing check of string termination allows attackers to read data beyond allocated memory and potentially crash the process (causing a denial of service) via a crafted subtitles file."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "Allows attacker to read data beyond allocated memory and potentially crash the process (causing a denial of service)",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2017-11-03T18:57:01.000Z",
            "orgId": "897c38be-0345-43cd-b6cf-fe179e0c4f45",
            "shortName": "checkpoint"
          },
          "references": [
            {
              "name": "GLSA-201707-10",
              "tags": [
                "vendor-advisory",
                "x_refsource_GENTOO"
              ],
              "url": "https://security.gentoo.org/glsa/201707-10"
            },
            {
              "name": "98638",
              "tags": [
                "vdb-entry",
                "x_refsource_BID"
              ],
              "url": "http://www.securityfocus.com/bid/98638"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "http://git.videolan.org/?p=vlc/vlc-2.2.git%3Ba=blobdiff%3Bf=modules/codec/subsdec.c%3Bh=addd8c71f30d53558fffd19059b374be45cf0f8e%3Bhp=1b4276e299a2a6668047231d29ac705ae93076ba%3Bhb=7cac839692ab79dbfe5e4ebd4c4e37d9a8b1b328%3Bhpb=3477dba3d506de8d95bccef2c6b67861188f6c29"
            },
            {
              "name": "DSA-3899",
              "tags": [
                "vendor-advisory",
                "x_refsource_DEBIAN"
              ],
              "url": "http://www.debian.org/security/2017/dsa-3899"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "cve@checkpoint.com",
              "ID": "CVE-2017-8310",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "VLC",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "2.2.*"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "VideoLAN"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "Heap out-of-bound read in CreateHtmlSubtitle in VideoLAN VLC 2.2.x due to missing check of string termination allows attackers to read data beyond allocated memory and potentially crash the process (causing a denial of service) via a crafted subtitles file."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "Allows attacker to read data beyond allocated memory and potentially crash the process (causing a denial of service)"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "GLSA-201707-10",
                  "refsource": "GENTOO",
                  "url": "https://security.gentoo.org/glsa/201707-10"
                },
                {
                  "name": "98638",
                  "refsource": "BID",
                  "url": "http://www.securityfocus.com/bid/98638"
                },
                {
                  "name": "http://git.videolan.org/?p=vlc/vlc-2.2.git;a=blobdiff;f=modules/codec/subsdec.c;h=addd8c71f30d53558fffd19059b374be45cf0f8e;hp=1b4276e299a2a6668047231d29ac705ae93076ba;hb=7cac839692ab79dbfe5e4ebd4c4e37d9a8b1b328;hpb=3477dba3d506de8d95bccef2c6b67861188f6c29",
                  "refsource": "CONFIRM",
                  "url": "http://git.videolan.org/?p=vlc/vlc-2.2.git;a=blobdiff;f=modules/codec/subsdec.c;h=addd8c71f30d53558fffd19059b374be45cf0f8e;hp=1b4276e299a2a6668047231d29ac705ae93076ba;hb=7cac839692ab79dbfe5e4ebd4c4e37d9a8b1b328;hpb=3477dba3d506de8d95bccef2c6b67861188f6c29"
                },
                {
                  "name": "DSA-3899",
                  "refsource": "DEBIAN",
                  "url": "http://www.debian.org/security/2017/dsa-3899"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "897c38be-0345-43cd-b6cf-fe179e0c4f45",
        "assignerShortName": "checkpoint",
        "cveId": "CVE-2017-8310",
        "datePublished": "2017-05-23T21:00:00.000Z",
        "dateReserved": "2017-04-28T00:00:00.000Z",
        "dateUpdated": "2024-08-05T16:34:21.655Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2014-6440 (GCVE-0-2014-6440)

    Vulnerability from nvd – Published: 2017-03-28 15:00 – Updated: 2024-08-06 12:17
    VLAI
    Summary
    VideoLAN VLC media player before 2.1.5 allows remote attackers to execute arbitrary code or cause a denial of service.
    Severity
    No CVSS data available.
    CWE
    • n/a
    Assigner
    References
    Date Public
    2016-03-04 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-06T12:17:23.884Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "http://www.videolan.org/developers/vlc-branch/NEWS"
              },
              {
                "name": "72950",
                "tags": [
                  "vdb-entry",
                  "x_refsource_BID",
                  "x_transferred"
                ],
                "url": "http://www.securityfocus.com/bid/72950"
              },
              {
                "name": "GLSA-201603-08",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_GENTOO",
                  "x_transferred"
                ],
                "url": "https://security.gentoo.org/glsa/201603-08"
              },
              {
                "name": "[oss-security] 20150304 CVE-2014-6440: Heap Overflow in VLC Transcode Module",
                "tags": [
                  "mailing-list",
                  "x_refsource_MLIST",
                  "x_transferred"
                ],
                "url": "http://seclists.org/oss-sec/2015/q1/751"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "http://billblough.net/blog/2015/03/04/cve-2014-6440-heap-overflow-in-vlc-transcode-module/"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "n/a",
              "vendor": "n/a",
              "versions": [
                {
                  "status": "affected",
                  "version": "n/a"
                }
              ]
            }
          ],
          "datePublic": "2016-03-04T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "VideoLAN VLC media player before 2.1.5 allows remote attackers to execute arbitrary code or cause a denial of service."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "n/a",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2017-03-28T14:57:01.000Z",
            "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
            "shortName": "mitre"
          },
          "references": [
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "http://www.videolan.org/developers/vlc-branch/NEWS"
            },
            {
              "name": "72950",
              "tags": [
                "vdb-entry",
                "x_refsource_BID"
              ],
              "url": "http://www.securityfocus.com/bid/72950"
            },
            {
              "name": "GLSA-201603-08",
              "tags": [
                "vendor-advisory",
                "x_refsource_GENTOO"
              ],
              "url": "https://security.gentoo.org/glsa/201603-08"
            },
            {
              "name": "[oss-security] 20150304 CVE-2014-6440: Heap Overflow in VLC Transcode Module",
              "tags": [
                "mailing-list",
                "x_refsource_MLIST"
              ],
              "url": "http://seclists.org/oss-sec/2015/q1/751"
            },
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "http://billblough.net/blog/2015/03/04/cve-2014-6440-heap-overflow-in-vlc-transcode-module/"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "cve@mitre.org",
              "ID": "CVE-2014-6440",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "n/a",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "n/a"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "n/a"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "VideoLAN VLC media player before 2.1.5 allows remote attackers to execute arbitrary code or cause a denial of service."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "n/a"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "http://www.videolan.org/developers/vlc-branch/NEWS",
                  "refsource": "MISC",
                  "url": "http://www.videolan.org/developers/vlc-branch/NEWS"
                },
                {
                  "name": "72950",
                  "refsource": "BID",
                  "url": "http://www.securityfocus.com/bid/72950"
                },
                {
                  "name": "GLSA-201603-08",
                  "refsource": "GENTOO",
                  "url": "https://security.gentoo.org/glsa/201603-08"
                },
                {
                  "name": "[oss-security] 20150304 CVE-2014-6440: Heap Overflow in VLC Transcode Module",
                  "refsource": "MLIST",
                  "url": "http://seclists.org/oss-sec/2015/q1/751"
                },
                {
                  "name": "http://billblough.net/blog/2015/03/04/cve-2014-6440-heap-overflow-in-vlc-transcode-module/",
                  "refsource": "MISC",
                  "url": "http://billblough.net/blog/2015/03/04/cve-2014-6440-heap-overflow-in-vlc-transcode-module/"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "assignerShortName": "mitre",
        "cveId": "CVE-2014-6440",
        "datePublished": "2017-03-28T15:00:00.000Z",
        "dateReserved": "2014-09-16T00:00:00.000Z",
        "dateUpdated": "2024-08-06T12:17:23.884Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2008-2147 (GCVE-0-2008-2147)

    Vulnerability from nvd – Published: 2008-05-12 20:00 – Updated: 2024-08-07 08:49
    VLAI
    Summary
    Untrusted search path vulnerability in VideoLAN VLC before 0.9.0 allows local users to execute arbitrary code via a malicious library under the modules/ or plugins/ subdirectories of the current working directory.
    Severity
    No CVSS data available.
    CWE
    • n/a
    Assigner
    References
    URL Tags
    http://secunia.com/advisories/31317 third-party-advisoryx_refsource_SECUNIA
    https://exchange.xforce.ibmcloud.com/vulnerabilit… vdb-entryx_refsource_XF
    http://git.videolan.org/?p=vlc.git%3Ba=commit%3Bh… x_refsource_CONFIRM
    http://trac.videolan.org/vlc/ticket/1578 x_refsource_CONFIRM
    http://security.gentoo.org/glsa/glsa-200807-13.xml vendor-advisoryx_refsource_GENTOO
    Date Public
    2008-05-10 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-07T08:49:58.575Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "name": "31317",
                "tags": [
                  "third-party-advisory",
                  "x_refsource_SECUNIA",
                  "x_transferred"
                ],
                "url": "http://secunia.com/advisories/31317"
              },
              {
                "name": "vlc-searchpath-code-execution(42377)",
                "tags": [
                  "vdb-entry",
                  "x_refsource_XF",
                  "x_transferred"
                ],
                "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/42377"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "http://git.videolan.org/?p=vlc.git%3Ba=commit%3Bh=c7cef4fdd8dd72ce0a45be3cda8ba98df5e83181"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "http://trac.videolan.org/vlc/ticket/1578"
              },
              {
                "name": "GLSA-200807-13",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_GENTOO",
                  "x_transferred"
                ],
                "url": "http://security.gentoo.org/glsa/glsa-200807-13.xml"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "n/a",
              "vendor": "n/a",
              "versions": [
                {
                  "status": "affected",
                  "version": "n/a"
                }
              ]
            }
          ],
          "datePublic": "2008-05-10T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "Untrusted search path vulnerability in VideoLAN VLC before 0.9.0 allows local users to execute arbitrary code via a malicious library under the modules/ or plugins/ subdirectories of the current working directory."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "n/a",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2017-08-07T12:57:01.000Z",
            "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
            "shortName": "mitre"
          },
          "references": [
            {
              "name": "31317",
              "tags": [
                "third-party-advisory",
                "x_refsource_SECUNIA"
              ],
              "url": "http://secunia.com/advisories/31317"
            },
            {
              "name": "vlc-searchpath-code-execution(42377)",
              "tags": [
                "vdb-entry",
                "x_refsource_XF"
              ],
              "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/42377"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "http://git.videolan.org/?p=vlc.git%3Ba=commit%3Bh=c7cef4fdd8dd72ce0a45be3cda8ba98df5e83181"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "http://trac.videolan.org/vlc/ticket/1578"
            },
            {
              "name": "GLSA-200807-13",
              "tags": [
                "vendor-advisory",
                "x_refsource_GENTOO"
              ],
              "url": "http://security.gentoo.org/glsa/glsa-200807-13.xml"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "cve@mitre.org",
              "ID": "CVE-2008-2147",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "n/a",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "n/a"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "n/a"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "Untrusted search path vulnerability in VideoLAN VLC before 0.9.0 allows local users to execute arbitrary code via a malicious library under the modules/ or plugins/ subdirectories of the current working directory."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "n/a"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "31317",
                  "refsource": "SECUNIA",
                  "url": "http://secunia.com/advisories/31317"
                },
                {
                  "name": "vlc-searchpath-code-execution(42377)",
                  "refsource": "XF",
                  "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/42377"
                },
                {
                  "name": "http://git.videolan.org/?p=vlc.git;a=commit;h=c7cef4fdd8dd72ce0a45be3cda8ba98df5e83181",
                  "refsource": "CONFIRM",
                  "url": "http://git.videolan.org/?p=vlc.git;a=commit;h=c7cef4fdd8dd72ce0a45be3cda8ba98df5e83181"
                },
                {
                  "name": "http://trac.videolan.org/vlc/ticket/1578",
                  "refsource": "CONFIRM",
                  "url": "http://trac.videolan.org/vlc/ticket/1578"
                },
                {
                  "name": "GLSA-200807-13",
                  "refsource": "GENTOO",
                  "url": "http://security.gentoo.org/glsa/glsa-200807-13.xml"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "assignerShortName": "mitre",
        "cveId": "CVE-2008-2147",
        "datePublished": "2008-05-12T20:00:00.000Z",
        "dateReserved": "2008-05-12T00:00:00.000Z",
        "dateUpdated": "2024-08-07T08:49:58.575Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2008-1768 (GCVE-0-2008-1768)

    Vulnerability from nvd – Published: 2008-04-24 18:00 – Updated: 2024-08-07 08:32
    VLAI
    Summary
    Multiple integer overflows in VLC before 0.8.6f allow remote attackers to cause a denial of service (crash) via the (1) MP4 demuxer, (2) Real demuxer, and (3) Cinepak codec, which triggers a buffer overflow.
    Severity
    No CVSS data available.
    CWE
    • n/a
    Assigner
    References
    URL Tags
    http://www.videolan.org/security/sa0803.php x_refsource_CONFIRM
    http://www.securityfocus.com/bid/28903 vdb-entryx_refsource_BID
    http://www.videolan.org/developers/vlc/NEWS x_refsource_CONFIRM
    http://security.gentoo.org/glsa/glsa-200804-25.xml vendor-advisoryx_refsource_GENTOO
    http://wiki.videolan.org/Changelog/0.8.6f x_refsource_CONFIRM
    https://oval.cisecurity.org/repository/search/def… vdb-entrysignaturex_refsource_OVAL
    http://secunia.com/advisories/29800 third-party-advisoryx_refsource_SECUNIA
    http://secunia.com/advisories/29503 third-party-advisoryx_refsource_SECUNIA
    http://www.vupen.com/english/advisories/2008/0985 vdb-entryx_refsource_VUPEN
    Date Public
    2008-04-23 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-07T08:32:01.266Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "http://www.videolan.org/security/sa0803.php"
              },
              {
                "name": "28903",
                "tags": [
                  "vdb-entry",
                  "x_refsource_BID",
                  "x_transferred"
                ],
                "url": "http://www.securityfocus.com/bid/28903"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "http://www.videolan.org/developers/vlc/NEWS"
              },
              {
                "name": "GLSA-200804-25",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_GENTOO",
                  "x_transferred"
                ],
                "url": "http://security.gentoo.org/glsa/glsa-200804-25.xml"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "http://wiki.videolan.org/Changelog/0.8.6f"
              },
              {
                "name": "oval:org.mitre.oval:def:14412",
                "tags": [
                  "vdb-entry",
                  "signature",
                  "x_refsource_OVAL",
                  "x_transferred"
                ],
                "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A14412"
              },
              {
                "name": "29800",
                "tags": [
                  "third-party-advisory",
                  "x_refsource_SECUNIA",
                  "x_transferred"
                ],
                "url": "http://secunia.com/advisories/29800"
              },
              {
                "name": "29503",
                "tags": [
                  "third-party-advisory",
                  "x_refsource_SECUNIA",
                  "x_transferred"
                ],
                "url": "http://secunia.com/advisories/29503"
              },
              {
                "name": "ADV-2008-0985",
                "tags": [
                  "vdb-entry",
                  "x_refsource_VUPEN",
                  "x_transferred"
                ],
                "url": "http://www.vupen.com/english/advisories/2008/0985"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "n/a",
              "vendor": "n/a",
              "versions": [
                {
                  "status": "affected",
                  "version": "n/a"
                }
              ]
            }
          ],
          "datePublic": "2008-04-23T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "Multiple integer overflows in VLC before 0.8.6f allow remote attackers to cause a denial of service (crash) via the (1) MP4 demuxer, (2) Real demuxer, and (3) Cinepak codec, which triggers a buffer overflow."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "n/a",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2017-09-28T12:57:01.000Z",
            "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
            "shortName": "mitre"
          },
          "references": [
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "http://www.videolan.org/security/sa0803.php"
            },
            {
              "name": "28903",
              "tags": [
                "vdb-entry",
                "x_refsource_BID"
              ],
              "url": "http://www.securityfocus.com/bid/28903"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "http://www.videolan.org/developers/vlc/NEWS"
            },
            {
              "name": "GLSA-200804-25",
              "tags": [
                "vendor-advisory",
                "x_refsource_GENTOO"
              ],
              "url": "http://security.gentoo.org/glsa/glsa-200804-25.xml"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "http://wiki.videolan.org/Changelog/0.8.6f"
            },
            {
              "name": "oval:org.mitre.oval:def:14412",
              "tags": [
                "vdb-entry",
                "signature",
                "x_refsource_OVAL"
              ],
              "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A14412"
            },
            {
              "name": "29800",
              "tags": [
                "third-party-advisory",
                "x_refsource_SECUNIA"
              ],
              "url": "http://secunia.com/advisories/29800"
            },
            {
              "name": "29503",
              "tags": [
                "third-party-advisory",
                "x_refsource_SECUNIA"
              ],
              "url": "http://secunia.com/advisories/29503"
            },
            {
              "name": "ADV-2008-0985",
              "tags": [
                "vdb-entry",
                "x_refsource_VUPEN"
              ],
              "url": "http://www.vupen.com/english/advisories/2008/0985"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "cve@mitre.org",
              "ID": "CVE-2008-1768",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "n/a",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "n/a"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "n/a"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "Multiple integer overflows in VLC before 0.8.6f allow remote attackers to cause a denial of service (crash) via the (1) MP4 demuxer, (2) Real demuxer, and (3) Cinepak codec, which triggers a buffer overflow."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "n/a"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "http://www.videolan.org/security/sa0803.php",
                  "refsource": "CONFIRM",
                  "url": "http://www.videolan.org/security/sa0803.php"
                },
                {
                  "name": "28903",
                  "refsource": "BID",
                  "url": "http://www.securityfocus.com/bid/28903"
                },
                {
                  "name": "http://www.videolan.org/developers/vlc/NEWS",
                  "refsource": "CONFIRM",
                  "url": "http://www.videolan.org/developers/vlc/NEWS"
                },
                {
                  "name": "GLSA-200804-25",
                  "refsource": "GENTOO",
                  "url": "http://security.gentoo.org/glsa/glsa-200804-25.xml"
                },
                {
                  "name": "http://wiki.videolan.org/Changelog/0.8.6f",
                  "refsource": "CONFIRM",
                  "url": "http://wiki.videolan.org/Changelog/0.8.6f"
                },
                {
                  "name": "oval:org.mitre.oval:def:14412",
                  "refsource": "OVAL",
                  "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A14412"
                },
                {
                  "name": "29800",
                  "refsource": "SECUNIA",
                  "url": "http://secunia.com/advisories/29800"
                },
                {
                  "name": "29503",
                  "refsource": "SECUNIA",
                  "url": "http://secunia.com/advisories/29503"
                },
                {
                  "name": "ADV-2008-0985",
                  "refsource": "VUPEN",
                  "url": "http://www.vupen.com/english/advisories/2008/0985"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "assignerShortName": "mitre",
        "cveId": "CVE-2008-1768",
        "datePublished": "2008-04-24T18:00:00.000Z",
        "dateReserved": "2008-04-12T00:00:00.000Z",
        "dateUpdated": "2024-08-07T08:32:01.266Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2008-1769 (GCVE-0-2008-1769)

