Videolan Vlc Media Player vulnerabilities

CVE-2015-5949 [MEDIUM] CWE-119 CVE-2015-5949: VideoLAN VLC media player 2.2.1 allows remote attackers to cause a denial of service (crash) and pos VideoLAN VLC media player 2.2.1 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a crafted 3GP file, which triggers the freeing of arbitrary pointers.

CVE-2014-9743 [MEDIUM] CWE-79 CVE-2014-9743: Cross-site scripting (XSS) vulnerability in the httpd_HtmlError function in network/httpd.c in the w Cross-site scripting (XSS) vulnerability in the httpd_HtmlError function in network/httpd.c in the web interface in VideoLAN VLC Media Player before 2.2.0 allows remote attackers to inject arbitrary web script or HTML via the path info.

CVE-2014-9597 [MEDIUM] CWE-20 CVE-2014-9597: The picture_pool_Delete function in misc/picture_pool.c in VideoLAN VLC media player 2.1.5 allows re The picture_pool_Delete function in misc/picture_pool.c in VideoLAN VLC media player 2.1.5 allows remote attackers to execute arbitrary code or cause a denial of service (DEP violation and application crash) via a crafted FLV file.

CVE-2014-9598 [MEDIUM] CWE-20 CVE-2014-9598: The picture_Release function in misc/picture.c in VideoLAN VLC media player 2.1.5 allows remote atta The picture_Release function in misc/picture.c in VideoLAN VLC media player 2.1.5 allows remote attackers to execute arbitrary code or cause a denial of service (write access violation) via a crafted M2V file.

CVE-2010-1444 [HIGH] CWE-119 CVE-2010-1444: The ZIP archive decompressor in VideoLAN VLC media player before 1.0.6 allows remote attackers to ca The ZIP archive decompressor in VideoLAN VLC media player before 1.0.6 allows remote attackers to cause a denial of service (invalid memory access and application crash) or possibly execute arbitrary code via a crafted archive.

CVE-2011-3623 [HIGH] CWE-119 CVE-2011-3623: Multiple stack-based buffer overflows in VideoLAN VLC media player before 1.0.2 allow remote attacke Multiple stack-based buffer overflows in VideoLAN VLC media player before 1.0.2 allow remote attackers to execute arbitrary code via (1) a crafted ASF file, related to the ASF_ObjectDumpDebug function in modules/demux/asf/libasf.c; (2) a crafted AVI file, related to the AVI_ChunkDumpDebug_level function in modules/demux/avi/libavi.c; or (3) a crafted MP

CVE-2010-2062 [HIGH] CWE-189 CVE-2010-2062: Integer underflow in the real_get_rdt_chunk function in real.c, as used in modules/access/rtsp/real. Integer underflow in the real_get_rdt_chunk function in real.c, as used in modules/access/rtsp/real.c in VideoLAN VLC media player before 1.0.1 and stream/realrtsp/real.c in MPlayer before r29447, allows remote attackers to execute arbitrary code via a crafted length value in an RDT chunk header.

CVE-2010-1442 [HIGH] CWE-119 CVE-2010-1442: VideoLAN VLC media player before 1.0.6 allows remote attackers to cause a denial of service (invalid VideoLAN VLC media player before 1.0.6 allows remote attackers to cause a denial of service (invalid memory access and application crash) or possibly execute arbitrary code via a crafted byte stream to the (1) AVI, (2) ASF, or (3) Matroska (aka MKV) demuxer.

CVE-2010-1445 [HIGH] CWE-119 CVE-2010-1445: Heap-based buffer overflow in VideoLAN VLC media player before 1.0.6 allows remote attackers to caus Heap-based buffer overflow in VideoLAN VLC media player before 1.0.6 allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a crafted byte stream in an RTMP session.

CVE-2010-1441 [HIGH] CWE-119 CVE-2010-1441: Multiple heap-based buffer overflows in VideoLAN VLC media player before 1.0.6 allow remote attacker Multiple heap-based buffer overflows in VideoLAN VLC media player before 1.0.6 allow remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a crafted byte stream to the (1) A/52, (2) DTS, or (3) MPEG Audio decoder.

