Vlc
by VideoLAN
Source repositories
CVEs (22)
| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2023-47359 | Cri | 0.64 | 9.8 | 0.01 | Nov 7, 2023 | Videolan VLC prior to version 3.0.20 contains an incorrect offset read that leads to a Heap-Based Buffer Overflow in function GetPacket() and results in a memory corruption. | ||
| CVE-2014-6440 | Cri | 0.64 | 9.8 | 0.05 | Mar 28, 2017 | VideoLAN VLC media player before 2.1.5 allows remote attackers to execute arbitrary code or cause a denial of service. | ||
| CVE-2017-8311 | Hig | 0.54 | 7.8 | 0.09 | May 23, 2017 | Potential heap based buffer overflow in ParseJSS in VideoLAN VLC before 2.2.5 due to skipping NULL terminator in an input string allows attackers to execute arbitrary code via a crafted subtitles file. | ||
| CVE-2023-47360 | Hig | 0.49 | 7.5 | 0.01 | Nov 7, 2023 | Videolan VLC prior to version 3.0.20 contains an Integer underflow that leads to an incorrect packet length. | ||
| CVE-2017-8313 | Med | 0.36 | 5.5 | 0.01 | May 23, 2017 | Heap out-of-bound read in ParseJSS in VideoLAN VLC before 2.2.5 due to missing check of string termination allows attackers to read data beyond allocated memory and potentially crash the process via a crafted subtitles file. | ||
| CVE-2017-8312 | Med | 0.36 | 5.5 | 0.01 | May 23, 2017 | Heap out-of-bound read in ParseJSS in VideoLAN VLC due to missing check of string length allows attackers to read heap uninitialized data via a crafted subtitles file. | ||
| CVE-2017-8310 | Med | 0.36 | 5.5 | 0.01 | May 23, 2017 | Heap out-of-bound read in CreateHtmlSubtitle in VideoLAN VLC 2.2.x due to missing check of string termination allows attackers to read data beyond allocated memory and potentially crash the process (causing a denial of service) via a crafted subtitles file. | ||
| CVE-2008-5036 | 0.06 | — | 0.41 | Nov 10, 2008 | Stack-based buffer overflow in VideoLAN VLC media player 0.9.x before 0.9.6 might allow user-assisted attackers to execute arbitrary code via an an invalid RealText (rt) subtitle file, related to the ParseRealText function in modules/demux/subtitle.c. NOTE: this issue was SPLIT… | |||
| CVE-2009-1045 | 0.04 | — | 0.09 | Mar 23, 2009 | requests/status.xml in VLC 0.9.8a allows remote attackers to cause a denial of service (stack consumption and crash) via a long input argument in an in_play action. | |||
| CVE-2008-1769 | 0.04 | — | 0.07 | Apr 25, 2008 | VLC before 0.8.6f allow remote attackers to cause a denial of service (crash) via a crafted Cinepak file that triggers an out-of-bounds array access and memory corruption. | |||
| CVE-2008-1881 | 0.04 | — | 0.12 | Apr 17, 2008 | Stack-based buffer overflow in the ParseSSA function (modules/demux/subtitle.c) in VLC 0.8.6e allows remote attackers to execute arbitrary code via a long subtitle in an SSA file. NOTE: this issue is due to an incomplete fix for CVE-2007-6681. | |||
| CVE-2008-1489 | 0.04 | — | 0.12 | Mar 25, 2008 | Integer overflow in the MP4_ReadBox_rdrf function in libmp4.c for VLC 0.8.6e allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a crafted MP4 RDRF box that triggers a heap-based buffer overflow, a different vulnerability than… | |||
| CVE-2007-6682 | 0.04 | — | 0.15 | Jan 17, 2008 | Format string vulnerability in the httpd_FileCallBack function (network/httpd.c) in VideoLAN VLC 0.8.6d allows remote attackers to execute arbitrary code via format string specifiers in the Connection parameter. | |||
| CVE-2007-6681 | 0.04 | — | 0.17 | Jan 17, 2008 | Stack-based buffer overflow in modules/demux/subtitle.c in VideoLAN VLC 0.8.6d allows remote attackers to execute arbitrary code via a long subtitle in a (1) MicroDvd, (2) SSA, and (3) Vplayer file. | |||
| CVE-2007-6262 | 0.04 | — | 0.11 | Dec 6, 2007 | A certain ActiveX control in axvlc.dll in VideoLAN VLC 0.8.6 before 0.8.6d allows remote attackers to execute arbitrary code via crafted arguments to the (1) addTarget, (2) getVariable, or (3) setVariable function, resulting from a "bad initialized pointer," aka a "recursive… | |||
| CVE-2007-0256 | 0.04 | — | 0.12 | Jan 16, 2007 | VideoLAN VLC 0.8.6a allows remote attackers to cause a denial of service (application crash) via a crafted .wmv file. | |||
| CVE-2007-0017 | 0.04 | — | 0.12 | Jan 3, 2007 | Multiple format string vulnerabilities in (1) the cdio_log_handler function in modules/access/cdda/access.c in the CDDA (libcdda_plugin) plugin, and the (2) cdio_log_handler and (3) vcd_log_handler functions in modules/access/vcdx/access.c in the VCDX (libvcdx_plugin) plugin, in… | |||
| CVE-2019-5460 | 0.00 | — | 0.03 | Jul 30, 2019 | Double Free in VLC versions <= 3.0.6 leads to a crash. | |||
| CVE-2008-2147 | 0.00 | — | 0.00 | May 12, 2008 | Untrusted search path vulnerability in VideoLAN VLC before 0.9.0 allows local users to execute arbitrary code via a malicious library under the modules/ or plugins/ subdirectories of the current working directory. | |||
| CVE-2008-1768 | 0.00 | — | 0.03 | Apr 25, 2008 | Multiple integer overflows in VLC before 0.8.6f allow remote attackers to cause a denial of service (crash) via the (1) MP4 demuxer, (2) Real demuxer, and (3) Cinepak codec, which triggers a buffer overflow. |
- risk 0.64cvss 9.8epss 0.01
Videolan VLC prior to version 3.0.20 contains an incorrect offset read that leads to a Heap-Based Buffer Overflow in function GetPacket() and results in a memory corruption.