    Vulnerability from nvd – Published: 2008-04-24 18:00 – Updated: 2024-08-07 08:32
    VLAI
    Summary
    VLC before 0.8.6f allow remote attackers to cause a denial of service (crash) via a crafted Cinepak file that triggers an out-of-bounds array access and memory corruption.
    Severity
    No CVSS data available.
    CWE
    • n/a
    Assigner
    References
    Date Public
    2008-04-23 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-07T08:32:01.282Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "http://www.videolan.org/security/sa0803.php"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "http://git.videolan.org/gitweb.cgi/vlc.git/?a=commit%3Bh=cf489d7bff3c1b36b2d5501ecf21129c78104d98"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "http://www.videolan.org/developers/vlc/NEWS"
              },
              {
                "name": "GLSA-200804-25",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_GENTOO",
                  "x_transferred"
                ],
                "url": "http://security.gentoo.org/glsa/glsa-200804-25.xml"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "http://wiki.videolan.org/Changelog/0.8.6f"
              },
              {
                "name": "28904",
                "tags": [
                  "vdb-entry",
                  "x_refsource_BID",
                  "x_transferred"
                ],
                "url": "http://www.securityfocus.com/bid/28904"
              },
              {
                "name": "29800",
                "tags": [
                  "third-party-advisory",
                  "x_refsource_SECUNIA",
                  "x_transferred"
                ],
                "url": "http://secunia.com/advisories/29800"
              },
              {
                "name": "oval:org.mitre.oval:def:14445",
                "tags": [
                  "vdb-entry",
                  "signature",
                  "x_refsource_OVAL",
                  "x_transferred"
                ],
                "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A14445"
              },
              {
                "name": "29503",
                "tags": [
                  "third-party-advisory",
                  "x_refsource_SECUNIA",
                  "x_transferred"
                ],
                "url": "http://secunia.com/advisories/29503"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "http://bugs.gentoo.org/show_bug.cgi?id=214627#c3"
              },
              {
                "name": "ADV-2008-0985",
                "tags": [
                  "vdb-entry",
                  "x_refsource_VUPEN",
                  "x_transferred"
                ],
                "url": "http://www.vupen.com/english/advisories/2008/0985"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "n/a",
              "vendor": "n/a",
              "versions": [
                {
                  "status": "affected",
                  "version": "n/a"
                }
              ]
            }
          ],
          "datePublic": "2008-04-23T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "VLC before 0.8.6f allow remote attackers to cause a denial of service (crash) via a crafted Cinepak file that triggers an out-of-bounds array access and memory corruption."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "n/a",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2017-09-28T12:57:01.000Z",
            "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
            "shortName": "mitre"
          },
          "references": [
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "http://www.videolan.org/security/sa0803.php"
            },
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "http://git.videolan.org/gitweb.cgi/vlc.git/?a=commit%3Bh=cf489d7bff3c1b36b2d5501ecf21129c78104d98"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "http://www.videolan.org/developers/vlc/NEWS"
            },
            {
              "name": "GLSA-200804-25",
              "tags": [
                "vendor-advisory",
                "x_refsource_GENTOO"
              ],
              "url": "http://security.gentoo.org/glsa/glsa-200804-25.xml"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "http://wiki.videolan.org/Changelog/0.8.6f"
            },
            {
              "name": "28904",
              "tags": [
                "vdb-entry",
                "x_refsource_BID"
              ],
              "url": "http://www.securityfocus.com/bid/28904"
            },
            {
              "name": "29800",
              "tags": [
                "third-party-advisory",
                "x_refsource_SECUNIA"
              ],
              "url": "http://secunia.com/advisories/29800"
            },
            {
              "name": "oval:org.mitre.oval:def:14445",
              "tags": [
                "vdb-entry",
                "signature",
                "x_refsource_OVAL"
              ],
              "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A14445"
            },
            {
              "name": "29503",
              "tags": [
                "third-party-advisory",
                "x_refsource_SECUNIA"
              ],
              "url": "http://secunia.com/advisories/29503"
            },
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "http://bugs.gentoo.org/show_bug.cgi?id=214627#c3"
            },
            {
              "name": "ADV-2008-0985",
              "tags": [
                "vdb-entry",
                "x_refsource_VUPEN"
              ],
              "url": "http://www.vupen.com/english/advisories/2008/0985"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "cve@mitre.org",
              "ID": "CVE-2008-1769",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "n/a",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "n/a"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "n/a"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "VLC before 0.8.6f allow remote attackers to cause a denial of service (crash) via a crafted Cinepak file that triggers an out-of-bounds array access and memory corruption."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "n/a"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "http://www.videolan.org/security/sa0803.php",
                  "refsource": "CONFIRM",
                  "url": "http://www.videolan.org/security/sa0803.php"
                },
                {
                  "name": "http://git.videolan.org/gitweb.cgi/vlc.git/?a=commit;h=cf489d7bff3c1b36b2d5501ecf21129c78104d98",
                  "refsource": "MISC",
                  "url": "http://git.videolan.org/gitweb.cgi/vlc.git/?a=commit;h=cf489d7bff3c1b36b2d5501ecf21129c78104d98"
                },
                {
                  "name": "http://www.videolan.org/developers/vlc/NEWS",
                  "refsource": "CONFIRM",
                  "url": "http://www.videolan.org/developers/vlc/NEWS"
                },
                {
                  "name": "GLSA-200804-25",
                  "refsource": "GENTOO",
                  "url": "http://security.gentoo.org/glsa/glsa-200804-25.xml"
                },
                {
                  "name": "http://wiki.videolan.org/Changelog/0.8.6f",
                  "refsource": "CONFIRM",
                  "url": "http://wiki.videolan.org/Changelog/0.8.6f"
                },
                {
                  "name": "28904",
                  "refsource": "BID",
                  "url": "http://www.securityfocus.com/bid/28904"
                },
                {
                  "name": "29800",
                  "refsource": "SECUNIA",
                  "url": "http://secunia.com/advisories/29800"
                },
                {
                  "name": "oval:org.mitre.oval:def:14445",
                  "refsource": "OVAL",
                  "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A14445"
                },
                {
                  "name": "29503",
                  "refsource": "SECUNIA",
                  "url": "http://secunia.com/advisories/29503"
                },
                {
                  "name": "http://bugs.gentoo.org/show_bug.cgi?id=214627#c3",
                  "refsource": "MISC",
                  "url": "http://bugs.gentoo.org/show_bug.cgi?id=214627#c3"
                },
                {
                  "name": "ADV-2008-0985",
                  "refsource": "VUPEN",
                  "url": "http://www.vupen.com/english/advisories/2008/0985"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "assignerShortName": "mitre",
        "cveId": "CVE-2008-1769",
        "datePublished": "2008-04-24T18:00:00.000Z",
        "dateReserved": "2008-04-12T00:00:00.000Z",
        "dateUpdated": "2024-08-07T08:32:01.282Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2008-1881 (GCVE-0-2008-1881)

    Vulnerability from nvd – Published: 2008-04-17 23:00 – Updated: 2024-08-07 08:40
    VLAI
    Summary
    Stack-based buffer overflow in the ParseSSA function (modules/demux/subtitle.c) in VLC 0.8.6e allows remote attackers to execute arbitrary code via a long subtitle in an SSA file. NOTE: this issue is due to an incomplete fix for CVE-2007-6681.
    Severity
    No CVSS data available.
    CWE
    • n/a
    Assigner
    References
    URL Tags
    https://exchange.xforce.ibmcloud.com/vulnerabilit… vdb-entryx_refsource_XF
    http://aluigi.org/adv/vlcboffs-adv.txt x_refsource_MISC
    http://www.securityfocus.com/archive/1/489698 mailing-listx_refsource_BUGTRAQ
    http://secunia.com/advisories/28233 third-party-advisoryx_refsource_SECUNIA
    http://security.gentoo.org/glsa/glsa-200804-25.xml vendor-advisoryx_refsource_GENTOO
    http://wiki.videolan.org/Changelog/0.8.6f x_refsource_CONFIRM
    http://www.securityfocus.com/bid/28274 vdb-entryx_refsource_BID
    http://secunia.com/advisories/29800 third-party-advisoryx_refsource_SECUNIA
    https://oval.cisecurity.org/repository/search/def… vdb-entrysignaturex_refsource_OVAL
    https://www.exploit-db.com/exploits/5250 exploitx_refsource_EXPLOIT-DB
    https://exchange.xforce.ibmcloud.com/vulnerabilit… vdb-entryx_refsource_XF
    http://aluigi.altervista.org/adv/vlcboffs-adv.txt x_refsource_MISC
    http://www.securityfocus.com/bid/28251 vdb-entryx_refsource_BID
    Date Public
    2008-03-17 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-07T08:40:59.548Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "name": "vlc-parsessa-bo(41936)",
                "tags": [
                  "vdb-entry",
                  "x_refsource_XF",
                  "x_transferred"
                ],
                "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/41936"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "http://aluigi.org/adv/vlcboffs-adv.txt"
              },
              {
                "name": "20080317 VLC highlander bug",
                "tags": [
                  "mailing-list",
                  "x_refsource_BUGTRAQ",
                  "x_transferred"
                ],
                "url": "http://www.securityfocus.com/archive/1/489698"
              },
              {
                "name": "28233",
                "tags": [
                  "third-party-advisory",
                  "x_refsource_SECUNIA",
                  "x_transferred"
                ],
                "url": "http://secunia.com/advisories/28233"
              },
              {
                "name": "GLSA-200804-25",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_GENTOO",
                  "x_transferred"
                ],
                "url": "http://security.gentoo.org/glsa/glsa-200804-25.xml"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "http://wiki.videolan.org/Changelog/0.8.6f"
              },
              {
                "name": "28274",
                "tags": [
                  "vdb-entry",
                  "x_refsource_BID",
                  "x_transferred"
                ],
                "url": "http://www.securityfocus.com/bid/28274"
              },
              {
                "name": "29800",
                "tags": [
                  "third-party-advisory",
                  "x_refsource_SECUNIA",
                  "x_transferred"
                ],
                "url": "http://secunia.com/advisories/29800"
              },
              {
                "name": "oval:org.mitre.oval:def:14872",
                "tags": [
                  "vdb-entry",
                  "signature",
                  "x_refsource_OVAL",
                  "x_transferred"
                ],
                "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A14872"
              },
              {
                "name": "5250",
                "tags": [
                  "exploit",
                  "x_refsource_EXPLOIT-DB",
                  "x_transferred"
                ],
                "url": "https://www.exploit-db.com/exploits/5250"
              },
              {
                "name": "vlcmediaplayer-subtitle-bo(41237)",
                "tags": [
                  "vdb-entry",
                  "x_refsource_XF",
                  "x_transferred"
                ],
                "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/41237"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "http://aluigi.altervista.org/adv/vlcboffs-adv.txt"
              },
              {
                "name": "28251",
                "tags": [
                  "vdb-entry",
                  "x_refsource_BID",
                  "x_transferred"
                ],
                "url": "http://www.securityfocus.com/bid/28251"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "n/a",
              "vendor": "n/a",
              "versions": [
                {
                  "status": "affected",
                  "version": "n/a"
                }
              ]
            }
          ],
          "datePublic": "2008-03-17T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "Stack-based buffer overflow in the ParseSSA function (modules/demux/subtitle.c) in VLC 0.8.6e allows remote attackers to execute arbitrary code via a long subtitle in an SSA file.  NOTE: this issue is due to an incomplete fix for CVE-2007-6681."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "n/a",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2017-09-28T12:57:01.000Z",
            "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
            "shortName": "mitre"
          },
          "references": [
            {
              "name": "vlc-parsessa-bo(41936)",
              "tags": [
                "vdb-entry",
                "x_refsource_XF"
              ],
              "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/41936"
            },
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "http://aluigi.org/adv/vlcboffs-adv.txt"
            },
            {
              "name": "20080317 VLC highlander bug",
              "tags": [
                "mailing-list",
                "x_refsource_BUGTRAQ"
              ],
              "url": "http://www.securityfocus.com/archive/1/489698"
            },
            {
              "name": "28233",
              "tags": [
                "third-party-advisory",
                "x_refsource_SECUNIA"
              ],
              "url": "http://secunia.com/advisories/28233"
            },
            {
              "name": "GLSA-200804-25",
              "tags": [
                "vendor-advisory",
                "x_refsource_GENTOO"
              ],
              "url": "http://security.gentoo.org/glsa/glsa-200804-25.xml"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "http://wiki.videolan.org/Changelog/0.8.6f"
            },
            {
              "name": "28274",
              "tags": [
                "vdb-entry",
                "x_refsource_BID"
              ],
              "url": "http://www.securityfocus.com/bid/28274"
            },
            {
              "name": "29800",
              "tags": [
                "third-party-advisory",
                "x_refsource_SECUNIA"
              ],
              "url": "http://secunia.com/advisories/29800"
            },
            {
              "name": "oval:org.mitre.oval:def:14872",
              "tags": [
                "vdb-entry",
                "signature",
                "x_refsource_OVAL"
              ],
              "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A14872"
            },
            {
              "name": "5250",
              "tags": [
                "exploit",
                "x_refsource_EXPLOIT-DB"
              ],
              "url": "https://www.exploit-db.com/exploits/5250"
            },
            {
              "name": "vlcmediaplayer-subtitle-bo(41237)",
              "tags": [
                "vdb-entry",
                "x_refsource_XF"
              ],
              "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/41237"
            },
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "http://aluigi.altervista.org/adv/vlcboffs-adv.txt"
            },
            {
              "name": "28251",
              "tags": [
                "vdb-entry",
                "x_refsource_BID"
              ],
              "url": "http://www.securityfocus.com/bid/28251"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "cve@mitre.org",
              "ID": "CVE-2008-1881",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "n/a",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "n/a"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "n/a"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "Stack-based buffer overflow in the ParseSSA function (modules/demux/subtitle.c) in VLC 0.8.6e allows remote attackers to execute arbitrary code via a long subtitle in an SSA file.  NOTE: this issue is due to an incomplete fix for CVE-2007-6681."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "n/a"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "vlc-parsessa-bo(41936)",
                  "refsource": "XF",
                  "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/41936"
                },
                {
                  "name": "http://aluigi.org/adv/vlcboffs-adv.txt",
                  "refsource": "MISC",
                  "url": "http://aluigi.org/adv/vlcboffs-adv.txt"
                },
                {
                  "name": "20080317 VLC highlander bug",
                  "refsource": "BUGTRAQ",
                  "url": "http://www.securityfocus.com/archive/1/489698"
                },
                {
                  "name": "28233",
                  "refsource": "SECUNIA",
                  "url": "http://secunia.com/advisories/28233"
                },
                {
                  "name": "GLSA-200804-25",
                  "refsource": "GENTOO",
                  "url": "http://security.gentoo.org/glsa/glsa-200804-25.xml"
                },
                {
                  "name": "http://wiki.videolan.org/Changelog/0.8.6f",
                  "refsource": "CONFIRM",
                  "url": "http://wiki.videolan.org/Changelog/0.8.6f"
                },
                {
                  "name": "28274",
                  "refsource": "BID",
                  "url": "http://www.securityfocus.com/bid/28274"
                },
                {
                  "name": "29800",
                  "refsource": "SECUNIA",
                  "url": "http://secunia.com/advisories/29800"
                },
                {
                  "name": "oval:org.mitre.oval:def:14872",
                  "refsource": "OVAL",
                  "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A14872"
                },
                {
                  "name": "5250",
                  "refsource": "EXPLOIT-DB",
                  "url": "https://www.exploit-db.com/exploits/5250"
                },
                {
                  "name": "vlcmediaplayer-subtitle-bo(41237)",
                  "refsource": "XF",
                  "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/41237"
                },
                {
                  "name": "http://aluigi.altervista.org/adv/vlcboffs-adv.txt",
                  "refsource": "MISC",
                  "url": "http://aluigi.altervista.org/adv/vlcboffs-adv.txt"
                },
                {
                  "name": "28251",
                  "refsource": "BID",
                  "url": "http://www.securityfocus.com/bid/28251"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "assignerShortName": "mitre",
        "cveId": "CVE-2008-1881",
        "datePublished": "2008-04-17T23:00:00.000Z",
        "dateReserved": "2008-04-17T00:00:00.000Z",
        "dateUpdated": "2024-08-07T08:40:59.548Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2008-1489 (GCVE-0-2008-1489)

    Vulnerability from nvd – Published: 2008-03-25 00:00 – Updated: 2024-08-07 08:24
    VLAI
    Summary
    Integer overflow in the MP4_ReadBox_rdrf function in libmp4.c for VLC 0.8.6e allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a crafted MP4 RDRF box that triggers a heap-based buffer overflow, a different vulnerability than CVE-2008-0984.
    Severity
    No CVSS data available.
    CWE
    • n/a
    Assigner
    References
    URL Tags
    http://www.debian.org/security/2008/dsa-1543 vendor-advisoryx_refsource_DEBIAN
    http://www.securityfocus.com/bid/28433 vdb-entryx_refsource_BID
    http://trac.videolan.org/vlc/changeset/09572892df… x_refsource_CONFIRM
    http://www.videolan.org/security/sa0803.php x_refsource_CONFIRM
    http://security.gentoo.org/glsa/glsa-200804-25.xml vendor-advisoryx_refsource_GENTOO
    http://wiki.videolan.org/Changelog/0.8.6f x_refsource_CONFIRM
    http://secunia.com/advisories/29800 third-party-advisoryx_refsource_SECUNIA
    https://oval.cisecurity.org/repository/search/def… vdb-entrysignaturex_refsource_OVAL
    http://secunia.com/advisories/29766 third-party-advisoryx_refsource_SECUNIA
    http://secunia.com/advisories/29503 third-party-advisoryx_refsource_SECUNIA
    http://www.vupen.com/english/advisories/2008/0985 vdb-entryx_refsource_VUPEN
    https://exchange.xforce.ibmcloud.com/vulnerabilit… vdb-entryx_refsource_XF
    Date Public
    2008-03-24 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-07T08:24:42.183Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "name": "DSA-1543",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_DEBIAN",
                  "x_transferred"
                ],
                "url": "http://www.debian.org/security/2008/dsa-1543"
              },
              {
                "name": "28433",
                "tags": [
                  "vdb-entry",
                  "x_refsource_BID",
                  "x_transferred"
                ],
                "url": "http://www.securityfocus.com/bid/28433"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "http://trac.videolan.org/vlc/changeset/09572892df7e72c0d4e598c0b5e076cf330d8b0a"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "http://www.videolan.org/security/sa0803.php"
              },
              {
                "name": "GLSA-200804-25",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_GENTOO",
                  "x_transferred"
                ],
                "url": "http://security.gentoo.org/glsa/glsa-200804-25.xml"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "http://wiki.videolan.org/Changelog/0.8.6f"
              },
              {
                "name": "29800",
                "tags": [
                  "third-party-advisory",
                  "x_refsource_SECUNIA",
                  "x_transferred"
                ],
                "url": "http://secunia.com/advisories/29800"
              },
              {
                "name": "oval:org.mitre.oval:def:14841",
                "tags": [
                  "vdb-entry",
                  "signature",
                  "x_refsource_OVAL",
                  "x_transferred"
                ],
                "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A14841"
              },
              {
                "name": "29766",
                "tags": [
                  "third-party-advisory",
                  "x_refsource_SECUNIA",
                  "x_transferred"
                ],
                "url": "http://secunia.com/advisories/29766"
              },
              {
                "name": "29503",
                "tags": [
                  "third-party-advisory",
                  "x_refsource_SECUNIA",
                  "x_transferred"
                ],
                "url": "http://secunia.com/advisories/29503"
              },
              {
                "name": "ADV-2008-0985",
                "tags": [
                  "vdb-entry",
                  "x_refsource_VUPEN",
                  "x_transferred"
                ],
                "url": "http://www.vupen.com/english/advisories/2008/0985"
              },
              {
                "name": "vlcmediaplayer-mp4readbox-rdrf-bo(41412)",
                "tags": [
                  "vdb-entry",
                  "x_refsource_XF",
                  "x_transferred"
                ],
                "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/41412"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "n/a",
              "vendor": "n/a",
              "versions": [
                {
                  "status": "affected",
                  "version": "n/a"
                }
              ]
            }
          ],
          "datePublic": "2008-03-24T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "Integer overflow in the MP4_ReadBox_rdrf function in libmp4.c for VLC 0.8.6e allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a crafted MP4 RDRF box that triggers a heap-based buffer overflow, a different vulnerability than CVE-2008-0984."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "n/a",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2017-09-28T12:57:01.000Z",
            "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
            "shortName": "mitre"
          },
          "references": [
            {
              "name": "DSA-1543",
              "tags": [
                "vendor-advisory",
                "x_refsource_DEBIAN"
              ],
              "url": "http://www.debian.org/security/2008/dsa-1543"
            },
            {
              "name": "28433",
              "tags": [
                "vdb-entry",
                "x_refsource_BID"
              ],
              "url": "http://www.securityfocus.com/bid/28433"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "http://trac.videolan.org/vlc/changeset/09572892df7e72c0d4e598c0b5e076cf330d8b0a"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "http://www.videolan.org/security/sa0803.php"
            },
            {
              "name": "GLSA-200804-25",
              "tags": [
                "vendor-advisory",
                "x_refsource_GENTOO"
              ],
              "url": "http://security.gentoo.org/glsa/glsa-200804-25.xml"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "http://wiki.videolan.org/Changelog/0.8.6f"
            },
            {
              "name": "29800",
              "tags": [
                "third-party-advisory",
                "x_refsource_SECUNIA"
              ],
              "url": "http://secunia.com/advisories/29800"
            },
            {
              "name": "oval:org.mitre.oval:def:14841",
              "tags": [
                "vdb-entry",
                "signature",
                "x_refsource_OVAL"
              ],
              "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A14841"
            },
            {
              "name": "29766",
              "tags": [
                "third-party-advisory",
                "x_refsource_SECUNIA"
              ],
              "url": "http://secunia.com/advisories/29766"
            },
            {
              "name": "29503",
              "tags": [
                "third-party-advisory",
                "x_refsource_SECUNIA"
              ],
              "url": "http://secunia.com/advisories/29503"
            },
            {
              "name": "ADV-2008-0985",
              "tags": [
                "vdb-entry",
                "x_refsource_VUPEN"
              ],
              "url": "http://www.vupen.com/english/advisories/2008/0985"
            },
            {
              "name": "vlcmediaplayer-mp4readbox-rdrf-bo(41412)",
              "tags": [
                "vdb-entry",
                "x_refsource_XF"
              ],
              "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/41412"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "cve@mitre.org",
              "ID": "CVE-2008-1489",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "n/a",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "n/a"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "n/a"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "Integer overflow in the MP4_ReadBox_rdrf function in libmp4.c for VLC 0.8.6e allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a crafted MP4 RDRF box that triggers a heap-based buffer overflow, a different vulnerability than CVE-2008-0984."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "n/a"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "DSA-1543",
                  "refsource": "DEBIAN",
                  "url": "http://www.debian.org/security/2008/dsa-1543"
                },
                {
                  "name": "28433",
                  "refsource": "BID",
                  "url": "http://www.securityfocus.com/bid/28433"
                },
                {
                  "name": "http://trac.videolan.org/vlc/changeset/09572892df7e72c0d4e598c0b5e076cf330d8b0a",
                  "refsource": "CONFIRM",
                  "url": "http://trac.videolan.org/vlc/changeset/09572892df7e72c0d4e598c0b5e076cf330d8b0a"
                },
                {
                  "name": "http://www.videolan.org/security/sa0803.php",
                  "refsource": "CONFIRM",
                  "url": "http://www.videolan.org/security/sa0803.php"
                },
                {
                  "name": "GLSA-200804-25",
                  "refsource": "GENTOO",
                  "url": "http://security.gentoo.org/glsa/glsa-200804-25.xml"
                },
                {
                  "name": "http://wiki.videolan.org/Changelog/0.8.6f",
                  "refsource": "CONFIRM",
                  "url": "http://wiki.videolan.org/Changelog/0.8.6f"
                },
                {
                  "name": "29800",
                  "refsource": "SECUNIA",
                  "url": "http://secunia.com/advisories/29800"
                },
                {
                  "name": "oval:org.mitre.oval:def:14841",
                  "refsource": "OVAL",
                  "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A14841"
                },
                {
                  "name": "29766",
                  "refsource": "SECUNIA",
                  "url": "http://secunia.com/advisories/29766"
                },
                {
                  "name": "29503",
                  "refsource": "SECUNIA",
                  "url": "http://secunia.com/advisories/29503"
                },
                {
                  "name": "ADV-2008-0985",
                  "refsource": "VUPEN",
                  "url": "http://www.vupen.com/english/advisories/2008/0985"
                },
                {
                  "name": "vlcmediaplayer-mp4readbox-rdrf-bo(41412)",
                  "refsource": "XF",
                  "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/41412"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "assignerShortName": "mitre",
        "cveId": "CVE-2008-1489",
        "datePublished": "2008-03-25T00:00:00.000Z",
        "dateReserved": "2008-03-24T00:00:00.000Z",
        "dateUpdated": "2024-08-07T08:24:42.183Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2007-6682 (GCVE-0-2007-6682)

