Vlc Media Player@* Security Vulnerabilities and Issues — Vlc Media Player@* CVE List

Lucene search

VideolanVlc Media Player*

19 matches found

CVE•added 2020/06/08 7:15 p.m.•232 views

CVE-2020-13428

A heap-based buffer overflow in the hxxx_AnnexB_to_xVC function in modules/packetizer/hxxx_nal.c in VideoLAN VLC media player before 3.0.11 for macOS/iOS allows remote attackers to cause a denial of service (application crash) or execute arbitrary code via a crafted H.264 Annex-B video (.avi for ex...

7.8CVSS7.8AI score0.0692EPSS

CVE•added 2019/07/16 5:15 p.m.•224 views

CVE-2019-13615

libebml before 1.3.6, as used in the MKV module in VideoLAN VLC Media Player binaries before 3.0.3, has a heap-based buffer over-read in EbmlElement::FindNextElement.

5.5CVSS5.3AI score0.003EPSS

CVE•added 2021/01/08 6:15 p.m.•202 views

CVE-2020-26664

A vulnerability in EbmlTypeDispatcher::send in VideoLAN VLC media player 3.0.11 allows attackers to trigger a heap-based buffer overflow via a crafted .mkv file.

7.8CVSS7.5AI score0.00292EPSS

CVE•added 2019/06/13 4:29 p.m.•176 views

CVE-2019-5439

A Buffer Overflow in VLC Media Player

6.5CVSS8.1AI score0.15839EPSS

CVE•added 2019/07/30 9:15 p.m.•168 views

CVE-2019-5459

An Integer underflow in VLC Media Player versions

7.1CVSS7.8AI score0.00944EPSS

CVE•added 2020/01/31 10:15 p.m.•155 views

CVE-2013-3565

Multiple cross-site scripting (XSS) vulnerabilities in the HTTP Interface in VideoLAN VLC Media Player before 2.0.7 allow remote attackers to inject arbitrary web script or HTML via the (1) command parameter to requests/vlm_cmd.xml, (2) dir parameter to requests/browse.xml, or (3) URI in a request,...

6.1CVSS6.1AI score0.00394EPSS

Web

CVE•added 2020/05/15 6:15 p.m.•146 views

CVE-2019-19721

An off-by-one error in the DecodeBlock function in codec/sdl_image.c in VideoLAN VLC media player before 3.0.9 allows remote attackers to cause a denial of service (memory corruption) via a crafted image file. NOTE: this may be related to the SDL_Image product.

7.8CVSS6.2AI score0.01303EPSS

CVE•added 2023/11/07 4:15 p.m.•141 views

CVE-2023-47359

Videolan VLC prior to version 3.0.20 contains an incorrect offset read that leads to a Heap-Based Buffer Overflow in function GetPacket() and results in a memory corruption.

9.8CVSS9.1AI score0.00126EPSS

CVE•added 2020/01/24 10:15 p.m.•129 views

CVE-2014-9626

Integer underflow in the MP4_ReadBox_String function in modules/demux/mp4/libmp4.c in VideoLAN VLC media player before 2.1.6 allows remote attackers to cause a denial of service or possibly have unspecified other impact via a box size less than 7.

7.8CVSS7.9AI score0.00474EPSS

CVE•added 2020/01/24 10:15 p.m.•126 views

CVE-2014-9629

Integer overflow in the Encode function in modules/codec/schroedinger.c in VideoLAN VLC media player before 2.1.6 and 2.2.x before 2.2.1 allows remote attackers to conduct buffer overflow attacks and execute arbitrary code via a crafted length value.

7.8CVSS7.8AI score0.04497EPSS

CVE•added 2023/11/07 4:15 p.m.•107 views

CVE-2023-47360

Videolan VLC prior to version 3.0.20 contains an Integer underflow that leads to an incorrect packet length.

7.5CVSS8.3AI score0.00094EPSS

CVE•added 2020/02/06 10:15 p.m.•80 views

CVE-2013-3564

The web interface in VideoLAN VLC media player before 2.0.7 has no access control which allows remote attackers to view directory listings via the 'dir' command or issue other commands without authenticating.

5.3CVSS5.4AI score0.00233EPSS

CVE•added 2020/01/24 10:15 p.m.•77 views

CVE-2014-9628

The MP4_ReadBox_String function in modules/demux/mp4/libmp4.c in VideoLAN VLC media player before 2.1.6 allows remote attackers to trigger an unintended zero-size malloc and conduct buffer overflow attacks, and consequently execute arbitrary code, via a box size of 7.

7.8CVSS7.8AI score0.01634EPSS

CVE•added 2020/01/24 10:15 p.m.•76 views

CVE-2014-9625

The GetUpdateFile function in misc/update.c in the Updater in VideoLAN VLC media player before 2.1.6 performs an incorrect cast operation from a 64-bit integer to a 32-bit integer, which allows remote attackers to conduct buffer overflow attacks and execute arbitrary code via a crafted update statu...

7.8CVSS7.8AI score0.04218EPSS

CVE•added 2020/01/24 10:15 p.m.•76 views

CVE-2014-9627

The MP4_ReadBox_String function in modules/demux/mp4/libmp4.c in VideoLAN VLC media player before 2.1.6 performs an incorrect cast operation from a 64-bit integer to a 32-bit integer, which allows remote attackers to cause a denial of service or possibly have unspecified other impact via a large bo...

7.8CVSS7.9AI score0.00338EPSS

CVE•added 2017/05/23 9:29 p.m.•65 views

CVE-2017-8312

Heap out-of-bound read in ParseJSS in VideoLAN VLC due to missing check of string length allows attackers to read heap uninitialized data via a crafted subtitles file.

5.5CVSS5.8AI score0.00338EPSS

CVE•added 2020/01/24 10:15 p.m.•58 views

CVE-2014-9630

The rtp_packetize_xiph_config function in modules/stream_out/rtpfmt.c in VideoLAN VLC media player before 2.1.6 uses a stack-allocation approach with a size determined by arbitrary input data, which allows remote attackers to cause a denial of service (memory corruption) or possibly have unspecifie...

7.8CVSS7.9AI score0.00558EPSS

CVE•added 2023/11/22 5:15 a.m.•49 views

CVE-2023-46814

A binary hijacking vulnerability exists within the VideoLAN VLC media player before 3.0.19 on Windows. The uninstaller attempts to execute code with elevated privileges out of a standard user writable location. Standard users may use this to gain arbitrary code execution as SYSTEM.

7.8CVSS8AI score0.00107EPSS

CVE•added 2014/01/23 9:55 p.m.•41 views

CVE-2013-6934

The parseRTSPRequestString function in Live Networks Live555 Streaming Media 2013.11.26, as used in VideoLAN VLC Media Player, allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a space character at the beginning of an RTSP message, which triggers a...

7.5CVSS7.8AI score0.03978EPSS