Filtered by vendor Videolan
Subscriptions
Filtered by product Vlc Media Player
Subscriptions
Total
114 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2008-5032 | 1 Videolan | 1 Vlc Media Player | 2025-04-09 | N/A |
| Stack-based buffer overflow in VideoLAN VLC media player 0.5.0 through 0.9.5 might allow user-assisted attackers to execute arbitrary code via the header of an invalid CUE image file, related to modules/access/vcd/cdrom.c. NOTE: this identifier originally included an issue related to RealText, but that issue has been assigned a separate identifier, CVE-2008-5036. | ||||
| CVE-2008-3732 | 1 Videolan | 1 Vlc Media Player | 2025-04-09 | N/A |
| Integer overflow in the Open function in modules/demux/tta.c in VLC Media Player 0.8.6i allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a crafted TTA file, which triggers a heap-based buffer overflow. NOTE: some of these details are obtained from third party information. | ||||
| CVE-2008-2430 | 2 Microsoft, Videolan | 2 Windows Nt, Vlc Media Player | 2025-04-09 | N/A |
| Integer overflow in the Open function in modules/demux/wav.c in VLC Media Player 0.8.6h on Windows allows remote attackers to execute arbitrary code via a large fmt chunk in a WAV file. | ||||
| CVE-2008-0984 | 2 Miro, Videolan | 2 Miro Player, Vlc Media Player | 2025-04-09 | N/A |
| The MP4 demuxer (mp4.c) for VLC media player 0.8.6d and earlier, as used in Miro Player 1.1 and earlier, allows remote attackers to overwrite arbitrary memory and execute arbitrary code via a malformed MP4 file. | ||||
| CVE-2008-0296 | 2 Microsoft, Videolan | 2 Windows, Vlc Media Player | 2025-04-09 | N/A |
| Heap-based buffer overflow in the libaccess_realrtsp plugin in VideoLAN VLC Media Player 0.8.6d and earlier on Windows might allow remote RTSP servers to cause a denial of service (application crash) or execute arbitrary code via a long string. | ||||
| CVE-2023-47360 | 1 Videolan | 1 Vlc Media Player | 2024-11-21 | 7.5 High |
| Videolan VLC prior to version 3.0.20 contains an Integer underflow that leads to an incorrect packet length. | ||||
| CVE-2023-47359 | 1 Videolan | 1 Vlc Media Player | 2024-11-21 | 9.8 Critical |
| Videolan VLC prior to version 3.0.20 contains an incorrect offset read that leads to a Heap-Based Buffer Overflow in function GetPacket() and results in a memory corruption. | ||||
| CVE-2023-46814 | 2 Microsoft, Videolan | 2 Windows, Vlc Media Player | 2024-11-21 | 7.8 High |
| A binary hijacking vulnerability exists within the VideoLAN VLC media player before 3.0.19 on Windows. The uninstaller attempts to execute code with elevated privileges out of a standard user writable location. Standard users may use this to gain arbitrary code execution as SYSTEM. | ||||
| CVE-2022-41325 | 2 Debian, Videolan | 2 Debian Linux, Vlc Media Player | 2024-11-21 | 7.8 High |
| An integer overflow in the VNC module in VideoLAN VLC Media Player through 3.0.17.4 allows attackers, by tricking a user into opening a crafted playlist or connecting to a rogue VNC server, to crash VLC or execute code under some conditions. | ||||
| CVE-2021-25804 | 1 Videolan | 1 Vlc Media Player | 2024-11-21 | 7.5 High |
| A NULL-pointer dereference in "Open" in avi.c of VideoLAN VLC Media Player 3.0.11 can a denial of service (DOS) in the application. | ||||
| CVE-2021-25803 | 1 Videolan | 1 Vlc Media Player | 2024-11-21 | 7.1 High |
| A buffer overflow vulnerability in the vlc_input_attachment_New component of VideoLAN VLC Media Player 3.0.11 allows attackers to cause an out-of-bounds read via a crafted .avi file. | ||||
| CVE-2021-25802 | 1 Videolan | 1 Vlc Media Player | 2024-11-21 | 7.1 High |
| A buffer overflow vulnerability in the AVI_ExtractSubtitle component of VideoLAN VLC Media Player 3.0.11 allows attackers to cause an out-of-bounds read via a crafted .avi file. | ||||
| CVE-2021-25801 | 1 Videolan | 1 Vlc Media Player | 2024-11-21 | 7.1 High |
| A buffer overflow vulnerability in the __Parse_indx component of VideoLAN VLC Media Player 3.0.11 allows attackers to cause an out-of-bounds read via a crafted .avi file. | ||||
| CVE-2020-26664 | 2 Debian, Videolan | 2 Debian Linux, Vlc Media Player | 2024-11-21 | 7.8 High |
| A vulnerability in EbmlTypeDispatcher::send in VideoLAN VLC media player 3.0.11 allows attackers to trigger a heap-based buffer overflow via a crafted .mkv file. | ||||
| CVE-2020-13428 | 2 Debian, Videolan | 2 Debian Linux, Vlc Media Player | 2024-11-21 | 7.8 High |
| A heap-based buffer overflow in the hxxx_AnnexB_to_xVC function in modules/packetizer/hxxx_nal.c in VideoLAN VLC media player before 3.0.11 for macOS/iOS allows remote attackers to cause a denial of service (application crash) or execute arbitrary code via a crafted H.264 Annex-B video (.avi for example) file. | ||||
| CVE-2019-5460 | 2 Opensuse, Videolan | 3 Backports, Leap, Vlc Media Player | 2024-11-21 | 5.5 Medium |
| Double Free in VLC versions <= 3.0.6 leads to a crash. | ||||
| CVE-2019-5459 | 2 Opensuse, Videolan | 4 Backports, Backports Sle, Leap and 1 more | 2024-11-21 | 7.1 High |
| An Integer underflow in VLC Media Player versions < 3.0.7 leads to an out-of-band read. | ||||
| CVE-2019-5439 | 1 Videolan | 1 Vlc Media Player | 2024-11-21 | N/A |
| A Buffer Overflow in VLC Media Player < 3.0.7 causes a crash which can possibly be further developed into a remote code execution exploit. | ||||
| CVE-2019-19721 | 1 Videolan | 1 Vlc Media Player | 2024-11-21 | 7.8 High |
| An off-by-one error in the DecodeBlock function in codec/sdl_image.c in VideoLAN VLC media player before 3.0.9 allows remote attackers to cause a denial of service (memory corruption) via a crafted image file. NOTE: this may be related to the SDL_Image product. | ||||
| CVE-2019-18278 | 2 Microsoft, Videolan | 2 Windows, Vlc Media Player | 2024-11-21 | 7.8 High |
| When executing VideoLAN VLC media player 3.0.8 with libqt on Windows, Data from a Faulting Address controls Code Flow starting at libqt_plugin!vlc_entry_license__3_0_0f+0x00000000003b9aba. NOTE: the VideoLAN security team indicates that they have not been contacted, and have no way of reproducing this issue. | ||||