Videolan Vlc vulnerabilities

CVE-2017-8311 [HIGH] CWE-119 CVE-2017-8311: Potential heap based buffer overflow in ParseJSS in VideoLAN VLC before 2.2.5 due to skipping NULL t Potential heap based buffer overflow in ParseJSS in VideoLAN VLC before 2.2.5 due to skipping NULL terminator in an input string allows attackers to execute arbitrary code via a crafted subtitles file.

CVE-2017-8312 [MEDIUM] CWE-125 CVE-2017-8312: Heap out-of-bound read in ParseJSS in VideoLAN VLC due to missing check of string length allows atta Heap out-of-bound read in ParseJSS in VideoLAN VLC due to missing check of string length allows attackers to read heap uninitialized data via a crafted subtitles file.

CVE-2017-8313 [MEDIUM] CWE-125 CVE-2017-8313: Heap out-of-bound read in ParseJSS in VideoLAN VLC before 2.2.5 due to missing check of string termi Heap out-of-bound read in ParseJSS in VideoLAN VLC before 2.2.5 due to missing check of string termination allows attackers to read data beyond allocated memory and potentially crash the process via a crafted subtitles file.

CVE-2017-8310 [MEDIUM] CWE-125 CVE-2017-8310: Heap out-of-bound read in CreateHtmlSubtitle in VideoLAN VLC 2.2.x due to missing check of string te Heap out-of-bound read in CreateHtmlSubtitle in VideoLAN VLC 2.2.x due to missing check of string termination allows attackers to read data beyond allocated memory and potentially crash the process (causing a denial of service) via a crafted subtitles file.

CVE-2014-6440 [CRITICAL] CWE-119 CVE-2014-6440: VideoLAN VLC media player before 2.1.5 allows remote attackers to execute arbitrary code or cause a VideoLAN VLC media player before 2.1.5 allows remote attackers to execute arbitrary code or cause a denial of service.

CVE-2008-2147 [MEDIUM] CWE-264 CVE-2008-2147: Untrusted search path vulnerability in VideoLAN VLC before 0.9.0 allows local users to execute arbit Untrusted search path vulnerability in VideoLAN VLC before 0.9.0 allows local users to execute arbitrary code via a malicious library under the modules/ or plugins/ subdirectories of the current working directory.

CVE-2008-1769 [MEDIUM] CWE-399 CVE-2008-1769: VLC before 0.8.6f allow remote attackers to cause a denial of service (crash) via a crafted Cinepak VLC before 0.8.6f allow remote attackers to cause a denial of service (crash) via a crafted Cinepak file that triggers an out-of-bounds array access and memory corruption.

CVE-2008-1768 [MEDIUM] CWE-119 CVE-2008-1768: Multiple integer overflows in VLC before 0.8.6f allow remote attackers to cause a denial of service Multiple integer overflows in VLC before 0.8.6f allow remote attackers to cause a denial of service (crash) via the (1) MP4 demuxer, (2) Real demuxer, and (3) Cinepak codec, which triggers a buffer overflow.

CVE-2008-1881 [MEDIUM] CVE-2008-1881: Stack-based buffer overflow in the ParseSSA function (modules/demux/subtitle.c) in VLC 0.8.6e allows Stack-based buffer overflow in the ParseSSA function (modules/demux/subtitle.c) in VLC 0.8.6e allows remote attackers to execute arbitrary code via a long subtitle in an SSA file. NOTE: this issue is due to an incomplete fix for CVE-2007-6681.

CVE-2008-1489 [MEDIUM] CVE-2008-1489: Integer overflow in the MP4_ReadBox_rdrf function in libmp4.c for VLC 0.8.6e allows remote attackers Integer overflow in the MP4_ReadBox_rdrf function in libmp4.c for VLC 0.8.6e allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a crafted MP4 RDRF box that triggers a heap-based buffer overflow, a different vulnerability than CVE-2008-0984.

CVE-2007-6682 [HIGH] CVE-2007-6682: Format string vulnerability in the httpd_FileCallBack function (network/httpd.c) in VideoLAN VLC 0.8 Format string vulnerability in the httpd_FileCallBack function (network/httpd.c) in VideoLAN VLC 0.8.6d allows remote attackers to execute arbitrary code via format string specifiers in the Connection parameter.

CVE-2007-6681 [HIGH] CWE-119 CVE-2007-6681: Stack-based buffer overflow in modules/demux/subtitle.c in VideoLAN VLC 0.8.6d allows remote attacke Stack-based buffer overflow in modules/demux/subtitle.c in VideoLAN VLC 0.8.6d allows remote attackers to execute arbitrary code via a long subtitle in a (1) MicroDvd, (2) SSA, and (3) Vplayer file.

CVE-2007-6684 [MEDIUM] CWE-20 CVE-2007-6684: The RTSP module in VideoLAN VLC 0.8.6d allows remote attackers to cause a denial of service (crash) The RTSP module in VideoLAN VLC 0.8.6d allows remote attackers to cause a denial of service (crash) via a request without a Transport parameter, which triggers a NULL pointer dereference.

CVE-2007-6683 [MEDIUM] CVE-2007-6683: The browser plugin in VideoLAN VLC 0.8.6d allows remote attackers to overwrite arbitrary files via ( The browser plugin in VideoLAN VLC 0.8.6d allows remote attackers to overwrite arbitrary files via (1) the :demuxdump-file option in a filename in a playlist, or (2) a EXTVLCOPT statement in an MP3 file, possibly an argument injection vulnerability.