Note:
This project will be discontinued after December 13, 2021. [more]
Product:
Vlc_media_player
(Videolan)| Repositories | https://git.videolan.org/git/vlc.git |
| #Vulnerabilities | 110 |
| Date | Id | Summary | Products | Score | Patch | Annotated |
|---|---|---|---|---|---|---|
| 2018-05-28 | CVE-2018-11516 | The vlc_demux_chained_Delete function in input/demux_chained.c in VideoLAN VLC media player 3.0.1 allows remote attackers to cause a denial of service (heap corruption and application crash) or possibly have unspecified other impact via a crafted .swf file. | Vlc_media_player | 8.8 | ||
| 2019-07-30 | CVE-2019-5460 | Double Free in VLC versions <= 3.0.6 leads to a crash. | Backports, Leap, Vlc_media_player | 5.5 | ||
| 2020-06-08 | CVE-2020-13428 | A heap-based buffer overflow in the hxxx_AnnexB_to_xVC function in modules/packetizer/hxxx_nal.c in VideoLAN VLC media player before 3.0.11 for macOS/iOS allows remote attackers to cause a denial of service (application crash) or execute arbitrary code via a crafted H.264 Annex-B video (.avi for example) file. | Debian_linux, Vlc_media_player | 7.8 | ||
| 2021-01-08 | CVE-2020-26664 | A vulnerability in EbmlTypeDispatcher::send in VideoLAN VLC media player 3.0.11 allows attackers to trigger a heap-based buffer overflow via a crafted .mkv file. | Debian_linux, Vlc_media_player | 7.8 | ||
| 2022-12-06 | CVE-2022-41325 | An integer overflow in the VNC module in VideoLAN VLC Media Player through 3.0.17.4 allows attackers, by tricking a user into opening a crafted playlist or connecting to a rogue VNC server, to crash VLC or execute code under some conditions. | Debian_linux, Vlc_media_player | 7.8 | ||
| 2021-07-26 | CVE-2021-25801 | A buffer overflow vulnerability in the __Parse_indx component of VideoLAN VLC Media Player 3.0.11 allows attackers to cause an out-of-bounds read via a crafted .avi file. | Vlc_media_player | 7.1 | ||
| 2021-07-26 | CVE-2021-25802 | A buffer overflow vulnerability in the AVI_ExtractSubtitle component of VideoLAN VLC Media Player 3.0.11 allows attackers to cause an out-of-bounds read via a crafted .avi file. | Vlc_media_player | 7.1 | ||
| 2021-07-26 | CVE-2021-25803 | A buffer overflow vulnerability in the vlc_input_attachment_New component of VideoLAN VLC Media Player 3.0.11 allows attackers to cause an out-of-bounds read via a crafted .avi file. | Vlc_media_player | 7.1 | ||
| 2019-07-14 | CVE-2019-13602 | An Integer Underflow in MP4_EIA608_Convert() in modules/demux/mp4/mp4.c in VideoLAN VLC media player through 3.0.7.1 allows remote attackers to cause a denial of service (heap-based buffer overflow and crash) or possibly have unspecified other impact via a crafted .mp4 file. | Ubuntu_linux, Debian_linux, Backports_sle, Leap, Vlc_media_player | 7.8 | ||
| 2019-07-18 | CVE-2019-13962 | lavc_CopyPicture in modules/codec/avcodec/video.c in VideoLAN VLC media player through 3.0.7 has a heap-based buffer over-read because it does not properly validate the width and height. | Ubuntu_linux, Debian_linux, Backports_sle, Leap, Vlc_media_player | 9.8 |