    Vulnerability from nvd – Published: 2008-01-17 00:00 – Updated: 2024-08-07 16:18
    VLAI
    Summary
    Format string vulnerability in the httpd_FileCallBack function (network/httpd.c) in VideoLAN VLC 0.8.6d allows remote attackers to execute arbitrary code via format string specifiers in the Connection parameter.
    Severity
    No CVSS data available.
    CWE
    • n/a
    Assigner
    References
    URL Tags
    http://secunia.com/advisories/29284 third-party-advisoryx_refsource_SECUNIA
    http://www.debian.org/security/2008/dsa-1543 vendor-advisoryx_refsource_DEBIAN
    http://securityreason.com/securityalert/3550 third-party-advisoryx_refsource_SREASON
    http://secunia.com/advisories/28233 third-party-advisoryx_refsource_SECUNIA
    https://oval.cisecurity.org/repository/search/def… vdb-entrysignaturex_refsource_OVAL
    https://www.exploit-db.com/exploits/5519 exploitx_refsource_EXPLOIT-DB
    http://www.securityfocus.com/bid/27015 vdb-entryx_refsource_BID
    http://osvdb.org/42208 vdb-entryx_refsource_OSVDB
    http://trac.videolan.org/vlc/changeset/23839 x_refsource_CONFIRM
    http://www.securityfocus.com/archive/1/485488/30/… mailing-listx_refsource_BUGTRAQ
    http://secunia.com/advisories/29766 third-party-advisoryx_refsource_SECUNIA
    http://aluigi.altervista.org/adv/vlcboffs-adv.txt x_refsource_MISC
    http://www.gentoo.org/security/en/glsa/glsa-20080… vendor-advisoryx_refsource_GENTOO
    Date Public
    2007-12-24 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-07T16:18:20.612Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "name": "29284",
                "tags": [
                  "third-party-advisory",
                  "x_refsource_SECUNIA",
                  "x_transferred"
                ],
                "url": "http://secunia.com/advisories/29284"
              },
              {
                "name": "DSA-1543",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_DEBIAN",
                  "x_transferred"
                ],
                "url": "http://www.debian.org/security/2008/dsa-1543"
              },
              {
                "name": "3550",
                "tags": [
                  "third-party-advisory",
                  "x_refsource_SREASON",
                  "x_transferred"
                ],
                "url": "http://securityreason.com/securityalert/3550"
              },
              {
                "name": "28233",
                "tags": [
                  "third-party-advisory",
                  "x_refsource_SECUNIA",
                  "x_transferred"
                ],
                "url": "http://secunia.com/advisories/28233"
              },
              {
                "name": "oval:org.mitre.oval:def:14790",
                "tags": [
                  "vdb-entry",
                  "signature",
                  "x_refsource_OVAL",
                  "x_transferred"
                ],
                "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A14790"
              },
              {
                "name": "5519",
                "tags": [
                  "exploit",
                  "x_refsource_EXPLOIT-DB",
                  "x_transferred"
                ],
                "url": "https://www.exploit-db.com/exploits/5519"
              },
              {
                "name": "27015",
                "tags": [
                  "vdb-entry",
                  "x_refsource_BID",
                  "x_transferred"
                ],
                "url": "http://www.securityfocus.com/bid/27015"
              },
              {
                "name": "42208",
                "tags": [
                  "vdb-entry",
                  "x_refsource_OSVDB",
                  "x_transferred"
                ],
                "url": "http://osvdb.org/42208"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "http://trac.videolan.org/vlc/changeset/23839"
              },
              {
                "name": "20071224 Buffer-overflow and format string in VideoLAN VLC 0.8.6d",
                "tags": [
                  "mailing-list",
                  "x_refsource_BUGTRAQ",
                  "x_transferred"
                ],
                "url": "http://www.securityfocus.com/archive/1/485488/30/0/threaded"
              },
              {
                "name": "29766",
                "tags": [
                  "third-party-advisory",
                  "x_refsource_SECUNIA",
                  "x_transferred"
                ],
                "url": "http://secunia.com/advisories/29766"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "http://aluigi.altervista.org/adv/vlcboffs-adv.txt"
              },
              {
                "name": "GLSA-200803-13",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_GENTOO",
                  "x_transferred"
                ],
                "url": "http://www.gentoo.org/security/en/glsa/glsa-200803-13.xml"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "n/a",
              "vendor": "n/a",
              "versions": [
                {
                  "status": "affected",
                  "version": "n/a"
                }
              ]
            }
          ],
          "datePublic": "2007-12-24T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "Format string vulnerability in the httpd_FileCallBack function (network/httpd.c) in VideoLAN VLC 0.8.6d allows remote attackers to execute arbitrary code via format string specifiers in the Connection parameter."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "n/a",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2017-09-28T12:57:01.000Z",
            "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
            "shortName": "mitre"
          },
          "references": [
            {
              "name": "29284",
              "tags": [
                "third-party-advisory",
                "x_refsource_SECUNIA"
              ],
              "url": "http://secunia.com/advisories/29284"
            },
            {
              "name": "DSA-1543",
              "tags": [
                "vendor-advisory",
                "x_refsource_DEBIAN"
              ],
              "url": "http://www.debian.org/security/2008/dsa-1543"
            },
            {
              "name": "3550",
              "tags": [
                "third-party-advisory",
                "x_refsource_SREASON"
              ],
              "url": "http://securityreason.com/securityalert/3550"
            },
            {
              "name": "28233",
              "tags": [
                "third-party-advisory",
                "x_refsource_SECUNIA"
              ],
              "url": "http://secunia.com/advisories/28233"
            },
            {
              "name": "oval:org.mitre.oval:def:14790",
              "tags": [
                "vdb-entry",
                "signature",
                "x_refsource_OVAL"
              ],
              "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A14790"
            },
            {
              "name": "5519",
              "tags": [
                "exploit",
                "x_refsource_EXPLOIT-DB"
              ],
              "url": "https://www.exploit-db.com/exploits/5519"
            },
            {
              "name": "27015",
              "tags": [
                "vdb-entry",
                "x_refsource_BID"
              ],
              "url": "http://www.securityfocus.com/bid/27015"
            },
            {
              "name": "42208",
              "tags": [
                "vdb-entry",
                "x_refsource_OSVDB"
              ],
              "url": "http://osvdb.org/42208"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "http://trac.videolan.org/vlc/changeset/23839"
            },
            {
              "name": "20071224 Buffer-overflow and format string in VideoLAN VLC 0.8.6d",
              "tags": [
                "mailing-list",
                "x_refsource_BUGTRAQ"
              ],
              "url": "http://www.securityfocus.com/archive/1/485488/30/0/threaded"
            },
            {
              "name": "29766",
              "tags": [
                "third-party-advisory",
                "x_refsource_SECUNIA"
              ],
              "url": "http://secunia.com/advisories/29766"
            },
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "http://aluigi.altervista.org/adv/vlcboffs-adv.txt"
            },
            {
              "name": "GLSA-200803-13",
              "tags": [
                "vendor-advisory",
                "x_refsource_GENTOO"
              ],
              "url": "http://www.gentoo.org/security/en/glsa/glsa-200803-13.xml"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "cve@mitre.org",
              "ID": "CVE-2007-6682",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "n/a",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "n/a"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "n/a"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "Format string vulnerability in the httpd_FileCallBack function (network/httpd.c) in VideoLAN VLC 0.8.6d allows remote attackers to execute arbitrary code via format string specifiers in the Connection parameter."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "n/a"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "29284",
                  "refsource": "SECUNIA",
                  "url": "http://secunia.com/advisories/29284"
                },
                {
                  "name": "DSA-1543",
                  "refsource": "DEBIAN",
                  "url": "http://www.debian.org/security/2008/dsa-1543"
                },
                {
                  "name": "3550",
                  "refsource": "SREASON",
                  "url": "http://securityreason.com/securityalert/3550"
                },
                {
                  "name": "28233",
                  "refsource": "SECUNIA",
                  "url": "http://secunia.com/advisories/28233"
                },
                {
                  "name": "oval:org.mitre.oval:def:14790",
                  "refsource": "OVAL",
                  "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A14790"
                },
                {
                  "name": "5519",
                  "refsource": "EXPLOIT-DB",
                  "url": "https://www.exploit-db.com/exploits/5519"
                },
                {
                  "name": "27015",
                  "refsource": "BID",
                  "url": "http://www.securityfocus.com/bid/27015"
                },
                {
                  "name": "42208",
                  "refsource": "OSVDB",
                  "url": "http://osvdb.org/42208"
                },
                {
                  "name": "http://trac.videolan.org/vlc/changeset/23839",
                  "refsource": "CONFIRM",
                  "url": "http://trac.videolan.org/vlc/changeset/23839"
                },
                {
                  "name": "20071224 Buffer-overflow and format string in VideoLAN VLC 0.8.6d",
                  "refsource": "BUGTRAQ",
                  "url": "http://www.securityfocus.com/archive/1/485488/30/0/threaded"
                },
                {
                  "name": "29766",
                  "refsource": "SECUNIA",
                  "url": "http://secunia.com/advisories/29766"
                },
                {
                  "name": "http://aluigi.altervista.org/adv/vlcboffs-adv.txt",
                  "refsource": "MISC",
                  "url": "http://aluigi.altervista.org/adv/vlcboffs-adv.txt"
                },
                {
                  "name": "GLSA-200803-13",
                  "refsource": "GENTOO",
                  "url": "http://www.gentoo.org/security/en/glsa/glsa-200803-13.xml"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "assignerShortName": "mitre",
        "cveId": "CVE-2007-6682",
        "datePublished": "2008-01-17T00:00:00.000Z",
        "dateReserved": "2008-01-16T00:00:00.000Z",
        "dateUpdated": "2024-08-07T16:18:20.612Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2007-6681 (GCVE-0-2007-6681)

    Vulnerability from nvd – Published: 2008-01-17 00:00 – Updated: 2024-08-07 16:18
    VLAI
    Summary
    Stack-based buffer overflow in modules/demux/subtitle.c in VideoLAN VLC 0.8.6d allows remote attackers to execute arbitrary code via a long subtitle in a (1) MicroDvd, (2) SSA, and (3) Vplayer file.
    Severity
    No CVSS data available.
    CWE
    • n/a
    Assigner
    References
    URL Tags
    http://secunia.com/advisories/29284 third-party-advisoryx_refsource_SECUNIA
    http://www.debian.org/security/2008/dsa-1543 vendor-advisoryx_refsource_DEBIAN
    http://securityreason.com/securityalert/3550 third-party-advisoryx_refsource_SREASON
    https://www.exploit-db.com/exploits/5667 exploitx_refsource_EXPLOIT-DB
    https://oval.cisecurity.org/repository/search/def… vdb-entrysignaturex_refsource_OVAL
    http://www.videolan.org/security/sa0801.php x_refsource_CONFIRM
    http://secunia.com/advisories/28233 third-party-advisoryx_refsource_SECUNIA
    http://security.gentoo.org/glsa/glsa-200804-25.xml vendor-advisoryx_refsource_GENTOO
    http://www.securityfocus.com/bid/27015 vdb-entryx_refsource_BID
    http://mailman.videolan.org/pipermail/vlc-devel/2… mailing-listx_refsource_MLIST
    http://wiki.videolan.org/Changelog/0.8.6f x_refsource_CONFIRM
    http://secunia.com/advisories/29800 third-party-advisoryx_refsource_SECUNIA
    http://mailman.videolan.org/pipermail/vlc-devel/2… mailing-listx_refsource_MLIST
    http://www.securityfocus.com/archive/1/485488/30/… mailing-listx_refsource_BUGTRAQ
    http://secunia.com/advisories/29766 third-party-advisoryx_refsource_SECUNIA
    http://osvdb.org/42207 vdb-entryx_refsource_OSVDB
    http://aluigi.altervista.org/adv/vlcboffs-adv.txt x_refsource_MISC
    http://www.gentoo.org/security/en/glsa/glsa-20080… vendor-advisoryx_refsource_GENTOO
    Date Public
    2006-06-26 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-07T16:18:20.564Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "name": "29284",
                "tags": [
                  "third-party-advisory",
                  "x_refsource_SECUNIA",
                  "x_transferred"
                ],
                "url": "http://secunia.com/advisories/29284"
              },
              {
                "name": "DSA-1543",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_DEBIAN",
                  "x_transferred"
                ],
                "url": "http://www.debian.org/security/2008/dsa-1543"
              },
              {
                "name": "3550",
                "tags": [
                  "third-party-advisory",
                  "x_refsource_SREASON",
                  "x_transferred"
                ],
                "url": "http://securityreason.com/securityalert/3550"
              },
              {
                "name": "5667",
                "tags": [
                  "exploit",
                  "x_refsource_EXPLOIT-DB",
                  "x_transferred"
                ],
                "url": "https://www.exploit-db.com/exploits/5667"
              },
              {
                "name": "oval:org.mitre.oval:def:14334",
                "tags": [
                  "vdb-entry",
                  "signature",
                  "x_refsource_OVAL",
                  "x_transferred"
                ],
                "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A14334"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "http://www.videolan.org/security/sa0801.php"
              },
              {
                "name": "28233",
                "tags": [
                  "third-party-advisory",
                  "x_refsource_SECUNIA",
                  "x_transferred"
                ],
                "url": "http://secunia.com/advisories/28233"
              },
              {
                "name": "GLSA-200804-25",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_GENTOO",
                  "x_transferred"
                ],
                "url": "http://security.gentoo.org/glsa/glsa-200804-25.xml"
              },
              {
                "name": "27015",
                "tags": [
                  "vdb-entry",
                  "x_refsource_BID",
                  "x_transferred"
                ],
                "url": "http://www.securityfocus.com/bid/27015"
              },
              {
                "name": "[vlc-devel] 20070630 vlc: svn commit r20715 (fenrir)",
                "tags": [
                  "mailing-list",
                  "x_refsource_MLIST",
                  "x_transferred"
                ],
                "url": "http://mailman.videolan.org/pipermail/vlc-devel/2007-June/033394.html"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "http://wiki.videolan.org/Changelog/0.8.6f"
              },
              {
                "name": "29800",
                "tags": [
                  "third-party-advisory",
                  "x_refsource_SECUNIA",
                  "x_transferred"
                ],
                "url": "http://secunia.com/advisories/29800"
              },
              {
                "name": "[vlc-devel] 20070626 subtitle processing overflows",
                "tags": [
                  "mailing-list",
                  "x_refsource_MLIST",
                  "x_transferred"
                ],
                "url": "http://mailman.videolan.org/pipermail/vlc-devel/2007-June/032672.html"
              },
              {
                "name": "20071224 Buffer-overflow and format string in VideoLAN VLC 0.8.6d",
                "tags": [
                  "mailing-list",
                  "x_refsource_BUGTRAQ",
                  "x_transferred"
                ],
                "url": "http://www.securityfocus.com/archive/1/485488/30/0/threaded"
              },
              {
                "name": "29766",
                "tags": [
                  "third-party-advisory",
                  "x_refsource_SECUNIA",
                  "x_transferred"
                ],
                "url": "http://secunia.com/advisories/29766"
              },
              {
                "name": "42207",
                "tags": [
                  "vdb-entry",
                  "x_refsource_OSVDB",
                  "x_transferred"
                ],
                "url": "http://osvdb.org/42207"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "http://aluigi.altervista.org/adv/vlcboffs-adv.txt"
              },
              {
                "name": "GLSA-200803-13",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_GENTOO",
                  "x_transferred"
                ],
                "url": "http://www.gentoo.org/security/en/glsa/glsa-200803-13.xml"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "n/a",
              "vendor": "n/a",
              "versions": [
                {
                  "status": "affected",
                  "version": "n/a"
                }
              ]
            }
          ],
          "datePublic": "2006-06-26T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "Stack-based buffer overflow in modules/demux/subtitle.c in VideoLAN VLC 0.8.6d allows remote attackers to execute arbitrary code via a long subtitle in a (1) MicroDvd, (2) SSA, and (3) Vplayer file."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "n/a",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2017-09-28T12:57:01.000Z",
            "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
            "shortName": "mitre"
          },
          "references": [
            {
              "name": "29284",
              "tags": [
                "third-party-advisory",
                "x_refsource_SECUNIA"
              ],
              "url": "http://secunia.com/advisories/29284"
            },
            {
              "name": "DSA-1543",
              "tags": [
                "vendor-advisory",
                "x_refsource_DEBIAN"
              ],
              "url": "http://www.debian.org/security/2008/dsa-1543"
            },
            {
              "name": "3550",
              "tags": [
                "third-party-advisory",
                "x_refsource_SREASON"
              ],
              "url": "http://securityreason.com/securityalert/3550"
            },
            {
              "name": "5667",
              "tags": [
                "exploit",
                "x_refsource_EXPLOIT-DB"
              ],
              "url": "https://www.exploit-db.com/exploits/5667"
            },
            {
              "name": "oval:org.mitre.oval:def:14334",
              "tags": [
                "vdb-entry",
                "signature",
                "x_refsource_OVAL"
              ],
              "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A14334"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "http://www.videolan.org/security/sa0801.php"
            },
            {
              "name": "28233",
              "tags": [
                "third-party-advisory",
                "x_refsource_SECUNIA"
              ],
              "url": "http://secunia.com/advisories/28233"
            },
            {
              "name": "GLSA-200804-25",
              "tags": [
                "vendor-advisory",
                "x_refsource_GENTOO"
              ],
              "url": "http://security.gentoo.org/glsa/glsa-200804-25.xml"
            },
            {
              "name": "27015",
              "tags": [
                "vdb-entry",
                "x_refsource_BID"
              ],
              "url": "http://www.securityfocus.com/bid/27015"
            },
            {
              "name": "[vlc-devel] 20070630 vlc: svn commit r20715 (fenrir)",
              "tags": [
                "mailing-list",
                "x_refsource_MLIST"
              ],
              "url": "http://mailman.videolan.org/pipermail/vlc-devel/2007-June/033394.html"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "http://wiki.videolan.org/Changelog/0.8.6f"
            },
            {
              "name": "29800",
              "tags": [
                "third-party-advisory",
                "x_refsource_SECUNIA"
              ],
              "url": "http://secunia.com/advisories/29800"
            },
            {
              "name": "[vlc-devel] 20070626 subtitle processing overflows",
              "tags": [
                "mailing-list",
                "x_refsource_MLIST"
              ],
              "url": "http://mailman.videolan.org/pipermail/vlc-devel/2007-June/032672.html"
            },
            {
              "name": "20071224 Buffer-overflow and format string in VideoLAN VLC 0.8.6d",
              "tags": [
                "mailing-list",
                "x_refsource_BUGTRAQ"
              ],
              "url": "http://www.securityfocus.com/archive/1/485488/30/0/threaded"
            },
            {
              "name": "29766",
              "tags": [
                "third-party-advisory",
                "x_refsource_SECUNIA"
              ],
              "url": "http://secunia.com/advisories/29766"
            },
            {
              "name": "42207",
              "tags": [
                "vdb-entry",
                "x_refsource_OSVDB"
              ],
              "url": "http://osvdb.org/42207"
            },
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "http://aluigi.altervista.org/adv/vlcboffs-adv.txt"
            },
            {
              "name": "GLSA-200803-13",
              "tags": [
                "vendor-advisory",
                "x_refsource_GENTOO"
              ],
              "url": "http://www.gentoo.org/security/en/glsa/glsa-200803-13.xml"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "cve@mitre.org",
              "ID": "CVE-2007-6681",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "n/a",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "n/a"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "n/a"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "Stack-based buffer overflow in modules/demux/subtitle.c in VideoLAN VLC 0.8.6d allows remote attackers to execute arbitrary code via a long subtitle in a (1) MicroDvd, (2) SSA, and (3) Vplayer file."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "n/a"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "29284",
                  "refsource": "SECUNIA",
                  "url": "http://secunia.com/advisories/29284"
                },
                {
                  "name": "DSA-1543",
                  "refsource": "DEBIAN",
                  "url": "http://www.debian.org/security/2008/dsa-1543"
                },
                {
                  "name": "3550",
                  "refsource": "SREASON",
                  "url": "http://securityreason.com/securityalert/3550"
                },
                {
                  "name": "5667",
                  "refsource": "EXPLOIT-DB",
                  "url": "https://www.exploit-db.com/exploits/5667"
                },
                {
                  "name": "oval:org.mitre.oval:def:14334",
                  "refsource": "OVAL",
                  "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A14334"
                },
                {
                  "name": "http://www.videolan.org/security/sa0801.php",
                  "refsource": "CONFIRM",
                  "url": "http://www.videolan.org/security/sa0801.php"
                },
                {
                  "name": "28233",
                  "refsource": "SECUNIA",
                  "url": "http://secunia.com/advisories/28233"
                },
                {
                  "name": "GLSA-200804-25",
                  "refsource": "GENTOO",
                  "url": "http://security.gentoo.org/glsa/glsa-200804-25.xml"
                },
                {
                  "name": "27015",
                  "refsource": "BID",
                  "url": "http://www.securityfocus.com/bid/27015"
                },
                {
                  "name": "[vlc-devel] 20070630 vlc: svn commit r20715 (fenrir)",
                  "refsource": "MLIST",
                  "url": "http://mailman.videolan.org/pipermail/vlc-devel/2007-June/033394.html"
                },
                {
                  "name": "http://wiki.videolan.org/Changelog/0.8.6f",
                  "refsource": "CONFIRM",
                  "url": "http://wiki.videolan.org/Changelog/0.8.6f"
                },
                {
                  "name": "29800",
                  "refsource": "SECUNIA",
                  "url": "http://secunia.com/advisories/29800"
                },
                {
                  "name": "[vlc-devel] 20070626 subtitle processing overflows",
                  "refsource": "MLIST",
                  "url": "http://mailman.videolan.org/pipermail/vlc-devel/2007-June/032672.html"
                },
                {
                  "name": "20071224 Buffer-overflow and format string in VideoLAN VLC 0.8.6d",
                  "refsource": "BUGTRAQ",
                  "url": "http://www.securityfocus.com/archive/1/485488/30/0/threaded"
                },
                {
                  "name": "29766",
                  "refsource": "SECUNIA",
                  "url": "http://secunia.com/advisories/29766"
                },
                {
                  "name": "42207",
                  "refsource": "OSVDB",
                  "url": "http://osvdb.org/42207"
                },
                {
                  "name": "http://aluigi.altervista.org/adv/vlcboffs-adv.txt",
                  "refsource": "MISC",
                  "url": "http://aluigi.altervista.org/adv/vlcboffs-adv.txt"
                },
                {
                  "name": "GLSA-200803-13",
                  "refsource": "GENTOO",
                  "url": "http://www.gentoo.org/security/en/glsa/glsa-200803-13.xml"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "assignerShortName": "mitre",
        "cveId": "CVE-2007-6681",
        "datePublished": "2008-01-17T00:00:00.000Z",
        "dateReserved": "2008-01-16T00:00:00.000Z",
        "dateUpdated": "2024-08-07T16:18:20.564Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2007-6683 (GCVE-0-2007-6683)

