[{"data":1,"prerenderedAt":-1},["ShallowReactive",2],{"repo-stars":3,"vuln-MGASA-2015-0053":6},{"stargazers_count":4,"fetched_at":5},7,"2026-06-05T08:55:32.481Z",{"id":7,"descriptions":8,"cisa":9,"weaknesses":10,"exploits":11,"aliases":12,"duplicate_of":9,"upstream":13,"downstream":26,"duplicates":27,"related":28,"reserved_at":9,"published_at":35,"modified_at":36,"state":9,"summary":37,"references_raw":39,"kevs":64,"epss":9,"epss_history":65,"metrics":66,"affected":67},"MGASA-2015-0053","Updated vlc packages fix security vulnerabilities\n\nUpdated vlc packages fix security vulnerabilities:\n\nOn 32 bit builds, parsing of update status files with a size of 4294967295\nor more lead to an integer truncation caused by a cast to size_t in a call to\nmalloc and a subsequent buffer overflow. This happened prior to checking the\nfiles' signature (CVE-2014-9625).\n\nThe MP4 demuxer, when parsing string boxes, did not properly check the length\nof the box, leading to a possible integer underflow when using this length\nvalue in a call to memcpy(). This could allow remote attackers to cause a\ndenial of service (crash) or arbitrary code execution via crafted MP4 files\n(CVE-2014-9626).\n\nThe MP4 demuxer, when parsing string boxes, did not properly check that the\nconversion of the box length from 64bit integer to 32bit integer on 32bit\nplatforms did not cause a truncation, leading to a possible buffer overflow.\nThis could allow remote attackers to cause a denial of service (crash) or\narbitrary code execution via crafted MP4 files (CVE-2014-9627).\n\nThe MP4 demuxer, when parsing string boxes, did not properly check the length\nof the box, leading to a possible buffer overflow. This could allow remote\nattackers to cause a denial of service (crash) or arbitrary code execution\nvia crafted MP4 files (CVE-2014-9628).\n\nThe Dirac and Schroedinger encoders did not properly check for an integer\noverflow on 32bit platforms, leading to a possible buffer overflow. This\ncould allow remote attackers to cause a denial of service (crash) or\narbitrary code execution (CVE-2014-9629).\n\nWhen streaming ogg-files via rtp, an ogg-file can trigger an invalid memory\nwrite access using an overly long 'configuration' string, which causes an\nattempted stack allocation with an attacker-controlled size (CVE-2014-9630).\n",null,[],[],[],[14,16,18,20,22,24],{"_key":15},"CVE-2014-9625",{"_key":17},"CVE-2014-9626",{"_key":19},"CVE-2014-9627",{"_key":21},"CVE-2014-9628",{"_key":23},"CVE-2014-9629",{"_key":25},"CVE-2014-9630",[],[],[29,30,31,32,33,34],{"_key":15},{"_key":17},{"_key":19},{"_key":21},{"_key":23},{"_key":25},"2015-02-05T22:26:07Z","2026-04-16T06:26:10.654899444Z",{"cisa_kev":38,"cisa_ransomware":38,"cisa_vendor":9,"epss_severity":9,"epss_score":9,"severity":9,"severity_score":9,"severity_version":9,"severity_source":9,"severity_vector":9,"severity_status":9},false,[40,46,51,56,60],{"url":41,"sources":42,"tags":44},"https://advisories.mageia.org/MGASA-2015-0053.html",[43],"osv_mageia",[45],"Advisory",{"url":47,"sources":48,"tags":49},"https://bugs.mageia.org/show_bug.cgi?id=15195",[43],[50],"REPORT",{"url":52,"sources":53,"tags":54},"http://lists.opensuse.org/opensuse-updates/2015-02/msg00015.html",[43],[50,55],"WEB",{"url":57,"sources":58,"tags":59},"https://www.debian.org/security/2015/dsa-3150",[43],[50,55],{"url":61,"sources":62,"tags":63},"http://openwall.com/lists/oss-security/2015/01/20/11",[43],[50,55],[],[],[],[68],{"ecosystem":69,"name":70,"vendor":71,"product":70,"cpe_part":9,"purl_type":72,"purl_namespace":71,"purl_name":70,"source":9,"versions":73},"Mageia","vlc","mageia","rpm",[74,80],{"version":75,"is_range":76,"range_type":77,"version_start":9,"version_start_type":9,"version_end":78,"version_end_type":79,"fixed_in":9},"lt2_1_5_1_1_mga4",true,"ecosystem","2.1.5-1.1.mga4","excluding",{"version":81,"is_range":76,"range_type":77,"version_start":9,"version_start_type":9,"version_end":82,"version_end_type":79,"fixed_in":9},"lt2_1_5_1_1_mga4_tainted","2.1.5-1.1.mga4.tainted"]