CVE-2010-1443 [MEDIUM] CVE-2010-1443: The parse_track_node function in modules/demux/playlist/xspf.c in the XSPF playlist parser in VideoL The parse_track_node function in modules/demux/playlist/xspf.c in the XSPF playlist parser in VideoLAN VLC media player before 1.0.6 allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) via an empty location element in an XML Shareable Playlist Format (XSPF) document.

CVE-2014-3441 [MEDIUM] CWE-119 CVE-2014-3441: codec\libpng_plugin.dll in VideoLAN VLC Media Player 2.1.3 allows remote attackers to cause a denial codec\libpng_plugin.dll in VideoLAN VLC Media Player 2.1.3 allows remote attackers to cause a denial of service (crash) via a crafted .png file, as demonstrated by a png in a .wave file.

CVE-2013-7340 [MEDIUM] CWE-399 CVE-2013-7340: VideoLAN VLC Media Player before 2.0.7 allows remote attackers to cause a denial of service (memory VideoLAN VLC Media Player before 2.0.7 allows remote attackers to cause a denial of service (memory consumption) via a crafted playlist file.

CVE-2014-1684 [MEDIUM] CWE-189 CVE-2014-1684: The ASF_ReadObject_file_properties function in modules/demux/asf/libasf.c in the ASF Demuxer in Vide The ASF_ReadObject_file_properties function in modules/demux/asf/libasf.c in the ASF Demuxer in VideoLAN VLC Media Player before 2.1.3 allows remote attackers to cause a denial of service (divide-by-zero error and crash) via a zero minimum and maximum data packet size in an ASF file.

CVE-2013-6933 [HIGH] CVE-2013-6933: The parseRTSPRequestString function in Live Networks Live555 Streaming Media 2011 The parseRTSPRequestString function in Live Networks Live555 Streaming Media 2011.08.13 through 2013.11.25, as used in VideoLAN VLC Media Player, allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a (1) space or (2) tab character at the beginning of an RTSP message, which triggers an integer underflow, infinite loop, and buffer ov

CVE-2013-6934 [HIGH] CVE-2013-6934: The parseRTSPRequestString function in Live Networks Live555 Streaming Media 2013.11.26, as used in The parseRTSPRequestString function in Live Networks Live555 Streaming Media 2013.11.26, as used in VideoLAN VLC Media Player, allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a space character at the beginning of an RTSP message, which triggers an integer underflow, infinite loop, and buffer overflow. NOTE: th

CVE-2013-6283 [HIGH] CWE-20 CVE-2013-6283: VideoLAN VLC Media Player 2.0.8 and earlier allows remote attackers to cause a denial of service (cr VideoLAN VLC Media Player 2.0.8 and earlier allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a long string in a URL in a m3u file.

CVE-2013-4388 [MEDIUM] CWE-119 CVE-2013-4388: Buffer overflow in the mp4a packetizer (modules/packetizer/mpeg4audio.c) in VideoLAN VLC Media Playe Buffer overflow in the mp4a packetizer (modules/packetizer/mpeg4audio.c) in VideoLAN VLC Media Player before 2.0.8 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via unspecified vectors.

CVE-2013-1868 [CRITICAL] CWE-119 CVE-2013-1868: Multiple buffer overflows in VideoLAN VLC media player 2.0.4 and earlier allow remote attackers to c Multiple buffer overflows in VideoLAN VLC media player 2.0.4 and earlier allow remote attackers to cause a denial of service (crash) and execute arbitrary code via vectors related to the (1) freetype renderer and (2) HTML subtitle parser.

CVE-2012-5855 [MEDIUM] CWE-189 CVE-2012-5855: The SHAddToRecentDocs function in VideoLAN VLC media player 2.0.4 and earlier might allow user-assis The SHAddToRecentDocs function in VideoLAN VLC media player 2.0.4 and earlier might allow user-assisted attackers to cause a denial of service (crash) via a crafted file name that triggers an incorrect string-length calculation when the file is added to VLC. NOTE: it is not clear whether this issue crosses privilege boundaries or whether it can be exp