VYPR

Vlc

by VideoLAN

Source repositories

CVEs (22)

  • CVE-2023-47359CriNov 7, 2023
    risk 0.64cvss 9.8epss 0.01

    Videolan VLC prior to version 3.0.20 contains an incorrect offset read that leads to a Heap-Based Buffer Overflow in function GetPacket() and results in a memory corruption.

  • CVE-2014-6440CriMar 28, 2017
    risk 0.64cvss 9.8epss 0.05

    VideoLAN VLC media player before 2.1.5 allows remote attackers to execute arbitrary code or cause a denial of service.

  • CVE-2017-8311HigMay 23, 2017
    risk 0.54cvss 7.8epss 0.09

    Potential heap based buffer overflow in ParseJSS in VideoLAN VLC before 2.2.5 due to skipping NULL terminator in an input string allows attackers to execute arbitrary code via a crafted subtitles file.

  • CVE-2023-47360HigNov 7, 2023
    risk 0.49cvss 7.5epss 0.01

    Videolan VLC prior to version 3.0.20 contains an Integer underflow that leads to an incorrect packet length.

  • CVE-2017-8313MedMay 23, 2017
    risk 0.36cvss 5.5epss 0.01

    Heap out-of-bound read in ParseJSS in VideoLAN VLC before 2.2.5 due to missing check of string termination allows attackers to read data beyond allocated memory and potentially crash the process via a crafted subtitles file.

  • CVE-2017-8312MedMay 23, 2017
    risk 0.36cvss 5.5epss 0.01

    Heap out-of-bound read in ParseJSS in VideoLAN VLC due to missing check of string length allows attackers to read heap uninitialized data via a crafted subtitles file.

  • CVE-2017-8310MedMay 23, 2017
    risk 0.36cvss 5.5epss 0.01

    Heap out-of-bound read in CreateHtmlSubtitle in VideoLAN VLC 2.2.x due to missing check of string termination allows attackers to read data beyond allocated memory and potentially crash the process (causing a denial of service) via a crafted subtitles file.

  • CVE-2008-5036Nov 10, 2008
    risk 0.06cvss epss 0.41

    Stack-based buffer overflow in VideoLAN VLC media player 0.9.x before 0.9.6 might allow user-assisted attackers to execute arbitrary code via an an invalid RealText (rt) subtitle file, related to the ParseRealText function in modules/demux/subtitle.c. NOTE: this issue was SPLIT…

  • CVE-2009-1045Mar 23, 2009
    risk 0.04cvss epss 0.09

    requests/status.xml in VLC 0.9.8a allows remote attackers to cause a denial of service (stack consumption and crash) via a long input argument in an in_play action.

  • CVE-2008-1769Apr 25, 2008
    risk 0.04cvss epss 0.07

    VLC before 0.8.6f allow remote attackers to cause a denial of service (crash) via a crafted Cinepak file that triggers an out-of-bounds array access and memory corruption.

  • CVE-2008-1881Apr 17, 2008
    risk 0.04cvss epss 0.12

    Stack-based buffer overflow in the ParseSSA function (modules/demux/subtitle.c) in VLC 0.8.6e allows remote attackers to execute arbitrary code via a long subtitle in an SSA file. NOTE: this issue is due to an incomplete fix for CVE-2007-6681.

  • CVE-2008-1489Mar 25, 2008
    risk 0.04cvss epss 0.12

    Integer overflow in the MP4_ReadBox_rdrf function in libmp4.c for VLC 0.8.6e allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a crafted MP4 RDRF box that triggers a heap-based buffer overflow, a different vulnerability than…

  • CVE-2007-6682Jan 17, 2008
    risk 0.04cvss epss 0.15

    Format string vulnerability in the httpd_FileCallBack function (network/httpd.c) in VideoLAN VLC 0.8.6d allows remote attackers to execute arbitrary code via format string specifiers in the Connection parameter.

  • CVE-2007-6681Jan 17, 2008
    risk 0.04cvss epss 0.17

    Stack-based buffer overflow in modules/demux/subtitle.c in VideoLAN VLC 0.8.6d allows remote attackers to execute arbitrary code via a long subtitle in a (1) MicroDvd, (2) SSA, and (3) Vplayer file.

  • CVE-2007-6262Dec 6, 2007
    risk 0.04cvss epss 0.11

    A certain ActiveX control in axvlc.dll in VideoLAN VLC 0.8.6 before 0.8.6d allows remote attackers to execute arbitrary code via crafted arguments to the (1) addTarget, (2) getVariable, or (3) setVariable function, resulting from a "bad initialized pointer," aka a "recursive…

  • CVE-2007-0256Jan 16, 2007
    risk 0.04cvss epss 0.12

    VideoLAN VLC 0.8.6a allows remote attackers to cause a denial of service (application crash) via a crafted .wmv file.

  • CVE-2007-0017Jan 3, 2007
    risk 0.04cvss epss 0.12

    Multiple format string vulnerabilities in (1) the cdio_log_handler function in modules/access/cdda/access.c in the CDDA (libcdda_plugin) plugin, and the (2) cdio_log_handler and (3) vcd_log_handler functions in modules/access/vcdx/access.c in the VCDX (libvcdx_plugin) plugin, in…

  • CVE-2019-5460Jul 30, 2019
    risk 0.00cvss epss 0.03

    Double Free in VLC versions <= 3.0.6 leads to a crash.

  • CVE-2008-2147May 12, 2008
    risk 0.00cvss epss 0.00

    Untrusted search path vulnerability in VideoLAN VLC before 0.9.0 allows local users to execute arbitrary code via a malicious library under the modules/ or plugins/ subdirectories of the current working directory.

  • CVE-2008-1768Apr 25, 2008
    risk 0.00cvss epss 0.03

    Multiple integer overflows in VLC before 0.8.6f allow remote attackers to cause a denial of service (crash) via the (1) MP4 demuxer, (2) Real demuxer, and (3) Cinepak codec, which triggers a buffer overflow.

Page 1 of 2