The VLC media player contains a stack overflow vulnerability while parsing malformed TiVo ty media files. The vulnerability can be trivially exploited by a (remote) attacker to execute arbitrary code in the context of VLC media player. Versions 0.9.4 and below are affected.
3d082ad5cd82a028089e95d1402f60f67f5c3ffebc9cd1673006a937b81a57a7
Debian Linux Security Advisory 5707-1 - A buffer overflow was discovered in the MMS module of the VLC media player.
553c64480f66e1d6da6a0dbd03a9bb0004a704108cfb14edfd9dd82463652b90
Debian Linux Security Advisory 5545-1 - An out-of-bounds write was discovered in the MMS demuxer of the VLC media player.
010ec5f0cca9495963605bbb7a4b2141eb9631d1e783564351dc2b0eb76930fc
Debian Linux Security Advisory 5297-1 - A buffer overflow was discovered in the VNC module of the VLC media player, which could result in the execution of arbitrary code.
1932c3f067fe022922016500edfcf5a3b134777fbe512aa901a245195dd1b232
Debian Linux Security Advisory 5165-1 - Multiple vulnerabilities were discovered in the VLC media player, which could result in the execution of arbitrary code or denial of service if a malformed file is opened.
acbe2827ba78d8ac9d9f7d5e78354bc5989b137fc1096e6ef06d2674d2193273
Debian Linux Security Advisory 4834-1 - Multiple vulnerabilities were discovered in the VLC media player, which could result in the execution of arbitrary code or denial of service if a malformed media file is opened.
544bd3fed5024bcefffcb2650cfc527c9dd86b0bc5d1dfb373dfa244f6ba1f62
Debian Linux Security Advisory 4704-1 - A vulnerability was discovered in the VLC media player, which could result in the execution of arbitrary code or denial of service if a malformed video file is opened.
2a557cfcf78c7acd2ec602d5b2e752157487b49f0ffa224afb7182fe571f5b6f
Debian Linux Security Advisory 4671-1 - Multiple security issues were discovered in the microdns plugin of the VLC media player, which could result in denial of service or potentially the execution of arbitrary code via malicious mDNS packets.
ef9df0bd2be4dedf52d06e6a738551173e591d33d7bf4295bffdcb2548c9f31f
Debian Linux Security Advisory 4504-1 - Multiple security issues were discovered in the VLC media player, which could result in the execution of arbitrary code or denial of service if a malformed file/stream is processed.
7b878d2f2aec294af8e8fb3e4880add79989359126d95f4c961652a73bc866aa
Debian Linux Security Advisory 4459-1 - Multiple security issues were discovered in the VLC media player, which could result in the execution of arbitrary code or denial of service if a malformed file/stream is processed.
0db3a4b34d64ba82713dffc824475115a6d4b1aaff0aaee269eae97d07837d11
Debian Linux Security Advisory 4366-1 - An integer underflow was discovered in the CAF demuxer of the VLC media player.
9b42ce85dee113e384a4f72db80602919d10d2e2a92299845584d92550f98182
Debian Linux Security Advisory 4251-1 - A use-after-free was discovered in the MP4 demuxer of the VLC media player, which could result in the execution of arbitrary code if a malformed media file is played.
5253b4c31d0da0c19893d064e2ba6b3b47effeaa41bab133435beffacb724256
Debian Linux Security Advisory 4203-1 - Hans Jerry Illikainen discovered a type conversion vulnerability in the MP4 demuxer of the VLC media player, which could result in the execution of arbitrary code if a malformed media file is played.