    Vulnerability from nvd – Published: 2008-01-17 00:00 – Updated: 2024-08-07 16:18
    VLAI
    Summary
    The browser plugin in VideoLAN VLC 0.8.6d allows remote attackers to overwrite arbitrary files via (1) the :demuxdump-file option in a filename in a playlist, or (2) a EXTVLCOPT statement in an MP3 file, possibly an argument injection vulnerability.
    Severity
    No CVSS data available.
    CWE
    • n/a
    Assigner
    References
    URL Tags
    http://www.securityfocus.com/bid/28712 vdb-entryx_refsource_BID
    http://secunia.com/advisories/29284 third-party-advisoryx_refsource_SECUNIA
    http://osvdb.org/42205 vdb-entryx_refsource_OSVDB
    http://www.debian.org/security/2008/dsa-1543 vendor-advisoryx_refsource_DEBIAN
    http://osvdb.org/42206 vdb-entryx_refsource_OSVDB
    http://mailman.videolan.org/pipermail/vlc-devel/2… mailing-listx_refsource_MLIST
    https://oval.cisecurity.org/repository/search/def… vdb-entrysignaturex_refsource_OVAL
    http://secunia.com/advisories/29766 third-party-advisoryx_refsource_SECUNIA
    https://trac.videolan.org/vlc/ticket/1371 x_refsource_CONFIRM
    https://trac.videolan.org/vlc/changeset/23197 x_refsource_CONFIRM
    http://www.gentoo.org/security/en/glsa/glsa-20080… vendor-advisoryx_refsource_GENTOO
    Date Public
    2007-12-26 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-07T16:18:20.281Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "name": "28712",
                "tags": [
                  "vdb-entry",
                  "x_refsource_BID",
                  "x_transferred"
                ],
                "url": "http://www.securityfocus.com/bid/28712"
              },
              {
                "name": "29284",
                "tags": [
                  "third-party-advisory",
                  "x_refsource_SECUNIA",
                  "x_transferred"
                ],
                "url": "http://secunia.com/advisories/29284"
              },
              {
                "name": "42205",
                "tags": [
                  "vdb-entry",
                  "x_refsource_OSVDB",
                  "x_transferred"
                ],
                "url": "http://osvdb.org/42205"
              },
              {
                "name": "DSA-1543",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_DEBIAN",
                  "x_transferred"
                ],
                "url": "http://www.debian.org/security/2008/dsa-1543"
              },
              {
                "name": "42206",
                "tags": [
                  "vdb-entry",
                  "x_refsource_OSVDB",
                  "x_transferred"
                ],
                "url": "http://osvdb.org/42206"
              },
              {
                "name": "[vlc-devel] 20071226 Regarding \"obscure\" security problem",
                "tags": [
                  "mailing-list",
                  "x_refsource_MLIST",
                  "x_transferred"
                ],
                "url": "http://mailman.videolan.org/pipermail/vlc-devel/2007-December/037726.html"
              },
              {
                "name": "oval:org.mitre.oval:def:14619",
                "tags": [
                  "vdb-entry",
                  "signature",
                  "x_refsource_OVAL",
                  "x_transferred"
                ],
                "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A14619"
              },
              {
                "name": "29766",
                "tags": [
                  "third-party-advisory",
                  "x_refsource_SECUNIA",
                  "x_transferred"
                ],
                "url": "http://secunia.com/advisories/29766"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "https://trac.videolan.org/vlc/ticket/1371"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "https://trac.videolan.org/vlc/changeset/23197"
              },
              {
                "name": "GLSA-200803-13",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_GENTOO",
                  "x_transferred"
                ],
                "url": "http://www.gentoo.org/security/en/glsa/glsa-200803-13.xml"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "n/a",
              "vendor": "n/a",
              "versions": [
                {
                  "status": "affected",
                  "version": "n/a"
                }
              ]
            }
          ],
          "datePublic": "2007-12-26T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "The browser plugin in VideoLAN VLC 0.8.6d allows remote attackers to overwrite arbitrary files via (1) the :demuxdump-file option in a filename in a playlist, or (2) a EXTVLCOPT statement in an MP3 file, possibly an argument injection vulnerability."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "n/a",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2017-09-28T12:57:01.000Z",
            "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
            "shortName": "mitre"
          },
          "references": [
            {
              "name": "28712",
              "tags": [
                "vdb-entry",
                "x_refsource_BID"
              ],
              "url": "http://www.securityfocus.com/bid/28712"
            },
            {
              "name": "29284",
              "tags": [
                "third-party-advisory",
                "x_refsource_SECUNIA"
              ],
              "url": "http://secunia.com/advisories/29284"
            },
            {
              "name": "42205",
              "tags": [
                "vdb-entry",
                "x_refsource_OSVDB"
              ],
              "url": "http://osvdb.org/42205"
            },
            {
              "name": "DSA-1543",
              "tags": [
                "vendor-advisory",
                "x_refsource_DEBIAN"
              ],
              "url": "http://www.debian.org/security/2008/dsa-1543"
            },
            {
              "name": "42206",
              "tags": [
                "vdb-entry",
                "x_refsource_OSVDB"
              ],
              "url": "http://osvdb.org/42206"
            },
            {
              "name": "[vlc-devel] 20071226 Regarding \"obscure\" security problem",
              "tags": [
                "mailing-list",
                "x_refsource_MLIST"
              ],
              "url": "http://mailman.videolan.org/pipermail/vlc-devel/2007-December/037726.html"
            },
            {
              "name": "oval:org.mitre.oval:def:14619",
              "tags": [
                "vdb-entry",
                "signature",
                "x_refsource_OVAL"
              ],
              "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A14619"
            },
            {
              "name": "29766",
              "tags": [
                "third-party-advisory",
                "x_refsource_SECUNIA"
              ],
              "url": "http://secunia.com/advisories/29766"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://trac.videolan.org/vlc/ticket/1371"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://trac.videolan.org/vlc/changeset/23197"
            },
            {
              "name": "GLSA-200803-13",
              "tags": [
                "vendor-advisory",
                "x_refsource_GENTOO"
              ],
              "url": "http://www.gentoo.org/security/en/glsa/glsa-200803-13.xml"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "cve@mitre.org",
              "ID": "CVE-2007-6683",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "n/a",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "n/a"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "n/a"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "The browser plugin in VideoLAN VLC 0.8.6d allows remote attackers to overwrite arbitrary files via (1) the :demuxdump-file option in a filename in a playlist, or (2) a EXTVLCOPT statement in an MP3 file, possibly an argument injection vulnerability."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "n/a"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "28712",
                  "refsource": "BID",
                  "url": "http://www.securityfocus.com/bid/28712"
                },
                {
                  "name": "29284",
                  "refsource": "SECUNIA",
                  "url": "http://secunia.com/advisories/29284"
                },
                {
                  "name": "42205",
                  "refsource": "OSVDB",
                  "url": "http://osvdb.org/42205"
                },
                {
                  "name": "DSA-1543",
                  "refsource": "DEBIAN",
                  "url": "http://www.debian.org/security/2008/dsa-1543"
                },
                {
                  "name": "42206",
                  "refsource": "OSVDB",
                  "url": "http://osvdb.org/42206"
                },
                {
                  "name": "[vlc-devel] 20071226 Regarding \"obscure\" security problem",
                  "refsource": "MLIST",
                  "url": "http://mailman.videolan.org/pipermail/vlc-devel/2007-December/037726.html"
                },
                {
                  "name": "oval:org.mitre.oval:def:14619",
                  "refsource": "OVAL",
                  "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A14619"
                },
                {
                  "name": "29766",
                  "refsource": "SECUNIA",
                  "url": "http://secunia.com/advisories/29766"
                },
                {
                  "name": "https://trac.videolan.org/vlc/ticket/1371",
                  "refsource": "CONFIRM",
                  "url": "https://trac.videolan.org/vlc/ticket/1371"
                },
                {
                  "name": "https://trac.videolan.org/vlc/changeset/23197",
                  "refsource": "CONFIRM",
                  "url": "https://trac.videolan.org/vlc/changeset/23197"
                },
                {
                  "name": "GLSA-200803-13",
                  "refsource": "GENTOO",
                  "url": "http://www.gentoo.org/security/en/glsa/glsa-200803-13.xml"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "assignerShortName": "mitre",
        "cveId": "CVE-2007-6683",
        "datePublished": "2008-01-17T00:00:00.000Z",
        "dateReserved": "2008-01-16T00:00:00.000Z",
        "dateUpdated": "2024-08-07T16:18:20.281Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2007-6684 (GCVE-0-2007-6684)

    Vulnerability from nvd – Published: 2008-01-17 00:00 – Updated: 2024-08-07 16:18
    VLAI
    Summary
    The RTSP module in VideoLAN VLC 0.8.6d allows remote attackers to cause a denial of service (crash) via a request without a Transport parameter, which triggers a NULL pointer dereference.
    Severity
    No CVSS data available.
    CWE
    • n/a
    Assigner
    References
    URL Tags
    http://secunia.com/advisories/29284 third-party-advisoryx_refsource_SECUNIA
    https://oval.cisecurity.org/repository/search/def… vdb-entrysignaturex_refsource_OVAL
    http://mailman.videolan.org/pipermail/vlc-devel/2… mailing-listx_refsource_MLIST
    http://trac.videolan.org/vlc/changeset/22023 x_refsource_CONFIRM
    http://www.gentoo.org/security/en/glsa/glsa-20080… vendor-advisoryx_refsource_GENTOO
    Date Public
    2007-09-15 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-07T16:18:20.238Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "name": "29284",
                "tags": [
                  "third-party-advisory",
                  "x_refsource_SECUNIA",
                  "x_transferred"
                ],
                "url": "http://secunia.com/advisories/29284"
              },
              {
                "name": "oval:org.mitre.oval:def:14876",
                "tags": [
                  "vdb-entry",
                  "signature",
                  "x_refsource_OVAL",
                  "x_transferred"
                ],
                "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A14876"
              },
              {
                "name": "[vlc-devel] 20070915 vlc: svn commit r22023 (courmisch)",
                "tags": [
                  "mailing-list",
                  "x_refsource_MLIST",
                  "x_transferred"
                ],
                "url": "http://mailman.videolan.org/pipermail/vlc-devel/2007-September/034722.html"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "http://trac.videolan.org/vlc/changeset/22023"
              },
              {
                "name": "GLSA-200803-13",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_GENTOO",
                  "x_transferred"
                ],
                "url": "http://www.gentoo.org/security/en/glsa/glsa-200803-13.xml"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "n/a",
              "vendor": "n/a",
              "versions": [
                {
                  "status": "affected",
                  "version": "n/a"
                }
              ]
            }
          ],
          "datePublic": "2007-09-15T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "The RTSP module in VideoLAN VLC 0.8.6d allows remote attackers to cause a denial of service (crash) via a request without a Transport parameter, which triggers a NULL pointer dereference."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "n/a",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2017-09-28T12:57:01.000Z",
            "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
            "shortName": "mitre"
          },
          "references": [
            {
              "name": "29284",
              "tags": [
                "third-party-advisory",
                "x_refsource_SECUNIA"
              ],
              "url": "http://secunia.com/advisories/29284"
            },
            {
              "name": "oval:org.mitre.oval:def:14876",
              "tags": [
                "vdb-entry",
                "signature",
                "x_refsource_OVAL"
              ],
              "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A14876"
            },
            {
              "name": "[vlc-devel] 20070915 vlc: svn commit r22023 (courmisch)",
              "tags": [
                "mailing-list",
                "x_refsource_MLIST"
              ],
              "url": "http://mailman.videolan.org/pipermail/vlc-devel/2007-September/034722.html"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "http://trac.videolan.org/vlc/changeset/22023"
            },
            {
              "name": "GLSA-200803-13",
              "tags": [
                "vendor-advisory",
                "x_refsource_GENTOO"
              ],
              "url": "http://www.gentoo.org/security/en/glsa/glsa-200803-13.xml"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "cve@mitre.org",
              "ID": "CVE-2007-6684",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "n/a",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "n/a"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "n/a"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "The RTSP module in VideoLAN VLC 0.8.6d allows remote attackers to cause a denial of service (crash) via a request without a Transport parameter, which triggers a NULL pointer dereference."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "n/a"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "29284",
                  "refsource": "SECUNIA",
                  "url": "http://secunia.com/advisories/29284"
                },
                {
                  "name": "oval:org.mitre.oval:def:14876",
                  "refsource": "OVAL",
                  "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A14876"
                },
                {
                  "name": "[vlc-devel] 20070915 vlc: svn commit r22023 (courmisch)",
                  "refsource": "MLIST",
                  "url": "http://mailman.videolan.org/pipermail/vlc-devel/2007-September/034722.html"
                },
                {
                  "name": "http://trac.videolan.org/vlc/changeset/22023",
                  "refsource": "CONFIRM",
                  "url": "http://trac.videolan.org/vlc/changeset/22023"
                },
                {
                  "name": "GLSA-200803-13",
                  "refsource": "GENTOO",
                  "url": "http://www.gentoo.org/security/en/glsa/glsa-200803-13.xml"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "assignerShortName": "mitre",
        "cveId": "CVE-2007-6684",
        "datePublished": "2008-01-17T00:00:00.000Z",
        "dateReserved": "2008-01-16T00:00:00.000Z",
        "dateUpdated": "2024-08-07T16:18:20.238Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2017-8311 (GCVE-0-2017-8311)

    Vulnerability from cvelistv5 – Published: 2017-05-23 21:00 – Updated: 2024-08-05 16:34
    VLAI
    Summary
    Potential heap based buffer overflow in ParseJSS in VideoLAN VLC before 2.2.5 due to skipping NULL terminator in an input string allows attackers to execute arbitrary code via a crafted subtitles file.
    Severity
    No CVSS data available.
    CWE
    • Allows attacker to execute arbitrary code.
    Assigner
    References
    URL Tags
    https://security.gentoo.org/glsa/201707-10 vendor-advisoryx_refsource_GENTOO
    https://www.exploit-db.com/exploits/44514/ exploitx_refsource_EXPLOIT-DB
    http://www.securityfocus.com/bid/98634 vdb-entryx_refsource_BID
    http://git.videolan.org/?p=vlc.git%3Ba=commitdiff… x_refsource_CONFIRM
    http://www.debian.org/security/2017/dsa-3899 vendor-advisoryx_refsource_DEBIAN
    Impacted products
    Vendor Product Version
    VideoLAN VLC Affected: <2.2.5
    Create a notification for this product.
    Date Public
    2017-04-06 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-05T16:34:22.584Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "name": "GLSA-201707-10",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_GENTOO",
                  "x_transferred"
                ],
                "url": "https://security.gentoo.org/glsa/201707-10"
              },
              {
                "name": "44514",
                "tags": [
                  "exploit",
                  "x_refsource_EXPLOIT-DB",
                  "x_transferred"
                ],
                "url": "https://www.exploit-db.com/exploits/44514/"
              },
              {
                "name": "98634",
                "tags": [
                  "vdb-entry",
                  "x_refsource_BID",
                  "x_transferred"
                ],
                "url": "http://www.securityfocus.com/bid/98634"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "http://git.videolan.org/?p=vlc.git%3Ba=commitdiff%3Bh=775de716add17322f24b476439f903a829446eb6"
              },
              {
                "name": "DSA-3899",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_DEBIAN",
                  "x_transferred"
                ],
                "url": "http://www.debian.org/security/2017/dsa-3899"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "VLC",
              "vendor": "VideoLAN",
              "versions": [
                {
                  "status": "affected",
                  "version": "\u003c2.2.5"
                }
              ]
            }
          ],
          "datePublic": "2017-04-06T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "Potential heap based buffer overflow in ParseJSS in VideoLAN VLC before 2.2.5 due to skipping NULL terminator in an input string allows attackers to execute arbitrary code via a crafted subtitles file."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "Allows attacker to execute arbitrary code.",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2018-04-26T09:57:01.000Z",
            "orgId": "897c38be-0345-43cd-b6cf-fe179e0c4f45",
            "shortName": "checkpoint"
          },
          "references": [
            {
              "name": "GLSA-201707-10",
              "tags": [
                "vendor-advisory",
                "x_refsource_GENTOO"
              ],
              "url": "https://security.gentoo.org/glsa/201707-10"
            },
            {
              "name": "44514",
              "tags": [
                "exploit",
                "x_refsource_EXPLOIT-DB"
              ],
              "url": "https://www.exploit-db.com/exploits/44514/"
            },
            {
              "name": "98634",
              "tags": [
                "vdb-entry",
                "x_refsource_BID"
              ],
              "url": "http://www.securityfocus.com/bid/98634"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "http://git.videolan.org/?p=vlc.git%3Ba=commitdiff%3Bh=775de716add17322f24b476439f903a829446eb6"
            },
            {
              "name": "DSA-3899",
              "tags": [
                "vendor-advisory",
                "x_refsource_DEBIAN"
              ],
              "url": "http://www.debian.org/security/2017/dsa-3899"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "cve@checkpoint.com",
              "ID": "CVE-2017-8311",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "VLC",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "\u003c2.2.5"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "VideoLAN"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "Potential heap based buffer overflow in ParseJSS in VideoLAN VLC before 2.2.5 due to skipping NULL terminator in an input string allows attackers to execute arbitrary code via a crafted subtitles file."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "Allows attacker to execute arbitrary code."
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "GLSA-201707-10",
                  "refsource": "GENTOO",
                  "url": "https://security.gentoo.org/glsa/201707-10"
                },
                {
                  "name": "44514",
                  "refsource": "EXPLOIT-DB",
                  "url": "https://www.exploit-db.com/exploits/44514/"
                },
                {
                  "name": "98634",
                  "refsource": "BID",
                  "url": "http://www.securityfocus.com/bid/98634"
                },
                {
                  "name": "http://git.videolan.org/?p=vlc.git;a=commitdiff;h=775de716add17322f24b476439f903a829446eb6",
                  "refsource": "CONFIRM",
                  "url": "http://git.videolan.org/?p=vlc.git;a=commitdiff;h=775de716add17322f24b476439f903a829446eb6"
                },
                {
                  "name": "DSA-3899",
                  "refsource": "DEBIAN",
                  "url": "http://www.debian.org/security/2017/dsa-3899"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "897c38be-0345-43cd-b6cf-fe179e0c4f45",
        "assignerShortName": "checkpoint",
        "cveId": "CVE-2017-8311",
        "datePublished": "2017-05-23T21:00:00.000Z",
        "dateReserved": "2017-04-28T00:00:00.000Z",
        "dateUpdated": "2024-08-05T16:34:22.584Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2017-8313 (GCVE-0-2017-8313)

    Vulnerability from cvelistv5 – Published: 2017-05-23 21:00 – Updated: 2024-08-05 16:34
    VLAI
    Summary
    Heap out-of-bound read in ParseJSS in VideoLAN VLC before 2.2.5 due to missing check of string termination allows attackers to read data beyond allocated memory and potentially crash the process via a crafted subtitles file.
    Severity
    No CVSS data available.
    CWE
    • Allows attacker to read data beyond allocated memory and potentially crash the process (causing a denial of service).
    Assigner
    References
    URL Tags
    https://security.gentoo.org/glsa/201707-10 vendor-advisoryx_refsource_GENTOO
    http://www.securityfocus.com/bid/98633 vdb-entryx_refsource_BID
    http://www.debian.org/security/2017/dsa-3899 vendor-advisoryx_refsource_DEBIAN
    http://git.videolan.org/?p=vlc/vlc-2.2.git%3Ba=co… x_refsource_CONFIRM
    Impacted products
    Vendor Product Version
    VideoLAN VLC Affected: < 2.2.5
    Create a notification for this product.
    Date Public
    2017-04-06 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-05T16:34:22.885Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "name": "GLSA-201707-10",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_GENTOO",
                  "x_transferred"
                ],
                "url": "https://security.gentoo.org/glsa/201707-10"
              },
              {
                "name": "98633",
                "tags": [
                  "vdb-entry",
                  "x_refsource_BID",
                  "x_transferred"
                ],
                "url": "http://www.securityfocus.com/bid/98633"
              },
              {
                "name": "DSA-3899",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_DEBIAN",
                  "x_transferred"
                ],
                "url": "http://www.debian.org/security/2017/dsa-3899"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "http://git.videolan.org/?p=vlc/vlc-2.2.git%3Ba=commitdiff%3Bh=05b653355ce303ada3b5e0e645ae717fea39186c"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "VLC",
              "vendor": "VideoLAN",
              "versions": [
                {
                  "status": "affected",
                  "version": "\u003c 2.2.5"
                }
              ]
            }
          ],
          "datePublic": "2017-04-06T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "Heap out-of-bound read in ParseJSS in VideoLAN VLC before 2.2.5 due to missing check of string termination allows attackers to read data beyond allocated memory and potentially crash the process via a crafted subtitles file."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "Allows attacker to read data beyond allocated memory and potentially crash the process (causing a denial of service).",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2017-11-03T18:57:01.000Z",
            "orgId": "897c38be-0345-43cd-b6cf-fe179e0c4f45",
            "shortName": "checkpoint"
          },
          "references": [
            {
              "name": "GLSA-201707-10",
              "tags": [
                "vendor-advisory",
                "x_refsource_GENTOO"
              ],
              "url": "https://security.gentoo.org/glsa/201707-10"
            },
            {
              "name": "98633",
              "tags": [
                "vdb-entry",
                "x_refsource_BID"
              ],
              "url": "http://www.securityfocus.com/bid/98633"
            },
            {
              "name": "DSA-3899",
              "tags": [
                "vendor-advisory",
                "x_refsource_DEBIAN"
              ],
              "url": "http://www.debian.org/security/2017/dsa-3899"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "http://git.videolan.org/?p=vlc/vlc-2.2.git%3Ba=commitdiff%3Bh=05b653355ce303ada3b5e0e645ae717fea39186c"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "cve@checkpoint.com",
              "ID": "CVE-2017-8313",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "VLC",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "\u003c 2.2.5"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "VideoLAN"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "Heap out-of-bound read in ParseJSS in VideoLAN VLC before 2.2.5 due to missing check of string termination allows attackers to read data beyond allocated memory and potentially crash the process via a crafted subtitles file."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "Allows attacker to read data beyond allocated memory and potentially crash the process (causing a denial of service)."
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "GLSA-201707-10",
                  "refsource": "GENTOO",
                  "url": "https://security.gentoo.org/glsa/201707-10"
                },
                {
                  "name": "98633",
                  "refsource": "BID",
                  "url": "http://www.securityfocus.com/bid/98633"
                },
                {
                  "name": "DSA-3899",
                  "refsource": "DEBIAN",
                  "url": "http://www.debian.org/security/2017/dsa-3899"
                },
                {
                  "name": "http://git.videolan.org/?p=vlc/vlc-2.2.git;a=commitdiff;h=05b653355ce303ada3b5e0e645ae717fea39186c",
                  "refsource": "CONFIRM",
                  "url": "http://git.videolan.org/?p=vlc/vlc-2.2.git;a=commitdiff;h=05b653355ce303ada3b5e0e645ae717fea39186c"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "897c38be-0345-43cd-b6cf-fe179e0c4f45",
        "assignerShortName": "checkpoint",
        "cveId": "CVE-2017-8313",
        "datePublished": "2017-05-23T21:00:00.000Z",
        "dateReserved": "2017-04-28T00:00:00.000Z",
        "dateUpdated": "2024-08-05T16:34:22.885Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2017-8312 (GCVE-0-2017-8312)

