VLC media player
by VideoLAN
Source repositories
CVEs (117)
| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2007-6262 | 0.04 | — | 0.11 | Dec 6, 2007 | A certain ActiveX control in axvlc.dll in VideoLAN VLC 0.8.6 before 0.8.6d allows remote attackers to execute arbitrary code via crafted arguments to the (1) addTarget, (2) getVariable, or (3) setVariable function, resulting from a "bad initialized pointer," aka a "recursive… | |||
| CVE-2007-0256 | 0.04 | — | 0.12 | Jan 16, 2007 | VideoLAN VLC 0.8.6a allows remote attackers to cause a denial of service (application crash) via a crafted .wmv file. | |||
| CVE-2007-0017 | 0.04 | — | 0.12 | Jan 3, 2007 | Multiple format string vulnerabilities in (1) the cdio_log_handler function in modules/access/cdda/access.c in the CDDA (libcdda_plugin) plugin, and the (2) cdio_log_handler and (3) vcd_log_handler functions in modules/access/vcdx/access.c in the VCDX (libvcdx_plugin) plugin, in… | |||
| CVE-2014-3441 | 0.03 | — | 0.04 | May 14, 2014 | codec\libpng_plugin.dll in VideoLAN VLC Media Player 2.1.3 allows remote attackers to cause a denial of service (crash) via a crafted .png file, as demonstrated by a png in a .wave file. | |||
| CVE-2014-1684 | 0.03 | — | 0.05 | Mar 3, 2014 | The ASF_ReadObject_file_properties function in modules/demux/asf/libasf.c in the ASF Demuxer in VideoLAN VLC Media Player before 2.1.3 allows remote attackers to cause a denial of service (divide-by-zero error and crash) via a zero minimum and maximum data packet size in an ASF… | |||
| CVE-2012-5470 | 0.03 | — | 0.06 | Oct 26, 2012 | libpng_plugin in VideoLAN VLC media player 2.0.3 allows remote attackers to cause a denial of service (application crash) via a crafted PNG file. | |||
| CVE-2012-0904 | 0.03 | — | 0.05 | Jan 20, 2012 | VLC media player 1.1.11 allows remote attackers to cause a denial of service (crash) via a long string in an amr file. | |||
| CVE-2013-6934 | 0.02 | — | 0.28 | Jan 23, 2014 | The parseRTSPRequestString function in Live Networks Live555 Streaming Media 2013.11.26, as used in VideoLAN VLC Media Player, allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a space character at the beginning of an RTSP… | |||
| CVE-2020-13428 | 0.01 | — | 0.02 | Jun 8, 2020 | A heap-based buffer overflow in the hxxx_AnnexB_to_xVC function in modules/packetizer/hxxx_nal.c in VideoLAN VLC media player before 3.0.11 for macOS/iOS allows remote attackers to cause a denial of service (application crash) or execute arbitrary code via a crafted H.264… | |||
| CVE-2019-5439 | 0.01 | — | 0.05 | Jun 13, 2019 | A Buffer Overflow in VLC Media Player < 3.0.7 causes a crash which can possibly be further developed into a remote code execution exploit. | |||
| CVE-2015-5949 | 0.01 | — | 0.13 | Aug 25, 2015 | VideoLAN VLC media player 2.2.1 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a crafted 3GP file, which triggers the freeing of arbitrary pointers. | |||
| CVE-2013-6933 | 0.01 | — | 0.17 | Jan 23, 2014 | The parseRTSPRequestString function in Live Networks Live555 Streaming Media 2011.08.13 through 2013.11.25, as used in VideoLAN VLC Media Player, allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a (1) space or (2) tab character… | |||
| CVE-2011-1087 | 0.01 | — | 0.08 | May 3, 2011 | Buffer overflow in VideoLAN VLC media player 1.0.5 allows user-assisted remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via a crafted .mp3 file that is played during bookmark creation. | |||
