Vulnerabilities (CVE)

Join the Common Vulnerabilities and Exposures (CVE) community and start to get notified about new vulnerabilities.

Filtered by vendor Videolan Subscribe
Total 122 CVE
CVE Vendors Products Updated CVSS v2 CVSS v3
CVE-2015-7810 4 Debian, Fedoraproject, Redhat and 1 more 4 Debian Linux, Fedora, Enterprise Linux and 1 more 2020-08-18 3.3 LOW 4.7 MEDIUM
libbluray MountManager class has a time-of-check time-of-use (TOCTOU) race when expanding JAR files
CVE-2019-14778 2 Debian, Videolan 2 Debian Linux, Vlc Media Player 2020-08-18 6.8 MEDIUM 7.8 HIGH
The mkv::virtual_segment_c::seek method of demux/mkv/virtual_segment.cpp in VideoLAN VLC media player 3.0.7.1 has a use-after-free.
CVE-2019-14535 2 Debian, Videolan 2 Debian Linux, Vlc Media Player 2020-08-18 6.8 MEDIUM 7.8 HIGH
A divide-by-zero error exists in the SeekIndex function of demux/asf/asf.c in VideoLAN VLC media player 3.0.7.1. As a result, an FPE can be triggered via a crafted WMV file.
CVE-2019-14777 2 Debian, Videolan 2 Debian Linux, Vlc Media Player 2020-08-18 6.8 MEDIUM 7.8 HIGH
The Control function of demux/mkv/mkv.cpp in VideoLAN VLC media player 3.0.7.1 has a use-after-free.
CVE-2019-14533 2 Debian, Videolan 2 Debian Linux, Vlc Media Player 2020-08-18 6.8 MEDIUM 7.8 HIGH
The Control function of demux/asf/asf.c in VideoLAN VLC media player 3.0.7.1 has a use-after-free.
CVE-2019-14498 2 Debian, Videolan 2 Debian Linux, Vlc Media Player 2020-08-18 6.8 MEDIUM 7.8 HIGH
A divide-by-zero error exists in the Control function of demux/caf.c in VideoLAN VLC media player 3.0.7.1. As a result, an FPE can be triggered via a crafted CAF file.
CVE-2013-3564 1 Videolan 1 Vlc Media Player 2020-02-12 5.0 MEDIUM 5.3 MEDIUM
The web interface in VideoLAN VLC media player before 2.0.7 has no access control which allows remote attackers to view directory listings via the 'dir' command or issue other commands without authenticating.
CVE-2013-3565 2 Opensuse, Videolan 2 Opensuse, Vlc Media Player 2020-02-03 4.3 MEDIUM 6.1 MEDIUM
Multiple cross-site scripting (XSS) vulnerabilities in the HTTP Interface in VideoLAN VLC Media Player before 2.0.7 allow remote attackers to inject arbitrary web script or HTML via the (1) command parameter to requests/vlm_cmd.xml, (2) dir parameter to requests/browse.xml, or (3) URI in a request, which is returned in an error message through share/lua/intf/http.lua.
CVE-2014-9627 1 Videolan 1 Vlc Media Player 2020-01-29 6.8 MEDIUM 7.8 HIGH
The MP4_ReadBox_String function in modules/demux/mp4/libmp4.c in VideoLAN VLC media player before 2.1.6 performs an incorrect cast operation from a 64-bit integer to a 32-bit integer, which allows remote attackers to cause a denial of service or possibly have unspecified other impact via a large box size.
CVE-2014-9626 1 Videolan 1 Vlc Media Player 2020-01-29 6.8 MEDIUM 7.8 HIGH
Integer underflow in the MP4_ReadBox_String function in modules/demux/mp4/libmp4.c in VideoLAN VLC media player before 2.1.6 allows remote attackers to cause a denial of service or possibly have unspecified other impact via a box size less than 7.