    Vulnerability from cvelistv5 – Published: 2017-05-23 21:00 – Updated: 2024-08-05 16:34
    VLAI
    Summary
    Heap out-of-bound read in ParseJSS in VideoLAN VLC due to missing check of string length allows attackers to read heap uninitialized data via a crafted subtitles file.
    Severity
    No CVSS data available.
    CWE
    • Allows attacker to read heap uninitialized data (potentially beyond allocated data - depends on heap implementation).
    Assigner
    References
    URL Tags
    https://security.gentoo.org/glsa/201707-10 vendor-advisoryx_refsource_GENTOO
    http://www.securityfocus.com/bid/98631 vdb-entryx_refsource_BID
    http://www.debian.org/security/2017/dsa-3899 vendor-advisoryx_refsource_DEBIAN
    http://git.videolan.org/?p=vlc.git%3Ba=blobdiff%3… x_refsource_CONFIRM
    Impacted products
    Vendor Product Version
    VideoLAN VLC Affected: All
    Create a notification for this product.
    Date Public
    2017-04-28 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-05T16:34:22.183Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "name": "GLSA-201707-10",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_GENTOO",
                  "x_transferred"
                ],
                "url": "https://security.gentoo.org/glsa/201707-10"
              },
              {
                "name": "98631",
                "tags": [
                  "vdb-entry",
                  "x_refsource_BID",
                  "x_transferred"
                ],
                "url": "http://www.securityfocus.com/bid/98631"
              },
              {
                "name": "DSA-3899",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_DEBIAN",
                  "x_transferred"
                ],
                "url": "http://www.debian.org/security/2017/dsa-3899"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "http://git.videolan.org/?p=vlc.git%3Ba=blobdiff%3Bf=modules/demux/subtitle.c%3Bh=5e4fcdb7f25b2819f5441156c7c0ea2a7d112ca3%3Bhp=2a75fbfb7c3f56b24b2e4498bbb8fe0aa2575974%3Bhb=611398fc8d32f3fe4331f60b220c52ba3557beaa%3Bhpb=075bc7169b05b004fa0250e4a4ce5516b05487a9"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "VLC",
              "vendor": "VideoLAN",
              "versions": [
                {
                  "status": "affected",
                  "version": "All"
                }
              ]
            }
          ],
          "datePublic": "2017-04-28T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "Heap out-of-bound read in ParseJSS in VideoLAN VLC due to missing check of string length allows attackers to read heap uninitialized data via a crafted subtitles file."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "Allows attacker to read heap uninitialized data (potentially beyond allocated data - depends on heap implementation).",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2017-11-03T18:57:01.000Z",
            "orgId": "897c38be-0345-43cd-b6cf-fe179e0c4f45",
            "shortName": "checkpoint"
          },
          "references": [
            {
              "name": "GLSA-201707-10",
              "tags": [
                "vendor-advisory",
                "x_refsource_GENTOO"
              ],
              "url": "https://security.gentoo.org/glsa/201707-10"
            },
            {
              "name": "98631",
              "tags": [
                "vdb-entry",
                "x_refsource_BID"
              ],
              "url": "http://www.securityfocus.com/bid/98631"
            },
            {
              "name": "DSA-3899",
              "tags": [
                "vendor-advisory",
                "x_refsource_DEBIAN"
              ],
              "url": "http://www.debian.org/security/2017/dsa-3899"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "http://git.videolan.org/?p=vlc.git%3Ba=blobdiff%3Bf=modules/demux/subtitle.c%3Bh=5e4fcdb7f25b2819f5441156c7c0ea2a7d112ca3%3Bhp=2a75fbfb7c3f56b24b2e4498bbb8fe0aa2575974%3Bhb=611398fc8d32f3fe4331f60b220c52ba3557beaa%3Bhpb=075bc7169b05b004fa0250e4a4ce5516b05487a9"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "cve@checkpoint.com",
              "ID": "CVE-2017-8312",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "VLC",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "All"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "VideoLAN"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "Heap out-of-bound read in ParseJSS in VideoLAN VLC due to missing check of string length allows attackers to read heap uninitialized data via a crafted subtitles file."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "Allows attacker to read heap uninitialized data (potentially beyond allocated data - depends on heap implementation)."
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "GLSA-201707-10",
                  "refsource": "GENTOO",
                  "url": "https://security.gentoo.org/glsa/201707-10"
                },
                {
                  "name": "98631",
                  "refsource": "BID",
                  "url": "http://www.securityfocus.com/bid/98631"
                },
                {
                  "name": "DSA-3899",
                  "refsource": "DEBIAN",
                  "url": "http://www.debian.org/security/2017/dsa-3899"
                },
                {
                  "name": "http://git.videolan.org/?p=vlc.git;a=blobdiff;f=modules/demux/subtitle.c;h=5e4fcdb7f25b2819f5441156c7c0ea2a7d112ca3;hp=2a75fbfb7c3f56b24b2e4498bbb8fe0aa2575974;hb=611398fc8d32f3fe4331f60b220c52ba3557beaa;hpb=075bc7169b05b004fa0250e4a4ce5516b05487a9",
                  "refsource": "CONFIRM",
                  "url": "http://git.videolan.org/?p=vlc.git;a=blobdiff;f=modules/demux/subtitle.c;h=5e4fcdb7f25b2819f5441156c7c0ea2a7d112ca3;hp=2a75fbfb7c3f56b24b2e4498bbb8fe0aa2575974;hb=611398fc8d32f3fe4331f60b220c52ba3557beaa;hpb=075bc7169b05b004fa0250e4a4ce5516b05487a9"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "897c38be-0345-43cd-b6cf-fe179e0c4f45",
        "assignerShortName": "checkpoint",
        "cveId": "CVE-2017-8312",
        "datePublished": "2017-05-23T21:00:00.000Z",
        "dateReserved": "2017-04-28T00:00:00.000Z",
        "dateUpdated": "2024-08-05T16:34:22.183Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2017-8310 (GCVE-0-2017-8310)

    Vulnerability from cvelistv5 – Published: 2017-05-23 21:00 – Updated: 2024-08-05 16:34
    VLAI
    Summary
    Heap out-of-bound read in CreateHtmlSubtitle in VideoLAN VLC 2.2.x due to missing check of string termination allows attackers to read data beyond allocated memory and potentially crash the process (causing a denial of service) via a crafted subtitles file.
    Severity
    No CVSS data available.
    CWE
    • Allows attacker to read data beyond allocated memory and potentially crash the process (causing a denial of service)
    Assigner
    References
    URL Tags
    https://security.gentoo.org/glsa/201707-10 vendor-advisoryx_refsource_GENTOO
    http://www.securityfocus.com/bid/98638 vdb-entryx_refsource_BID
    http://git.videolan.org/?p=vlc/vlc-2.2.git%3Ba=bl… x_refsource_CONFIRM
    http://www.debian.org/security/2017/dsa-3899 vendor-advisoryx_refsource_DEBIAN
    Impacted products
    Vendor Product Version
    VideoLAN VLC Affected: 2.2.*
    Create a notification for this product.
    Date Public
    2017-04-06 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-05T16:34:21.655Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "name": "GLSA-201707-10",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_GENTOO",
                  "x_transferred"
                ],
                "url": "https://security.gentoo.org/glsa/201707-10"
              },
              {
                "name": "98638",
                "tags": [
                  "vdb-entry",
                  "x_refsource_BID",
                  "x_transferred"
                ],
                "url": "http://www.securityfocus.com/bid/98638"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "http://git.videolan.org/?p=vlc/vlc-2.2.git%3Ba=blobdiff%3Bf=modules/codec/subsdec.c%3Bh=addd8c71f30d53558fffd19059b374be45cf0f8e%3Bhp=1b4276e299a2a6668047231d29ac705ae93076ba%3Bhb=7cac839692ab79dbfe5e4ebd4c4e37d9a8b1b328%3Bhpb=3477dba3d506de8d95bccef2c6b67861188f6c29"
              },
              {
                "name": "DSA-3899",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_DEBIAN",
                  "x_transferred"
                ],
                "url": "http://www.debian.org/security/2017/dsa-3899"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "VLC",
              "vendor": "VideoLAN",
              "versions": [
                {
                  "status": "affected",
                  "version": "2.2.*"
                }
              ]
            }
          ],
          "datePublic": "2017-04-06T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "Heap out-of-bound read in CreateHtmlSubtitle in VideoLAN VLC 2.2.x due to missing check of string termination allows attackers to read data beyond allocated memory and potentially crash the process (causing a denial of service) via a crafted subtitles file."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "Allows attacker to read data beyond allocated memory and potentially crash the process (causing a denial of service)",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2017-11-03T18:57:01.000Z",
            "orgId": "897c38be-0345-43cd-b6cf-fe179e0c4f45",
            "shortName": "checkpoint"
          },
          "references": [
            {
              "name": "GLSA-201707-10",
              "tags": [
                "vendor-advisory",
                "x_refsource_GENTOO"
              ],
              "url": "https://security.gentoo.org/glsa/201707-10"
            },
            {
              "name": "98638",
              "tags": [
                "vdb-entry",
                "x_refsource_BID"
              ],
              "url": "http://www.securityfocus.com/bid/98638"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "http://git.videolan.org/?p=vlc/vlc-2.2.git%3Ba=blobdiff%3Bf=modules/codec/subsdec.c%3Bh=addd8c71f30d53558fffd19059b374be45cf0f8e%3Bhp=1b4276e299a2a6668047231d29ac705ae93076ba%3Bhb=7cac839692ab79dbfe5e4ebd4c4e37d9a8b1b328%3Bhpb=3477dba3d506de8d95bccef2c6b67861188f6c29"
            },
            {
              "name": "DSA-3899",
              "tags": [
                "vendor-advisory",
                "x_refsource_DEBIAN"
              ],
              "url": "http://www.debian.org/security/2017/dsa-3899"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "cve@checkpoint.com",
              "ID": "CVE-2017-8310",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "VLC",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "2.2.*"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "VideoLAN"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "Heap out-of-bound read in CreateHtmlSubtitle in VideoLAN VLC 2.2.x due to missing check of string termination allows attackers to read data beyond allocated memory and potentially crash the process (causing a denial of service) via a crafted subtitles file."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "Allows attacker to read data beyond allocated memory and potentially crash the process (causing a denial of service)"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "GLSA-201707-10",
                  "refsource": "GENTOO",
                  "url": "https://security.gentoo.org/glsa/201707-10"
                },
                {
                  "name": "98638",
                  "refsource": "BID",
                  "url": "http://www.securityfocus.com/bid/98638"
                },
                {
                  "name": "http://git.videolan.org/?p=vlc/vlc-2.2.git;a=blobdiff;f=modules/codec/subsdec.c;h=addd8c71f30d53558fffd19059b374be45cf0f8e;hp=1b4276e299a2a6668047231d29ac705ae93076ba;hb=7cac839692ab79dbfe5e4ebd4c4e37d9a8b1b328;hpb=3477dba3d506de8d95bccef2c6b67861188f6c29",
                  "refsource": "CONFIRM",
                  "url": "http://git.videolan.org/?p=vlc/vlc-2.2.git;a=blobdiff;f=modules/codec/subsdec.c;h=addd8c71f30d53558fffd19059b374be45cf0f8e;hp=1b4276e299a2a6668047231d29ac705ae93076ba;hb=7cac839692ab79dbfe5e4ebd4c4e37d9a8b1b328;hpb=3477dba3d506de8d95bccef2c6b67861188f6c29"
                },
                {
                  "name": "DSA-3899",
                  "refsource": "DEBIAN",
                  "url": "http://www.debian.org/security/2017/dsa-3899"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "897c38be-0345-43cd-b6cf-fe179e0c4f45",
        "assignerShortName": "checkpoint",
        "cveId": "CVE-2017-8310",
        "datePublished": "2017-05-23T21:00:00.000Z",
        "dateReserved": "2017-04-28T00:00:00.000Z",
        "dateUpdated": "2024-08-05T16:34:21.655Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2014-6440 (GCVE-0-2014-6440)

    Vulnerability from cvelistv5 – Published: 2017-03-28 15:00 – Updated: 2024-08-06 12:17
    VLAI
    Summary
    VideoLAN VLC media player before 2.1.5 allows remote attackers to execute arbitrary code or cause a denial of service.
    Severity
    No CVSS data available.
    CWE
    • n/a
    Assigner
    References
    Date Public
    2016-03-04 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-06T12:17:23.884Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "http://www.videolan.org/developers/vlc-branch/NEWS"
              },
              {
                "name": "72950",
                "tags": [
                  "vdb-entry",
                  "x_refsource_BID",
                  "x_transferred"
                ],
                "url": "http://www.securityfocus.com/bid/72950"
              },
              {
                "name": "GLSA-201603-08",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_GENTOO",
                  "x_transferred"
                ],
                "url": "https://security.gentoo.org/glsa/201603-08"
              },
              {
                "name": "[oss-security] 20150304 CVE-2014-6440: Heap Overflow in VLC Transcode Module",
                "tags": [
                  "mailing-list",
                  "x_refsource_MLIST",
                  "x_transferred"
                ],
                "url": "http://seclists.org/oss-sec/2015/q1/751"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "http://billblough.net/blog/2015/03/04/cve-2014-6440-heap-overflow-in-vlc-transcode-module/"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "n/a",
              "vendor": "n/a",
              "versions": [
                {
                  "status": "affected",
                  "version": "n/a"
                }
              ]
            }
          ],
          "datePublic": "2016-03-04T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "VideoLAN VLC media player before 2.1.5 allows remote attackers to execute arbitrary code or cause a denial of service."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "n/a",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2017-03-28T14:57:01.000Z",
            "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
            "shortName": "mitre"
          },
          "references": [
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "http://www.videolan.org/developers/vlc-branch/NEWS"
            },
            {
              "name": "72950",
              "tags": [
                "vdb-entry",
                "x_refsource_BID"
              ],
              "url": "http://www.securityfocus.com/bid/72950"
            },
            {
              "name": "GLSA-201603-08",
              "tags": [
                "vendor-advisory",
                "x_refsource_GENTOO"
              ],
              "url": "https://security.gentoo.org/glsa/201603-08"
            },
            {
              "name": "[oss-security] 20150304 CVE-2014-6440: Heap Overflow in VLC Transcode Module",
              "tags": [
                "mailing-list",
                "x_refsource_MLIST"
              ],
              "url": "http://seclists.org/oss-sec/2015/q1/751"
            },
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "http://billblough.net/blog/2015/03/04/cve-2014-6440-heap-overflow-in-vlc-transcode-module/"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "cve@mitre.org",
              "ID": "CVE-2014-6440",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "n/a",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "n/a"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "n/a"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "VideoLAN VLC media player before 2.1.5 allows remote attackers to execute arbitrary code or cause a denial of service."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "n/a"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "http://www.videolan.org/developers/vlc-branch/NEWS",
                  "refsource": "MISC",
                  "url": "http://www.videolan.org/developers/vlc-branch/NEWS"
                },
                {
                  "name": "72950",
                  "refsource": "BID",
                  "url": "http://www.securityfocus.com/bid/72950"
                },
                {
                  "name": "GLSA-201603-08",
                  "refsource": "GENTOO",
                  "url": "https://security.gentoo.org/glsa/201603-08"
                },
                {
                  "name": "[oss-security] 20150304 CVE-2014-6440: Heap Overflow in VLC Transcode Module",
                  "refsource": "MLIST",
                  "url": "http://seclists.org/oss-sec/2015/q1/751"
                },
                {
                  "name": "http://billblough.net/blog/2015/03/04/cve-2014-6440-heap-overflow-in-vlc-transcode-module/",
                  "refsource": "MISC",
                  "url": "http://billblough.net/blog/2015/03/04/cve-2014-6440-heap-overflow-in-vlc-transcode-module/"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "assignerShortName": "mitre",
        "cveId": "CVE-2014-6440",
        "datePublished": "2017-03-28T15:00:00.000Z",
        "dateReserved": "2014-09-16T00:00:00.000Z",
        "dateUpdated": "2024-08-06T12:17:23.884Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2008-2147 (GCVE-0-2008-2147)

    Vulnerability from cvelistv5 – Published: 2008-05-12 20:00 – Updated: 2024-08-07 08:49
    VLAI
    Summary
    Untrusted search path vulnerability in VideoLAN VLC before 0.9.0 allows local users to execute arbitrary code via a malicious library under the modules/ or plugins/ subdirectories of the current working directory.
    Severity
    No CVSS data available.
    CWE
    • n/a
    Assigner
    References
    URL Tags
    http://secunia.com/advisories/31317 third-party-advisoryx_refsource_SECUNIA
    https://exchange.xforce.ibmcloud.com/vulnerabilit… vdb-entryx_refsource_XF
    http://git.videolan.org/?p=vlc.git%3Ba=commit%3Bh… x_refsource_CONFIRM
    http://trac.videolan.org/vlc/ticket/1578 x_refsource_CONFIRM
    http://security.gentoo.org/glsa/glsa-200807-13.xml vendor-advisoryx_refsource_GENTOO
    Date Public
    2008-05-10 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-07T08:49:58.575Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "name": "31317",
                "tags": [
                  "third-party-advisory",
                  "x_refsource_SECUNIA",
                  "x_transferred"
                ],
                "url": "http://secunia.com/advisories/31317"
              },
              {
                "name": "vlc-searchpath-code-execution(42377)",
                "tags": [
                  "vdb-entry",
                  "x_refsource_XF",
                  "x_transferred"
                ],
                "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/42377"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "http://git.videolan.org/?p=vlc.git%3Ba=commit%3Bh=c7cef4fdd8dd72ce0a45be3cda8ba98df5e83181"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "http://trac.videolan.org/vlc/ticket/1578"
              },
              {
                "name": "GLSA-200807-13",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_GENTOO",
                  "x_transferred"
                ],
                "url": "http://security.gentoo.org/glsa/glsa-200807-13.xml"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "n/a",
              "vendor": "n/a",
              "versions": [
                {
                  "status": "affected",
                  "version": "n/a"
                }
              ]
            }
          ],
          "datePublic": "2008-05-10T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "Untrusted search path vulnerability in VideoLAN VLC before 0.9.0 allows local users to execute arbitrary code via a malicious library under the modules/ or plugins/ subdirectories of the current working directory."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "n/a",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2017-08-07T12:57:01.000Z",
            "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
            "shortName": "mitre"
          },
          "references": [
            {
              "name": "31317",
              "tags": [
                "third-party-advisory",
                "x_refsource_SECUNIA"
              ],
              "url": "http://secunia.com/advisories/31317"
            },
            {
              "name": "vlc-searchpath-code-execution(42377)",
              "tags": [
                "vdb-entry",
                "x_refsource_XF"
              ],
              "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/42377"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "http://git.videolan.org/?p=vlc.git%3Ba=commit%3Bh=c7cef4fdd8dd72ce0a45be3cda8ba98df5e83181"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "http://trac.videolan.org/vlc/ticket/1578"
            },
            {
              "name": "GLSA-200807-13",
              "tags": [
                "vendor-advisory",
                "x_refsource_GENTOO"
              ],
              "url": "http://security.gentoo.org/glsa/glsa-200807-13.xml"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "cve@mitre.org",
              "ID": "CVE-2008-2147",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "n/a",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "n/a"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "n/a"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "Untrusted search path vulnerability in VideoLAN VLC before 0.9.0 allows local users to execute arbitrary code via a malicious library under the modules/ or plugins/ subdirectories of the current working directory."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "n/a"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "31317",
                  "refsource": "SECUNIA",
                  "url": "http://secunia.com/advisories/31317"
                },
                {
                  "name": "vlc-searchpath-code-execution(42377)",
                  "refsource": "XF",
                  "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/42377"
                },
                {
                  "name": "http://git.videolan.org/?p=vlc.git;a=commit;h=c7cef4fdd8dd72ce0a45be3cda8ba98df5e83181",
                  "refsource": "CONFIRM",
                  "url": "http://git.videolan.org/?p=vlc.git;a=commit;h=c7cef4fdd8dd72ce0a45be3cda8ba98df5e83181"
                },
                {
                  "name": "http://trac.videolan.org/vlc/ticket/1578",
                  "refsource": "CONFIRM",
                  "url": "http://trac.videolan.org/vlc/ticket/1578"
                },
                {
                  "name": "GLSA-200807-13",
                  "refsource": "GENTOO",
                  "url": "http://security.gentoo.org/glsa/glsa-200807-13.xml"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "assignerShortName": "mitre",
        "cveId": "CVE-2008-2147",
        "datePublished": "2008-05-12T20:00:00.000Z",
        "dateReserved": "2008-05-12T00:00:00.000Z",
        "dateUpdated": "2024-08-07T08:49:58.575Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2008-1768 (GCVE-0-2008-1768)

