Debian Vlc vulnerabilities

CVE-2013-1868 [CRITICAL] CVE-2013-1868: vlc - Multiple buffer overflows in VideoLAN VLC media player 2.0.4 and earlier allow r... Multiple buffer overflows in VideoLAN VLC media player 2.0.4 and earlier allow remote attackers to cause a denial of service (crash) and execute arbitrary code via vectors related to the (1) freetype renderer and (2) HTML subtitle parser. Scope: local bookworm: resolved (fixed in 2.0.5-1) bullseye: resolved (fixed in 2.0.5-1) forky: resolved (fixed in 2.0.5-1) sid: re

CVE-2013-3564 [MEDIUM] CVE-2013-3564: vlc - The web interface in VideoLAN VLC media player before 2.0.7 has no access contro... The web interface in VideoLAN VLC media player before 2.0.7 has no access control which allows remote attackers to view directory listings via the 'dir' command or issue other commands without authenticating. Scope: local bookworm: resolved (fixed in 2.0.7-1) bullseye: resolved (fixed in 2.0.7-1) forky: resolved (fixed in 2.0.7-1) sid: resolved (fixed in 2.0.7-1) trixie

CVE-2013-4388 [MEDIUM] CVE-2013-4388: vlc - Buffer overflow in the mp4a packetizer (modules/packetizer/mpeg4audio.c) in Vide... Buffer overflow in the mp4a packetizer (modules/packetizer/mpeg4audio.c) in VideoLAN VLC Media Player before 2.0.8 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via unspecified vectors. Scope: local bookworm: resolved (fixed in 2.1.0-1) bullseye: resolved (fixed in 2.1.0-1) forky: resolved (fixed in 2.1.0-1) sid: resolv

CVE-2013-1954 [MEDIUM] CVE-2013-1954: vlc - The ASF Demuxer (modules/demux/asf/asf.c) in VideoLAN VLC media player 2.0.5 and... The ASF Demuxer (modules/demux/asf/asf.c) in VideoLAN VLC media player 2.0.5 and earlier allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a crafted ASF movie that triggers an out-of-bounds read. Scope: local bookworm: resolved (fixed in 2.0.6-1) bullseye: resolved (fixed in 2.0.6-1) forky: resolved (fixed in 2.0.6-1) s

CVE-2013-6934 [HIGH] CVE-2013-6934: mplayer - The parseRTSPRequestString function in Live Networks Live555 Streaming Media 201... The parseRTSPRequestString function in Live Networks Live555 Streaming Media 2013.11.26, as used in VideoLAN VLC Media Player, allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a space character at the beginning of an RTSP message, which triggers an integer underflow, infinite loop, and buffer overflow. NOTE: this vul

CVE-2013-6933 [HIGH] CVE-2013-6933: mplayer - The parseRTSPRequestString function in Live Networks Live555 Streaming Media 201... The parseRTSPRequestString function in Live Networks Live555 Streaming Media 2011.08.13 through 2013.11.25, as used in VideoLAN VLC Media Player, allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a (1) space or (2) tab character at the beginning of an RTSP message, which triggers an integer underflow, infinite loop, a

CVE-2013-3565 [MEDIUM] CVE-2013-3565: vlc - Multiple cross-site scripting (XSS) vulnerabilities in the HTTP Interface in Vid... Multiple cross-site scripting (XSS) vulnerabilities in the HTTP Interface in VideoLAN VLC Media Player before 2.0.7 allow remote attackers to inject arbitrary web script or HTML via the (1) command parameter to requests/vlm_cmd.xml, (2) dir parameter to requests/browse.xml, or (3) URI in a request, which is returned in an error message through share/lua/intf/http.lua. S

CVE-2013-3245 [MEDIUM] CVE-2013-3245: vlc - plugins/demux/libmkv_plugin.dll in VideoLAN VLC Media Player 2.0.7, and possibly... plugins/demux/libmkv_plugin.dll in VideoLAN VLC Media Player 2.0.7, and possibly other versions, allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a crafted MKV file, possibly involving an integer overflow and out-of-bounds read or heap-based buffer overflow, or an uncaught exception. NOTE: the vendor disputes the sever

CVE-2013-6283 [HIGH] CVE-2013-6283: vlc - VideoLAN VLC Media Player 2.0.8 and earlier allows remote attackers to cause a d... VideoLAN VLC Media Player 2.0.8 and earlier allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a long string in a URL in a m3u file. Scope: local bookworm: resolved (fixed in 2.1.0-2) bullseye: resolved (fixed in 2.1.0-2) forky: resolved (fixed in 2.1.0-2) sid: resolved (fixed in 2.1.0-2) trixie: resolved (fixed in 2.1.0-2

CVE-2013-7340 [MEDIUM] CVE-2013-7340: vlc - VideoLAN VLC Media Player before 2.0.7 allows remote attackers to cause a denial... VideoLAN VLC Media Player before 2.0.7 allows remote attackers to cause a denial of service (memory consumption) via a crafted playlist file. Scope: local bookworm: resolved (fixed in 2.2.0~rc2-1) bullseye: resolved (fixed in 2.2.0~rc2-1) forky: resolved (fixed in 2.2.0~rc2-1) sid: resolved (fixed in 2.2.0~rc2-1) trixie: resolved (fixed in 2.2.0~rc2-1)

