Debian Vlc vulnerabilities

CVE-2009-2484 [CRITICAL] CVE-2009-2484: vlc - Stack-based buffer overflow in the Win32AddConnection function in modules/access... Stack-based buffer overflow in the Win32AddConnection function in modules/access/smb.c in VideoLAN VLC media player 0.9.9, when running on Microsoft Windows, allows remote attackers to cause a denial of service (application crash) and possibly execute arbitrary code via a long smb URI in a playlist file. Scope: local bookworm: resolved bullseye: resolved forky: resolv

CVE-2009-1045 [MEDIUM] CVE-2009-1045: vlc - requests/status.xml in VLC 0.9.8a allows remote attackers to cause a denial of s... requests/status.xml in VLC 0.9.8a allows remote attackers to cause a denial of service (stack consumption and crash) via a long input argument in an in_play action. Scope: local bookworm: resolved (fixed in 0.9.9a-1) bullseye: resolved (fixed in 0.9.9a-1) forky: resolved (fixed in 0.9.9a-1) sid: resolved (fixed in 0.9.9a-1) trixie: resolved (fixed in 0.9.9a-1)

CVE-2009-0698 [CRITICAL] CVE-2009-0698: vlc - Integer overflow in the 4xm demuxer (demuxers/demux_4xm.c) in xine-lib 1.1.16.1 ... Integer overflow in the 4xm demuxer (demuxers/demux_4xm.c) in xine-lib 1.1.16.1 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a 4X movie file with a large current_track value, a similar issue to CVE-2009-0385. Scope: local bookworm: resolved bullseye: resolved forky: resolved sid: resolved trixie: resolved

CVE-2008-3732 [CRITICAL] CVE-2008-3732: vlc - Integer overflow in the Open function in modules/demux/tta.c in VLC Media Player... Integer overflow in the Open function in modules/demux/tta.c in VLC Media Player 0.8.6i allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a crafted TTA file, which triggers a heap-based buffer overflow. NOTE: some of these details are obtained from third party information. Scope: local bookworm: resolved (f

CVE-2008-0295 [HIGH] CVE-2008-0295: vlc - Heap-based buffer overflow in modules/access/rtsp/real_sdpplin.c in the Xine lib... Heap-based buffer overflow in modules/access/rtsp/real_sdpplin.c in the Xine library, as used in VideoLAN VLC Media Player 0.8.6d and earlier, allows user-assisted remote attackers to cause a denial of service (crash) or execute arbitrary code via long Session Description Protocol (SDP) data. Scope: local bookworm: resolved (fixed in 0.8.6.c-6) bullseye: resolved (fixed i

CVE-2008-0984 [CRITICAL] CVE-2008-0984: vlc - The MP4 demuxer (mp4.c) for VLC media player 0.8.6d and earlier, as used in Miro... The MP4 demuxer (mp4.c) for VLC media player 0.8.6d and earlier, as used in Miro Player 1.1 and earlier, allows remote attackers to overwrite arbitrary memory and execute arbitrary code via a malformed MP4 file. Scope: local bookworm: resolved (fixed in 0.8.6.e-1) bullseye: resolved (fixed in 0.8.6.e-1) forky: resolved (fixed in 0.8.6.e-1) sid: resolved (fixed in 0.8.

CVE-2008-3794 [MEDIUM] CVE-2008-3794: vlc - Integer signedness error in the mms_ReceiveCommand function in modules/access/mm... Integer signedness error in the mms_ReceiveCommand function in modules/access/mms/mmstu.c in VLC Media Player 0.8.6i allows remote attackers to execute arbitrary code via a crafted mmst link with a negative size value, which bypasses a size check and triggers an integer overflow followed by a heap-based buffer overflow. Scope: local bookworm: resolved (fixed in 0.8.6.h-

CVE-2008-4558 [MEDIUM] CVE-2008-4558: vlc - Array index error in VLC media player 0.9.2 allows remote attackers to overwrite... Array index error in VLC media player 0.9.2 allows remote attackers to overwrite arbitrary memory and execute arbitrary code via an XSPF playlist file with a negative identifier tag, which passes a signed comparison. Scope: local bookworm: resolved (fixed in 0.9.3-1) bullseye: resolved (fixed in 0.9.3-1) forky: resolved (fixed in 0.9.3-1) sid: resolved (fixed in 0.9.3-1

CVE-2008-5032 [CRITICAL] CVE-2008-5032: vlc - Stack-based buffer overflow in VideoLAN VLC media player 0.5.0 through 0.9.5 mig... Stack-based buffer overflow in VideoLAN VLC media player 0.5.0 through 0.9.5 might allow user-assisted attackers to execute arbitrary code via the header of an invalid CUE image file, related to modules/access/vcd/cdrom.c. NOTE: this identifier originally included an issue related to RealText, but that issue has been assigned a separate identifier, CVE-2008-5036. Scop

CVE-2008-1489 [CRITICAL] CVE-2008-1489: vlc - Integer overflow in the MP4_ReadBox_rdrf function in libmp4.c for VLC 0.8.6e all... Integer overflow in the MP4_ReadBox_rdrf function in libmp4.c for VLC 0.8.6e allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a crafted MP4 RDRF box that triggers a heap-based buffer overflow, a different vulnerability than CVE-2008-0984. Scope: local bookworm: resolved (fixed in 0.8.6.e-1.1) bullseye: resolved (fixe

