Vlc Media Player Security Vulnerabilities and Issues — Vlc Media Player CVE List

Lucene search

VideolanVlc Media Player

7 matches found

CVE•added 2020/01/31 10:15 p.m.•154 views

CVE-2013-3565

Multiple cross-site scripting (XSS) vulnerabilities in the HTTP Interface in VideoLAN VLC Media Player before 2.0.7 allow remote attackers to inject arbitrary web script or HTML via the (1) command parameter to requests/vlm_cmd.xml, (2) dir parameter to requests/browse.xml, or (3) URI in a request,...

6.1CVSS6.1AI score0.00394EPSS

CVE•added 2020/01/24 10:15 p.m.•128 views

CVE-2014-9626

Integer underflow in the MP4_ReadBox_String function in modules/demux/mp4/libmp4.c in VideoLAN VLC media player before 2.1.6 allows remote attackers to cause a denial of service or possibly have unspecified other impact via a box size less than 7.

7.8CVSS7.9AI score0.00474EPSS

CVE•added 2020/01/24 10:15 p.m.•124 views

CVE-2014-9629

Integer overflow in the Encode function in modules/codec/schroedinger.c in VideoLAN VLC media player before 2.1.6 and 2.2.x before 2.2.1 allows remote attackers to conduct buffer overflow attacks and execute arbitrary code via a crafted length value.

7.8CVSS7.8AI score0.04497EPSS

CVE•added 2020/01/24 10:15 p.m.•76 views

CVE-2014-9628

The MP4_ReadBox_String function in modules/demux/mp4/libmp4.c in VideoLAN VLC media player before 2.1.6 allows remote attackers to trigger an unintended zero-size malloc and conduct buffer overflow attacks, and consequently execute arbitrary code, via a box size of 7.

7.8CVSS7.8AI score0.01634EPSS

CVE•added 2020/01/24 10:15 p.m.•75 views

CVE-2014-9625

The GetUpdateFile function in misc/update.c in the Updater in VideoLAN VLC media player before 2.1.6 performs an incorrect cast operation from a 64-bit integer to a 32-bit integer, which allows remote attackers to conduct buffer overflow attacks and execute arbitrary code via a crafted update statu...

7.8CVSS7.8AI score0.04218EPSS

CVE•added 2020/01/24 10:15 p.m.•75 views

CVE-2014-9627

The MP4_ReadBox_String function in modules/demux/mp4/libmp4.c in VideoLAN VLC media player before 2.1.6 performs an incorrect cast operation from a 64-bit integer to a 32-bit integer, which allows remote attackers to cause a denial of service or possibly have unspecified other impact via a large bo...

7.8CVSS7.9AI score0.00338EPSS

CVE•added 2020/01/24 10:15 p.m.•57 views

CVE-2014-9630

The rtp_packetize_xiph_config function in modules/stream_out/rtpfmt.c in VideoLAN VLC media player before 2.1.6 uses a stack-allocation approach with a size determined by arbitrary input data, which allows remote attackers to cause a denial of service (memory corruption) or possibly have unspecifie...

7.8CVSS7.9AI score0.00558EPSS