Vendor CVEs
VideoLAN
All CVEs
133 total · sorted by risk| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2007-0256 | 0.04 | — | 0.12 | Jan 16, 2007 | VideoLAN VLC 0.8.6a allows remote attackers to cause a denial of service (application crash) via a crafted .wmv file. | |||
| CVE-2007-0017 | 0.04 | — | 0.12 | Jan 3, 2007 | Multiple format string vulnerabilities in (1) the cdio_log_handler function in modules/access/cdda/access.c in the CDDA (libcdda_plugin) plugin, and the (2) cdio_log_handler and (3) vcd_log_handler functions in modules/access/vcdx/access.c in the VCDX (libvcdx_plugin) plugin, in… | |||
| CVE-2014-3441 | 0.03 | — | 0.04 | May 14, 2014 | codec\libpng_plugin.dll in VideoLAN VLC Media Player 2.1.3 allows remote attackers to cause a denial of service (crash) via a crafted .png file, as demonstrated by a png in a .wave file. | |||
| CVE-2014-1684 | 0.03 | — | 0.05 | Mar 3, 2014 | The ASF_ReadObject_file_properties function in modules/demux/asf/libasf.c in the ASF Demuxer in VideoLAN VLC Media Player before 2.1.3 allows remote attackers to cause a denial of service (divide-by-zero error and crash) via a zero minimum and maximum data packet size in an ASF… | |||
| CVE-2012-5470 | 0.03 | — | 0.06 | Oct 26, 2012 | libpng_plugin in VideoLAN VLC media player 2.0.3 allows remote attackers to cause a denial of service (application crash) via a crafted PNG file. | |||
| CVE-2012-0904 | 0.03 | — | 0.05 | Jan 20, 2012 | VLC media player 1.1.11 allows remote attackers to cause a denial of service (crash) via a long string in an amr file. | |||
| CVE-2013-6934 | 0.02 | — | 0.28 | Jan 23, 2014 | The parseRTSPRequestString function in Live Networks Live555 Streaming Media 2013.11.26, as used in VideoLAN VLC Media Player, allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a space character at the beginning of an RTSP… | |||
| CVE-2020-13428 | 0.01 | — | 0.02 | Jun 8, 2020 | A heap-based buffer overflow in the hxxx_AnnexB_to_xVC function in modules/packetizer/hxxx_nal.c in VideoLAN VLC media player before 3.0.11 for macOS/iOS allows remote attackers to cause a denial of service (application crash) or execute arbitrary code via a crafted H.264… | |||
| CVE-2019-5439 | 0.01 | — | 0.05 | Jun 13, 2019 | A Buffer Overflow in VLC Media Player < 3.0.7 causes a crash which can possibly be further developed into a remote code execution exploit. | |||
| CVE-2015-5949 | 0.01 | — | 0.13 | Aug 25, 2015 | VideoLAN VLC media player 2.2.1 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a crafted 3GP file, which triggers the freeing of arbitrary pointers. | |||
| CVE-2013-6933 | 0.01 | — | 0.17 | Jan 23, 2014 | The parseRTSPRequestString function in Live Networks Live555 Streaming Media 2011.08.13 through 2013.11.25, as used in VideoLAN VLC Media Player, allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a (1) space or (2) tab character… | |||
| CVE-2011-1087 | 0.01 | — | 0.08 | May 3, 2011 | Buffer overflow in VideoLAN VLC media player 1.0.5 allows user-assisted remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via a crafted .mp3 file that is played during bookmark creation. | |||
| CVE-2010-3276 | 0.01 | — | 0.07 | Mar 28, 2011 | libdirectx_plugin.dll in VideoLAN VLC Media Player before 1.1.8 allows remote attackers to execute arbitrary code via a crafted width in an NSV file. | |||
| CVE-2008-5276 | 0.01 | — | 0.08 | Dec 3, 2008 | Integer overflow in the ReadRealIndex function in real.c in the Real demuxer plugin in VideoLAN VLC media player 0.9.0 through 0.9.7 allows remote attackers to execute arbitrary code via a malformed RealMedia (.rm) file that triggers a heap-based buffer overflow. | |||
