rpm package
opensuse/vlc&distro=openSUSE Tumbleweed
pkg:rpm/opensuse/vlc&distro=openSUSE%20Tumbleweed
Vulnerabilities (30)
| CVE | Sev | CVSS | KEV | Affected versions | Fixed in | Published | Description |
|---|---|---|---|---|---|---|---|
| CVE-2017-10699 | Cri | 9.8 | < 3.0.16-1.5 | 3.0.16-1.5 | Jun 30, 2017 | avcodec 2.2.x, as used in VideoLAN VLC media player 2.2.7-x before 2017-06-29, allows out-of-bounds heap memory write due to calling memcpy() with a wrong size, leading to a denial of service (application crash) or possibly code execution. | |
| CVE-2017-9300 | Hig | 7.8 | < 3.0.16-1.5 | 3.0.16-1.5 | May 29, 2017 | plugins\codec\libflac_plugin.dll in VideoLAN VLC media player 2.2.4 allows remote attackers to cause a denial of service (heap corruption and application crash) or possibly have unspecified other impact via a crafted FLAC file. | |
| CVE-2016-5108 | Cri | 9.8 | < 2.2.4-11.1 | 2.2.4-11.1 | Jun 8, 2016 | Buffer overflow in the DecodeAdpcmImaQT function in modules/codec/adpcm.c in VideoLAN VLC media player before 2.2.4 allows remote attackers to cause a denial of service (crash) or possibly execute arbitrary code via a crafted QuickTime IMA file. | |
| CVE-2015-7981 | — | < 2.2.4-11.1 | 2.2.4-11.1 | Nov 24, 2015 | The png_convert_to_rfc1123 function in png.c in libpng 1.0.x before 1.0.64, 1.2.x before 1.2.54, and 1.4.x before 1.4.17 allows remote attackers to obtain sensitive process memory information via crafted tIME chunk data in an image file, which triggers an out-of-bounds read. | ||
| CVE-2015-8126 | — | < 2.2.4-11.1 | 2.2.4-11.1 | Nov 13, 2015 | Multiple buffer overflows in the (1) png_set_PLTE and (2) png_get_PLTE functions in libpng before 1.0.64, 1.1.x and 1.2.x before 1.2.54, 1.3.x and 1.4.x before 1.4.17, 1.5.x before 1.5.24, and 1.6.x before 1.6.19 allow remote attackers to cause a denial of service (application cr | ||
| CVE-2015-5949 | — | < 2.2.4-11.1 | 2.2.4-11.1 | Aug 25, 2015 | VideoLAN VLC media player 2.2.1 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a crafted 3GP file, which triggers the freeing of arbitrary pointers. | ||
| CVE-2011-2588 | — | < 2.2.4-11.1 | 2.2.4-11.1 | Jul 27, 2011 | Heap-based buffer overflow in the AVI_ChunkRead_strf function in libavi.c in the AVI demuxer in VideoLAN VLC media player before 1.1.11 allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a crafted AVI media file. | ||
| CVE-2011-2587 | — | < 2.2.4-11.1 | 2.2.4-11.1 | Jul 27, 2011 | Heap-based buffer overflow in the DemuxAudioSipr function in real.c in the RealMedia demuxer in VideoLAN VLC media player 1.1.x before 1.1.11 allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a crafted Real Media file. | ||
| CVE-2010-3907 | — | < 2.2.4-11.1 | 2.2.4-11.1 | Jan 3, 2011 | Multiple integer overflows in real.c in the Real demuxer plugin in VideoLAN VLC Media Player before 1.1.6 allow remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a zero i_subpackets value in a Real Media file, leading to a he | ||
| CVE-2010-2937 | — | < 2.2.4-11.1 | 2.2.4-11.1 | Aug 20, 2010 | The ReadMetaFromId3v2 function in taglib.cpp in the TagLib plugin in VideoLAN VLC media player 0.9.0 through 1.1.2 does not properly process ID3v2 tags, which allows remote attackers to cause a denial of service (application crash) via a crafted media file. |
- affected < 3.0.16-1.5fixed 3.0.16-1.5
avcodec 2.2.x, as used in VideoLAN VLC media player 2.2.7-x before 2017-06-29, allows out-of-bounds heap memory write due to calling memcpy() with a wrong size, leading to a denial of service (application crash) or possibly code execution.
- affected < 3.0.16-1.5fixed 3.0.16-1.5
plugins\codec\libflac_plugin.dll in VideoLAN VLC media player 2.2.4 allows remote attackers to cause a denial of service (heap corruption and application crash) or possibly have unspecified other impact via a crafted FLAC file.
- affected < 2.2.4-11.1fixed 2.2.4-11.1
Buffer overflow in the DecodeAdpcmImaQT function in modules/codec/adpcm.c in VideoLAN VLC media player before 2.2.4 allows remote attackers to cause a denial of service (crash) or possibly execute arbitrary code via a crafted QuickTime IMA file.
- CVE-2015-7981Nov 24, 2015affected < 2.2.4-11.1fixed 2.2.4-11.1
The png_convert_to_rfc1123 function in png.c in libpng 1.0.x before 1.0.64, 1.2.x before 1.2.54, and 1.4.x before 1.4.17 allows remote attackers to obtain sensitive process memory information via crafted tIME chunk data in an image file, which triggers an out-of-bounds read.
- CVE-2015-8126Nov 13, 2015affected < 2.2.4-11.1fixed 2.2.4-11.1
Multiple buffer overflows in the (1) png_set_PLTE and (2) png_get_PLTE functions in libpng before 1.0.64, 1.1.x and 1.2.x before 1.2.54, 1.3.x and 1.4.x before 1.4.17, 1.5.x before 1.5.24, and 1.6.x before 1.6.19 allow remote attackers to cause a denial of service (application cr
- CVE-2015-5949Aug 25, 2015affected < 2.2.4-11.1fixed 2.2.4-11.1
VideoLAN VLC media player 2.2.1 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a crafted 3GP file, which triggers the freeing of arbitrary pointers.
- CVE-2011-2588Jul 27, 2011affected < 2.2.4-11.1fixed 2.2.4-11.1
Heap-based buffer overflow in the AVI_ChunkRead_strf function in libavi.c in the AVI demuxer in VideoLAN VLC media player before 1.1.11 allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a crafted AVI media file.
- CVE-2011-2587Jul 27, 2011affected < 2.2.4-11.1fixed 2.2.4-11.1
Heap-based buffer overflow in the DemuxAudioSipr function in real.c in the RealMedia demuxer in VideoLAN VLC media player 1.1.x before 1.1.11 allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a crafted Real Media file.
- CVE-2010-3907Jan 3, 2011affected < 2.2.4-11.1fixed 2.2.4-11.1
Multiple integer overflows in real.c in the Real demuxer plugin in VideoLAN VLC Media Player before 1.1.6 allow remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a zero i_subpackets value in a Real Media file, leading to a he
- CVE-2010-2937Aug 20, 2010affected < 2.2.4-11.1fixed 2.2.4-11.1
The ReadMetaFromId3v2 function in taglib.cpp in the TagLib plugin in VideoLAN VLC media player 0.9.0 through 1.1.2 does not properly process ID3v2 tags, which allows remote attackers to cause a denial of service (application crash) via a crafted media file.
Page 2 of 2