FreshPorts - VuXML

This page displays vulnerability information about FreeBSD Ports.

The VUXML data was last processed by FreshPorts on 2024-11-19 19:12:13 UTC

List all Vulnerabilities, by package

List all Vulnerabilities, by date

k68

These are the vulnerabilities relating to the commit you have selected:

VuXML IDDescription
dc57ad48-ecbb-439b-a4d0-5869be47684evlc -- Use after free vulnerability

Mitre reports:

VideoLAN VLC media player 2.2.x is prone to a use after free vulnerability which an attacker can leverage to execute arbitrary code via crafted MKV files. Failed exploit attempts will likely result in denial of service conditions.


Discovery 2018-06-06
Entry 2018-07-21
vlc
<= 2.2.8_6,4

vlc-qt4
<= 2.2.8_6,4

CVE-2018-11529
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-11529
http://seclists.org/fulldisclosure/2018/Jul/28
https://github.com/rapid7/metasploit-framework/pull/10335
https://github.com/videolan/vlc-3.0/commit/c472668ff873cfe29281822b4548715fb7bb0368
https://github.com/videolan/vlc-3.0/commit/d2dadb37e7acc25ae08df71e563855d6e17b5b42
ec6aeb8e-41e4-11e7-aa00-5404a68ad561vlc -- remote code execution via crafted subtitles

Check Point research team reports:

Remote code execution via crafted subtitles


Discovery 2017-05-23
Entry 2017-05-26
vlc
< 2.2.6,4

vlc-qt4
< 2.2.6,4

http://blog.checkpoint.com/2017/05/23/hacked-in-translation/