Unrated severityNVD Advisory· Published Jul 10, 2013· Updated Apr 29, 2026

CVE-2013-1954

Description

The ASF Demuxer (modules/demux/asf/asf.c) in VideoLAN VLC media player 2.0.5 and earlier allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a crafted ASF movie that triggers an out-of-bounds read.

Affected products

VideoLAN/Vlc Media Player6 versions
cpe:2.3:a:videolan:vlc_media_player:*:*:*:*:*:*:*:*+ 5 more
- cpe:2.3:a:videolan:vlc_media_player:*:*:*:*:*:*:*:*range: <=2.0.5
- cpe:2.3:a:videolan:vlc_media_player:2.0.0:*:*:*:*:*:*:*
- cpe:2.3:a:videolan:vlc_media_player:2.0.1:*:*:*:*:*:*:*
- cpe:2.3:a:videolan:vlc_media_player:2.0.2:*:*:*:*:*:*:*
- cpe:2.3:a:videolan:vlc_media_player:2.0.3:*:*:*:*:*:*:*
- cpe:2.3:a:videolan:vlc_media_player:2.0.4:*:*:*:*:*:*:*

Patches

No patches discovered yet.

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

References

trac.videolan.org/vlc/ticket/8024nvdExploit
www.videolan.org/security/sa1302.htmlnvdVendor Advisory
git.videolan.orgnvd
marc.infonvd
marc.infonvd
secunia.com/advisories/59793nvd
www.osvdb.org/89598nvd
www.securityfocus.com/bid/57333nvd
oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A17023nvd

News mentions

No linked articles in our index yet.

cvss	0.000
epss	0.002
exploit	0.000
kev	0.000
patch	0.000
ransomware	0.000