Filtered by vendor Videolan
Subscriptions
Filtered by product Vlc Media Player
Subscriptions
Total
113 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2019-14777 | 2 Debian, Videolan | 2 Debian Linux, Vlc Media Player | 2020-08-18 | N/A |
| The Control function of demux/mkv/mkv.cpp in VideoLAN VLC media player 3.0.7.1 has a use-after-free. | ||||
| CVE-2019-14776 | 2 Debian, Videolan | 2 Debian Linux, Vlc Media Player | 2020-08-18 | N/A |
| A heap-based buffer over-read exists in DemuxInit() in demux/asf/asf.c in VideoLAN VLC media player 3.0.7.1 via a crafted .mkv file. | ||||
| CVE-2019-14535 | 2 Debian, Videolan | 2 Debian Linux, Vlc Media Player | 2020-08-18 | N/A |
| A divide-by-zero error exists in the SeekIndex function of demux/asf/asf.c in VideoLAN VLC media player 3.0.7.1. As a result, an FPE can be triggered via a crafted WMV file. | ||||
| CVE-2019-14534 | 2 Debian, Videolan | 2 Debian Linux, Vlc Media Player | 2020-08-18 | N/A |
| In VideoLAN VLC media player 3.0.7.1, there is a NULL pointer dereference at the function SeekPercent of demux/asf/asf.c that will lead to a denial of service attack. | ||||
| CVE-2019-14533 | 2 Debian, Videolan | 2 Debian Linux, Vlc Media Player | 2020-08-18 | N/A |
| The Control function of demux/asf/asf.c in VideoLAN VLC media player 3.0.7.1 has a use-after-free. | ||||
| CVE-2019-14498 | 2 Debian, Videolan | 2 Debian Linux, Vlc Media Player | 2020-08-18 | N/A |
| A divide-by-zero error exists in the Control function of demux/caf.c in VideoLAN VLC media player 3.0.7.1. As a result, an FPE can be triggered via a crafted CAF file. | ||||
| CVE-2019-14438 | 2 Debian, Videolan | 2 Debian Linux, Vlc Media Player | 2020-08-18 | N/A |
| A heap-based buffer over-read in xiph_PackHeaders() in modules/demux/xiph.h in VideoLAN VLC media player 3.0.7.1 allows remote attackers to trigger a heap-based buffer over-read via a crafted .ogg file. | ||||
| CVE-2013-3564 | 1 Videolan | 1 Vlc Media Player | 2020-02-12 | 5.3 Medium |
| The web interface in VideoLAN VLC media player before 2.0.7 has no access control which allows remote attackers to view directory listings via the 'dir' command or issue other commands without authenticating. | ||||
| CVE-2014-9627 | 1 Videolan | 1 Vlc Media Player | 2020-01-29 | 7.8 High |
| The MP4_ReadBox_String function in modules/demux/mp4/libmp4.c in VideoLAN VLC media player before 2.1.6 performs an incorrect cast operation from a 64-bit integer to a 32-bit integer, which allows remote attackers to cause a denial of service or possibly have unspecified other impact via a large box size. | ||||
| CVE-2014-9626 | 1 Videolan | 1 Vlc Media Player | 2020-01-29 | 7.8 High |
| Integer underflow in the MP4_ReadBox_String function in modules/demux/mp4/libmp4.c in VideoLAN VLC media player before 2.1.6 allows remote attackers to cause a denial of service or possibly have unspecified other impact via a box size less than 7. | ||||
| CVE-2014-9628 | 1 Videolan | 1 Vlc Media Player | 2020-01-29 | 7.8 High |
| The MP4_ReadBox_String function in modules/demux/mp4/libmp4.c in VideoLAN VLC media player before 2.1.6 allows remote attackers to trigger an unintended zero-size malloc and conduct buffer overflow attacks, and consequently execute arbitrary code, via a box size of 7. | ||||
| CVE-2014-9625 | 1 Videolan | 1 Vlc Media Player | 2020-01-29 | 7.8 High |
| The GetUpdateFile function in misc/update.c in the Updater in VideoLAN VLC media player before 2.1.6 performs an incorrect cast operation from a 64-bit integer to a 32-bit integer, which allows remote attackers to conduct buffer overflow attacks and execute arbitrary code via a crafted update status file, aka an "integer truncation" vulnerability. | ||||
| CVE-2014-9629 | 1 Videolan | 1 Vlc Media Player | 2020-01-29 | 7.8 High |
| Integer overflow in the Encode function in modules/codec/schroedinger.c in VideoLAN VLC media player before 2.1.6 and 2.2.x before 2.2.1 allows remote attackers to conduct buffer overflow attacks and execute arbitrary code via a crafted length value. | ||||
| CVE-2014-9630 | 1 Videolan | 1 Vlc Media Player | 2020-01-29 | 7.8 High |
| The rtp_packetize_xiph_config function in modules/stream_out/rtpfmt.c in VideoLAN VLC media player before 2.1.6 uses a stack-allocation approach with a size determined by arbitrary input data, which allows remote attackers to cause a denial of service (memory corruption) or possibly have unspecified other impact via a crafted length value. | ||||
| CVE-2013-6934 | 2 Live555, Videolan | 2 Streaming Media, Vlc Media Player | 2019-09-12 | N/A |
| The parseRTSPRequestString function in Live Networks Live555 Streaming Media 2013.11.26, as used in VideoLAN VLC Media Player, allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a space character at the beginning of an RTSP message, which triggers an integer underflow, infinite loop, and buffer overflow. NOTE: this vulnerability exists because of an incomplete fix for CVE-2013-6933. | ||||
| CVE-2019-5439 | 1 Videolan | 1 Vlc Media Player | 2019-08-26 | N/A |
| A Buffer Overflow in VLC Media Player < 3.0.7 causes a crash which can possibly be further developed into a remote code execution exploit. | ||||
| CVE-2017-17670 | 2 Debian, Videolan | 2 Debian Linux, Vlc Media Player | 2019-04-26 | N/A |
| In VideoLAN VLC media player through 2.2.8, there is a type conversion vulnerability in modules/demux/mp4/libmp4.c in the MP4 demux module leading to a invalid free, because the type of a box may be changed between a read operation and a free operation. | ||||
| CVE-2018-11529 | 2 Debian, Videolan | 2 Debian Linux, Vlc Media Player | 2019-03-21 | N/A |
| VideoLAN VLC media player 2.2.x is prone to a use after free vulnerability which an attacker can leverage to execute arbitrary code via crafted MKV files. Failed exploit attempts will likely result in denial of service conditions. | ||||
| CVE-2007-3468 | 1 Videolan | 1 Vlc Media Player | 2018-10-16 | N/A |
| input.c in VideoLAN VLC Media Player before 0.8.6c allows remote attackers to cause a denial of service (crash) via a crafted WAV file that causes an uninitialized i_nb_resamplers variable to be used. | ||||
| CVE-2007-3467 | 1 Videolan | 1 Vlc Media Player | 2018-10-16 | N/A |
| Integer overflow in the __status_Update function in stats.c VideoLAN VLC Media Player before 0.8.6c allows remote attackers to cause a denial of service (crash) via a WAV file with a large sample rate. | ||||