CVE-2014-9628 1 Videolan 1 Vlc Media Player 2020-01-29 6.8 MEDIUM 7.8 HIGH
The MP4_ReadBox_String function in modules/demux/mp4/libmp4.c in VideoLAN VLC media player before 2.1.6 allows remote attackers to trigger an unintended zero-size malloc and conduct buffer overflow attacks, and consequently execute arbitrary code, via a box size of 7.
CVE-2014-9625 1 Videolan 1 Vlc Media Player 2020-01-29 6.8 MEDIUM 7.8 HIGH
The GetUpdateFile function in misc/update.c in the Updater in VideoLAN VLC media player before 2.1.6 performs an incorrect cast operation from a 64-bit integer to a 32-bit integer, which allows remote attackers to conduct buffer overflow attacks and execute arbitrary code via a crafted update status file, aka an "integer truncation" vulnerability.
CVE-2014-9629 1 Videolan 1 Vlc Media Player 2020-01-29 6.8 MEDIUM 7.8 HIGH
Integer overflow in the Encode function in modules/codec/schroedinger.c in VideoLAN VLC media player before 2.1.6 and 2.2.x before 2.2.1 allows remote attackers to conduct buffer overflow attacks and execute arbitrary code via a crafted length value.
CVE-2014-9630 1 Videolan 1 Vlc Media Player 2020-01-29 6.8 MEDIUM 7.8 HIGH
The rtp_packetize_xiph_config function in modules/stream_out/rtpfmt.c in VideoLAN VLC media player before 2.1.6 uses a stack-allocation approach with a size determined by arbitrary input data, which allows remote attackers to cause a denial of service (memory corruption) or possibly have unspecified other impact via a crafted length value.
CVE-2018-19937 1 Videolan 1 Vlc For Mobile 2019-10-02 4.6 MEDIUM 6.6 MEDIUM
A local, authenticated attacker can bypass the passcode in the VideoLAN VLC media player app before 3.1.5 for iOS by opening a URL and turning the phone.
CVE-2013-6934 2 Live555, Videolan 2 Streaming Media, Vlc Media Player 2019-09-12 7.5 HIGH N/A
The parseRTSPRequestString function in Live Networks Live555 Streaming Media 2013.11.26, as used in VideoLAN VLC Media Player, allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a space character at the beginning of an RTSP message, which triggers an integer underflow, infinite loop, and buffer overflow. NOTE: this vulnerability exists because of an incomplete fix for CVE-2013-6933.
CVE-2018-19857 2 Debian, Videolan 2 Debian Linux, Vlc Media Player 2019-07-25 6.4 MEDIUM 9.1 CRITICAL
The CAF demuxer in modules/demux/caf.c in VideoLAN VLC media player 3.0.4 may read memory from an uninitialized pointer when processing magic cookies in CAF files, because a ReadKukiChunk() cast converts a return value to an unsigned int even if that value is negative. This could result in a denial of service and/or a potential infoleak.
CVE-2019-12874 1 Videolan 1 Vlc Media Player 2019-06-25 7.5 HIGH 9.8 CRITICAL
An issue was discovered in zlib_decompress_extra in modules/demux/mkv/util.cpp in VideoLAN VLC media player 3.x through 3.0.7. The Matroska demuxer, while parsing a malformed MKV file type, has a double free.
CVE-2019-5439 1 Videolan 1 Vlc Media Player 2019-06-17 4.3 MEDIUM 6.5 MEDIUM
A Buffer Overflow in VLC Media Player < 3.0.7 causes a crash which can possibly be further developed into a remote code execution exploit.
CVE-2017-17670 2 Debian, Videolan 2 Debian Linux, Vlc Media Player 2019-04-26 6.8 MEDIUM 8.8 HIGH
In VideoLAN VLC media player through 2.2.8, there is a type conversion vulnerability in modules/demux/mp4/libmp4.c in the MP4 demux module leading to a invalid free, because the type of a box may be changed between a read operation and a free operation.