VYPR

VLC media player

by VideoLAN

Source repositories

CVEs (117)

  • CVE-2011-0531Feb 7, 2011
    risk 0.06cvss epss 0.42

    demux/mkv/mkv.hpp in the MKV demuxer plugin in VideoLAN VLC media player 1.1.6.1 and earlier allows remote attackers to cause a denial of service (crash) and execute arbitrary commands via a crafted MKV (WebM or Matroska) file that triggers memory corruption, related to "class…

  • CVE-2009-2484Jul 16, 2009
    risk 0.06cvss epss 0.35

    Stack-based buffer overflow in the Win32AddConnection function in modules/access/smb.c in VideoLAN VLC media player 0.9.9, when running on Microsoft Windows, allows remote attackers to cause a denial of service (application crash) and possibly execute arbitrary code via a long…

  • CVE-2008-5036Nov 10, 2008
    risk 0.06cvss epss 0.41

    Stack-based buffer overflow in VideoLAN VLC media player 0.9.x before 0.9.6 might allow user-assisted attackers to execute arbitrary code via an an invalid RealText (rt) subtitle file, related to the ParseRealText function in modules/demux/subtitle.c. NOTE: this issue was SPLIT…

  • CVE-2014-9598Jan 21, 2015
    risk 0.04cvss epss 0.06

    The picture_Release function in misc/picture.c in VideoLAN VLC media player 2.1.5 allows remote attackers to execute arbitrary code or cause a denial of service (write access violation) via a crafted M2V file.

  • CVE-2014-9597Jan 21, 2015
    risk 0.04cvss epss 0.07

    The picture_pool_Delete function in misc/picture_pool.c in VideoLAN VLC media player 2.1.5 allows remote attackers to execute arbitrary code or cause a denial of service (DEP violation and application crash) via a crafted FLV file.

  • CVE-2013-6283Oct 25, 2013
    risk 0.04cvss epss 0.10

    VideoLAN VLC Media Player 2.0.8 and earlier allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a long string in a URL in a m3u file.

  • CVE-2013-1868Jul 10, 2013
    risk 0.04cvss epss 0.11

    Multiple buffer overflows in VideoLAN VLC media player 2.0.4 and earlier allow remote attackers to cause a denial of service (crash) and execute arbitrary code via vectors related to the (1) freetype renderer and (2) HTML subtitle parser.

  • CVE-2012-2396Apr 19, 2012
    risk 0.04cvss epss 0.07

    VideoLAN VLC media player 2.0.1 allows remote attackers to cause a denial of service (divide-by-zero error and application crash) via a crafted MP4 file.

  • CVE-2011-2194Jun 24, 2011
    risk 0.04cvss epss 0.09

    Integer overflow in the XSPF playlist parser in VideoLAN VLC media player 0.8.5 through 1.1.9 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via unspecified vectors that trigger a heap-based buffer overflow.

  • CVE-2010-3124Aug 26, 2010
    risk 0.04cvss epss 0.13

    Untrusted search path vulnerability in bin/winvlc.c in VLC Media Player 1.1.3 and earlier allows local users, and possibly remote attackers, to execute arbitrary code and conduct DLL hijacking attacks via a Trojan horse wintab32.dll that is located in the same folder as a .mp3…

  • CVE-2010-0364Jan 21, 2010
    risk 0.04cvss epss 0.07

    Stack-based buffer overflow in VideoLAN VLC Media Player 0.8.6 allows user-assisted remote attackers to execute arbitrary code via an ogg file with a crafted Advanced SubStation Alpha Subtitle (.ass) file, probably involving the Dialogue field.

  • CVE-2009-1045Mar 23, 2009
    risk 0.04cvss epss 0.09

    requests/status.xml in VLC 0.9.8a allows remote attackers to cause a denial of service (stack consumption and crash) via a long input argument in an in_play action.

  • CVE-2008-5032Nov 10, 2008
    risk 0.04cvss epss 0.11

    Stack-based buffer overflow in VideoLAN VLC media player 0.5.0 through 0.9.5 might allow user-assisted attackers to execute arbitrary code via the header of an invalid CUE image file, related to modules/access/vcd/cdrom.c. NOTE: this identifier originally included an issue…

  • CVE-2008-4686Oct 22, 2008
    risk 0.04cvss epss 0.10

    Multiple integer overflows in ty.c in the TY demux plugin (aka the TiVo demuxer) in VideoLAN VLC media player, probably 0.9.4, might allow remote attackers to execute arbitrary code via a crafted .ty file, a different vulnerability than CVE-2008-4654.

  • CVE-2008-4558Oct 15, 2008
    risk 0.04cvss epss 0.09

    Array index error in VLC media player 0.9.2 allows remote attackers to overwrite arbitrary memory and execute arbitrary code via an XSPF playlist file with a negative identifier tag, which passes a signed comparison.

  • CVE-2008-3794Aug 26, 2008
    risk 0.04cvss epss 0.11

    Integer signedness error in the mms_ReceiveCommand function in modules/access/mms/mmstu.c in VLC Media Player 0.8.6i allows remote attackers to execute arbitrary code via a crafted mmst link with a negative size value, which bypasses a size check and triggers an integer overflow…

  • CVE-2008-3732Aug 20, 2008
    risk 0.04cvss epss 0.13

    Integer overflow in the Open function in modules/demux/tta.c in VLC Media Player 0.8.6i allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a crafted TTA file, which triggers a heap-based buffer overflow. NOTE: some of…

  • CVE-2008-1769Apr 25, 2008
    risk 0.04cvss epss 0.07

    VLC before 0.8.6f allow remote attackers to cause a denial of service (crash) via a crafted Cinepak file that triggers an out-of-bounds array access and memory corruption.

  • CVE-2008-1881Apr 17, 2008
    risk 0.04cvss epss 0.12

    Stack-based buffer overflow in the ParseSSA function (modules/demux/subtitle.c) in VLC 0.8.6e allows remote attackers to execute arbitrary code via a long subtitle in an SSA file. NOTE: this issue is due to an incomplete fix for CVE-2007-6681.

  • CVE-2008-0984Feb 26, 2008
    risk 0.04cvss epss 0.15

    The MP4 demuxer (mp4.c) for VLC media player 0.8.6d and earlier, as used in Miro Player 1.1 and earlier, allows remote attackers to overwrite arbitrary memory and execute arbitrary code via a malformed MP4 file.

Page 2 of 6