    Vulnerability from cvelistv5 – Published: 2008-04-24 18:00 – Updated: 2024-08-07 08:32
    VLAI
    Summary
    Multiple integer overflows in VLC before 0.8.6f allow remote attackers to cause a denial of service (crash) via the (1) MP4 demuxer, (2) Real demuxer, and (3) Cinepak codec, which triggers a buffer overflow.
    Severity
    No CVSS data available.
    CWE
    • n/a
    Assigner
    References
    URL Tags
    http://www.videolan.org/security/sa0803.php x_refsource_CONFIRM
    http://www.securityfocus.com/bid/28903 vdb-entryx_refsource_BID
    http://www.videolan.org/developers/vlc/NEWS x_refsource_CONFIRM
    http://security.gentoo.org/glsa/glsa-200804-25.xml vendor-advisoryx_refsource_GENTOO
    http://wiki.videolan.org/Changelog/0.8.6f x_refsource_CONFIRM
    https://oval.cisecurity.org/repository/search/def… vdb-entrysignaturex_refsource_OVAL
    http://secunia.com/advisories/29800 third-party-advisoryx_refsource_SECUNIA
    http://secunia.com/advisories/29503 third-party-advisoryx_refsource_SECUNIA
    http://www.vupen.com/english/advisories/2008/0985 vdb-entryx_refsource_VUPEN
    Date Public
    2008-04-23 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-07T08:32:01.266Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "http://www.videolan.org/security/sa0803.php"
              },
              {
                "name": "28903",
                "tags": [
                  "vdb-entry",
                  "x_refsource_BID",
                  "x_transferred"
                ],
                "url": "http://www.securityfocus.com/bid/28903"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "http://www.videolan.org/developers/vlc/NEWS"
              },
              {
                "name": "GLSA-200804-25",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_GENTOO",
                  "x_transferred"
                ],
                "url": "http://security.gentoo.org/glsa/glsa-200804-25.xml"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "http://wiki.videolan.org/Changelog/0.8.6f"
              },
              {
                "name": "oval:org.mitre.oval:def:14412",
                "tags": [
                  "vdb-entry",
                  "signature",
                  "x_refsource_OVAL",
                  "x_transferred"
                ],
                "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A14412"
              },
              {
                "name": "29800",
                "tags": [
                  "third-party-advisory",
                  "x_refsource_SECUNIA",
                  "x_transferred"
                ],
                "url": "http://secunia.com/advisories/29800"
              },
              {
                "name": "29503",
                "tags": [
                  "third-party-advisory",
                  "x_refsource_SECUNIA",
                  "x_transferred"
                ],
                "url": "http://secunia.com/advisories/29503"
              },
              {
                "name": "ADV-2008-0985",
                "tags": [
                  "vdb-entry",
                  "x_refsource_VUPEN",
                  "x_transferred"
                ],
                "url": "http://www.vupen.com/english/advisories/2008/0985"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "n/a",
              "vendor": "n/a",
              "versions": [
                {
                  "status": "affected",
                  "version": "n/a"
                }
              ]
            }
          ],
          "datePublic": "2008-04-23T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "Multiple integer overflows in VLC before 0.8.6f allow remote attackers to cause a denial of service (crash) via the (1) MP4 demuxer, (2) Real demuxer, and (3) Cinepak codec, which triggers a buffer overflow."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "n/a",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2017-09-28T12:57:01.000Z",
            "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
            "shortName": "mitre"
          },
          "references": [
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "http://www.videolan.org/security/sa0803.php"
            },
            {
              "name": "28903",
              "tags": [
                "vdb-entry",
                "x_refsource_BID"
              ],
              "url": "http://www.securityfocus.com/bid/28903"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "http://www.videolan.org/developers/vlc/NEWS"
            },
            {
              "name": "GLSA-200804-25",
              "tags": [
                "vendor-advisory",
                "x_refsource_GENTOO"
              ],
              "url": "http://security.gentoo.org/glsa/glsa-200804-25.xml"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "http://wiki.videolan.org/Changelog/0.8.6f"
            },
            {
              "name": "oval:org.mitre.oval:def:14412",
              "tags": [
                "vdb-entry",
                "signature",
                "x_refsource_OVAL"
              ],
              "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A14412"
            },
            {
              "name": "29800",
              "tags": [
                "third-party-advisory",
                "x_refsource_SECUNIA"
              ],
              "url": "http://secunia.com/advisories/29800"
            },
            {
              "name": "29503",
              "tags": [
                "third-party-advisory",
                "x_refsource_SECUNIA"
              ],
              "url": "http://secunia.com/advisories/29503"
            },
            {
              "name": "ADV-2008-0985",
              "tags": [
                "vdb-entry",
                "x_refsource_VUPEN"
              ],
              "url": "http://www.vupen.com/english/advisories/2008/0985"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "cve@mitre.org",
              "ID": "CVE-2008-1768",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "n/a",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "n/a"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "n/a"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "Multiple integer overflows in VLC before 0.8.6f allow remote attackers to cause a denial of service (crash) via the (1) MP4 demuxer, (2) Real demuxer, and (3) Cinepak codec, which triggers a buffer overflow."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "n/a"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "http://www.videolan.org/security/sa0803.php",
                  "refsource": "CONFIRM",
                  "url": "http://www.videolan.org/security/sa0803.php"
                },
                {
                  "name": "28903",
                  "refsource": "BID",
                  "url": "http://www.securityfocus.com/bid/28903"
                },
                {
                  "name": "http://www.videolan.org/developers/vlc/NEWS",
                  "refsource": "CONFIRM",
                  "url": "http://www.videolan.org/developers/vlc/NEWS"
                },
                {
                  "name": "GLSA-200804-25",
                  "refsource": "GENTOO",
                  "url": "http://security.gentoo.org/glsa/glsa-200804-25.xml"
                },
                {
                  "name": "http://wiki.videolan.org/Changelog/0.8.6f",
                  "refsource": "CONFIRM",
                  "url": "http://wiki.videolan.org/Changelog/0.8.6f"
                },
                {
                  "name": "oval:org.mitre.oval:def:14412",
                  "refsource": "OVAL",
                  "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A14412"
                },
                {
                  "name": "29800",
                  "refsource": "SECUNIA",
                  "url": "http://secunia.com/advisories/29800"
                },
                {
                  "name": "29503",
                  "refsource": "SECUNIA",
                  "url": "http://secunia.com/advisories/29503"
                },
                {
                  "name": "ADV-2008-0985",
                  "refsource": "VUPEN",
                  "url": "http://www.vupen.com/english/advisories/2008/0985"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "assignerShortName": "mitre",
        "cveId": "CVE-2008-1768",
        "datePublished": "2008-04-24T18:00:00.000Z",
        "dateReserved": "2008-04-12T00:00:00.000Z",
        "dateUpdated": "2024-08-07T08:32:01.266Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2008-1769 (GCVE-0-2008-1769)

    Vulnerability from cvelistv5 – Published: 2008-04-24 18:00 – Updated: 2024-08-07 08:32
    VLAI
    Summary
    VLC before 0.8.6f allow remote attackers to cause a denial of service (crash) via a crafted Cinepak file that triggers an out-of-bounds array access and memory corruption.
    Severity
    No CVSS data available.
    CWE
    • n/a
    Assigner
    References
    Date Public
    2008-04-23 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-07T08:32:01.282Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "http://www.videolan.org/security/sa0803.php"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "http://git.videolan.org/gitweb.cgi/vlc.git/?a=commit%3Bh=cf489d7bff3c1b36b2d5501ecf21129c78104d98"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "http://www.videolan.org/developers/vlc/NEWS"
              },
              {
                "name": "GLSA-200804-25",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_GENTOO",
                  "x_transferred"
                ],
                "url": "http://security.gentoo.org/glsa/glsa-200804-25.xml"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "http://wiki.videolan.org/Changelog/0.8.6f"
              },
              {
                "name": "28904",
                "tags": [
                  "vdb-entry",
                  "x_refsource_BID",
                  "x_transferred"
                ],
                "url": "http://www.securityfocus.com/bid/28904"
              },
              {
                "name": "29800",
                "tags": [
                  "third-party-advisory",
                  "x_refsource_SECUNIA",
                  "x_transferred"
                ],
                "url": "http://secunia.com/advisories/29800"
              },
              {
                "name": "oval:org.mitre.oval:def:14445",
                "tags": [
                  "vdb-entry",
                  "signature",
                  "x_refsource_OVAL",
                  "x_transferred"
                ],
                "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A14445"
              },
              {
                "name": "29503",
                "tags": [
                  "third-party-advisory",
                  "x_refsource_SECUNIA",
                  "x_transferred"
                ],
                "url": "http://secunia.com/advisories/29503"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "http://bugs.gentoo.org/show_bug.cgi?id=214627#c3"
              },
              {
                "name": "ADV-2008-0985",
                "tags": [
                  "vdb-entry",
                  "x_refsource_VUPEN",
                  "x_transferred"
                ],
                "url": "http://www.vupen.com/english/advisories/2008/0985"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "n/a",
              "vendor": "n/a",
              "versions": [
                {
                  "status": "affected",
                  "version": "n/a"
                }
              ]
            }
          ],
          "datePublic": "2008-04-23T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "VLC before 0.8.6f allow remote attackers to cause a denial of service (crash) via a crafted Cinepak file that triggers an out-of-bounds array access and memory corruption."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "n/a",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2017-09-28T12:57:01.000Z",
            "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
            "shortName": "mitre"
          },
          "references": [
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "http://www.videolan.org/security/sa0803.php"
            },
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "http://git.videolan.org/gitweb.cgi/vlc.git/?a=commit%3Bh=cf489d7bff3c1b36b2d5501ecf21129c78104d98"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "http://www.videolan.org/developers/vlc/NEWS"
            },
            {
              "name": "GLSA-200804-25",
              "tags": [
                "vendor-advisory",
                "x_refsource_GENTOO"
              ],
              "url": "http://security.gentoo.org/glsa/glsa-200804-25.xml"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "http://wiki.videolan.org/Changelog/0.8.6f"
            },
            {
              "name": "28904",
              "tags": [
                "vdb-entry",
                "x_refsource_BID"
              ],
              "url": "http://www.securityfocus.com/bid/28904"
            },
            {
              "name": "29800",
              "tags": [
                "third-party-advisory",
                "x_refsource_SECUNIA"
              ],
              "url": "http://secunia.com/advisories/29800"
            },
            {
              "name": "oval:org.mitre.oval:def:14445",
              "tags": [
                "vdb-entry",
                "signature",
                "x_refsource_OVAL"
              ],
              "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A14445"
            },
            {
              "name": "29503",
              "tags": [
                "third-party-advisory",
                "x_refsource_SECUNIA"
              ],
              "url": "http://secunia.com/advisories/29503"
            },
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "http://bugs.gentoo.org/show_bug.cgi?id=214627#c3"
            },
            {
              "name": "ADV-2008-0985",
              "tags": [
                "vdb-entry",
                "x_refsource_VUPEN"
              ],
              "url": "http://www.vupen.com/english/advisories/2008/0985"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "cve@mitre.org",
              "ID": "CVE-2008-1769",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "n/a",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "n/a"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "n/a"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "VLC before 0.8.6f allow remote attackers to cause a denial of service (crash) via a crafted Cinepak file that triggers an out-of-bounds array access and memory corruption."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "n/a"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "http://www.videolan.org/security/sa0803.php",
                  "refsource": "CONFIRM",
                  "url": "http://www.videolan.org/security/sa0803.php"
                },
                {
                  "name": "http://git.videolan.org/gitweb.cgi/vlc.git/?a=commit;h=cf489d7bff3c1b36b2d5501ecf21129c78104d98",
                  "refsource": "MISC",
                  "url": "http://git.videolan.org/gitweb.cgi/vlc.git/?a=commit;h=cf489d7bff3c1b36b2d5501ecf21129c78104d98"
                },
                {
                  "name": "http://www.videolan.org/developers/vlc/NEWS",
                  "refsource": "CONFIRM",
                  "url": "http://www.videolan.org/developers/vlc/NEWS"
                },
                {
                  "name": "GLSA-200804-25",
                  "refsource": "GENTOO",
                  "url": "http://security.gentoo.org/glsa/glsa-200804-25.xml"
                },
                {
                  "name": "http://wiki.videolan.org/Changelog/0.8.6f",
                  "refsource": "CONFIRM",
                  "url": "http://wiki.videolan.org/Changelog/0.8.6f"
                },
                {
                  "name": "28904",
                  "refsource": "BID",
                  "url": "http://www.securityfocus.com/bid/28904"
                },
                {
                  "name": "29800",
                  "refsource": "SECUNIA",
                  "url": "http://secunia.com/advisories/29800"
                },
                {
                  "name": "oval:org.mitre.oval:def:14445",
                  "refsource": "OVAL",
                  "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A14445"
                },
                {
                  "name": "29503",
                  "refsource": "SECUNIA",
                  "url": "http://secunia.com/advisories/29503"
                },
                {
                  "name": "http://bugs.gentoo.org/show_bug.cgi?id=214627#c3",
                  "refsource": "MISC",
                  "url": "http://bugs.gentoo.org/show_bug.cgi?id=214627#c3"
                },
                {
                  "name": "ADV-2008-0985",
                  "refsource": "VUPEN",
                  "url": "http://www.vupen.com/english/advisories/2008/0985"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "assignerShortName": "mitre",
        "cveId": "CVE-2008-1769",
        "datePublished": "2008-04-24T18:00:00.000Z",
        "dateReserved": "2008-04-12T00:00:00.000Z",
        "dateUpdated": "2024-08-07T08:32:01.282Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2008-1881 (GCVE-0-2008-1881)

    Vulnerability from cvelistv5 – Published: 2008-04-17 23:00 – Updated: 2024-08-07 08:40
    VLAI
    Summary
    Stack-based buffer overflow in the ParseSSA function (modules/demux/subtitle.c) in VLC 0.8.6e allows remote attackers to execute arbitrary code via a long subtitle in an SSA file. NOTE: this issue is due to an incomplete fix for CVE-2007-6681.
    Severity
    No CVSS data available.
    CWE
    • n/a
    Assigner
    References
    URL Tags
    https://exchange.xforce.ibmcloud.com/vulnerabilit… vdb-entryx_refsource_XF
    http://aluigi.org/adv/vlcboffs-adv.txt x_refsource_MISC
    http://www.securityfocus.com/archive/1/489698 mailing-listx_refsource_BUGTRAQ
    http://secunia.com/advisories/28233 third-party-advisoryx_refsource_SECUNIA
    http://security.gentoo.org/glsa/glsa-200804-25.xml vendor-advisoryx_refsource_GENTOO
    http://wiki.videolan.org/Changelog/0.8.6f x_refsource_CONFIRM
    http://www.securityfocus.com/bid/28274 vdb-entryx_refsource_BID
    http://secunia.com/advisories/29800 third-party-advisoryx_refsource_SECUNIA
    https://oval.cisecurity.org/repository/search/def… vdb-entrysignaturex_refsource_OVAL
    https://www.exploit-db.com/exploits/5250 exploitx_refsource_EXPLOIT-DB
    https://exchange.xforce.ibmcloud.com/vulnerabilit… vdb-entryx_refsource_XF
    http://aluigi.altervista.org/adv/vlcboffs-adv.txt x_refsource_MISC
    http://www.securityfocus.com/bid/28251 vdb-entryx_refsource_BID
    Date Public
    2008-03-17 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-07T08:40:59.548Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "name": "vlc-parsessa-bo(41936)",
                "tags": [
                  "vdb-entry",
                  "x_refsource_XF",
                  "x_transferred"
                ],
                "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/41936"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "http://aluigi.org/adv/vlcboffs-adv.txt"
              },
              {
                "name": "20080317 VLC highlander bug",
                "tags": [
                  "mailing-list",
                  "x_refsource_BUGTRAQ",
                  "x_transferred"
                ],
                "url": "http://www.securityfocus.com/archive/1/489698"
              },
              {
                "name": "28233",
                "tags": [
                  "third-party-advisory",
                  "x_refsource_SECUNIA",
                  "x_transferred"
                ],
                "url": "http://secunia.com/advisories/28233"
              },
              {
                "name": "GLSA-200804-25",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_GENTOO",
                  "x_transferred"
                ],
                "url": "http://security.gentoo.org/glsa/glsa-200804-25.xml"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "http://wiki.videolan.org/Changelog/0.8.6f"
              },
              {
                "name": "28274",
                "tags": [
                  "vdb-entry",
                  "x_refsource_BID",
                  "x_transferred"
                ],
                "url": "http://www.securityfocus.com/bid/28274"
              },
              {
                "name": "29800",
                "tags": [
                  "third-party-advisory",
                  "x_refsource_SECUNIA",
                  "x_transferred"
                ],
                "url": "http://secunia.com/advisories/29800"
              },
              {
                "name": "oval:org.mitre.oval:def:14872",
                "tags": [
                  "vdb-entry",
                  "signature",
                  "x_refsource_OVAL",
                  "x_transferred"
                ],
                "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A14872"
              },
              {
                "name": "5250",
                "tags": [
                  "exploit",
                  "x_refsource_EXPLOIT-DB",
                  "x_transferred"
                ],
                "url": "https://www.exploit-db.com/exploits/5250"
              },
              {
                "name": "vlcmediaplayer-subtitle-bo(41237)",
                "tags": [
                  "vdb-entry",
                  "x_refsource_XF",
                  "x_transferred"
                ],
                "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/41237"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "http://aluigi.altervista.org/adv/vlcboffs-adv.txt"
              },
              {
                "name": "28251",
                "tags": [
                  "vdb-entry",
                  "x_refsource_BID",
                  "x_transferred"
                ],
                "url": "http://www.securityfocus.com/bid/28251"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "n/a",
              "vendor": "n/a",
              "versions": [
                {
                  "status": "affected",
                  "version": "n/a"
                }
              ]
            }
          ],
          "datePublic": "2008-03-17T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "Stack-based buffer overflow in the ParseSSA function (modules/demux/subtitle.c) in VLC 0.8.6e allows remote attackers to execute arbitrary code via a long subtitle in an SSA file.  NOTE: this issue is due to an incomplete fix for CVE-2007-6681."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "n/a",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2017-09-28T12:57:01.000Z",
            "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
            "shortName": "mitre"
          },
          "references": [
            {
              "name": "vlc-parsessa-bo(41936)",
              "tags": [
                "vdb-entry",
                "x_refsource_XF"
              ],
              "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/41936"
            },
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "http://aluigi.org/adv/vlcboffs-adv.txt"
            },
            {
              "name": "20080317 VLC highlander bug",
              "tags": [
                "mailing-list",
                "x_refsource_BUGTRAQ"
              ],
              "url": "http://www.securityfocus.com/archive/1/489698"
            },
            {
              "name": "28233",
              "tags": [
                "third-party-advisory",
                "x_refsource_SECUNIA"
              ],
              "url": "http://secunia.com/advisories/28233"
            },
            {
              "name": "GLSA-200804-25",
              "tags": [
                "vendor-advisory",
                "x_refsource_GENTOO"
              ],
              "url": "http://security.gentoo.org/glsa/glsa-200804-25.xml"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "http://wiki.videolan.org/Changelog/0.8.6f"
            },
            {
              "name": "28274",
              "tags": [
                "vdb-entry",
                "x_refsource_BID"
              ],
              "url": "http://www.securityfocus.com/bid/28274"
            },
            {
              "name": "29800",
              "tags": [
                "third-party-advisory",
                "x_refsource_SECUNIA"
              ],
              "url": "http://secunia.com/advisories/29800"
            },
            {
              "name": "oval:org.mitre.oval:def:14872",
              "tags": [
                "vdb-entry",
                "signature",
                "x_refsource_OVAL"
              ],
              "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A14872"
            },
            {
              "name": "5250",
              "tags": [
                "exploit",
                "x_refsource_EXPLOIT-DB"
              ],
              "url": "https://www.exploit-db.com/exploits/5250"
            },
            {
              "name": "vlcmediaplayer-subtitle-bo(41237)",
              "tags": [
                "vdb-entry",
                "x_refsource_XF"
              ],
              "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/41237"
            },
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "http://aluigi.altervista.org/adv/vlcboffs-adv.txt"
            },
            {
              "name": "28251",
              "tags": [
                "vdb-entry",
                "x_refsource_BID"
              ],
              "url": "http://www.securityfocus.com/bid/28251"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "cve@mitre.org",
              "ID": "CVE-2008-1881",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "n/a",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "n/a"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "n/a"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "Stack-based buffer overflow in the ParseSSA function (modules/demux/subtitle.c) in VLC 0.8.6e allows remote attackers to execute arbitrary code via a long subtitle in an SSA file.  NOTE: this issue is due to an incomplete fix for CVE-2007-6681."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "n/a"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "vlc-parsessa-bo(41936)",
                  "refsource": "XF",
                  "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/41936"
                },
                {
                  "name": "http://aluigi.org/adv/vlcboffs-adv.txt",
                  "refsource": "MISC",
                  "url": "http://aluigi.org/adv/vlcboffs-adv.txt"
                },
                {
                  "name": "20080317 VLC highlander bug",
                  "refsource": "BUGTRAQ",
                  "url": "http://www.securityfocus.com/archive/1/489698"
                },
                {
                  "name": "28233",
                  "refsource": "SECUNIA",
                  "url": "http://secunia.com/advisories/28233"
                },
                {
                  "name": "GLSA-200804-25",
                  "refsource": "GENTOO",
                  "url": "http://security.gentoo.org/glsa/glsa-200804-25.xml"
                },
                {
                  "name": "http://wiki.videolan.org/Changelog/0.8.6f",
                  "refsource": "CONFIRM",
                  "url": "http://wiki.videolan.org/Changelog/0.8.6f"
                },
                {
                  "name": "28274",
                  "refsource": "BID",
                  "url": "http://www.securityfocus.com/bid/28274"
                },
                {
                  "name": "29800",
                  "refsource": "SECUNIA",
                  "url": "http://secunia.com/advisories/29800"
                },
                {
                  "name": "oval:org.mitre.oval:def:14872",
                  "refsource": "OVAL",
                  "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A14872"
                },
                {
                  "name": "5250",
                  "refsource": "EXPLOIT-DB",
                  "url": "https://www.exploit-db.com/exploits/5250"
                },
                {
                  "name": "vlcmediaplayer-subtitle-bo(41237)",
                  "refsource": "XF",
                  "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/41237"
                },
                {
                  "name": "http://aluigi.altervista.org/adv/vlcboffs-adv.txt",
                  "refsource": "MISC",
                  "url": "http://aluigi.altervista.org/adv/vlcboffs-adv.txt"
                },
                {
                  "name": "28251",
                  "refsource": "BID",
                  "url": "http://www.securityfocus.com/bid/28251"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "assignerShortName": "mitre",
        "cveId": "CVE-2008-1881",
        "datePublished": "2008-04-17T23:00:00.000Z",
        "dateReserved": "2008-04-17T00:00:00.000Z",
        "dateUpdated": "2024-08-07T08:40:59.548Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2008-1489 (GCVE-0-2008-1489)

