Vulnerabilities > Videolan > Medium
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2008-01-17 | CVE-2007-6683 | Unspecified vulnerability in Videolan VLC 0.8.6D The browser plugin in VideoLAN VLC 0.8.6d allows remote attackers to overwrite arbitrary files via (1) the :demuxdump-file option in a filename in a playlist, or (2) a EXTVLCOPT statement in an MP3 file, possibly an argument injection vulnerability. | 5.0 |
| 2007-12-06 | CVE-2007-6262 | Buffer Errors vulnerability in Videolan VLC Media Player 0.8.6/0.8.6A/0.8.6B A certain ActiveX control in axvlc.dll in VideoLAN VLC 0.8.6 before 0.8.6d allows remote attackers to execute arbitrary code via crafted arguments to the (1) addTarget, (2) getVariable, or (3) setVariable function, resulting from a "bad initialized pointer," aka a "recursive plugin release vulnerability." | 6.8 |
| 2007-01-03 | CVE-2007-0017 | USE of Externally-Controlled Format String vulnerability in Videolan VLC Media Player Multiple format string vulnerabilities in (1) the cdio_log_handler function in modules/access/cdda/access.c in the CDDA (libcdda_plugin) plugin, and the (2) cdio_log_handler and (3) vcd_log_handler functions in modules/access/vcdx/access.c in the VCDX (libvcdx_plugin) plugin, in VideoLAN VLC 0.7.0 through 0.8.6 allow user-assisted remote attackers to execute arbitrary code via format string specifiers in an invalid URI, as demonstrated by a udp://-- URI in an M3U file. | 6.8 |