- risk 0.64cvss 9.8epss 0.05
VideoLAN VLC media player before 2.1.5 allows remote attackers to execute arbitrary code or cause a denial of service.
- risk 0.54cvss 7.8epss 0.09
Potential heap based buffer overflow in ParseJSS in VideoLAN VLC before 2.2.5 due to skipping NULL terminator in an input string allows attackers to execute arbitrary code via a crafted subtitles file.
- risk 0.49cvss 7.5epss 0.01
Videolan VLC prior to version 3.0.20 contains an Integer underflow that leads to an incorrect packet length.
- risk 0.36cvss 5.5epss 0.01
Heap out-of-bound read in ParseJSS in VideoLAN VLC before 2.2.5 due to missing check of string termination allows attackers to read data beyond allocated memory and potentially crash the process via a crafted subtitles file.
- risk 0.36cvss 5.5epss 0.01
Heap out-of-bound read in ParseJSS in VideoLAN VLC due to missing check of string length allows attackers to read heap uninitialized data via a crafted subtitles file.
- risk 0.36cvss 5.5epss 0.01
Heap out-of-bound read in CreateHtmlSubtitle in VideoLAN VLC 2.2.x due to missing check of string termination allows attackers to read data beyond allocated memory and potentially crash the process (causing a denial of service) via a crafted subtitles file.
- CVE-2008-5036Nov 10, 2008risk 0.06cvss —epss 0.41
Stack-based buffer overflow in VideoLAN VLC media player 0.9.x before 0.9.6 might allow user-assisted attackers to execute arbitrary code via an an invalid RealText (rt) subtitle file, related to the ParseRealText function in modules/demux/subtitle.c. NOTE: this issue was SPLIT…
- CVE-2009-1045Mar 23, 2009risk 0.04cvss —epss 0.09
requests/status.xml in VLC 0.9.8a allows remote attackers to cause a denial of service (stack consumption and crash) via a long input argument in an in_play action.
- CVE-2008-1769Apr 25, 2008risk 0.04cvss —epss 0.07
VLC before 0.8.6f allow remote attackers to cause a denial of service (crash) via a crafted Cinepak file that triggers an out-of-bounds array access and memory corruption.
- CVE-2008-1881Apr 17, 2008risk 0.04cvss —epss 0.12
Stack-based buffer overflow in the ParseSSA function (modules/demux/subtitle.c) in VLC 0.8.6e allows remote attackers to execute arbitrary code via a long subtitle in an SSA file. NOTE: this issue is due to an incomplete fix for CVE-2007-6681.
- CVE-2008-1489Mar 25, 2008risk 0.04cvss —epss 0.12
Integer overflow in the MP4_ReadBox_rdrf function in libmp4.c for VLC 0.8.6e allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a crafted MP4 RDRF box that triggers a heap-based buffer overflow, a different vulnerability than…
- CVE-2007-6682Jan 17, 2008risk 0.04cvss —epss 0.15
Format string vulnerability in the httpd_FileCallBack function (network/httpd.c) in VideoLAN VLC 0.8.6d allows remote attackers to execute arbitrary code via format string specifiers in the Connection parameter.
- CVE-2007-6681Jan 17, 2008risk 0.04cvss —epss 0.17
Stack-based buffer overflow in modules/demux/subtitle.c in VideoLAN VLC 0.8.6d allows remote attackers to execute arbitrary code via a long subtitle in a (1) MicroDvd, (2) SSA, and (3) Vplayer file.
- CVE-2007-6262Dec 6, 2007risk 0.04cvss —epss 0.11
A certain ActiveX control in axvlc.dll in VideoLAN VLC 0.8.6 before 0.8.6d allows remote attackers to execute arbitrary code via crafted arguments to the (1) addTarget, (2) getVariable, or (3) setVariable function, resulting from a "bad initialized pointer," aka a "recursive…
- CVE-2007-0256Jan 16, 2007risk 0.04cvss —epss 0.12
VideoLAN VLC 0.8.6a allows remote attackers to cause a denial of service (application crash) via a crafted .wmv file.
- CVE-2007-0017Jan 3, 2007risk 0.04cvss —epss 0.12
Multiple format string vulnerabilities in (1) the cdio_log_handler function in modules/access/cdda/access.c in the CDDA (libcdda_plugin) plugin, and the (2) cdio_log_handler and (3) vcd_log_handler functions in modules/access/vcdx/access.c in the VCDX (libvcdx_plugin) plugin, in…
- CVE-2019-5460Jul 30, 2019risk 0.00cvss —epss 0.03
Double Free in VLC versions <= 3.0.6 leads to a crash.
- CVE-2008-2147May 12, 2008risk 0.00cvss —epss 0.00
Untrusted search path vulnerability in VideoLAN VLC before 0.9.0 allows local users to execute arbitrary code via a malicious library under the modules/ or plugins/ subdirectories of the current working directory.
- CVE-2008-1768Apr 25, 2008risk 0.00cvss —epss 0.03
Multiple integer overflows in VLC before 0.8.6f allow remote attackers to cause a denial of service (crash) via the (1) MP4 demuxer, (2) Real demuxer, and (3) Cinepak codec, which triggers a buffer overflow.
Page 1 of 2