rpm package
opensuse/vlc&distro=openSUSE Tumbleweed
pkg:rpm/opensuse/vlc&distro=openSUSE%20Tumbleweed
Vulnerabilities (30)
| CVE | Sev | CVSS | KEV | Affected versions | Fixed in | Published | Description |
|---|---|---|---|---|---|---|---|
| CVE-2023-5217 | — | KEV | < 3.0.19-1.1 | 3.0.19-1.1 | Sep 28, 2023 | Heap buffer overflow in vp8 encoding in libvpx in Google Chrome prior to 117.0.5938.132 and libvpx 1.13.1 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High) | |
| CVE-2022-41325 | — | < 3.0.18-4.1 | 3.0.18-4.1 | Dec 6, 2022 | An integer overflow in the VNC module in VideoLAN VLC Media Player through 3.0.17.4 allows attackers, by tricking a user into opening a crafted playlist or connecting to a rogue VNC server, to crash VLC or execute code under some conditions. | ||
| CVE-2022-37434 | — | < 3.0.19-1.1 | 3.0.19-1.1 | Aug 5, 2022 | zlib through 1.2.12 has a heap-based buffer over-read or buffer overflow in inflate in inflate.c via a large gzip header extra field. NOTE: only applications that call inflateGetHeader are affected. Some common applications bundle the affected zlib source code but may be unable t | ||
| CVE-2020-26664 | — | < 3.0.16-1.5 | 3.0.16-1.5 | Jan 8, 2021 | A vulnerability in EbmlTypeDispatcher::send in VideoLAN VLC media player 3.0.11 allows attackers to trigger a heap-based buffer overflow via a crafted .mkv file. | ||
| CVE-2020-0499 | — | < 3.0.17-1.1 | 3.0.17-1.1 | Dec 15, 2020 | In FLAC__bitreader_read_rice_signed_block of bitreader.c, there is a possible out of bounds read due to a heap buffer overflow. This could lead to remote information disclosure with no additional execution privileges needed. User interaction is needed for exploitation.Product: An | ||
| CVE-2020-13428 | — | < 3.0.16-1.5 | 3.0.16-1.5 | Jun 8, 2020 | A heap-based buffer overflow in the hxxx_AnnexB_to_xVC function in modules/packetizer/hxxx_nal.c in VideoLAN VLC media player before 3.0.11 for macOS/iOS allows remote attackers to cause a denial of service (application crash) or execute arbitrary code via a crafted H.264 Annex-B | ||
| CVE-2014-9625 | — | < 2.2.4-11.1 | 2.2.4-11.1 | Jan 24, 2020 | The GetUpdateFile function in misc/update.c in the Updater in VideoLAN VLC media player before 2.1.6 performs an incorrect cast operation from a 64-bit integer to a 32-bit integer, which allows remote attackers to conduct buffer overflow attacks and execute arbitrary code via a c | ||
| CVE-2019-14970 | — | < 3.0.16-1.5 | 3.0.16-1.5 | Aug 29, 2019 | A vulnerability in mkv::event_thread_t in VideoLAN VLC media player 3.0.7.1 allows remote attackers to trigger a heap-based buffer overflow via a crafted .mkv file. | ||
| CVE-2019-14777 | — | < 3.0.16-1.5 | 3.0.16-1.5 | Aug 29, 2019 | The Control function of demux/mkv/mkv.cpp in VideoLAN VLC media player 3.0.7.1 has a use-after-free. | ||
| CVE-2019-14776 | — | < 3.0.16-1.5 | 3.0.16-1.5 | Aug 29, 2019 | A heap-based buffer over-read exists in DemuxInit() in demux/asf/asf.c in VideoLAN VLC media player 3.0.7.1 via a crafted .mkv file. | ||
| CVE-2019-14533 | — | < 3.0.16-1.5 | 3.0.16-1.5 | Aug 29, 2019 | The Control function of demux/asf/asf.c in VideoLAN VLC media player 3.0.7.1 has a use-after-free. | ||