| CVE-2010-3276 | 0.01 | — | 0.07 | Mar 28, 2011 | libdirectx_plugin.dll in VideoLAN VLC Media Player before 1.1.8 allows remote attackers to execute arbitrary code via a crafted width in an NSV file. | |||
| CVE-2008-5276 | 0.01 | — | 0.08 | Dec 3, 2008 | Integer overflow in the ReadRealIndex function in real.c in the Real demuxer plugin in VideoLAN VLC media player 0.9.0 through 0.9.7 allows remote attackers to execute arbitrary code via a malformed RealMedia (.rm) file that triggers a heap-based buffer overflow. | |||
| CVE-2007-3316 | 0.01 | — | 0.17 | Jun 21, 2007 | Multiple format string vulnerabilities in plugins in VideoLAN VLC Media Player before 0.8.6c allow remote attackers to cause a denial of service (crash) or execute arbitrary code via format string specifiers in (1) an Ogg/Vorbis file, (2) an Ogg/Theora file, (3) a CDDB entry for… | |||
| CVE-2023-46814 | 0.00 | — | 0.00 | Nov 22, 2023 | A binary hijacking vulnerability exists within the VideoLAN VLC media player before 3.0.19 on Windows. The uninstaller attempts to execute code with elevated privileges out of a standard user writable location. Standard users may use this to gain arbitrary code execution as… | |||
| CVE-2022-41325 | 0.00 | — | 0.01 | Dec 6, 2022 | An integer overflow in the VNC module in VideoLAN VLC Media Player through 3.0.17.4 allows attackers, by tricking a user into opening a crafted playlist or connecting to a rogue VNC server, to crash VLC or execute code under some conditions. | |||
| CVE-2021-25804 | 0.00 | — | 0.02 | Jul 26, 2021 | A NULL-pointer dereference in "Open" in avi.c of VideoLAN VLC Media Player 3.0.11 can a denial of service (DOS) in the application. | |||
| CVE-2021-25803 | 0.00 | — | 0.01 | Jul 26, 2021 | A buffer overflow vulnerability in the vlc_input_attachment_New component of VideoLAN VLC Media Player 3.0.11 allows attackers to cause an out-of-bounds read via a crafted .avi file. |
- CVE-2007-6262Dec 6, 2007risk 0.04cvss —epss 0.11
A certain ActiveX control in axvlc.dll in VideoLAN VLC 0.8.6 before 0.8.6d allows remote attackers to execute arbitrary code via crafted arguments to the (1) addTarget, (2) getVariable, or (3) setVariable function, resulting from a "bad initialized pointer," aka a "recursive…
- CVE-2007-0256Jan 16, 2007risk 0.04cvss —epss 0.12
VideoLAN VLC 0.8.6a allows remote attackers to cause a denial of service (application crash) via a crafted .wmv file.
- CVE-2007-0017Jan 3, 2007risk 0.04cvss —epss 0.12
Multiple format string vulnerabilities in (1) the cdio_log_handler function in modules/access/cdda/access.c in the CDDA (libcdda_plugin) plugin, and the (2) cdio_log_handler and (3) vcd_log_handler functions in modules/access/vcdx/access.c in the VCDX (libvcdx_plugin) plugin, in…
- CVE-2014-3441May 14, 2014risk 0.03cvss —epss 0.04
codec\libpng_plugin.dll in VideoLAN VLC Media Player 2.1.3 allows remote attackers to cause a denial of service (crash) via a crafted .png file, as demonstrated by a png in a .wave file.
- CVE-2014-1684Mar 3, 2014risk 0.03cvss —epss 0.05
The ASF_ReadObject_file_properties function in modules/demux/asf/libasf.c in the ASF Demuxer in VideoLAN VLC Media Player before 2.1.3 allows remote attackers to cause a denial of service (divide-by-zero error and crash) via a zero minimum and maximum data packet size in an ASF…
- CVE-2012-5470Oct 26, 2012risk 0.03cvss —epss 0.06
libpng_plugin in VideoLAN VLC media player 2.0.3 allows remote attackers to cause a denial of service (application crash) via a crafted PNG file.