| CVE-2007-3316 | 0.01 | — | 0.17 | Jun 21, 2007 | Multiple format string vulnerabilities in plugins in VideoLAN VLC Media Player before 0.8.6c allow remote attackers to cause a denial of service (crash) or execute arbitrary code via format string specifiers in (1) an Ogg/Vorbis file, (2) an Ogg/Theora file, (3) a CDDB entry for… | |||
| CVE-2024-1580 | 0.00 | — | 0.02 | Feb 19, 2024 | An integer overflow in dav1d AV1 decoder that can occur when decoding videos with large frame size. This can lead to memory corruption within the AV1 decoder. We recommend upgrading past version 1.4.0 of dav1d. | |||
| CVE-2023-46814 | 0.00 | — | 0.00 | Nov 22, 2023 | A binary hijacking vulnerability exists within the VideoLAN VLC media player before 3.0.19 on Windows. The uninstaller attempts to execute code with elevated privileges out of a standard user writable location. Standard users may use this to gain arbitrary code execution as… | |||
| CVE-2023-32570 | 0.00 | — | 0.01 | May 10, 2023 | VideoLAN dav1d before 1.2.0 has a thread_task.c race condition that can lead to an application crash, related to dav1d_decode_frame_exit. | |||
| CVE-2022-41325 | 0.00 | — | 0.01 | Dec 6, 2022 | An integer overflow in the VNC module in VideoLAN VLC Media Player through 3.0.17.4 allows attackers, by tricking a user into opening a crafted playlist or connecting to a rogue VNC server, to crash VLC or execute code under some conditions. | |||
| CVE-2021-25804 | 0.00 | — | 0.02 | Jul 26, 2021 | A NULL-pointer dereference in "Open" in avi.c of VideoLAN VLC Media Player 3.0.11 can a denial of service (DOS) in the application. | |||
| CVE-2021-25803 | 0.00 | — | 0.01 | Jul 26, 2021 | A buffer overflow vulnerability in the vlc_input_attachment_New component of VideoLAN VLC Media Player 3.0.11 allows attackers to cause an out-of-bounds read via a crafted .avi file. | |||
| CVE-2021-25802 | 0.00 | — | 0.01 | Jul 26, 2021 | A buffer overflow vulnerability in the AVI_ExtractSubtitle component of VideoLAN VLC Media Player 3.0.11 allows attackers to cause an out-of-bounds read via a crafted .avi file. | |||
| CVE-2021-25801 | 0.00 | — | 0.02 | Jul 26, 2021 | A buffer overflow vulnerability in the __Parse_indx component of VideoLAN VLC Media Player 3.0.11 allows attackers to cause an out-of-bounds read via a crafted .avi file. | |||
| CVE-2020-26664 | 0.00 | — | 0.02 | Jan 8, 2021 | A vulnerability in EbmlTypeDispatcher::send in VideoLAN VLC media player 3.0.11 allows attackers to trigger a heap-based buffer overflow via a crafted .mkv file. | |||
| CVE-2019-19721 | 0.00 | — | 0.02 | May 15, 2020 | An off-by-one error in the DecodeBlock function in codec/sdl_image.c in VideoLAN VLC media player before 3.0.9 allows remote attackers to cause a denial of service (memory corruption) via a crafted image file. NOTE: this may be related to the SDL_Image product. | |||
| CVE-2013-3564 | 0.00 | — | 0.01 | Feb 6, 2020 | The web interface in VideoLAN VLC media player before 2.0.7 has no access control which allows remote attackers to view directory listings via the 'dir' command or issue other commands without authenticating. | |||
| CVE-2013-3565 | 0.00 | — | 0.02 | Jan 31, 2020 | Multiple cross-site scripting (XSS) vulnerabilities in the HTTP Interface in VideoLAN VLC Media Player before 2.0.7 allow remote attackers to inject arbitrary web script or HTML via the (1) command parameter to requests/vlm_cmd.xml, (2) dir parameter to requests/browse.xml, or… | |||
| CVE-2014-9625 | 0.00 | — | 0.02 | Jan 24, 2020 | The GetUpdateFile function in misc/update.c in the Updater in VideoLAN VLC media player before 2.1.6 performs an incorrect cast operation from a 64-bit integer to a 32-bit integer, which allows remote attackers to conduct buffer overflow attacks and execute arbitrary code via a… | |||
| CVE-2014-9626 | 0.00 | — | 0.01 | Jan 24, 2020 | Integer underflow in the MP4_ReadBox_String function in modules/demux/mp4/libmp4.c in VideoLAN VLC media player before 2.1.6 allows remote attackers to cause a denial of service or possibly have unspecified other impact via a box size less than 7. | |||
| CVE-2014-9627 | 0.00 | — | 0.01 | Jan 24, 2020 | The MP4_ReadBox_String function in modules/demux/mp4/libmp4.c in VideoLAN VLC media player before 2.1.6 performs an incorrect cast operation from a 64-bit integer to a 32-bit integer, which allows remote attackers to cause a denial of service or possibly have unspecified other… | |||
| CVE-2014-9628 | 0.00 | — | 0.02 | Jan 24, 2020 | The MP4_ReadBox_String function in modules/demux/mp4/libmp4.c in VideoLAN VLC media player before 2.1.6 allows remote attackers to trigger an unintended zero-size malloc and conduct buffer overflow attacks, and consequently execute arbitrary code, via a box size of 7. | |||
| CVE-2014-9629 | 0.00 | — | 0.02 | Jan 24, 2020 | Integer overflow in the Encode function in modules/codec/schroedinger.c in VideoLAN VLC media player before 2.1.6 and 2.2.x before 2.2.1 allows remote attackers to conduct buffer overflow attacks and execute arbitrary code via a crafted length value. | |||
| CVE-2014-9630 | 0.00 | — | 0.01 | Jan 24, 2020 | The rtp_packetize_xiph_config function in modules/stream_out/rtpfmt.c in VideoLAN VLC media player before 2.1.6 uses a stack-allocation approach with a size determined by arbitrary input data, which allows remote attackers to cause a denial of service (memory corruption) or… | |||
| CVE-2019-18278 | 0.00 | — | 0.00 | Oct 23, 2019 | When executing VideoLAN VLC media player 3.0.8 with libqt on Windows, Data from a Faulting Address controls Code Flow starting at libqt_plugin!vlc_entry_license__3_0_0f+0x00000000003b9aba. NOTE: the VideoLAN security team indicates that they have not been contacted, and have no… | |||
| CVE-2019-14970 | 0.00 | — | 0.02 | Aug 29, 2019 | A vulnerability in mkv::event_thread_t in VideoLAN VLC media player 3.0.7.1 allows remote attackers to trigger a heap-based buffer overflow via a crafted .mkv file. | |||
| CVE-2019-14777 | 0.00 | — | 0.01 | Aug 29, 2019 | The Control function of demux/mkv/mkv.cpp in VideoLAN VLC media player 3.0.7.1 has a use-after-free. | |||
| CVE-2019-14778 | 0.00 | — | 0.01 | Aug 29, 2019 | The mkv::virtual_segment_c::seek method of demux/mkv/virtual_segment.cpp in VideoLAN VLC media player 3.0.7.1 has a use-after-free. | |||
| CVE-2019-14776 | 0.00 | — | 0.01 | Aug 29, 2019 | A heap-based buffer over-read exists in DemuxInit() in demux/asf/asf.c in VideoLAN VLC media player 3.0.7.1 via a crafted .mkv file. | |||
| CVE-2019-14533 | 0.00 | — | 0.01 | Aug 29, 2019 | The Control function of demux/asf/asf.c in VideoLAN VLC media player 3.0.7.1 has a use-after-free. | |||
| CVE-2019-14534 | 0.00 | — | 0.01 | Aug 29, 2019 | In VideoLAN VLC media player 3.0.7.1, there is a NULL pointer dereference at the function SeekPercent of demux/asf/asf.c that will lead to a denial of service attack. | |||
| CVE-2019-14535 | 0.00 | — | 0.01 | Aug 29, 2019 | A divide-by-zero error exists in the SeekIndex function of demux/asf/asf.c in VideoLAN VLC media player 3.0.7.1. As a result, an FPE can be triggered via a crafted WMV file. | |||
| CVE-2019-14498 | 0.00 | — | 0.02 | Aug 29, 2019 | A divide-by-zero error exists in the Control function of demux/caf.c in VideoLAN VLC media player 3.0.7.1. As a result, an FPE can be triggered via a crafted CAF file. | |||
| CVE-2019-14438 | 0.00 | — | 0.02 | Aug 29, 2019 | A heap-based buffer over-read in xiph_PackHeaders() in modules/demux/xiph.h in VideoLAN VLC media player 3.0.7.1 allows remote attackers to trigger a heap-based buffer over-read via a crafted .ogg file. | |||
| CVE-2019-14437 | 0.00 | — | 0.01 | Aug 29, 2019 | The xiph_SplitHeaders function in modules/demux/xiph.h in VideoLAN VLC media player 3.0.7.1 does not check array bounds properly. As a result, a heap-based buffer over-read can be triggered via a crafted .ogg file. | |||
| CVE-2019-5460 | 0.00 | — | 0.03 | Jul 30, 2019 | Double Free in VLC versions <= 3.0.6 leads to a crash. | |||
| CVE-2019-13962 | 0.00 | — | 0.04 | Jul 18, 2019 | lavc_CopyPicture in modules/codec/avcodec/video.c in VideoLAN VLC media player through 3.0.7 has a heap-based buffer over-read because it does not properly validate the width and height. | |||
| CVE-2019-13615 | 0.00 | — | 0.02 | Jul 16, 2019 | libebml before 1.3.6, as used in the MKV module in VideoLAN VLC Media Player binaries before 3.0.3, has a heap-based buffer over-read in EbmlElement::FindNextElement. | |||
| CVE-2019-13602 | 0.00 | — | 0.02 | Jul 14, 2019 | An Integer Underflow in MP4_EIA608_Convert() in modules/demux/mp4/mp4.c in VideoLAN VLC media player through 3.0.7.1 allows remote attackers to cause a denial of service (heap-based buffer overflow and crash) or possibly have unspecified other impact via a crafted .mp4 file. | |||
| CVE-2019-12874 | 0.00 | — | 0.02 | Jun 18, 2019 | An issue was discovered in zlib_decompress_extra in modules/demux/mkv/util.cpp in VideoLAN VLC media player 3.x through 3.0.7. The Matroska demuxer, while parsing a malformed MKV file type, has a double free. | |||
| CVE-2018-19937 | 0.00 | — | 0.00 | Dec 31, 2018 | A local, authenticated attacker can bypass the passcode in the VideoLAN VLC media player app before 3.1.5 for iOS by opening a URL and turning the phone. |
- CVE-2007-0256Jan 16, 2007risk 0.04cvss —epss 0.12
VideoLAN VLC 0.8.6a allows remote attackers to cause a denial of service (application crash) via a crafted .wmv file.
- CVE-2007-0017Jan 3, 2007risk 0.04cvss —epss 0.12
Multiple format string vulnerabilities in (1) the cdio_log_handler function in modules/access/cdda/access.c in the CDDA (libcdda_plugin) plugin, and the (2) cdio_log_handler and (3) vcd_log_handler functions in modules/access/vcdx/access.c in the VCDX (libvcdx_plugin) plugin, in…
- CVE-2014-3441May 14, 2014risk 0.03cvss —epss 0.04
codec\libpng_plugin.dll in VideoLAN VLC Media Player 2.1.3 allows remote attackers to cause a denial of service (crash) via a crafted .png file, as demonstrated by a png in a .wave file.
- CVE-2014-1684Mar 3, 2014risk 0.03cvss —epss 0.05
The ASF_ReadObject_file_properties function in modules/demux/asf/libasf.c in the ASF Demuxer in VideoLAN VLC Media Player before 2.1.3 allows remote attackers to cause a denial of service (divide-by-zero error and crash) via a zero minimum and maximum data packet size in an ASF…
- CVE-2012-5470Oct 26, 2012risk 0.03cvss —epss 0.06
libpng_plugin in VideoLAN VLC media player 2.0.3 allows remote attackers to cause a denial of service (application crash) via a crafted PNG file.
- CVE-2012-0904Jan 20, 2012risk 0.03cvss —epss 0.05
VLC media player 1.1.11 allows remote attackers to cause a denial of service (crash) via a long string in an amr file.