| CVE-2019-14534 | — | < 3.0.16-1.5 | 3.0.16-1.5 | Aug 29, 2019 | In VideoLAN VLC media player 3.0.7.1, there is a NULL pointer dereference at the function SeekPercent of demux/asf/asf.c that will lead to a denial of service attack. | ||
| CVE-2019-14535 | — | < 3.0.16-1.5 | 3.0.16-1.5 | Aug 29, 2019 | A divide-by-zero error exists in the SeekIndex function of demux/asf/asf.c in VideoLAN VLC media player 3.0.7.1. As a result, an FPE can be triggered via a crafted WMV file. | ||
| CVE-2019-14498 | — | < 3.0.16-1.5 | 3.0.16-1.5 | Aug 29, 2019 | A divide-by-zero error exists in the Control function of demux/caf.c in VideoLAN VLC media player 3.0.7.1. As a result, an FPE can be triggered via a crafted CAF file. | ||
| CVE-2019-14437 | — | < 3.0.16-1.5 | 3.0.16-1.5 | Aug 29, 2019 | The xiph_SplitHeaders function in modules/demux/xiph.h in VideoLAN VLC media player 3.0.7.1 does not check array bounds properly. As a result, a heap-based buffer over-read can be triggered via a crafted .ogg file. | ||
| CVE-2019-5460 | — | < 3.0.16-1.5 | 3.0.16-1.5 | Jul 30, 2019 | Double Free in VLC versions <= 3.0.6 leads to a crash. | ||
| CVE-2019-13962 | — | < 3.0.16-1.5 | 3.0.16-1.5 | Jul 18, 2019 | lavc_CopyPicture in modules/codec/avcodec/video.c in VideoLAN VLC media player through 3.0.7 has a heap-based buffer over-read because it does not properly validate the width and height. | ||
| CVE-2019-13602 | — | < 3.0.16-1.5 | 3.0.16-1.5 | Jul 14, 2019 | An Integer Underflow in MP4_EIA608_Convert() in modules/demux/mp4/mp4.c in VideoLAN VLC media player through 3.0.7.1 allows remote attackers to cause a denial of service (heap-based buffer overflow and crash) or possibly have unspecified other impact via a crafted .mp4 file. | ||
| CVE-2019-5439 | — | < 3.0.16-1.5 | 3.0.16-1.5 | Jun 13, 2019 | A Buffer Overflow in VLC Media Player < 3.0.7 causes a crash which can possibly be further developed into a remote code execution exploit. | ||
| CVE-2018-19857 | — | < 3.0.16-1.5 | 3.0.16-1.5 | Dec 5, 2018 | The CAF demuxer in modules/demux/caf.c in VideoLAN VLC media player 3.0.4 may read memory from an uninitialized pointer when processing magic cookies in CAF files, because a ReadKukiChunk() cast converts a return value to an unsigned int even if that value is negative. This could |
- affected < 3.0.19-1.1fixed 3.0.19-1.1
Heap buffer overflow in vp8 encoding in libvpx in Google Chrome prior to 117.0.5938.132 and libvpx 1.13.1 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)
- CVE-2022-41325Dec 6, 2022affected < 3.0.18-4.1fixed 3.0.18-4.1
An integer overflow in the VNC module in VideoLAN VLC Media Player through 3.0.17.4 allows attackers, by tricking a user into opening a crafted playlist or connecting to a rogue VNC server, to crash VLC or execute code under some conditions.
- CVE-2022-37434Aug 5, 2022affected < 3.0.19-1.1fixed 3.0.19-1.1
zlib through 1.2.12 has a heap-based buffer over-read or buffer overflow in inflate in inflate.c via a large gzip header extra field. NOTE: only applications that call inflateGetHeader are affected. Some common applications bundle the affected zlib source code but may be unable t
- CVE-2020-26664Jan 8, 2021affected < 3.0.16-1.5fixed 3.0.16-1.5
A vulnerability in EbmlTypeDispatcher::send in VideoLAN VLC media player 3.0.11 allows attackers to trigger a heap-based buffer overflow via a crafted .mkv file.