    Vulnerability from cvelistv5 – Published: 2008-03-25 00:00 – Updated: 2024-08-07 08:24
    VLAI
    Summary
    Integer overflow in the MP4_ReadBox_rdrf function in libmp4.c for VLC 0.8.6e allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a crafted MP4 RDRF box that triggers a heap-based buffer overflow, a different vulnerability than CVE-2008-0984.
    Severity
    No CVSS data available.
    CWE
    • n/a
    Assigner
    References
    URL Tags
    http://www.debian.org/security/2008/dsa-1543 vendor-advisoryx_refsource_DEBIAN
    http://www.securityfocus.com/bid/28433 vdb-entryx_refsource_BID
    http://trac.videolan.org/vlc/changeset/09572892df… x_refsource_CONFIRM
    http://www.videolan.org/security/sa0803.php x_refsource_CONFIRM
    http://security.gentoo.org/glsa/glsa-200804-25.xml vendor-advisoryx_refsource_GENTOO
    http://wiki.videolan.org/Changelog/0.8.6f x_refsource_CONFIRM
    http://secunia.com/advisories/29800 third-party-advisoryx_refsource_SECUNIA
    https://oval.cisecurity.org/repository/search/def… vdb-entrysignaturex_refsource_OVAL
    http://secunia.com/advisories/29766 third-party-advisoryx_refsource_SECUNIA
    http://secunia.com/advisories/29503 third-party-advisoryx_refsource_SECUNIA
    http://www.vupen.com/english/advisories/2008/0985 vdb-entryx_refsource_VUPEN
    https://exchange.xforce.ibmcloud.com/vulnerabilit… vdb-entryx_refsource_XF
    Date Public
    2008-03-24 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-07T08:24:42.183Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "name": "DSA-1543",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_DEBIAN",
                  "x_transferred"
                ],
                "url": "http://www.debian.org/security/2008/dsa-1543"
              },
              {
                "name": "28433",
                "tags": [
                  "vdb-entry",
                  "x_refsource_BID",
                  "x_transferred"
                ],
                "url": "http://www.securityfocus.com/bid/28433"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "http://trac.videolan.org/vlc/changeset/09572892df7e72c0d4e598c0b5e076cf330d8b0a"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "http://www.videolan.org/security/sa0803.php"
              },
              {
                "name": "GLSA-200804-25",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_GENTOO",
                  "x_transferred"
                ],
                "url": "http://security.gentoo.org/glsa/glsa-200804-25.xml"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "http://wiki.videolan.org/Changelog/0.8.6f"
              },
              {
                "name": "29800",
                "tags": [
                  "third-party-advisory",
                  "x_refsource_SECUNIA",
                  "x_transferred"
                ],
                "url": "http://secunia.com/advisories/29800"
              },
              {
                "name": "oval:org.mitre.oval:def:14841",
                "tags": [
                  "vdb-entry",
                  "signature",
                  "x_refsource_OVAL",
                  "x_transferred"
                ],
                "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A14841"
              },
              {
                "name": "29766",
                "tags": [
                  "third-party-advisory",
                  "x_refsource_SECUNIA",
                  "x_transferred"
                ],
                "url": "http://secunia.com/advisories/29766"
              },
              {
                "name": "29503",
                "tags": [
                  "third-party-advisory",
                  "x_refsource_SECUNIA",
                  "x_transferred"
                ],
                "url": "http://secunia.com/advisories/29503"
              },
              {
                "name": "ADV-2008-0985",
                "tags": [
                  "vdb-entry",
                  "x_refsource_VUPEN",
                  "x_transferred"
                ],
                "url": "http://www.vupen.com/english/advisories/2008/0985"
              },
              {
                "name": "vlcmediaplayer-mp4readbox-rdrf-bo(41412)",
                "tags": [
                  "vdb-entry",
                  "x_refsource_XF",
                  "x_transferred"
                ],
                "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/41412"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "n/a",
              "vendor": "n/a",
              "versions": [
                {
                  "status": "affected",
                  "version": "n/a"
                }
              ]
            }
          ],
          "datePublic": "2008-03-24T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "Integer overflow in the MP4_ReadBox_rdrf function in libmp4.c for VLC 0.8.6e allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a crafted MP4 RDRF box that triggers a heap-based buffer overflow, a different vulnerability than CVE-2008-0984."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "n/a",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2017-09-28T12:57:01.000Z",
            "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
            "shortName": "mitre"
          },
          "references": [
            {
              "name": "DSA-1543",
              "tags": [
                "vendor-advisory",
                "x_refsource_DEBIAN"
              ],
              "url": "http://www.debian.org/security/2008/dsa-1543"
            },
            {
              "name": "28433",
              "tags": [
                "vdb-entry",
                "x_refsource_BID"
              ],
              "url": "http://www.securityfocus.com/bid/28433"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "http://trac.videolan.org/vlc/changeset/09572892df7e72c0d4e598c0b5e076cf330d8b0a"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "http://www.videolan.org/security/sa0803.php"
            },
            {
              "name": "GLSA-200804-25",
              "tags": [
                "vendor-advisory",
                "x_refsource_GENTOO"
              ],
              "url": "http://security.gentoo.org/glsa/glsa-200804-25.xml"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "http://wiki.videolan.org/Changelog/0.8.6f"
            },
            {
              "name": "29800",
              "tags": [
                "third-party-advisory",
                "x_refsource_SECUNIA"
              ],
              "url": "http://secunia.com/advisories/29800"
            },
            {
              "name": "oval:org.mitre.oval:def:14841",
              "tags": [
                "vdb-entry",
                "signature",
                "x_refsource_OVAL"
              ],
              "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A14841"
            },
            {
              "name": "29766",
              "tags": [
                "third-party-advisory",
                "x_refsource_SECUNIA"
              ],
              "url": "http://secunia.com/advisories/29766"
            },
            {
              "name": "29503",
              "tags": [
                "third-party-advisory",
                "x_refsource_SECUNIA"
              ],
              "url": "http://secunia.com/advisories/29503"
            },
            {
              "name": "ADV-2008-0985",
              "tags": [
                "vdb-entry",
                "x_refsource_VUPEN"
              ],
              "url": "http://www.vupen.com/english/advisories/2008/0985"
            },
            {
              "name": "vlcmediaplayer-mp4readbox-rdrf-bo(41412)",
              "tags": [
                "vdb-entry",
                "x_refsource_XF"
              ],
              "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/41412"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "cve@mitre.org",
              "ID": "CVE-2008-1489",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "n/a",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "n/a"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "n/a"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "Integer overflow in the MP4_ReadBox_rdrf function in libmp4.c for VLC 0.8.6e allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a crafted MP4 RDRF box that triggers a heap-based buffer overflow, a different vulnerability than CVE-2008-0984."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "n/a"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "DSA-1543",
                  "refsource": "DEBIAN",
                  "url": "http://www.debian.org/security/2008/dsa-1543"
                },
                {
                  "name": "28433",
                  "refsource": "BID",
                  "url": "http://www.securityfocus.com/bid/28433"
                },
                {
                  "name": "http://trac.videolan.org/vlc/changeset/09572892df7e72c0d4e598c0b5e076cf330d8b0a",
                  "refsource": "CONFIRM",
                  "url": "http://trac.videolan.org/vlc/changeset/09572892df7e72c0d4e598c0b5e076cf330d8b0a"
                },
                {
                  "name": "http://www.videolan.org/security/sa0803.php",
                  "refsource": "CONFIRM",
                  "url": "http://www.videolan.org/security/sa0803.php"
                },
                {
                  "name": "GLSA-200804-25",
                  "refsource": "GENTOO",
                  "url": "http://security.gentoo.org/glsa/glsa-200804-25.xml"
                },
                {
                  "name": "http://wiki.videolan.org/Changelog/0.8.6f",
                  "refsource": "CONFIRM",
                  "url": "http://wiki.videolan.org/Changelog/0.8.6f"
                },
                {
                  "name": "29800",
                  "refsource": "SECUNIA",
                  "url": "http://secunia.com/advisories/29800"
                },
                {
                  "name": "oval:org.mitre.oval:def:14841",
                  "refsource": "OVAL",
                  "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A14841"
                },
                {
                  "name": "29766",
                  "refsource": "SECUNIA",
                  "url": "http://secunia.com/advisories/29766"
                },
                {
                  "name": "29503",
                  "refsource": "SECUNIA",
                  "url": "http://secunia.com/advisories/29503"
                },
                {
                  "name": "ADV-2008-0985",
                  "refsource": "VUPEN",
                  "url": "http://www.vupen.com/english/advisories/2008/0985"
                },
                {
                  "name": "vlcmediaplayer-mp4readbox-rdrf-bo(41412)",
                  "refsource": "XF",
                  "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/41412"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "assignerShortName": "mitre",
        "cveId": "CVE-2008-1489",
        "datePublished": "2008-03-25T00:00:00.000Z",
        "dateReserved": "2008-03-24T00:00:00.000Z",
        "dateUpdated": "2024-08-07T08:24:42.183Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2007-6682 (GCVE-0-2007-6682)

    Vulnerability from cvelistv5 – Published: 2008-01-17 00:00 – Updated: 2024-08-07 16:18
    VLAI
    Summary
    Format string vulnerability in the httpd_FileCallBack function (network/httpd.c) in VideoLAN VLC 0.8.6d allows remote attackers to execute arbitrary code via format string specifiers in the Connection parameter.
    Severity
    No CVSS data available.
    CWE
    • n/a
    Assigner
    References
    URL Tags
    http://secunia.com/advisories/29284 third-party-advisoryx_refsource_SECUNIA
    http://www.debian.org/security/2008/dsa-1543 vendor-advisoryx_refsource_DEBIAN
    http://securityreason.com/securityalert/3550 third-party-advisoryx_refsource_SREASON
    http://secunia.com/advisories/28233 third-party-advisoryx_refsource_SECUNIA
    https://oval.cisecurity.org/repository/search/def… vdb-entrysignaturex_refsource_OVAL
    https://www.exploit-db.com/exploits/5519 exploitx_refsource_EXPLOIT-DB
    http://www.securityfocus.com/bid/27015 vdb-entryx_refsource_BID
    http://osvdb.org/42208 vdb-entryx_refsource_OSVDB
    http://trac.videolan.org/vlc/changeset/23839 x_refsource_CONFIRM
    http://www.securityfocus.com/archive/1/485488/30/… mailing-listx_refsource_BUGTRAQ
    http://secunia.com/advisories/29766 third-party-advisoryx_refsource_SECUNIA
    http://aluigi.altervista.org/adv/vlcboffs-adv.txt x_refsource_MISC
    http://www.gentoo.org/security/en/glsa/glsa-20080… vendor-advisoryx_refsource_GENTOO
    Date Public
    2007-12-24 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-07T16:18:20.612Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "name": "29284",
                "tags": [
                  "third-party-advisory",
                  "x_refsource_SECUNIA",
                  "x_transferred"
                ],
                "url": "http://secunia.com/advisories/29284"
              },
              {
                "name": "DSA-1543",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_DEBIAN",
                  "x_transferred"
                ],
                "url": "http://www.debian.org/security/2008/dsa-1543"
              },
              {
                "name": "3550",
                "tags": [
                  "third-party-advisory",
                  "x_refsource_SREASON",
                  "x_transferred"
                ],
                "url": "http://securityreason.com/securityalert/3550"
              },
              {
                "name": "28233",
                "tags": [
                  "third-party-advisory",
                  "x_refsource_SECUNIA",
                  "x_transferred"
                ],
                "url": "http://secunia.com/advisories/28233"
              },
              {
                "name": "oval:org.mitre.oval:def:14790",
                "tags": [
                  "vdb-entry",
                  "signature",
                  "x_refsource_OVAL",
                  "x_transferred"
                ],
                "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A14790"
              },
              {
                "name": "5519",
                "tags": [
                  "exploit",
                  "x_refsource_EXPLOIT-DB",
                  "x_transferred"
                ],
                "url": "https://www.exploit-db.com/exploits/5519"
              },
              {
                "name": "27015",
                "tags": [
                  "vdb-entry",
                  "x_refsource_BID",
                  "x_transferred"
                ],
                "url": "http://www.securityfocus.com/bid/27015"
              },
              {
                "name": "42208",
                "tags": [
                  "vdb-entry",
                  "x_refsource_OSVDB",
                  "x_transferred"
                ],
                "url": "http://osvdb.org/42208"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "http://trac.videolan.org/vlc/changeset/23839"
              },
              {
                "name": "20071224 Buffer-overflow and format string in VideoLAN VLC 0.8.6d",
                "tags": [
                  "mailing-list",
                  "x_refsource_BUGTRAQ",
                  "x_transferred"
                ],
                "url": "http://www.securityfocus.com/archive/1/485488/30/0/threaded"
              },
              {
                "name": "29766",
                "tags": [
                  "third-party-advisory",
                  "x_refsource_SECUNIA",
                  "x_transferred"
                ],
                "url": "http://secunia.com/advisories/29766"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "http://aluigi.altervista.org/adv/vlcboffs-adv.txt"
              },
              {
                "name": "GLSA-200803-13",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_GENTOO",
                  "x_transferred"
                ],
                "url": "http://www.gentoo.org/security/en/glsa/glsa-200803-13.xml"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "n/a",
              "vendor": "n/a",
              "versions": [
                {
                  "status": "affected",
                  "version": "n/a"
                }
              ]
            }
          ],
          "datePublic": "2007-12-24T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "Format string vulnerability in the httpd_FileCallBack function (network/httpd.c) in VideoLAN VLC 0.8.6d allows remote attackers to execute arbitrary code via format string specifiers in the Connection parameter."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "n/a",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2017-09-28T12:57:01.000Z",
            "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
            "shortName": "mitre"
          },
          "references": [
            {
              "name": "29284",
              "tags": [
                "third-party-advisory",
                "x_refsource_SECUNIA"
              ],
              "url": "http://secunia.com/advisories/29284"
            },
            {
              "name": "DSA-1543",
              "tags": [
                "vendor-advisory",
                "x_refsource_DEBIAN"
              ],
              "url": "http://www.debian.org/security/2008/dsa-1543"
            },
            {
              "name": "3550",
              "tags": [
                "third-party-advisory",
                "x_refsource_SREASON"
              ],
              "url": "http://securityreason.com/securityalert/3550"
            },
            {
              "name": "28233",
              "tags": [
                "third-party-advisory",
                "x_refsource_SECUNIA"
              ],
              "url": "http://secunia.com/advisories/28233"
            },
            {
              "name": "oval:org.mitre.oval:def:14790",
              "tags": [
                "vdb-entry",
                "signature",
                "x_refsource_OVAL"
              ],
              "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A14790"
            },
            {
              "name": "5519",
              "tags": [
                "exploit",
                "x_refsource_EXPLOIT-DB"
              ],
              "url": "https://www.exploit-db.com/exploits/5519"
            },
            {
              "name": "27015",
              "tags": [
                "vdb-entry",
                "x_refsource_BID"
              ],
              "url": "http://www.securityfocus.com/bid/27015"
            },
            {
              "name": "42208",
              "tags": [
                "vdb-entry",
                "x_refsource_OSVDB"
              ],
              "url": "http://osvdb.org/42208"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "http://trac.videolan.org/vlc/changeset/23839"
            },
            {
              "name": "20071224 Buffer-overflow and format string in VideoLAN VLC 0.8.6d",
              "tags": [
                "mailing-list",
                "x_refsource_BUGTRAQ"
              ],
              "url": "http://www.securityfocus.com/archive/1/485488/30/0/threaded"
            },
            {
              "name": "29766",
              "tags": [
                "third-party-advisory",
                "x_refsource_SECUNIA"
              ],
              "url": "http://secunia.com/advisories/29766"
            },
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "http://aluigi.altervista.org/adv/vlcboffs-adv.txt"
            },
            {
              "name": "GLSA-200803-13",
              "tags": [
                "vendor-advisory",
                "x_refsource_GENTOO"
              ],
              "url": "http://www.gentoo.org/security/en/glsa/glsa-200803-13.xml"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "cve@mitre.org",
              "ID": "CVE-2007-6682",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "n/a",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "n/a"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "n/a"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "Format string vulnerability in the httpd_FileCallBack function (network/httpd.c) in VideoLAN VLC 0.8.6d allows remote attackers to execute arbitrary code via format string specifiers in the Connection parameter."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "n/a"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "29284",
                  "refsource": "SECUNIA",
                  "url": "http://secunia.com/advisories/29284"
                },
                {
                  "name": "DSA-1543",
                  "refsource": "DEBIAN",
                  "url": "http://www.debian.org/security/2008/dsa-1543"
                },
                {
                  "name": "3550",
                  "refsource": "SREASON",
                  "url": "http://securityreason.com/securityalert/3550"
                },
                {
                  "name": "28233",
                  "refsource": "SECUNIA",
                  "url": "http://secunia.com/advisories/28233"
                },
                {
                  "name": "oval:org.mitre.oval:def:14790",
                  "refsource": "OVAL",
                  "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A14790"
                },
                {
                  "name": "5519",
                  "refsource": "EXPLOIT-DB",
                  "url": "https://www.exploit-db.com/exploits/5519"
                },
                {
                  "name": "27015",
                  "refsource": "BID",
                  "url": "http://www.securityfocus.com/bid/27015"
                },
                {
                  "name": "42208",
                  "refsource": "OSVDB",
                  "url": "http://osvdb.org/42208"
                },
                {
                  "name": "http://trac.videolan.org/vlc/changeset/23839",
                  "refsource": "CONFIRM",
                  "url": "http://trac.videolan.org/vlc/changeset/23839"
                },
                {
                  "name": "20071224 Buffer-overflow and format string in VideoLAN VLC 0.8.6d",
                  "refsource": "BUGTRAQ",
                  "url": "http://www.securityfocus.com/archive/1/485488/30/0/threaded"
                },
                {
                  "name": "29766",
                  "refsource": "SECUNIA",
                  "url": "http://secunia.com/advisories/29766"
                },
                {
                  "name": "http://aluigi.altervista.org/adv/vlcboffs-adv.txt",
                  "refsource": "MISC",
                  "url": "http://aluigi.altervista.org/adv/vlcboffs-adv.txt"
                },
                {
                  "name": "GLSA-200803-13",
                  "refsource": "GENTOO",
                  "url": "http://www.gentoo.org/security/en/glsa/glsa-200803-13.xml"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "assignerShortName": "mitre",
        "cveId": "CVE-2007-6682",
        "datePublished": "2008-01-17T00:00:00.000Z",
        "dateReserved": "2008-01-16T00:00:00.000Z",
        "dateUpdated": "2024-08-07T16:18:20.612Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2007-6681 (GCVE-0-2007-6681)

