Summary
| Detail | |||
|---|---|---|---|
| Vendor | Videolan | First view | 2008-01-16 |
| Product | Vlc | Last view | 2017-03-28 |
| Version | 0.4.3_ac3 | Type | Application |
| Update | * | ||
| Edition | * | ||
| Language | * | ||
| Sofware Edition | * | ||
| Target Software | * | ||
| Target Hardware | * | ||
| Other | * | ||
| CPE Product | cpe:2.3:a:videolan:vlc | ||
Activity : Overall
Related : CVE
| Date | Alert | Description | |
|---|---|---|---|
| 9.8 | 2017-03-28 | CVE-2014-6440 | VideoLAN VLC media player before 2.1.5 allows remote attackers to execute arbitrary code or cause a denial of service. |
| 4.6 | 2008-05-12 | CVE-2008-2147 | Untrusted search path vulnerability in VideoLAN VLC before 0.9.0 allows local users to execute arbitrary code via a malicious library under the modules/ or plugins/ subdirectories of the current working directory. |
| 6.8 | 2008-04-25 | CVE-2008-1769 | VLC before 0.8.6f allow remote attackers to cause a denial of service (crash) via a crafted Cinepak file that triggers an out-of-bounds array access and memory corruption. |
| 6.8 | 2008-04-25 | CVE-2008-1768 | Multiple integer overflows in VLC before 0.8.6f allow remote attackers to cause a denial of service (crash) via the (1) MP4 demuxer, (2) Real demuxer, and (3) Cinepak codec, which triggers a buffer overflow. |
| 7.5 | 2008-01-16 | CVE-2007-6682 | Format string vulnerability in the httpd_FileCallBack function (network/httpd.c) in VideoLAN VLC 0.8.6d allows remote attackers to execute arbitrary code via format string specifiers in the Connection parameter. |
| 7.5 | 2008-01-16 | CVE-2007-6681 | Stack-based buffer overflow in modules/demux/subtitle.c in VideoLAN VLC 0.8.6d allows remote attackers to execute arbitrary code via a long subtitle in a (1) MicroDvd, (2) SSA, and (3) Vplayer file. |
CWE : Common Weakness Enumeration
| % | id | Name |
|---|---|---|
| 60% (3) | CWE-119 | Failure to Constrain Operations within the Bounds of a Memory Buffer |
| 20% (1) | CWE-399 | Resource Management Errors |
| 20% (1) | CWE-264 | Permissions, Privileges, and Access Controls |
Open Source Vulnerability Database (OSVDB)
| id | Description |
|---|---|
| 45187 | VLC modules / plugins Subdirectory Search Path Subversion Local Privilege Esc... |
| 44718 | VLC Cinepak Codec Remote Overflow DoS |
| 44717 | VLC MP4 Demuxer Remote Overflow DoS |
| 44716 | VLC Real Demuxer Remote Overflow DoS |
| 44578 | VLC Crafted Cinepak File Memory Corruption DoS |
| 42208 | VLC Media Player network/httpd.c httpd_FileCallBack Function Connection Param... |
| 42207 | VLC Media Player modules/demux/subtitle.c Multiple File Format subtitle Handl... |
ExploitDB Exploits
| id | Description |
|---|---|
| 5667 | VLC 0.8.6d SSA Parsing Double Sh311 Universal Exploit |
| 5519 | VLC 0.8.6d - httpd_FileCallBack Remote Format String Exploit |
OpenVAS Exploits
| id | Description |
|---|---|
| 2009-06-23 | Name : Debian Security Advisory DSA 1819-1 (vlc) File : nvt/deb_1819_1.nasl |
| 2008-09-24 | Name : Gentoo Security Advisory GLSA 200803-13 (vlc) File : nvt/glsa_200803_13.nasl |
| 2008-09-24 | Name : Gentoo Security Advisory GLSA 200804-25 (vlc) File : nvt/glsa_200804_25.nasl |
| 2008-09-24 | Name : Gentoo Security Advisory GLSA 200807-13 (vlc) File : nvt/glsa_200807_13.nasl |
| 2008-04-21 | Name : Debian Security Advisory DSA 1543-1 (vlc) File : nvt/deb_1543_1.nasl |
Snort® IPS/IDS
| Date | Description |
|---|---|
| 2014-01-10 | VideoLAN vlc player subtitle buffer overflow attempt RuleID : 18744 - Type : FILE-MULTIMEDIA - Revision : 9 |
| 2014-01-10 | VLC player web interface format string attack RuleID : 18743 - Type : SERVER-WEBAPP - Revision : 8 |
Nessus® Vulnerability Scanner
| id | Description |
|---|---|
| 2016-03-14 | Name: The remote Gentoo host is missing one or more security-related patches. File: gentoo_GLSA-201603-08.nasl - Type: ACT_GATHER_INFO |
| 2014-10-22 | Name: The remote Windows host contains a media player that is affected by multiple ... File: vlc_2_1_5.nasl - Type: ACT_GATHER_INFO |
| 2009-06-19 | Name: The remote Debian host is missing a security-related update. File: debian_DSA-1819.nasl - Type: ACT_GATHER_INFO |
| 2008-08-01 | Name: The remote Gentoo host is missing one or more security-related patches. File: gentoo_GLSA-200807-13.nasl - Type: ACT_GATHER_INFO |
| 2008-04-25 | Name: The remote Gentoo host is missing one or more security-related patches. File: gentoo_GLSA-200804-25.nasl - Type: ACT_GATHER_INFO |
| 2008-04-17 | Name: The remote Debian host is missing a security-related update. File: debian_DSA-1543.nasl - Type: ACT_GATHER_INFO |
| 2008-04-11 | Name: The remote Windows host contains a media player that is affected by several v... File: vlc_0_8_6f.nasl - Type: ACT_GATHER_INFO |
| 2008-03-21 | Name: The remote VLC web server is affected by a format string vulnerability. File: vlc_0_8_6d_format_string.nasl - Type: ACT_DENIAL |
| 2008-03-13 | Name: The remote Gentoo host is missing one or more security-related patches. File: gentoo_GLSA-200803-13.nasl - Type: ACT_GATHER_INFO |