1551e89b8993803da7f58d5c3f2ab720f8b71d5d221d8e6b3af8d252bf6dbd8a
Debian Linux Security Advisory 3598-1 - Patrick Coleman discovered that missing input sanitising in the ADPCM decoder of the VLC media player may result in the execution of arbitrary code if a malformed media file is opened.
ef6e9f7013612db842224145000258841e752a70d48a8576bf41b2598f2f91c5
Google Chrome is vulnerable to an out-of-bounds array indexing bug, caused by the improper handling of FTP PWD command server responses. By persuading a victim to visit a specially-crafted web site containing an iframe pointing to a malicious FTP server, a remote attacker could exploit this bug and cause the browser to crash. Versions 4.1.249.1042 (Build 42199) and below are affected. Proof of concept included.
46a3ad56ce252ccdbd6329ea06843f21e89e1fb198ea8f464ae783e4feff2e7f
Avast! versions 4.8 and 5.0 suffer from a aavmker4.sys kernel memory corruption vulnerability.
423e14acc68af28b36348077feb4ef7ada79727abeb0a3fa6fe5fcf347f9aa5c
The kernel of Oracle Solaris contains a vulnerability in the code that handles UCODE_GET_VERSION IOCTL requests. The vulnerability allows a local unprivileged user the ability to panic a Solaris x86 Intel-based system (32-bit/64-bit mode) due to a NULL pointer dereference. The ability to panic a system is a type of Denial of Service (DoS). The issue can be triggered by sending a specially crafted IOCTL request to the kernel.
a524a1ba9d5742e9a071414fff6dae55d1497bb58dc841e1c7577a689c3d653c
Proof of concept exploit for the VLC Media Player version 1.0.3 smb:// URI handling stack overflow vulnerability.
767d6f43bcd9f36c30425b5d2d15526afe7544a53c9dce0e06e4c05f44f0ea28
The iPhone OS AudioCodecs library contains a heap buffer overflow vulnerability while parsing maliciously crafted AAC or MP3 files. The vulnerability may be exploited by an attacker to execute arbitrary code in the context of an application using the vulnerable library. One attack vector are iPhone ringtones with malformed sample size table entries. It was successfully tested that iTunes uploads such malformed ringtones to the phone.
f5526418de98c9657cbd763047a324da3b927f706fa76dd4b3293e0a4a6b43d0
lidsndfile versions 1.0.19 and below and Winamp versions 5.552 and below suffer from a VOC processing heap buffer overflow vulnerability.
426f002e38e1c490a9f976a610dedb222d0edadadfe570535bcf5629995c0307
Xine-lib contains an integer overflow vulnerability while parsing malformed STTS atoms of Quicktime movie files. The vulnerability may be exploited by a (remote) attacker to execute arbitrary code in the context of an application using the xine library. Versions 1.1.16.2 and below are affected.
e630315f5a4f17bed6c30a6e60f105c698b76e14980eecb44cd918005fc63440
FFmpeg contains a type conversion vulnerability while parsing malformed 4X movie files. The vulnerability may be exploited by a (remote) attacker to execute arbitrary code in the context of FFmpeg or an application using the FFmpeg library.
fdcf90835a6517d5d2a479f58cb2df9924557def551619884e79cb3f547d6180
GStreamer gst-plugins-good versions below 0.10.12 suffer from heap overflow and array index out of bounds vulnerabilities.
ae5d5f7a93915193f6bbfe67a4de2d6d96a10f53637af659ba372970130ceede
Amarok contains several integer overflows and unchecked allocation vulnerabilities while parsing malformed audible digital audio files. The vulnerabilities may be exploited by a (remote) attacker to execute arbitrary code in the context of Amarok.
b94ef4ce7d1b2e477a85e81fe7d6abeaf756a2d58b5544818985f2c20cb90bb6
Sun Solaris suffers from an aio_suspend() kernel integer overflow vulnerability.
cf4e53dd00147f6634c2f3e122968aec17988d62f758b49a1e1ca73472516ca8
Sun Solaris suffers from a SIOCGTUNPARAM IOCTL kernel null pointer vulnerability.
a891f595f6f13435a2f5b8eb4f88c409b8f3d63c0a46587d1d8311e4fb22ed15