FreshPorts - VuXML

This page displays vulnerability information about FreeBSD Ports.

The VUXML data was last processed by FreshPorts on 2024-04-24 21:00:48 UTC

List all Vulnerabilities, by package

List all Vulnerabilities, by date

k68

These are the vulnerabilities relating to the commit you have selected:

VuXML IDDescription
6d402857-2fba-11e6-9f31-5404a68ad561VLC -- Possibly remote code execution via crafted file

The VLC project reports:

Fix out-of-bound write in adpcm QT IMA codec (CVE-2016-5108)


Discovery 2016-05-25
Entry 2016-06-11
vlc
< 2.2.4,4

vlc-qt4
< 2.2.4,4

CVE-2016-5108
dc57ad48-ecbb-439b-a4d0-5869be47684evlc -- Use after free vulnerability

Mitre reports:

VideoLAN VLC media player 2.2.x is prone to a use after free vulnerability which an attacker can leverage to execute arbitrary code via crafted MKV files. Failed exploit attempts will likely result in denial of service conditions.


Discovery 2018-06-06
Entry 2018-07-21
vlc
le 2.2.8_6,4

vlc-qt4
le 2.2.8_6,4

CVE-2018-11529
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-11529
http://seclists.org/fulldisclosure/2018/Jul/28
https://github.com/rapid7/metasploit-framework/pull/10335
https://github.com/videolan/vlc-3.0/commit/c472668ff873cfe29281822b4548715fb7bb0368
https://github.com/videolan/vlc-3.0/commit/d2dadb37e7acc25ae08df71e563855d6e17b5b42
ec6aeb8e-41e4-11e7-aa00-5404a68ad561vlc -- remote code execution via crafted subtitles

Check Point research team reports:

Remote code execution via crafted subtitles


Discovery 2017-05-23
Entry 2017-05-26
vlc
< 2.2.6,4

vlc-qt4
< 2.2.6,4

http://blog.checkpoint.com/2017/05/23/hacked-in-translation/