Vlc Media Player Security Vulnerabilities and Issues — Vlc Media Player CVE List

Lucene search

VideolanVlc Media Player

11 matches found

CVE•added 2019/07/16 5:15 p.m.•219 views

CVE-2019-13615

libebml before 1.3.6, as used in the MKV module in VideoLAN VLC Media Player binaries before 3.0.3, has a heap-based buffer over-read in EbmlElement::FindNextElement.

5.5CVSS5.3AI score0.003EPSS

CVE•added 2019/08/29 7:15 p.m.•156 views

CVE-2019-14534

In VideoLAN VLC media player 3.0.7.1, there is a NULL pointer dereference at the function SeekPercent of demux/asf/asf.c that will lead to a denial of service attack.

5.5CVSS6.8AI score0.00177EPSS

CVE•added 2019/07/30 9:15 p.m.•138 views

CVE-2019-5460

Double Free in VLC versions

5.5CVSS7AI score0.00659EPSS

CVE•added 2020/02/06 10:15 p.m.•79 views

CVE-2013-3564

The web interface in VideoLAN VLC media player before 2.0.7 has no access control which allows remote attackers to view directory listings via the 'dir' command or issue other commands without authenticating.

5.3CVSS5.4AI score0.00233EPSS

CVE•added 2017/05/23 9:29 p.m.•64 views

CVE-2017-8312

Heap out-of-bound read in ParseJSS in VideoLAN VLC due to missing check of string length allows attackers to read heap uninitialized data via a crafted subtitles file.

5.5CVSS5.8AI score0.00338EPSS

CVE•added 2017/05/23 9:29 p.m.•61 views

CVE-2017-8313

Heap out-of-bound read in ParseJSS in VideoLAN VLC before 2.2.5 due to missing check of string termination allows attackers to read data beyond allocated memory and potentially crash the process via a crafted subtitles file.

5.5CVSS5.9AI score0.00323EPSS

CVE•added 2017/05/23 9:29 p.m.•57 views

CVE-2017-8310

Heap out-of-bound read in CreateHtmlSubtitle in VideoLAN VLC 2.2.x due to missing check of string termination allows attackers to read data beyond allocated memory and potentially crash the process (causing a denial of service) via a crafted subtitles file.

5.5CVSS5.8AI score0.00354EPSS

CVE•added 2014/12/26 8:59 p.m.•48 views

CVE-2010-1443

The parse_track_node function in modules/demux/playlist/xspf.c in the XSPF playlist parser in VideoLAN VLC media player before 1.0.6 allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) via an empty location element in an XML Shareable Playlist Forma...

5CVSS6.4AI score0.00535EPSS

CVE•added 2016/04/18 3:59 p.m.•46 views

CVE-2016-3941

Buffer overflow in the AStreamPeekStream function in input/stream.c in VideoLAN VLC media player before 2.2.0 allows remote attackers to cause a denial of service (crash) via a crafted wav file, related to "seek across EOF."

5.5CVSS5.5AI score0.00307EPSS

CVE•added 2010/08/20 6:0 p.m.•44 views

CVE-2010-2937

The ReadMetaFromId3v2 function in taglib.cpp in the TagLib plugin in VideoLAN VLC media player 0.9.0 through 1.1.2 does not properly process ID3v2 tags, which allows remote attackers to cause a denial of service (application crash) via a crafted media file.

5CVSS6.2AI score0.01215EPSS

CVE•added 2009/03/23 4:30 p.m.•43 views

CVE-2009-1045

requests/status.xml in VLC 0.9.8a allows remote attackers to cause a denial of service (stack consumption and crash) via a long input argument in an in_play action.

5CVSS6.5AI score0.08711EPSS