- CVE-2012-0904Jan 20, 2012risk 0.03cvss —epss 0.05
VLC media player 1.1.11 allows remote attackers to cause a denial of service (crash) via a long string in an amr file.
- CVE-2013-6934Jan 23, 2014risk 0.02cvss —epss 0.28
The parseRTSPRequestString function in Live Networks Live555 Streaming Media 2013.11.26, as used in VideoLAN VLC Media Player, allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a space character at the beginning of an RTSP…
- CVE-2020-13428Jun 8, 2020risk 0.01cvss —epss 0.02
A heap-based buffer overflow in the hxxx_AnnexB_to_xVC function in modules/packetizer/hxxx_nal.c in VideoLAN VLC media player before 3.0.11 for macOS/iOS allows remote attackers to cause a denial of service (application crash) or execute arbitrary code via a crafted H.264…
- CVE-2019-5439Jun 13, 2019risk 0.01cvss —epss 0.05
A Buffer Overflow in VLC Media Player < 3.0.7 causes a crash which can possibly be further developed into a remote code execution exploit.
- CVE-2015-5949Aug 25, 2015risk 0.01cvss —epss 0.13
VideoLAN VLC media player 2.2.1 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a crafted 3GP file, which triggers the freeing of arbitrary pointers.
- CVE-2013-6933Jan 23, 2014risk 0.01cvss —epss 0.17
The parseRTSPRequestString function in Live Networks Live555 Streaming Media 2011.08.13 through 2013.11.25, as used in VideoLAN VLC Media Player, allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a (1) space or (2) tab character…
- CVE-2011-1087May 3, 2011risk 0.01cvss —epss 0.08
Buffer overflow in VideoLAN VLC media player 1.0.5 allows user-assisted remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via a crafted .mp3 file that is played during bookmark creation.
- CVE-2010-3276Mar 28, 2011risk 0.01cvss —epss 0.07
libdirectx_plugin.dll in VideoLAN VLC Media Player before 1.1.8 allows remote attackers to execute arbitrary code via a crafted width in an NSV file.
- CVE-2008-5276Dec 3, 2008risk 0.01cvss —epss 0.08
Integer overflow in the ReadRealIndex function in real.c in the Real demuxer plugin in VideoLAN VLC media player 0.9.0 through 0.9.7 allows remote attackers to execute arbitrary code via a malformed RealMedia (.rm) file that triggers a heap-based buffer overflow.
- CVE-2007-3316Jun 21, 2007risk 0.01cvss —epss 0.17
Multiple format string vulnerabilities in plugins in VideoLAN VLC Media Player before 0.8.6c allow remote attackers to cause a denial of service (crash) or execute arbitrary code via format string specifiers in (1) an Ogg/Vorbis file, (2) an Ogg/Theora file, (3) a CDDB entry for…
- CVE-2023-46814Nov 22, 2023risk 0.00cvss —epss 0.00
A binary hijacking vulnerability exists within the VideoLAN VLC media player before 3.0.19 on Windows. The uninstaller attempts to execute code with elevated privileges out of a standard user writable location. Standard users may use this to gain arbitrary code execution as…
- CVE-2022-41325Dec 6, 2022risk 0.00cvss —epss 0.01
An integer overflow in the VNC module in VideoLAN VLC Media Player through 3.0.17.4 allows attackers, by tricking a user into opening a crafted playlist or connecting to a rogue VNC server, to crash VLC or execute code under some conditions.
- CVE-2021-25804Jul 26, 2021risk 0.00cvss —epss 0.02
A NULL-pointer dereference in "Open" in avi.c of VideoLAN VLC Media Player 3.0.11 can a denial of service (DOS) in the application.
- CVE-2021-25803Jul 26, 2021risk 0.00cvss —epss 0.01
A buffer overflow vulnerability in the vlc_input_attachment_New component of VideoLAN VLC Media Player 3.0.11 allows attackers to cause an out-of-bounds read via a crafted .avi file.
Page 3 of 6