VYPR

VLC media player

by VideoLAN

Source repositories

CVEs (117)

  • CVE-2007-6262Dec 6, 2007
    risk 0.04cvss epss 0.11

    A certain ActiveX control in axvlc.dll in VideoLAN VLC 0.8.6 before 0.8.6d allows remote attackers to execute arbitrary code via crafted arguments to the (1) addTarget, (2) getVariable, or (3) setVariable function, resulting from a "bad initialized pointer," aka a "recursive…

  • CVE-2007-0256Jan 16, 2007
    risk 0.04cvss epss 0.12

    VideoLAN VLC 0.8.6a allows remote attackers to cause a denial of service (application crash) via a crafted .wmv file.

  • CVE-2007-0017Jan 3, 2007
    risk 0.04cvss epss 0.12

    Multiple format string vulnerabilities in (1) the cdio_log_handler function in modules/access/cdda/access.c in the CDDA (libcdda_plugin) plugin, and the (2) cdio_log_handler and (3) vcd_log_handler functions in modules/access/vcdx/access.c in the VCDX (libvcdx_plugin) plugin, in…

  • CVE-2014-3441May 14, 2014
    risk 0.03cvss epss 0.04

    codec\libpng_plugin.dll in VideoLAN VLC Media Player 2.1.3 allows remote attackers to cause a denial of service (crash) via a crafted .png file, as demonstrated by a png in a .wave file.

  • CVE-2014-1684Mar 3, 2014
    risk 0.03cvss epss 0.05

    The ASF_ReadObject_file_properties function in modules/demux/asf/libasf.c in the ASF Demuxer in VideoLAN VLC Media Player before 2.1.3 allows remote attackers to cause a denial of service (divide-by-zero error and crash) via a zero minimum and maximum data packet size in an ASF…

  • CVE-2012-5470Oct 26, 2012
    risk 0.03cvss epss 0.06

    libpng_plugin in VideoLAN VLC media player 2.0.3 allows remote attackers to cause a denial of service (application crash) via a crafted PNG file.

  • CVE-2012-0904Jan 20, 2012
    risk 0.03cvss epss 0.05

    VLC media player 1.1.11 allows remote attackers to cause a denial of service (crash) via a long string in an amr file.

  • CVE-2013-6934Jan 23, 2014
    risk 0.02cvss epss 0.28

    The parseRTSPRequestString function in Live Networks Live555 Streaming Media 2013.11.26, as used in VideoLAN VLC Media Player, allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a space character at the beginning of an RTSP…

  • CVE-2020-13428Jun 8, 2020
    risk 0.01cvss epss 0.02

    A heap-based buffer overflow in the hxxx_AnnexB_to_xVC function in modules/packetizer/hxxx_nal.c in VideoLAN VLC media player before 3.0.11 for macOS/iOS allows remote attackers to cause a denial of service (application crash) or execute arbitrary code via a crafted H.264…

  • CVE-2019-5439Jun 13, 2019
    risk 0.01cvss epss 0.05

    A Buffer Overflow in VLC Media Player < 3.0.7 causes a crash which can possibly be further developed into a remote code execution exploit.

  • CVE-2015-5949Aug 25, 2015
    risk 0.01cvss epss 0.13

    VideoLAN VLC media player 2.2.1 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a crafted 3GP file, which triggers the freeing of arbitrary pointers.

  • CVE-2013-6933Jan 23, 2014
    risk 0.01cvss epss 0.17

    The parseRTSPRequestString function in Live Networks Live555 Streaming Media 2011.08.13 through 2013.11.25, as used in VideoLAN VLC Media Player, allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a (1) space or (2) tab character…

  • CVE-2011-1087May 3, 2011
    risk 0.01cvss epss 0.08

    Buffer overflow in VideoLAN VLC media player 1.0.5 allows user-assisted remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via a crafted .mp3 file that is played during bookmark creation.

  • CVE-2010-3276Mar 28, 2011
    risk 0.01cvss epss 0.07

    libdirectx_plugin.dll in VideoLAN VLC Media Player before 1.1.8 allows remote attackers to execute arbitrary code via a crafted width in an NSV file.

  • CVE-2008-5276Dec 3, 2008
    risk 0.01cvss epss 0.08

    Integer overflow in the ReadRealIndex function in real.c in the Real demuxer plugin in VideoLAN VLC media player 0.9.0 through 0.9.7 allows remote attackers to execute arbitrary code via a malformed RealMedia (.rm) file that triggers a heap-based buffer overflow.

  • CVE-2007-3316Jun 21, 2007
    risk 0.01cvss epss 0.17

    Multiple format string vulnerabilities in plugins in VideoLAN VLC Media Player before 0.8.6c allow remote attackers to cause a denial of service (crash) or execute arbitrary code via format string specifiers in (1) an Ogg/Vorbis file, (2) an Ogg/Theora file, (3) a CDDB entry for…

  • CVE-2023-46814Nov 22, 2023
    risk 0.00cvss epss 0.00

    A binary hijacking vulnerability exists within the VideoLAN VLC media player before 3.0.19 on Windows. The uninstaller attempts to execute code with elevated privileges out of a standard user writable location. Standard users may use this to gain arbitrary code execution as…

  • CVE-2022-41325Dec 6, 2022
    risk 0.00cvss epss 0.01

    An integer overflow in the VNC module in VideoLAN VLC Media Player through 3.0.17.4 allows attackers, by tricking a user into opening a crafted playlist or connecting to a rogue VNC server, to crash VLC or execute code under some conditions.

  • CVE-2021-25804Jul 26, 2021
    risk 0.00cvss epss 0.02

    A NULL-pointer dereference in "Open" in avi.c of VideoLAN VLC Media Player 3.0.11 can a denial of service (DOS) in the application.

  • CVE-2021-25803Jul 26, 2021
    risk 0.00cvss epss 0.01

    A buffer overflow vulnerability in the vlc_input_attachment_New component of VideoLAN VLC Media Player 3.0.11 allows attackers to cause an out-of-bounds read via a crafted .avi file.

Page 3 of 6