    Vulnerability from cvelistv5 – Published: 2008-01-17 00:00 – Updated: 2024-08-07 16:18
    VLAI
    Summary
    Stack-based buffer overflow in modules/demux/subtitle.c in VideoLAN VLC 0.8.6d allows remote attackers to execute arbitrary code via a long subtitle in a (1) MicroDvd, (2) SSA, and (3) Vplayer file.
    Severity
    No CVSS data available.
    CWE
    • n/a
    Assigner
    References
    URL Tags
    http://secunia.com/advisories/29284 third-party-advisoryx_refsource_SECUNIA
    http://www.debian.org/security/2008/dsa-1543 vendor-advisoryx_refsource_DEBIAN
    http://securityreason.com/securityalert/3550 third-party-advisoryx_refsource_SREASON
    https://www.exploit-db.com/exploits/5667 exploitx_refsource_EXPLOIT-DB
    https://oval.cisecurity.org/repository/search/def… vdb-entrysignaturex_refsource_OVAL
    http://www.videolan.org/security/sa0801.php x_refsource_CONFIRM
    http://secunia.com/advisories/28233 third-party-advisoryx_refsource_SECUNIA
    http://security.gentoo.org/glsa/glsa-200804-25.xml vendor-advisoryx_refsource_GENTOO
    http://www.securityfocus.com/bid/27015 vdb-entryx_refsource_BID
    http://mailman.videolan.org/pipermail/vlc-devel/2… mailing-listx_refsource_MLIST
    http://wiki.videolan.org/Changelog/0.8.6f x_refsource_CONFIRM
    http://secunia.com/advisories/29800 third-party-advisoryx_refsource_SECUNIA
    http://mailman.videolan.org/pipermail/vlc-devel/2… mailing-listx_refsource_MLIST
    http://www.securityfocus.com/archive/1/485488/30/… mailing-listx_refsource_BUGTRAQ
    http://secunia.com/advisories/29766 third-party-advisoryx_refsource_SECUNIA
    http://osvdb.org/42207 vdb-entryx_refsource_OSVDB
    http://aluigi.altervista.org/adv/vlcboffs-adv.txt x_refsource_MISC
    http://www.gentoo.org/security/en/glsa/glsa-20080… vendor-advisoryx_refsource_GENTOO
    Date Public
    2006-06-26 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-07T16:18:20.564Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "name": "29284",
                "tags": [
                  "third-party-advisory",
                  "x_refsource_SECUNIA",
                  "x_transferred"
                ],
                "url": "http://secunia.com/advisories/29284"
              },
              {
                "name": "DSA-1543",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_DEBIAN",
                  "x_transferred"
                ],
                "url": "http://www.debian.org/security/2008/dsa-1543"
              },
              {
                "name": "3550",
                "tags": [
                  "third-party-advisory",
                  "x_refsource_SREASON",
                  "x_transferred"
                ],
                "url": "http://securityreason.com/securityalert/3550"
              },
              {
                "name": "5667",
                "tags": [
                  "exploit",
                  "x_refsource_EXPLOIT-DB",
                  "x_transferred"
                ],
                "url": "https://www.exploit-db.com/exploits/5667"
              },
              {
                "name": "oval:org.mitre.oval:def:14334",
                "tags": [
                  "vdb-entry",
                  "signature",
                  "x_refsource_OVAL",
                  "x_transferred"
                ],
                "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A14334"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "http://www.videolan.org/security/sa0801.php"
              },
              {
                "name": "28233",
                "tags": [
                  "third-party-advisory",
                  "x_refsource_SECUNIA",
                  "x_transferred"
                ],
                "url": "http://secunia.com/advisories/28233"
              },
              {
                "name": "GLSA-200804-25",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_GENTOO",
                  "x_transferred"
                ],
                "url": "http://security.gentoo.org/glsa/glsa-200804-25.xml"
              },
              {
                "name": "27015",
                "tags": [
                  "vdb-entry",
                  "x_refsource_BID",
                  "x_transferred"
                ],
                "url": "http://www.securityfocus.com/bid/27015"
              },
              {
                "name": "[vlc-devel] 20070630 vlc: svn commit r20715 (fenrir)",
                "tags": [
                  "mailing-list",
                  "x_refsource_MLIST",
                  "x_transferred"
                ],
                "url": "http://mailman.videolan.org/pipermail/vlc-devel/2007-June/033394.html"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "http://wiki.videolan.org/Changelog/0.8.6f"
              },
              {
                "name": "29800",
                "tags": [
                  "third-party-advisory",
                  "x_refsource_SECUNIA",
                  "x_transferred"
                ],
                "url": "http://secunia.com/advisories/29800"
              },
              {
                "name": "[vlc-devel] 20070626 subtitle processing overflows",
                "tags": [
                  "mailing-list",
                  "x_refsource_MLIST",
                  "x_transferred"
                ],
                "url": "http://mailman.videolan.org/pipermail/vlc-devel/2007-June/032672.html"
              },
              {
                "name": "20071224 Buffer-overflow and format string in VideoLAN VLC 0.8.6d",
                "tags": [
                  "mailing-list",
                  "x_refsource_BUGTRAQ",
                  "x_transferred"
                ],
                "url": "http://www.securityfocus.com/archive/1/485488/30/0/threaded"
              },
              {
                "name": "29766",
                "tags": [
                  "third-party-advisory",
                  "x_refsource_SECUNIA",
                  "x_transferred"
                ],
                "url": "http://secunia.com/advisories/29766"
              },
              {
                "name": "42207",
                "tags": [
                  "vdb-entry",
                  "x_refsource_OSVDB",
                  "x_transferred"
                ],
                "url": "http://osvdb.org/42207"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "http://aluigi.altervista.org/adv/vlcboffs-adv.txt"
              },
              {
                "name": "GLSA-200803-13",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_GENTOO",
                  "x_transferred"
                ],
                "url": "http://www.gentoo.org/security/en/glsa/glsa-200803-13.xml"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "n/a",
              "vendor": "n/a",
              "versions": [
                {
                  "status": "affected",
                  "version": "n/a"
                }
              ]
            }
          ],
          "datePublic": "2006-06-26T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "Stack-based buffer overflow in modules/demux/subtitle.c in VideoLAN VLC 0.8.6d allows remote attackers to execute arbitrary code via a long subtitle in a (1) MicroDvd, (2) SSA, and (3) Vplayer file."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "n/a",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2017-09-28T12:57:01.000Z",
            "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
            "shortName": "mitre"
          },
          "references": [
            {
              "name": "29284",
              "tags": [
                "third-party-advisory",
                "x_refsource_SECUNIA"
              ],
              "url": "http://secunia.com/advisories/29284"
            },
            {
              "name": "DSA-1543",
              "tags": [
                "vendor-advisory",
                "x_refsource_DEBIAN"
              ],
              "url": "http://www.debian.org/security/2008/dsa-1543"
            },
            {
              "name": "3550",
              "tags": [
                "third-party-advisory",
                "x_refsource_SREASON"
              ],
              "url": "http://securityreason.com/securityalert/3550"
            },
            {
              "name": "5667",
              "tags": [
                "exploit",
                "x_refsource_EXPLOIT-DB"
              ],
              "url": "https://www.exploit-db.com/exploits/5667"
            },
            {
              "name": "oval:org.mitre.oval:def:14334",
              "tags": [
                "vdb-entry",
                "signature",
                "x_refsource_OVAL"
              ],
              "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A14334"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "http://www.videolan.org/security/sa0801.php"
            },
            {
              "name": "28233",
              "tags": [
                "third-party-advisory",
                "x_refsource_SECUNIA"
              ],
              "url": "http://secunia.com/advisories/28233"
            },
            {
              "name": "GLSA-200804-25",
              "tags": [
                "vendor-advisory",
                "x_refsource_GENTOO"
              ],
              "url": "http://security.gentoo.org/glsa/glsa-200804-25.xml"
            },
            {
              "name": "27015",
              "tags": [
                "vdb-entry",
                "x_refsource_BID"
              ],
              "url": "http://www.securityfocus.com/bid/27015"
            },
            {
              "name": "[vlc-devel] 20070630 vlc: svn commit r20715 (fenrir)",
              "tags": [
                "mailing-list",
                "x_refsource_MLIST"
              ],
              "url": "http://mailman.videolan.org/pipermail/vlc-devel/2007-June/033394.html"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "http://wiki.videolan.org/Changelog/0.8.6f"
            },
            {
              "name": "29800",
              "tags": [
                "third-party-advisory",
                "x_refsource_SECUNIA"
              ],
              "url": "http://secunia.com/advisories/29800"
            },
            {
              "name": "[vlc-devel] 20070626 subtitle processing overflows",
              "tags": [
                "mailing-list",
                "x_refsource_MLIST"
              ],
              "url": "http://mailman.videolan.org/pipermail/vlc-devel/2007-June/032672.html"
            },
            {
              "name": "20071224 Buffer-overflow and format string in VideoLAN VLC 0.8.6d",
              "tags": [
                "mailing-list",
                "x_refsource_BUGTRAQ"
              ],
              "url": "http://www.securityfocus.com/archive/1/485488/30/0/threaded"
            },
            {
              "name": "29766",
              "tags": [
                "third-party-advisory",
                "x_refsource_SECUNIA"
              ],
              "url": "http://secunia.com/advisories/29766"
            },
            {
              "name": "42207",
              "tags": [
                "vdb-entry",
                "x_refsource_OSVDB"
              ],
              "url": "http://osvdb.org/42207"
            },
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "http://aluigi.altervista.org/adv/vlcboffs-adv.txt"
            },
            {
              "name": "GLSA-200803-13",
              "tags": [
                "vendor-advisory",
                "x_refsource_GENTOO"
              ],
              "url": "http://www.gentoo.org/security/en/glsa/glsa-200803-13.xml"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "cve@mitre.org",
              "ID": "CVE-2007-6681",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "n/a",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "n/a"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "n/a"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "Stack-based buffer overflow in modules/demux/subtitle.c in VideoLAN VLC 0.8.6d allows remote attackers to execute arbitrary code via a long subtitle in a (1) MicroDvd, (2) SSA, and (3) Vplayer file."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "n/a"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "29284",
                  "refsource": "SECUNIA",
                  "url": "http://secunia.com/advisories/29284"
                },
                {
                  "name": "DSA-1543",
                  "refsource": "DEBIAN",
                  "url": "http://www.debian.org/security/2008/dsa-1543"
                },
                {
                  "name": "3550",
                  "refsource": "SREASON",
                  "url": "http://securityreason.com/securityalert/3550"
                },
                {
                  "name": "5667",
                  "refsource": "EXPLOIT-DB",
                  "url": "https://www.exploit-db.com/exploits/5667"
                },
                {
                  "name": "oval:org.mitre.oval:def:14334",
                  "refsource": "OVAL",
                  "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A14334"
                },
                {
                  "name": "http://www.videolan.org/security/sa0801.php",
                  "refsource": "CONFIRM",
                  "url": "http://www.videolan.org/security/sa0801.php"
                },
                {
                  "name": "28233",
                  "refsource": "SECUNIA",
                  "url": "http://secunia.com/advisories/28233"
                },
                {
                  "name": "GLSA-200804-25",
                  "refsource": "GENTOO",
                  "url": "http://security.gentoo.org/glsa/glsa-200804-25.xml"
                },
                {
                  "name": "27015",
                  "refsource": "BID",
                  "url": "http://www.securityfocus.com/bid/27015"
                },
                {
                  "name": "[vlc-devel] 20070630 vlc: svn commit r20715 (fenrir)",
                  "refsource": "MLIST",
                  "url": "http://mailman.videolan.org/pipermail/vlc-devel/2007-June/033394.html"
                },
                {
                  "name": "http://wiki.videolan.org/Changelog/0.8.6f",
                  "refsource": "CONFIRM",
                  "url": "http://wiki.videolan.org/Changelog/0.8.6f"
                },
                {
                  "name": "29800",
                  "refsource": "SECUNIA",
                  "url": "http://secunia.com/advisories/29800"
                },
                {
                  "name": "[vlc-devel] 20070626 subtitle processing overflows",
                  "refsource": "MLIST",
                  "url": "http://mailman.videolan.org/pipermail/vlc-devel/2007-June/032672.html"
                },
                {
                  "name": "20071224 Buffer-overflow and format string in VideoLAN VLC 0.8.6d",
                  "refsource": "BUGTRAQ",
                  "url": "http://www.securityfocus.com/archive/1/485488/30/0/threaded"
                },
                {
                  "name": "29766",
                  "refsource": "SECUNIA",
                  "url": "http://secunia.com/advisories/29766"
                },
                {
                  "name": "42207",
                  "refsource": "OSVDB",
                  "url": "http://osvdb.org/42207"
                },
                {
                  "name": "http://aluigi.altervista.org/adv/vlcboffs-adv.txt",
                  "refsource": "MISC",
                  "url": "http://aluigi.altervista.org/adv/vlcboffs-adv.txt"
                },
                {
                  "name": "GLSA-200803-13",
                  "refsource": "GENTOO",
                  "url": "http://www.gentoo.org/security/en/glsa/glsa-200803-13.xml"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "assignerShortName": "mitre",
        "cveId": "CVE-2007-6681",
        "datePublished": "2008-01-17T00:00:00.000Z",
        "dateReserved": "2008-01-16T00:00:00.000Z",
        "dateUpdated": "2024-08-07T16:18:20.564Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2007-6683 (GCVE-0-2007-6683)

    Vulnerability from cvelistv5 – Published: 2008-01-17 00:00 – Updated: 2024-08-07 16:18
    VLAI
    Summary
    The browser plugin in VideoLAN VLC 0.8.6d allows remote attackers to overwrite arbitrary files via (1) the :demuxdump-file option in a filename in a playlist, or (2) a EXTVLCOPT statement in an MP3 file, possibly an argument injection vulnerability.
    Severity
    No CVSS data available.
    CWE
    • n/a
    Assigner
    References
    URL Tags
    http://www.securityfocus.com/bid/28712 vdb-entryx_refsource_BID
    http://secunia.com/advisories/29284 third-party-advisoryx_refsource_SECUNIA
    http://osvdb.org/42205 vdb-entryx_refsource_OSVDB
    http://www.debian.org/security/2008/dsa-1543 vendor-advisoryx_refsource_DEBIAN
    http://osvdb.org/42206 vdb-entryx_refsource_OSVDB
    http://mailman.videolan.org/pipermail/vlc-devel/2… mailing-listx_refsource_MLIST
    https://oval.cisecurity.org/repository/search/def… vdb-entrysignaturex_refsource_OVAL
    http://secunia.com/advisories/29766 third-party-advisoryx_refsource_SECUNIA
    https://trac.videolan.org/vlc/ticket/1371 x_refsource_CONFIRM
    https://trac.videolan.org/vlc/changeset/23197 x_refsource_CONFIRM
    http://www.gentoo.org/security/en/glsa/glsa-20080… vendor-advisoryx_refsource_GENTOO
    Date Public
    2007-12-26 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-07T16:18:20.281Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "name": "28712",
                "tags": [
                  "vdb-entry",
                  "x_refsource_BID",
                  "x_transferred"
                ],
                "url": "http://www.securityfocus.com/bid/28712"
              },
              {
                "name": "29284",
                "tags": [
                  "third-party-advisory",
                  "x_refsource_SECUNIA",
                  "x_transferred"
                ],
                "url": "http://secunia.com/advisories/29284"
              },
              {
                "name": "42205",
                "tags": [
                  "vdb-entry",
                  "x_refsource_OSVDB",
                  "x_transferred"
                ],
                "url": "http://osvdb.org/42205"
              },
              {
                "name": "DSA-1543",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_DEBIAN",
                  "x_transferred"
                ],
                "url": "http://www.debian.org/security/2008/dsa-1543"
              },
              {
                "name": "42206",
                "tags": [
                  "vdb-entry",
                  "x_refsource_OSVDB",
                  "x_transferred"
                ],
                "url": "http://osvdb.org/42206"
              },
              {
                "name": "[vlc-devel] 20071226 Regarding \"obscure\" security problem",
                "tags": [
                  "mailing-list",
                  "x_refsource_MLIST",
                  "x_transferred"
                ],
                "url": "http://mailman.videolan.org/pipermail/vlc-devel/2007-December/037726.html"
              },
              {
                "name": "oval:org.mitre.oval:def:14619",
                "tags": [
                  "vdb-entry",
                  "signature",
                  "x_refsource_OVAL",
                  "x_transferred"
                ],
                "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A14619"
              },
              {
                "name": "29766",
                "tags": [
                  "third-party-advisory",
                  "x_refsource_SECUNIA",
                  "x_transferred"
                ],
                "url": "http://secunia.com/advisories/29766"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "https://trac.videolan.org/vlc/ticket/1371"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "https://trac.videolan.org/vlc/changeset/23197"
              },
              {
                "name": "GLSA-200803-13",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_GENTOO",
                  "x_transferred"
                ],
                "url": "http://www.gentoo.org/security/en/glsa/glsa-200803-13.xml"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "n/a",
              "vendor": "n/a",
              "versions": [
                {
                  "status": "affected",
                  "version": "n/a"
                }
              ]
            }
          ],
          "datePublic": "2007-12-26T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "The browser plugin in VideoLAN VLC 0.8.6d allows remote attackers to overwrite arbitrary files via (1) the :demuxdump-file option in a filename in a playlist, or (2) a EXTVLCOPT statement in an MP3 file, possibly an argument injection vulnerability."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "n/a",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2017-09-28T12:57:01.000Z",
            "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
            "shortName": "mitre"
          },
          "references": [
            {
              "name": "28712",
              "tags": [
                "vdb-entry",
                "x_refsource_BID"
              ],
              "url": "http://www.securityfocus.com/bid/28712"
            },
            {
              "name": "29284",
              "tags": [
                "third-party-advisory",
                "x_refsource_SECUNIA"
              ],
              "url": "http://secunia.com/advisories/29284"
            },
            {
              "name": "42205",
              "tags": [
                "vdb-entry",
                "x_refsource_OSVDB"
              ],
              "url": "http://osvdb.org/42205"
            },
            {
              "name": "DSA-1543",
              "tags": [
                "vendor-advisory",
                "x_refsource_DEBIAN"
              ],
              "url": "http://www.debian.org/security/2008/dsa-1543"
            },
            {
              "name": "42206",
              "tags": [
                "vdb-entry",
                "x_refsource_OSVDB"
              ],
              "url": "http://osvdb.org/42206"
            },
            {
              "name": "[vlc-devel] 20071226 Regarding \"obscure\" security problem",
              "tags": [
                "mailing-list",
                "x_refsource_MLIST"
              ],
              "url": "http://mailman.videolan.org/pipermail/vlc-devel/2007-December/037726.html"
            },
            {
              "name": "oval:org.mitre.oval:def:14619",
              "tags": [
                "vdb-entry",
                "signature",
                "x_refsource_OVAL"
              ],
              "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A14619"
            },
            {
              "name": "29766",
              "tags": [
                "third-party-advisory",
                "x_refsource_SECUNIA"
              ],
              "url": "http://secunia.com/advisories/29766"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://trac.videolan.org/vlc/ticket/1371"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://trac.videolan.org/vlc/changeset/23197"
            },
            {
              "name": "GLSA-200803-13",
              "tags": [
                "vendor-advisory",
                "x_refsource_GENTOO"
              ],
              "url": "http://www.gentoo.org/security/en/glsa/glsa-200803-13.xml"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "cve@mitre.org",
              "ID": "CVE-2007-6683",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "n/a",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "n/a"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "n/a"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "The browser plugin in VideoLAN VLC 0.8.6d allows remote attackers to overwrite arbitrary files via (1) the :demuxdump-file option in a filename in a playlist, or (2) a EXTVLCOPT statement in an MP3 file, possibly an argument injection vulnerability."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "n/a"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "28712",
                  "refsource": "BID",
                  "url": "http://www.securityfocus.com/bid/28712"
                },
                {
                  "name": "29284",
                  "refsource": "SECUNIA",
                  "url": "http://secunia.com/advisories/29284"
                },
                {
                  "name": "42205",
                  "refsource": "OSVDB",
                  "url": "http://osvdb.org/42205"
                },
                {
                  "name": "DSA-1543",
                  "refsource": "DEBIAN",
                  "url": "http://www.debian.org/security/2008/dsa-1543"
                },
                {
                  "name": "42206",
                  "refsource": "OSVDB",
                  "url": "http://osvdb.org/42206"
                },
                {
                  "name": "[vlc-devel] 20071226 Regarding \"obscure\" security problem",
                  "refsource": "MLIST",
                  "url": "http://mailman.videolan.org/pipermail/vlc-devel/2007-December/037726.html"
                },
                {
                  "name": "oval:org.mitre.oval:def:14619",
                  "refsource": "OVAL",
                  "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A14619"
                },
                {
                  "name": "29766",
                  "refsource": "SECUNIA",
                  "url": "http://secunia.com/advisories/29766"
                },
                {
                  "name": "https://trac.videolan.org/vlc/ticket/1371",
                  "refsource": "CONFIRM",
                  "url": "https://trac.videolan.org/vlc/ticket/1371"
                },
                {
                  "name": "https://trac.videolan.org/vlc/changeset/23197",
                  "refsource": "CONFIRM",
                  "url": "https://trac.videolan.org/vlc/changeset/23197"
                },
                {
                  "name": "GLSA-200803-13",
                  "refsource": "GENTOO",
                  "url": "http://www.gentoo.org/security/en/glsa/glsa-200803-13.xml"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "assignerShortName": "mitre",
        "cveId": "CVE-2007-6683",
        "datePublished": "2008-01-17T00:00:00.000Z",
        "dateReserved": "2008-01-16T00:00:00.000Z",
        "dateUpdated": "2024-08-07T16:18:20.281Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2007-6684 (GCVE-0-2007-6684)

    Vulnerability from cvelistv5 – Published: 2008-01-17 00:00 – Updated: 2024-08-07 16:18
    VLAI
    Summary
    The RTSP module in VideoLAN VLC 0.8.6d allows remote attackers to cause a denial of service (crash) via a request without a Transport parameter, which triggers a NULL pointer dereference.
    Severity
    No CVSS data available.
    CWE
    • n/a
    Assigner
    References
    URL Tags
    http://secunia.com/advisories/29284 third-party-advisoryx_refsource_SECUNIA
    https://oval.cisecurity.org/repository/search/def… vdb-entrysignaturex_refsource_OVAL
    http://mailman.videolan.org/pipermail/vlc-devel/2… mailing-listx_refsource_MLIST
    http://trac.videolan.org/vlc/changeset/22023 x_refsource_CONFIRM
    http://www.gentoo.org/security/en/glsa/glsa-20080… vendor-advisoryx_refsource_GENTOO
    Date Public
    2007-09-15 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-07T16:18:20.238Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "name": "29284",
                "tags": [
                  "third-party-advisory",
                  "x_refsource_SECUNIA",
                  "x_transferred"
                ],
                "url": "http://secunia.com/advisories/29284"
              },
              {
                "name": "oval:org.mitre.oval:def:14876",
                "tags": [
                  "vdb-entry",
                  "signature",
                  "x_refsource_OVAL",
                  "x_transferred"
                ],
                "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A14876"
              },
              {
                "name": "[vlc-devel] 20070915 vlc: svn commit r22023 (courmisch)",
                "tags": [
                  "mailing-list",
                  "x_refsource_MLIST",
                  "x_transferred"
                ],
                "url": "http://mailman.videolan.org/pipermail/vlc-devel/2007-September/034722.html"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "http://trac.videolan.org/vlc/changeset/22023"
              },
              {
                "name": "GLSA-200803-13",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_GENTOO",
                  "x_transferred"
                ],
                "url": "http://www.gentoo.org/security/en/glsa/glsa-200803-13.xml"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "n/a",
              "vendor": "n/a",
              "versions": [
                {
                  "status": "affected",
                  "version": "n/a"
                }
              ]
            }
          ],
          "datePublic": "2007-09-15T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "The RTSP module in VideoLAN VLC 0.8.6d allows remote attackers to cause a denial of service (crash) via a request without a Transport parameter, which triggers a NULL pointer dereference."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "n/a",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2017-09-28T12:57:01.000Z",
            "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
            "shortName": "mitre"
          },
          "references": [
            {
              "name": "29284",
              "tags": [
                "third-party-advisory",
                "x_refsource_SECUNIA"
              ],
              "url": "http://secunia.com/advisories/29284"
            },
            {
              "name": "oval:org.mitre.oval:def:14876",
              "tags": [
                "vdb-entry",
                "signature",
                "x_refsource_OVAL"
              ],
              "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A14876"
            },
            {
              "name": "[vlc-devel] 20070915 vlc: svn commit r22023 (courmisch)",
              "tags": [
                "mailing-list",
                "x_refsource_MLIST"
              ],
              "url": "http://mailman.videolan.org/pipermail/vlc-devel/2007-September/034722.html"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "http://trac.videolan.org/vlc/changeset/22023"
            },
            {
              "name": "GLSA-200803-13",
              "tags": [
                "vendor-advisory",
                "x_refsource_GENTOO"
              ],
              "url": "http://www.gentoo.org/security/en/glsa/glsa-200803-13.xml"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "cve@mitre.org",
              "ID": "CVE-2007-6684",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "n/a",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "n/a"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "n/a"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "The RTSP module in VideoLAN VLC 0.8.6d allows remote attackers to cause a denial of service (crash) via a request without a Transport parameter, which triggers a NULL pointer dereference."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "n/a"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "29284",
                  "refsource": "SECUNIA",
                  "url": "http://secunia.com/advisories/29284"
                },
                {
                  "name": "oval:org.mitre.oval:def:14876",
                  "refsource": "OVAL",
                  "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A14876"
                },
                {
                  "name": "[vlc-devel] 20070915 vlc: svn commit r22023 (courmisch)",
                  "refsource": "MLIST",
                  "url": "http://mailman.videolan.org/pipermail/vlc-devel/2007-September/034722.html"
                },
                {
                  "name": "http://trac.videolan.org/vlc/changeset/22023",
                  "refsource": "CONFIRM",
                  "url": "http://trac.videolan.org/vlc/changeset/22023"
                },
                {
                  "name": "GLSA-200803-13",
                  "refsource": "GENTOO",
                  "url": "http://www.gentoo.org/security/en/glsa/glsa-200803-13.xml"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "assignerShortName": "mitre",
        "cveId": "CVE-2007-6684",
        "datePublished": "2008-01-17T00:00:00.000Z",
        "dateReserved": "2008-01-16T00:00:00.000Z",
        "dateUpdated": "2024-08-07T16:18:20.238Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }