VYPR

Vendor CVEs

VideoLAN

All CVEs

133 total · sorted by risk
  • CVE-2018-19857Dec 5, 2018
    risk 0.00cvss epss 0.04

    The CAF demuxer in modules/demux/caf.c in VideoLAN VLC media player 3.0.4 may read memory from an uninitialized pointer when processing magic cookies in CAF files, because a ReadKukiChunk() cast converts a return value to an unsigned int even if that value is negative. This…

  • CVE-2014-9743Aug 17, 2015
    risk 0.00cvss epss 0.02

    Cross-site scripting (XSS) vulnerability in the httpd_HtmlError function in network/httpd.c in the web interface in VideoLAN VLC Media Player before 2.2.0 allows remote attackers to inject arbitrary web script or HTML via the path info.

  • CVE-2011-3623Dec 26, 2014
    risk 0.00cvss epss 0.04

    Multiple stack-based buffer overflows in VideoLAN VLC media player before 1.0.2 allow remote attackers to execute arbitrary code via (1) a crafted ASF file, related to the ASF_ObjectDumpDebug function in modules/demux/asf/libasf.c; (2) a crafted AVI file, related to the…

  • CVE-2010-2062Dec 26, 2014
    risk 0.00cvss epss 0.04

    Integer underflow in the real_get_rdt_chunk function in real.c, as used in modules/access/rtsp/real.c in VideoLAN VLC media player before 1.0.1 and stream/realrtsp/real.c in MPlayer before r29447, allows remote attackers to execute arbitrary code via a crafted length value in an…

  • CVE-2010-1445Dec 26, 2014
    risk 0.00cvss epss 0.03

    Heap-based buffer overflow in VideoLAN VLC media player before 1.0.6 allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a crafted byte stream in an RTMP session.

  • CVE-2010-1444Dec 26, 2014
    risk 0.00cvss epss 0.04

    The ZIP archive decompressor in VideoLAN VLC media player before 1.0.6 allows remote attackers to cause a denial of service (invalid memory access and application crash) or possibly execute arbitrary code via a crafted archive.

  • CVE-2010-1443Dec 26, 2014
    risk 0.00cvss epss 0.02

    The parse_track_node function in modules/demux/playlist/xspf.c in the XSPF playlist parser in VideoLAN VLC media player before 1.0.6 allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) via an empty location element in an XML…

  • CVE-2010-1442Dec 26, 2014
    risk 0.00cvss epss 0.03

    VideoLAN VLC media player before 1.0.6 allows remote attackers to cause a denial of service (invalid memory access and application crash) or possibly execute arbitrary code via a crafted byte stream to the (1) AVI, (2) ASF, or (3) Matroska (aka MKV) demuxer.

  • CVE-2010-1441Dec 26, 2014
    risk 0.00cvss epss 0.03

    Multiple heap-based buffer overflows in VideoLAN VLC media player before 1.0.6 allow remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a crafted byte stream to the (1) A/52, (2) DTS, or (3) MPEG Audio decoder.

  • CVE-2013-7340Mar 21, 2014
    risk 0.00cvss epss 0.02

    VideoLAN VLC Media Player before 2.0.7 allows remote attackers to cause a denial of service (memory consumption) via a crafted playlist file.

  • CVE-2013-4388Oct 11, 2013
    risk 0.00cvss epss 0.04

    Buffer overflow in the mp4a packetizer (modules/packetizer/mpeg4audio.c) in VideoLAN VLC Media Player before 2.0.8 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via unspecified vectors.

  • CVE-2013-1954Jul 10, 2013
    risk 0.00cvss epss 0.06

    The ASF Demuxer (modules/demux/asf/asf.c) in VideoLAN VLC media player 2.0.5 and earlier allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a crafted ASF movie that triggers an out-of-bounds read.

  • CVE-2012-5855Jul 10, 2013
    risk 0.00cvss epss 0.01

    The SHAddToRecentDocs function in VideoLAN VLC media player 2.0.4 and earlier might allow user-assisted attackers to cause a denial of service (crash) via a crafted file name that triggers an incorrect string-length calculation when the file is added to VLC. NOTE: it is not…

  • CVE-2012-0023Oct 30, 2012
    risk 0.00cvss epss 0.05

    Double free vulnerability in the get_chunk_header function in modules/demux/ty.c in VideoLAN VLC media player 0.9.0 through 1.1.12 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a crafted TiVo (TY) file.

  • CVE-2012-3377Jul 12, 2012
    risk 0.00cvss epss 0.04

    Heap-based buffer overflow in the Ogg_DecodePacket function in the OGG demuxer (modules/demux/ogg.c) in VideoLAN VLC media player before 2.0.2 allows remote attackers to cause a denial of service (application crash) and possibly execute arbitrary code via a crafted OGG file.

  • CVE-2012-1776Mar 19, 2012
    risk 0.00cvss epss 0.05

    Multiple heap-based buffer overflows in VideoLAN VLC media player before 2.0.1 allow remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a crafted Real RTSP stream.

  • CVE-2011-2588Jul 27, 2011
    risk 0.00cvss epss 0.04

    Heap-based buffer overflow in the AVI_ChunkRead_strf function in libavi.c in the AVI demuxer in VideoLAN VLC media player before 1.1.11 allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a crafted AVI media file.

  • CVE-2011-2587Jul 27, 2011
    risk 0.00cvss epss 0.04

    Heap-based buffer overflow in the DemuxAudioSipr function in real.c in the RealMedia demuxer in VideoLAN VLC media player 1.1.x before 1.1.11 allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a crafted Real Media file.

  • CVE-2011-1931Jul 7, 2011
    risk 0.00cvss epss 0.02

    sp5xdec.c in the Sunplus SP5X JPEG decoder in libavcodec in FFmpeg before 0.6.3 and libav through 0.6.2, as used in VideoLAN VLC media player 1.1.9 and earlier and other products, performs a write operation outside the bounds of an unspecified array, which allows remote…

  • CVE-2011-2161May 20, 2011
    risk 0.00cvss epss 0.01

    The ape_read_header function in ape.c in libavformat in FFmpeg before 0.5.4, as used in MPlayer, VideoLAN VLC media player, and other products, allows remote attackers to cause a denial of service (application crash) via an APE (aka Monkey's Audio) file that contains a header…

  • CVE-2011-1684May 3, 2011
    risk 0.00cvss epss 0.05

    Heap-based buffer overflow in the MP4_ReadBox_skcr function in libmp4.c in the MP4 demultiplexer in VideoLAN VLC media player 1.x before 1.1.9 allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a crafted MP4 file.

  • CVE-2011-0021Jan 25, 2011
    risk 0.00cvss epss 0.06

    Multiple heap-based buffer overflows in cdg.c in the CDG decoder in VideoLAN VLC Media Player before 1.1.6 allow remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a crafted CDG video.

  • CVE-2010-3907Jan 3, 2011
    risk 0.00cvss epss 0.06

    Multiple integer overflows in real.c in the Real demuxer plugin in VideoLAN VLC Media Player before 1.1.6 allow remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a zero i_subpackets value in a Real Media file, leading to a…

  • CVE-2010-2937Aug 20, 2010
    risk 0.00cvss epss 0.03

    The ReadMetaFromId3v2 function in taglib.cpp in the TagLib plugin in VideoLAN VLC media player 0.9.0 through 1.1.2 does not properly process ID3v2 tags, which allows remote attackers to cause a denial of service (application crash) via a crafted media file.

  • CVE-2008-2430Jul 7, 2008
    risk 0.00cvss epss 0.06

    Integer overflow in the Open function in modules/demux/wav.c in VLC Media Player 0.8.6h on Windows allows remote attackers to execute arbitrary code via a large fmt chunk in a WAV file.

  • CVE-2008-2147May 12, 2008
    risk 0.00cvss epss 0.00

    Untrusted search path vulnerability in VideoLAN VLC before 0.9.0 allows local users to execute arbitrary code via a malicious library under the modules/ or plugins/ subdirectories of the current working directory.

  • CVE-2008-1768Apr 25, 2008
    risk 0.00cvss epss 0.03

    Multiple integer overflows in VLC before 0.8.6f allow remote attackers to cause a denial of service (crash) via the (1) MP4 demuxer, (2) Real demuxer, and (3) Cinepak codec, which triggers a buffer overflow.

  • CVE-2007-6683Jan 17, 2008
    risk 0.00cvss epss 0.03

    The browser plugin in VideoLAN VLC 0.8.6d allows remote attackers to overwrite arbitrary files via (1) the :demuxdump-file option in a filename in a playlist, or (2) a EXTVLCOPT statement in an MP3 file, possibly an argument injection vulnerability.

  • CVE-2007-6684Jan 17, 2008
    risk 0.00cvss epss 0.02

    The RTSP module in VideoLAN VLC 0.8.6d allows remote attackers to cause a denial of service (crash) via a request without a Transport parameter, which triggers a NULL pointer dereference.

  • CVE-2008-0295Jan 16, 2008
    risk 0.00cvss epss 0.11

    Heap-based buffer overflow in modules/access/rtsp/real_sdpplin.c in the Xine library, as used in VideoLAN VLC Media Player 0.8.6d and earlier, allows user-assisted remote attackers to cause a denial of service (crash) or execute arbitrary code via long Session Description…

  • CVE-2008-0296Jan 16, 2008
    risk 0.00cvss epss 0.15

    Heap-based buffer overflow in the libaccess_realrtsp plugin in VideoLAN VLC Media Player 0.8.6d and earlier on Windows might allow remote RTSP servers to cause a denial of service (application crash) or execute arbitrary code via a long string.

  • CVE-2007-3467Jun 27, 2007
    risk 0.00cvss epss 0.03

    Integer overflow in the __status_Update function in stats.c VideoLAN VLC Media Player before 0.8.6c allows remote attackers to cause a denial of service (crash) via a WAV file with a large sample rate.

  • CVE-2007-3468Jun 27, 2007
    risk 0.00cvss epss 0.03

    input.c in VideoLAN VLC Media Player before 0.8.6c allows remote attackers to cause a denial of service (crash) via a crafted WAV file that causes an uninitialized i_nb_resamplers variable to be used.

Page 3 of 3