- CVE-2013-6934Jan 23, 2014risk 0.02cvss —epss 0.28
The parseRTSPRequestString function in Live Networks Live555 Streaming Media 2013.11.26, as used in VideoLAN VLC Media Player, allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a space character at the beginning of an RTSP…
- CVE-2020-13428Jun 8, 2020risk 0.01cvss —epss 0.02
A heap-based buffer overflow in the hxxx_AnnexB_to_xVC function in modules/packetizer/hxxx_nal.c in VideoLAN VLC media player before 3.0.11 for macOS/iOS allows remote attackers to cause a denial of service (application crash) or execute arbitrary code via a crafted H.264…
- CVE-2019-5439Jun 13, 2019risk 0.01cvss —epss 0.05
A Buffer Overflow in VLC Media Player < 3.0.7 causes a crash which can possibly be further developed into a remote code execution exploit.
- CVE-2015-5949Aug 25, 2015risk 0.01cvss —epss 0.13
VideoLAN VLC media player 2.2.1 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a crafted 3GP file, which triggers the freeing of arbitrary pointers.
- CVE-2013-6933Jan 23, 2014risk 0.01cvss —epss 0.17
The parseRTSPRequestString function in Live Networks Live555 Streaming Media 2011.08.13 through 2013.11.25, as used in VideoLAN VLC Media Player, allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a (1) space or (2) tab character…
- CVE-2011-1087May 3, 2011risk 0.01cvss —epss 0.08
Buffer overflow in VideoLAN VLC media player 1.0.5 allows user-assisted remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via a crafted .mp3 file that is played during bookmark creation.
- CVE-2010-3276Mar 28, 2011risk 0.01cvss —epss 0.07
libdirectx_plugin.dll in VideoLAN VLC Media Player before 1.1.8 allows remote attackers to execute arbitrary code via a crafted width in an NSV file.
- CVE-2008-5276Dec 3, 2008risk 0.01cvss —epss 0.08
Integer overflow in the ReadRealIndex function in real.c in the Real demuxer plugin in VideoLAN VLC media player 0.9.0 through 0.9.7 allows remote attackers to execute arbitrary code via a malformed RealMedia (.rm) file that triggers a heap-based buffer overflow.
- CVE-2007-3316Jun 21, 2007risk 0.01cvss —epss 0.17
Multiple format string vulnerabilities in plugins in VideoLAN VLC Media Player before 0.8.6c allow remote attackers to cause a denial of service (crash) or execute arbitrary code via format string specifiers in (1) an Ogg/Vorbis file, (2) an Ogg/Theora file, (3) a CDDB entry for…
- CVE-2024-1580Feb 19, 2024risk 0.00cvss —epss 0.02
An integer overflow in dav1d AV1 decoder that can occur when decoding videos with large frame size. This can lead to memory corruption within the AV1 decoder. We recommend upgrading past version 1.4.0 of dav1d.
- CVE-2023-46814Nov 22, 2023risk 0.00cvss —epss 0.00
A binary hijacking vulnerability exists within the VideoLAN VLC media player before 3.0.19 on Windows. The uninstaller attempts to execute code with elevated privileges out of a standard user writable location. Standard users may use this to gain arbitrary code execution as…
- CVE-2023-32570May 10, 2023risk 0.00cvss —epss 0.01
VideoLAN dav1d before 1.2.0 has a thread_task.c race condition that can lead to an application crash, related to dav1d_decode_frame_exit.
- CVE-2022-41325Dec 6, 2022risk 0.00cvss —epss 0.01
An integer overflow in the VNC module in VideoLAN VLC Media Player through 3.0.17.4 allows attackers, by tricking a user into opening a crafted playlist or connecting to a rogue VNC server, to crash VLC or execute code under some conditions.
- CVE-2021-25804Jul 26, 2021risk 0.00cvss —epss 0.02
A NULL-pointer dereference in "Open" in avi.c of VideoLAN VLC Media Player 3.0.11 can a denial of service (DOS) in the application.
- CVE-2021-25803Jul 26, 2021risk 0.00cvss —epss 0.01
A buffer overflow vulnerability in the vlc_input_attachment_New component of VideoLAN VLC Media Player 3.0.11 allows attackers to cause an out-of-bounds read via a crafted .avi file.
