#Vulnerabilities 103
Date ID Summary Products Score Patch
2019-07-30 CVE-2019-5460 Double Free in VLC versions <= 3.0.6 leads to a crash. Vlc_media_player 5.5
2019-07-30 CVE-2019-5459 An Integer underflow in VLC Media Player versions < 3.0.7 leads to an out-of-band read. Vlc_media_player 7.1
2019-07-18 CVE-2019-13962 lavc_CopyPicture in modules/codec/avcodec/video.c in VideoLAN VLC media player through 3.0.7 has a heap-based buffer over-read because it does not properly validate the width and height. Vlc_media_player 9.8
2019-07-14 CVE-2019-13602 An Integer Underflow in MP4_EIA608_Convert() in modules/demux/mp4/mp4.c in VideoLAN VLC media player through allows remote attackers to cause a denial of service (heap-based buffer overflow and crash) or possibly have unspecified other impact via a crafted .mp4 file. Vlc_media_player 8.8
2018-12-05 CVE-2018-19857 The CAF demuxer in modules/demux/caf.c in VideoLAN VLC media player 3.0.4 may read memory from an uninitialized pointer when processing magic cookies in CAF files, because a ReadKukiChunk() cast converts a return value to an unsigned int even if that value is negative. This could result in a denial of service and/or a potential infoleak. Debian_linux, Vlc_media_player 9.1
2019-07-16 CVE-2019-13615 libebml before 1.3.6, as used in the MKV module in VideoLAN VLC Media Player binaries before 3.0.3, has a heap-based buffer over-read in EbmlElement::FindNextElement. Vlc_media_player 5.5
2019-06-18 CVE-2019-12874 An issue was discovered in zlib_decompress_extra in modules/demux/mkv/util.cpp in VideoLAN VLC media player 3.x through 3.0.7. The Matroska demuxer, while parsing a malformed MKV file type, has a double free. Vlc_media_player 9.8
2019-06-13 CVE-2019-5439 A Buffer Overflow in VLC Media Player < 3.0.7 causes a crash which can possibly be further developed into a remote code execution exploit. Vlc_media_player 6.5
2017-12-15 CVE-2017-17670 In VideoLAN VLC media player through 2.2.8, there is a type conversion vulnerability in modules/demux/mp4/libmp4.c in the MP4 demux module leading to a invalid free, because the type of a box may be changed between a read operation and a free operation. Debian_linux, Vlc_media_player 8.8
2018-07-11 CVE-2018-11529 VideoLAN VLC media player 2.2.x is prone to a use after free vulnerability which an attacker can leverage to execute arbitrary code via crafted MKV files. Failed exploit attempts will likely result in denial of service conditions. Debian_linux, Vlc_media_player 8.0