- CVE-2020-0499Dec 15, 2020affected < 3.0.17-1.1fixed 3.0.17-1.1
In FLAC__bitreader_read_rice_signed_block of bitreader.c, there is a possible out of bounds read due to a heap buffer overflow. This could lead to remote information disclosure with no additional execution privileges needed. User interaction is needed for exploitation.Product: An
- CVE-2020-13428Jun 8, 2020affected < 3.0.16-1.5fixed 3.0.16-1.5
A heap-based buffer overflow in the hxxx_AnnexB_to_xVC function in modules/packetizer/hxxx_nal.c in VideoLAN VLC media player before 3.0.11 for macOS/iOS allows remote attackers to cause a denial of service (application crash) or execute arbitrary code via a crafted H.264 Annex-B
- CVE-2014-9625Jan 24, 2020affected < 2.2.4-11.1fixed 2.2.4-11.1
The GetUpdateFile function in misc/update.c in the Updater in VideoLAN VLC media player before 2.1.6 performs an incorrect cast operation from a 64-bit integer to a 32-bit integer, which allows remote attackers to conduct buffer overflow attacks and execute arbitrary code via a c
- CVE-2019-14970Aug 29, 2019affected < 3.0.16-1.5fixed 3.0.16-1.5
A vulnerability in mkv::event_thread_t in VideoLAN VLC media player 3.0.7.1 allows remote attackers to trigger a heap-based buffer overflow via a crafted .mkv file.
- CVE-2019-14777Aug 29, 2019affected < 3.0.16-1.5fixed 3.0.16-1.5
The Control function of demux/mkv/mkv.cpp in VideoLAN VLC media player 3.0.7.1 has a use-after-free.
- CVE-2019-14776Aug 29, 2019affected < 3.0.16-1.5fixed 3.0.16-1.5
A heap-based buffer over-read exists in DemuxInit() in demux/asf/asf.c in VideoLAN VLC media player 3.0.7.1 via a crafted .mkv file.
- CVE-2019-14533Aug 29, 2019affected < 3.0.16-1.5fixed 3.0.16-1.5
The Control function of demux/asf/asf.c in VideoLAN VLC media player 3.0.7.1 has a use-after-free.
- CVE-2019-14534Aug 29, 2019affected < 3.0.16-1.5fixed 3.0.16-1.5
In VideoLAN VLC media player 3.0.7.1, there is a NULL pointer dereference at the function SeekPercent of demux/asf/asf.c that will lead to a denial of service attack.
- CVE-2019-14535Aug 29, 2019affected < 3.0.16-1.5fixed 3.0.16-1.5
A divide-by-zero error exists in the SeekIndex function of demux/asf/asf.c in VideoLAN VLC media player 3.0.7.1. As a result, an FPE can be triggered via a crafted WMV file.
- CVE-2019-14498Aug 29, 2019affected < 3.0.16-1.5fixed 3.0.16-1.5
A divide-by-zero error exists in the Control function of demux/caf.c in VideoLAN VLC media player 3.0.7.1. As a result, an FPE can be triggered via a crafted CAF file.
- CVE-2019-14437Aug 29, 2019affected < 3.0.16-1.5fixed 3.0.16-1.5
The xiph_SplitHeaders function in modules/demux/xiph.h in VideoLAN VLC media player 3.0.7.1 does not check array bounds properly. As a result, a heap-based buffer over-read can be triggered via a crafted .ogg file.
- CVE-2019-5460Jul 30, 2019affected < 3.0.16-1.5fixed 3.0.16-1.5
Double Free in VLC versions <= 3.0.6 leads to a crash.
- CVE-2019-13962Jul 18, 2019affected < 3.0.16-1.5fixed 3.0.16-1.5
lavc_CopyPicture in modules/codec/avcodec/video.c in VideoLAN VLC media player through 3.0.7 has a heap-based buffer over-read because it does not properly validate the width and height.
- CVE-2019-13602Jul 14, 2019affected < 3.0.16-1.5fixed 3.0.16-1.5
An Integer Underflow in MP4_EIA608_Convert() in modules/demux/mp4/mp4.c in VideoLAN VLC media player through 3.0.7.1 allows remote attackers to cause a denial of service (heap-based buffer overflow and crash) or possibly have unspecified other impact via a crafted .mp4 file.
- CVE-2019-5439Jun 13, 2019affected < 3.0.16-1.5fixed 3.0.16-1.5
A Buffer Overflow in VLC Media Player < 3.0.7 causes a crash which can possibly be further developed into a remote code execution exploit.
- CVE-2018-19857Dec 5, 2018affected < 3.0.16-1.5fixed 3.0.16-1.5
The CAF demuxer in modules/demux/caf.c in VideoLAN VLC media player 3.0.4 may read memory from an uninitialized pointer when processing magic cookies in CAF files, because a ReadKukiChunk() cast converts a return value to an unsigned int even if that value is negative. This could
Page 1 of 2