- CVE-2021-25802Jul 26, 2021risk 0.00cvss —epss 0.01
A buffer overflow vulnerability in the AVI_ExtractSubtitle component of VideoLAN VLC Media Player 3.0.11 allows attackers to cause an out-of-bounds read via a crafted .avi file.
- CVE-2021-25801Jul 26, 2021risk 0.00cvss —epss 0.02
A buffer overflow vulnerability in the __Parse_indx component of VideoLAN VLC Media Player 3.0.11 allows attackers to cause an out-of-bounds read via a crafted .avi file.
- CVE-2020-26664Jan 8, 2021risk 0.00cvss —epss 0.02
A vulnerability in EbmlTypeDispatcher::send in VideoLAN VLC media player 3.0.11 allows attackers to trigger a heap-based buffer overflow via a crafted .mkv file.
- CVE-2019-19721May 15, 2020risk 0.00cvss —epss 0.02
An off-by-one error in the DecodeBlock function in codec/sdl_image.c in VideoLAN VLC media player before 3.0.9 allows remote attackers to cause a denial of service (memory corruption) via a crafted image file. NOTE: this may be related to the SDL_Image product.
- CVE-2013-3564Feb 6, 2020risk 0.00cvss —epss 0.01
The web interface in VideoLAN VLC media player before 2.0.7 has no access control which allows remote attackers to view directory listings via the 'dir' command or issue other commands without authenticating.
- CVE-2013-3565Jan 31, 2020risk 0.00cvss —epss 0.02
Multiple cross-site scripting (XSS) vulnerabilities in the HTTP Interface in VideoLAN VLC Media Player before 2.0.7 allow remote attackers to inject arbitrary web script or HTML via the (1) command parameter to requests/vlm_cmd.xml, (2) dir parameter to requests/browse.xml, or…
- CVE-2014-9625Jan 24, 2020risk 0.00cvss —epss 0.02
The GetUpdateFile function in misc/update.c in the Updater in VideoLAN VLC media player before 2.1.6 performs an incorrect cast operation from a 64-bit integer to a 32-bit integer, which allows remote attackers to conduct buffer overflow attacks and execute arbitrary code via a…
- CVE-2014-9626Jan 24, 2020risk 0.00cvss —epss 0.01
Integer underflow in the MP4_ReadBox_String function in modules/demux/mp4/libmp4.c in VideoLAN VLC media player before 2.1.6 allows remote attackers to cause a denial of service or possibly have unspecified other impact via a box size less than 7.
- CVE-2014-9627Jan 24, 2020risk 0.00cvss —epss 0.01
The MP4_ReadBox_String function in modules/demux/mp4/libmp4.c in VideoLAN VLC media player before 2.1.6 performs an incorrect cast operation from a 64-bit integer to a 32-bit integer, which allows remote attackers to cause a denial of service or possibly have unspecified other…
- CVE-2014-9628Jan 24, 2020risk 0.00cvss —epss 0.02
The MP4_ReadBox_String function in modules/demux/mp4/libmp4.c in VideoLAN VLC media player before 2.1.6 allows remote attackers to trigger an unintended zero-size malloc and conduct buffer overflow attacks, and consequently execute arbitrary code, via a box size of 7.
- CVE-2014-9629Jan 24, 2020risk 0.00cvss —epss 0.02
Integer overflow in the Encode function in modules/codec/schroedinger.c in VideoLAN VLC media player before 2.1.6 and 2.2.x before 2.2.1 allows remote attackers to conduct buffer overflow attacks and execute arbitrary code via a crafted length value.
- CVE-2014-9630Jan 24, 2020risk 0.00cvss —epss 0.01
The rtp_packetize_xiph_config function in modules/stream_out/rtpfmt.c in VideoLAN VLC media player before 2.1.6 uses a stack-allocation approach with a size determined by arbitrary input data, which allows remote attackers to cause a denial of service (memory corruption) or…
- CVE-2019-18278Oct 23, 2019risk 0.00cvss —epss 0.00
When executing VideoLAN VLC media player 3.0.8 with libqt on Windows, Data from a Faulting Address controls Code Flow starting at libqt_plugin!vlc_entry_license__3_0_0f+0x00000000003b9aba. NOTE: the VideoLAN security team indicates that they have not been contacted, and have no…
- CVE-2019-14970Aug 29, 2019risk 0.00cvss —epss 0.02
A vulnerability in mkv::event_thread_t in VideoLAN VLC media player 3.0.7.1 allows remote attackers to trigger a heap-based buffer overflow via a crafted .mkv file.
