#Vulnerabilities 104
Date Id Summary Products Score Patch Annotated
2014-01-23 CVE-2013-6934 The parseRTSPRequestString function in Live Networks Live555 Streaming Media 2013.11.26, as used in VideoLAN VLC Media Player, allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a space character at the beginning of an RTSP message, which triggers an integer underflow, infinite loop, and buffer overflow. NOTE: this vulnerability exists because of an incomplete fix for CVE-2013-6933. Streaming_media, Vlc_media_player N/A
2019-07-30 CVE-2019-5460 Double Free in VLC versions <= 3.0.6 leads to a crash. Vlc_media_player 5.5
2019-07-30 CVE-2019-5459 An Integer underflow in VLC Media Player versions < 3.0.7 leads to an out-of-band read. Vlc_media_player 7.1
2019-07-18 CVE-2019-13962 lavc_CopyPicture in modules/codec/avcodec/video.c in VideoLAN VLC media player through 3.0.7 has a heap-based buffer over-read because it does not properly validate the width and height. Vlc_media_player 9.8
2019-07-14 CVE-2019-13602 An Integer Underflow in MP4_EIA608_Convert() in modules/demux/mp4/mp4.c in VideoLAN VLC media player through allows remote attackers to cause a denial of service (heap-based buffer overflow and crash) or possibly have unspecified other impact via a crafted .mp4 file. Vlc_media_player 8.8
2018-12-05 CVE-2018-19857 The CAF demuxer in modules/demux/caf.c in VideoLAN VLC media player 3.0.4 may read memory from an uninitialized pointer when processing magic cookies in CAF files, because a ReadKukiChunk() cast converts a return value to an unsigned int even if that value is negative. This could result in a denial of service and/or a potential infoleak. Debian_linux, Vlc_media_player 9.1
2019-07-16 CVE-2019-13615 libebml before 1.3.6, as used in the MKV module in VideoLAN VLC Media Player binaries before 3.0.3, has a heap-based buffer over-read in EbmlElement::FindNextElement. Vlc_media_player 5.5
2019-06-18 CVE-2019-12874 An issue was discovered in zlib_decompress_extra in modules/demux/mkv/util.cpp in VideoLAN VLC media player 3.x through 3.0.7. The Matroska demuxer, while parsing a malformed MKV file type, has a double free. Vlc_media_player 9.8
2019-06-13 CVE-2019-5439 A Buffer Overflow in VLC Media Player < 3.0.7 causes a crash which can possibly be further developed into a remote code execution exploit. Vlc_media_player 6.5
2017-12-15 CVE-2017-17670 In VideoLAN VLC media player through 2.2.8, there is a type conversion vulnerability in modules/demux/mp4/libmp4.c in the MP4 demux module leading to a invalid free, because the type of a box may be changed between a read operation and a free operation. Debian_linux, Vlc_media_player 8.8