Skip to main content

Vlc Media Player CVE-2013-1868

CRITICAL
Buffer Overflow (CWE-119)
2013-07-10 secalert@redhat.com
9.3
CVSS 2.0 · NVD
Share

Severity by source

NVD PRIMARY
9.3 CRITICAL
AV:N/AC:M/Au:N/C:C/I:C/A:C

Primary rating from NVD · only source for this CVE.

CVSS VectorNVD

AV:N/AC:M/Au:N/C:C/I:C/A:C
Attack Vector
Network
Attack Complexity
M
Confidentiality
C
Integrity
C
Availability
C

Lifecycle Timeline

1
CVE Published
Jul 10, 2013 - 19:55 cve.org
CRITICAL 9.3

DescriptionCVE.org

Multiple buffer overflows in VideoLAN VLC media player 2.0.4 and earlier allow remote attackers to cause a denial of service (crash) and execute arbitrary code via vectors related to the (1) freetype renderer and (2) HTML subtitle parser.

AnalysisAI

Multiple buffer overflows in VideoLAN VLC media player 2.0.4 and earlier allow remote attackers to cause a denial of service (crash) and execute arbitrary code via vectors related to the (1) freetype. Rated critical severity (CVSS 9.3), this vulnerability is remotely exploitable. Public exploit code available and EPSS exploitation probability 50.7%.

Technical ContextAI

This vulnerability is classified as Buffer Overflow (CWE-119), which allows attackers to corrupt memory to execute arbitrary code or crash the application. Multiple buffer overflows in VideoLAN VLC media player 2.0.4 and earlier allow remote attackers to cause a denial of service (crash) and execute arbitrary code via vectors related to the (1) freetype renderer and (2) HTML subtitle parser. Affected products include: Videolan Vlc Media Player.

RemediationAI

No vendor patch is available at time of analysis. Monitor vendor advisories for updates. Use memory-safe languages or bounds-checking. Enable ASLR, DEP/NX, stack canaries. Use safe string functions.

CVE-2012-1775 CRITICAL POC
9.3 Mar 19

Stack-based buffer overflow in VideoLAN VLC media player before 2.0.1 allows remote attackers to execute arbitrary code

CVE-2016-5108 CRITICAL POC
9.8 Jun 08

Buffer overflow in the DecodeAdpcmImaQT function in modules/codec/adpcm.c in VideoLAN VLC media player before 2.2.4 allo

CVE-2023-47359 CRITICAL POC
9.8 Nov 07

Videolan VLC prior to version 3.0.20 contains an incorrect offset read that leads to a Heap-Based Buffer Overflow in fun

CVE-2017-8311 HIGH POC
7.8 May 23

Potential heap based buffer overflow in ParseJSS in VideoLAN VLC before 2.2.5 due to skipping NULL terminator in an inpu

CVE-2017-17670 HIGH POC
8.8 Dec 15

In VideoLAN VLC media player through 2.2.8, there is a type conversion vulnerability in modules/demux/mp4/libmp4.c in th

CVE-2018-11529 HIGH POC
8.0 Jul 11

VideoLAN VLC media player 2.2.x is prone to a use after free vulnerability which an attacker can leverage to execute arb

CVE-2014-9598 MEDIUM POC
6.8 Jan 21

The picture_Release function in misc/picture.c in VideoLAN VLC media player 2.1.5 allows remote attackers to execute arb

CVE-2017-9301 HIGH POC
7.8 May 29

plugins\audio_filter\libmpgatofixed32_plugin.dll in VideoLAN VLC media player 2.2.4 allows remote attackers to cause a d

CVE-2017-9300 HIGH POC
7.8 May 29

plugins\codec\libflac_plugin.dll in VideoLAN VLC media player 2.2.4 allows remote attackers to cause a denial of service

CVE-2019-13962 CRITICAL POC
9.8 Jul 18

lavc_CopyPicture in modules/codec/avcodec/video.c in VideoLAN VLC media player through 3.0.7 has a heap-based buffer ove

CVE-2023-47360 HIGH POC
7.5 Nov 07

Videolan VLC prior to version 3.0.20 contains an Integer underflow that leads to an incorrect packet length. Rated high

CVE-2013-6283 HIGH POC
7.5 Oct 25

VideoLAN VLC Media Player 2.0.8 and earlier allows remote attackers to cause a denial of service (crash) and possibly ex

Share

CVE-2013-1868 vulnerability details – vuln.today

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy