Product:

Vlc_media_player

(Videolan)
Repositories https://git.videolan.org/git/vlc.git
#Vulnerabilities 94
Date ID Summary Products Score Patch
2019-08-29 CVE-2019-14438 A heap-based buffer over-read in xiph_PackHeaders() in modules/demux/xiph.h in VideoLAN VLC media player 3.0.7.1 allows remote attackers to trigger a heap-based buffer over-read via a crafted .ogg file. Debian_linux, Vlc_media_player 7.8
2019-08-29 CVE-2019-14437 The xiph_SplitHeaders function in modules/demux/xiph.h in VideoLAN VLC media player 3.0.7.1 does not check array bounds properly. As a result, a heap-based buffer over-read can be triggered via a crafted .ogg file. Debian_linux, Vlc_media_player 7.8
2019-07-30 CVE-2019-5460 Double Free in VLC versions <= 3.0.6 leads to a crash. Vlc_media_player 5.5
2019-07-30 CVE-2019-5459 An Integer underflow in VLC Media Player versions < 3.0.7 leads to an out-of-band read. Vlc_media_player 7.1
2019-07-18 CVE-2019-13962 lavc_CopyPicture in modules/codec/avcodec/video.c in VideoLAN VLC media player through 3.0.7 has a heap-based buffer over-read because it does not properly validate the width and height. Vlc_media_player 9.8
2019-07-14 CVE-2019-13602 An Integer Underflow in MP4_EIA608_Convert() in modules/demux/mp4/mp4.c in VideoLAN VLC media player through 3.0.7.1 allows remote attackers to cause a denial of service (heap-based buffer overflow and crash) or possibly have unspecified other impact via a crafted .mp4 file. Vlc_media_player 8.8
2018-12-05 CVE-2018-19857 The CAF demuxer in modules/demux/caf.c in VideoLAN VLC media player 3.0.4 may read memory from an uninitialized pointer when processing magic cookies in CAF files, because a ReadKukiChunk() cast converts a return value to an unsigned int even if that value is negative. This could result in a denial of service and/or a potential infoleak. Debian_linux, Vlc_media_player 9.1
2019-07-16 CVE-2019-13615 libebml before 1.3.6, as used in the MKV module in VideoLAN VLC Media Player binaries before 3.0.3, has a heap-based buffer over-read in EbmlElement::FindNextElement. Vlc_media_player 5.5
2019-06-18 CVE-2019-12874 An issue was discovered in zlib_decompress_extra in modules/demux/mkv/util.cpp in VideoLAN VLC media player 3.x through 3.0.7. The Matroska demuxer, while parsing a malformed MKV file type, has a double free. Vlc_media_player 9.8
2019-06-13 CVE-2019-5439 A Buffer Overflow in VLC Media Player < 3.0.7 causes a crash which can possibly be further developed into a remote code execution exploit. Vlc_media_player 6.5