CVE-2012-0023 [CRITICAL] CVE-2012-0023: vlc - Double free vulnerability in the get_chunk_header function in modules/demux/ty.c... Double free vulnerability in the get_chunk_header function in modules/demux/ty.c in VideoLAN VLC media player 0.9.0 through 1.1.12 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a crafted TiVo (TY) file. Scope: local bookworm: resolved (fixed in 1.1.13-1) bullseye: resolved (fixed in 1.1.13-1) forky: resolved (fixe

CVE-2012-3377 [MEDIUM] CVE-2012-3377: vlc - Heap-based buffer overflow in the Ogg_DecodePacket function in the OGG demuxer (... Heap-based buffer overflow in the Ogg_DecodePacket function in the OGG demuxer (modules/demux/ogg.c) in VideoLAN VLC media player before 2.0.2 allows remote attackers to cause a denial of service (application crash) and possibly execute arbitrary code via a crafted OGG file. Scope: local bookworm: resolved (fixed in 2.0.2-1) bullseye: resolved (fixed in 2.0.2-1) forky:

CVE-2012-5470 [MEDIUM] CVE-2012-5470: vlc - libpng_plugin in VideoLAN VLC media player 2.0.3 allows remote attackers to caus... libpng_plugin in VideoLAN VLC media player 2.0.3 allows remote attackers to cause a denial of service (application crash) via a crafted PNG file. Scope: local bookworm: resolved (fixed in 2.0.4-1) bullseye: resolved (fixed in 2.0.4-1) forky: resolved (fixed in 2.0.4-1) sid: resolved (fixed in 2.0.4-1) trixie: resolved (fixed in 2.0.4-1)

CVE-2012-0904 [MEDIUM] CVE-2012-0904: vlc - VLC media player 1.1.11 allows remote attackers to cause a denial of service (cr... VLC media player 1.1.11 allows remote attackers to cause a denial of service (crash) via a long string in an amr file. Scope: local bookworm: resolved bullseye: resolved forky: resolved sid: resolved trixie: resolved

CVE-2012-2396 [MEDIUM] CVE-2012-2396: taglib - VideoLAN VLC media player 2.0.1 allows remote attackers to cause a denial of ser... VideoLAN VLC media player 2.0.1 allows remote attackers to cause a denial of service (divide-by-zero error and application crash) via a crafted MP4 file. Scope: local bookworm: resolved (fixed in 1.7.2-1) bullseye: resolved (fixed in 1.7.2-1) forky: resolved (fixed in 1.7.2-1) sid: resolved (fixed in 1.7.2-1) trixie: resolved (fixed in 1.7.2-1)

CVE-2012-5855 [MEDIUM] CVE-2012-5855: vlc - The SHAddToRecentDocs function in VideoLAN VLC media player 2.0.4 and earlier mi... The SHAddToRecentDocs function in VideoLAN VLC media player 2.0.4 and earlier might allow user-assisted attackers to cause a denial of service (crash) via a crafted file name that triggers an incorrect string-length calculation when the file is added to VLC. NOTE: it is not clear whether this issue crosses privilege boundaries or whether it can be exploited without user

CVE-2012-1776 [CRITICAL] CVE-2012-1776: vlc - Multiple heap-based buffer overflows in VideoLAN VLC media player before 2.0.1 a... Multiple heap-based buffer overflows in VideoLAN VLC media player before 2.0.1 allow remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a crafted Real RTSP stream. Scope: local bookworm: resolved (fixed in 2.0.1-1) bullseye: resolved (fixed in 2.0.1-1) forky: resolved (fixed in 2.0.1-1) sid: resolved (fixed in 2.0.

CVE-2012-1775 [CRITICAL] CVE-2012-1775: vlc - Stack-based buffer overflow in VideoLAN VLC media player before 2.0.1 allows rem... Stack-based buffer overflow in VideoLAN VLC media player before 2.0.1 allows remote attackers to execute arbitrary code via a crafted MMS:// stream. Scope: local bookworm: resolved (fixed in 2.0.1-1) bullseye: resolved (fixed in 2.0.1-1) forky: resolved (fixed in 2.0.1-1) sid: resolved (fixed in 2.0.1-1) trixie: resolved (fixed in 2.0.1-1)

CVE-2011-2194 [CRITICAL] CVE-2011-2194: vlc - Integer overflow in the XSPF playlist parser in VideoLAN VLC media player 0.8.5 ... Integer overflow in the XSPF playlist parser in VideoLAN VLC media player 0.8.5 through 1.1.9 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via unspecified vectors that trigger a heap-based buffer overflow. Scope: local bookworm: resolved (fixed in 1.1.10-1) bullseye: resolved (fixed in 1.1.10-1) forky: resolved (fixe

CVE-2011-0021 [CRITICAL] CVE-2011-0021: vlc - Multiple heap-based buffer overflows in cdg.c in the CDG decoder in VideoLAN VLC... Multiple heap-based buffer overflows in cdg.c in the CDG decoder in VideoLAN VLC Media Player before 1.1.6 allow remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a crafted CDG video. Scope: local bookworm: resolved (fixed in 1.1.3-1squeeze2) bullseye: resolved (fixed in 1.1.3-1squeeze2) forky: resolved (fixed in