- CVE-2019-14777Aug 29, 2019risk 0.00cvss —epss 0.01
The Control function of demux/mkv/mkv.cpp in VideoLAN VLC media player 3.0.7.1 has a use-after-free.
- CVE-2019-14778Aug 29, 2019risk 0.00cvss —epss 0.01
The mkv::virtual_segment_c::seek method of demux/mkv/virtual_segment.cpp in VideoLAN VLC media player 3.0.7.1 has a use-after-free.
- CVE-2019-14776Aug 29, 2019risk 0.00cvss —epss 0.01
A heap-based buffer over-read exists in DemuxInit() in demux/asf/asf.c in VideoLAN VLC media player 3.0.7.1 via a crafted .mkv file.
- CVE-2019-14533Aug 29, 2019risk 0.00cvss —epss 0.01
The Control function of demux/asf/asf.c in VideoLAN VLC media player 3.0.7.1 has a use-after-free.
- CVE-2019-14534Aug 29, 2019risk 0.00cvss —epss 0.01
In VideoLAN VLC media player 3.0.7.1, there is a NULL pointer dereference at the function SeekPercent of demux/asf/asf.c that will lead to a denial of service attack.
- CVE-2019-14535Aug 29, 2019risk 0.00cvss —epss 0.01
A divide-by-zero error exists in the SeekIndex function of demux/asf/asf.c in VideoLAN VLC media player 3.0.7.1. As a result, an FPE can be triggered via a crafted WMV file.
- CVE-2019-14498Aug 29, 2019risk 0.00cvss —epss 0.02
A divide-by-zero error exists in the Control function of demux/caf.c in VideoLAN VLC media player 3.0.7.1. As a result, an FPE can be triggered via a crafted CAF file.
- CVE-2019-14438Aug 29, 2019risk 0.00cvss —epss 0.02
A heap-based buffer over-read in xiph_PackHeaders() in modules/demux/xiph.h in VideoLAN VLC media player 3.0.7.1 allows remote attackers to trigger a heap-based buffer over-read via a crafted .ogg file.
- CVE-2019-14437Aug 29, 2019risk 0.00cvss —epss 0.01
The xiph_SplitHeaders function in modules/demux/xiph.h in VideoLAN VLC media player 3.0.7.1 does not check array bounds properly. As a result, a heap-based buffer over-read can be triggered via a crafted .ogg file.
- CVE-2019-5460Jul 30, 2019risk 0.00cvss —epss 0.03
Double Free in VLC versions <= 3.0.6 leads to a crash.
- CVE-2019-13962Jul 18, 2019risk 0.00cvss —epss 0.04
lavc_CopyPicture in modules/codec/avcodec/video.c in VideoLAN VLC media player through 3.0.7 has a heap-based buffer over-read because it does not properly validate the width and height.
- CVE-2019-13615Jul 16, 2019risk 0.00cvss —epss 0.02
libebml before 1.3.6, as used in the MKV module in VideoLAN VLC Media Player binaries before 3.0.3, has a heap-based buffer over-read in EbmlElement::FindNextElement.
- CVE-2019-13602Jul 14, 2019risk 0.00cvss —epss 0.02
An Integer Underflow in MP4_EIA608_Convert() in modules/demux/mp4/mp4.c in VideoLAN VLC media player through 3.0.7.1 allows remote attackers to cause a denial of service (heap-based buffer overflow and crash) or possibly have unspecified other impact via a crafted .mp4 file.
- CVE-2019-12874Jun 18, 2019risk 0.00cvss —epss 0.02
An issue was discovered in zlib_decompress_extra in modules/demux/mkv/util.cpp in VideoLAN VLC media player 3.x through 3.0.7. The Matroska demuxer, while parsing a malformed MKV file type, has a double free.
- CVE-2018-19937Dec 31, 2018risk 0.00cvss —epss 0.00
A local, authenticated attacker can bypass the passcode in the VideoLAN VLC media player app before 3.1.5 for iOS by opening a URL and turning the phone.
Page 2 of 3