Vlc_media_player - Vulncode-DB

Product:
Vlc_media_player
(Videolan)

Repositories	https://git.videolan.org/git/vlc.git
#Vulnerabilities	83

Date	ID	Summary	Products	Score	Patch
2019-07-30	CVE-2019-5460	Double Free in VLC versions <= 3.0.6 leads to a crash.	Vlc_media_player	5.5
2019-07-30	CVE-2019-5459	An Integer underflow in VLC Media Player versions < 3.0.7 leads to an out-of-band read.	Vlc_media_player	7.1
2019-07-18	CVE-2019-13962	lavc_CopyPicture in modules/codec/avcodec/video.c in VideoLAN VLC media player through 3.0.7 has a heap-based buffer over-read because it does not properly validate the width and height.	Vlc_media_player	9.8
2019-07-14	CVE-2019-13602	An Integer Underflow in MP4_EIA608_Convert() in modules/demux/mp4/mp4.c in VideoLAN VLC media player through 3.0.7.1 allows remote attackers to cause a denial of service (heap-based buffer overflow and crash) or possibly have unspecified other impact via a crafted .mp4 file.	Vlc_media_player	8.8
2018-12-05	CVE-2018-19857	The CAF demuxer in modules/demux/caf.c in VideoLAN VLC media player 3.0.4 may read memory from an uninitialized pointer when processing magic cookies in CAF files, because a ReadKukiChunk() cast converts a return value to an unsigned int even if that value is negative. This could result in a denial of service and/or a potential infoleak.	Debian_linux, Vlc_media_player	9.1
2019-07-16	CVE-2019-13615	libebml before 1.3.6, as used in the MKV module in VideoLAN VLC Media Player binaries before 3.0.3, has a heap-based buffer over-read in EbmlElement::FindNextElement.	Vlc_media_player	5.5
2019-06-18	CVE-2019-12874	An issue was discovered in zlib_decompress_extra in modules/demux/mkv/util.cpp in VideoLAN VLC media player 3.x through 3.0.7. The Matroska demuxer, while parsing a malformed MKV file type, has a double free.	Vlc_media_player	9.8
2019-06-13	CVE-2019-5439	A Buffer Overflow in VLC Media Player < 3.0.7 causes a crash which can possibly be further developed into a remote code execution exploit.	Vlc_media_player	6.5
2017-12-15	CVE-2017-17670	In VideoLAN VLC media player through 2.2.8, there is a type conversion vulnerability in modules/demux/mp4/libmp4.c in the MP4 demux module leading to a invalid free, because the type of a box may be changed between a read operation and a free operation.	Debian_linux, Vlc_media_player	8.8
2018-07-11	CVE-2018-11529	VideoLAN VLC media player 2.2.x is prone to a use after free vulnerability which an attacker can leverage to execute arbitrary code via crafted MKV files. Failed exploit attempts will likely result in denial of service conditions.	Debian_linux, Vlc_media_player	8.0