CVE-2008-4686 [CRITICAL] CVE-2008-4686: vlc - Multiple integer overflows in ty.c in the TY demux plugin (aka the TiVo demuxer)... Multiple integer overflows in ty.c in the TY demux plugin (aka the TiVo demuxer) in VideoLAN VLC media player, probably 0.9.4, might allow remote attackers to execute arbitrary code via a crafted .ty file, a different vulnerability than CVE-2008-4654. Scope: local bookworm: resolved (fixed in 0.8.6.h-4.1) bullseye: resolved (fixed in 0.8.6.h-4.1) forky: resolved (fixe

CVE-2008-0296 [CRITICAL] CVE-2008-0296: vlc - Heap-based buffer overflow in the libaccess_realrtsp plugin in VideoLAN VLC Medi... Heap-based buffer overflow in the libaccess_realrtsp plugin in VideoLAN VLC Media Player 0.8.6d and earlier on Windows might allow remote RTSP servers to cause a denial of service (application crash) or execute arbitrary code via a long string. Scope: local bookworm: resolved (fixed in 0.8.6.c-6) bullseye: resolved (fixed in 0.8.6.c-6) forky: resolved (fixed in 0.8.6.

CVE-2008-2430 [CRITICAL] CVE-2008-2430: vlc - Integer overflow in the Open function in modules/demux/wav.c in VLC Media Player... Integer overflow in the Open function in modules/demux/wav.c in VLC Media Player 0.8.6h on Windows allows remote attackers to execute arbitrary code via a large fmt chunk in a WAV file. Scope: local bookworm: resolved (fixed in 0.8.6.h-1) bullseye: resolved (fixed in 0.8.6.h-1) forky: resolved (fixed in 0.8.6.h-1) sid: resolved (fixed in 0.8.6.h-1) trixie: resolved (f

CVE-2008-1768 [MEDIUM] CVE-2008-1768: vlc - Multiple integer overflows in VLC before 0.8.6f allow remote attackers to cause ... Multiple integer overflows in VLC before 0.8.6f allow remote attackers to cause a denial of service (crash) via the (1) MP4 demuxer, (2) Real demuxer, and (3) Cinepak codec, which triggers a buffer overflow. Scope: local bookworm: resolved (fixed in 0.8.6.e-2.1) bullseye: resolved (fixed in 0.8.6.e-2.1) forky: resolved (fixed in 0.8.6.e-2.1) sid: resolved (fixed in 0.8.

CVE-2008-0073 [MEDIUM] CVE-2008-0073: vlc - Array index error in the sdpplin_parse function in input/libreal/sdpplin.c in xi... Array index error in the sdpplin_parse function in input/libreal/sdpplin.c in xine-lib 1.1.10.1 allows remote RTSP servers to execute arbitrary code via a large streamid SDP parameter. Scope: local bookworm: resolved (fixed in 0.8.6.e-2) bullseye: resolved (fixed in 0.8.6.e-2) forky: resolved (fixed in 0.8.6.e-2) sid: resolved (fixed in 0.8.6.e-2) trixie: resolved (fixe

CVE-2008-1881 [HIGH] CVE-2008-1881: vlc - Stack-based buffer overflow in the ParseSSA function (modules/demux/subtitle.c) ... Stack-based buffer overflow in the ParseSSA function (modules/demux/subtitle.c) in VLC 0.8.6e allows remote attackers to execute arbitrary code via a long subtitle in an SSA file. NOTE: this issue is due to an incomplete fix for CVE-2007-6681. Scope: local bookworm: resolved (fixed in 0.8.6.e-2.1) bullseye: resolved (fixed in 0.8.6.e-2.1) forky: resolved (fixed in 0.8.6.e

CVE-2008-5036 [CRITICAL] CVE-2008-5036: vlc - Stack-based buffer overflow in VideoLAN VLC media player 0.9.x before 0.9.6 migh... Stack-based buffer overflow in VideoLAN VLC media player 0.9.x before 0.9.6 might allow user-assisted attackers to execute arbitrary code via an an invalid RealText (rt) subtitle file, related to the ParseRealText function in modules/demux/subtitle.c. NOTE: this issue was SPLIT from CVE-2008-5032 on 20081110. Scope: local bookworm: resolved (fixed in 1.0.3-1) bullseye

CVE-2008-5233 [MEDIUM] CVE-2008-5233: vlc - xine-lib 1.1.12, and other versions before 1.1.15, does not check for failure of... xine-lib 1.1.12, and other versions before 1.1.15, does not check for failure of malloc in circumstances including (1) the mymng_process_header function in demux_mng.c, (2) the open_mod_file function in demux_mod.c, and (3) frame_buffer allocation in the real_parse_audio_specific_data function in demux_real.c, which allows remote attackers to cause a denial of service (

CVE-2008-5246 [CRITICAL] CVE-2008-5246: vlc - Multiple heap-based buffer overflows in xine-lib before 1.1.15 allow remote atta... Multiple heap-based buffer overflows in xine-lib before 1.1.15 allow remote attackers to execute arbitrary code via vectors that send ID3 data to the (1) id3v22_interp_frame and (2) id3v24_interp_frame functions in src/demuxers/id3.c. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information. Scope: local bookwor

CVE-2008-5235 [CRITICAL] CVE-2008-5235: vlc - Heap-based buffer overflow in the demux_real_send_chunk function in src/demuxers... Heap-based buffer overflow in the demux_real_send_chunk function in src/demuxers/demux_real.c in xine-lib before 1.1.15 allows remote attackers to execute arbitrary code via a crafted Real Media file. NOTE: some of these details are obtained from third party information. Scope: local bookworm: resolved bullseye: resolved forky: resolved sid: resolved trixie: resolved