Filtered by vendor Videolan
Subscribe
Total
122 CVE
CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
---|---|---|---|---|---|
CVE-2018-11529 | 2 Debian, Videolan | 2 Debian Linux, Vlc Media Player | 2019-03-21 | 6.8 MEDIUM | 8.0 HIGH |
VideoLAN VLC media player 2.2.x is prone to a use after free vulnerability which an attacker can leverage to execute arbitrary code via crafted MKV files. Failed exploit attempts will likely result in denial of service conditions. | |||||
CVE-2017-8312 | 2 Debian, Videolan | 2 Debian Linux, Vlc Media Player | 2018-10-17 | 4.3 MEDIUM | 5.5 MEDIUM |
Heap out-of-bound read in ParseJSS in VideoLAN VLC due to missing check of string length allows attackers to read heap uninitialized data via a crafted subtitles file. | |||||
CVE-2007-3468 | 1 Videolan | 1 Vlc Media Player | 2018-10-16 | 7.8 HIGH | N/A |
input.c in VideoLAN VLC Media Player before 0.8.6c allows remote attackers to cause a denial of service (crash) via a crafted WAV file that causes an uninitialized i_nb_resamplers variable to be used. | |||||
CVE-2007-3467 | 1 Videolan | 1 Vlc Media Player | 2018-10-16 | 7.8 HIGH | N/A |
Integer overflow in the __status_Update function in stats.c VideoLAN VLC Media Player before 0.8.6c allows remote attackers to cause a denial of service (crash) via a WAV file with a large sample rate. | |||||
CVE-2007-3316 | 1 Videolan | 1 Vlc Media Player | 2018-10-16 | 9.3 HIGH | N/A |
Multiple format string vulnerabilities in plugins in VideoLAN VLC Media Player before 0.8.6c allow remote attackers to cause a denial of service (crash) or execute arbitrary code via format string specifiers in (1) an Ogg/Vorbis file, (2) an Ogg/Theora file, (3) a CDDB entry for a CD Digital Audio (CDDA) file, or (4) Service Announce Protocol (SAP) multicast packets. | |||||
CVE-2008-0984 | 2 Miro, Videolan | 2 Miro Player, Vlc Media Player | 2018-10-15 | 9.3 HIGH | N/A |
The MP4 demuxer (mp4.c) for VLC media player 0.8.6d and earlier, as used in Miro Player 1.1 and earlier, allows remote attackers to overwrite arbitrary memory and execute arbitrary code via a malformed MP4 file. | |||||
CVE-2007-6262 | 1 Videolan | 1 Vlc Media Player | 2018-10-15 | 6.8 MEDIUM | N/A |
A certain ActiveX control in axvlc.dll in VideoLAN VLC 0.8.6 before 0.8.6d allows remote attackers to execute arbitrary code via crafted arguments to the (1) addTarget, (2) getVariable, or (3) setVariable function, resulting from a "bad initialized pointer," aka a "recursive plugin release vulnerability." | |||||
CVE-2008-5276 | 1 Videolan | 1 Vlc Media Player | 2018-10-11 | 9.3 HIGH | N/A |
Integer overflow in the ReadRealIndex function in real.c in the Real demuxer plugin in VideoLAN VLC media player 0.9.0 through 0.9.7 allows remote attackers to execute arbitrary code via a malformed RealMedia (.rm) file that triggers a heap-based buffer overflow. | |||||
CVE-2008-5036 | 1 Videolan | 1 Vlc Media Player | 2018-10-11 | 9.3 HIGH | N/A |
Stack-based buffer overflow in VideoLAN VLC media player 0.9.x before 0.9.6 might allow user-assisted attackers to execute arbitrary code via an an invalid RealText (rt) subtitle file, related to the ParseRealText function in modules/demux/subtitle.c. NOTE: this issue was SPLIT from CVE-2008-5032 on 20081110. | |||||
CVE-2008-5032 | 1 Videolan | 1 Vlc Media Player | 2018-10-11 | 9.3 HIGH | N/A |
Stack-based buffer overflow in VideoLAN VLC media player 0.5.0 through 0.9.5 might allow user-assisted attackers to execute arbitrary code via the header of an invalid CUE image file, related to modules/access/vcd/cdrom.c. NOTE: this identifier originally included an issue related to RealText, but that issue has been assigned a separate identifier, CVE-2008-5036. | |||||
CVE-2008-4654 | 1 Videolan | 1 Vlc Media Player | 2018-10-11 | 9.3 HIGH | N/A |
Stack-based buffer overflow in the parse_master function in the Ty demux plugin (modules/demux/ty.c) in VLC Media Player 0.9.0 through 0.9.4 allows remote attackers to execute arbitrary code via a TiVo TY media file with a header containing a crafted size value. | |||||
CVE-2008-4558 | 1 Videolan | 1 Vlc Media Player | 2018-10-11 | 6.8 MEDIUM | N/A |
Array index error in VLC media player 0.9.2 allows remote attackers to overwrite arbitrary memory and execute arbitrary code via an XSPF playlist file with a negative identifier tag, which passes a signed comparison. | |||||
CVE-2008-2430 | 2 Microsoft, Videolan | 2 Windows Nt, Vlc Media Player | 2018-10-11 | 9.3 HIGH | N/A |
Integer overflow in the Open function in modules/demux/wav.c in VLC Media Player 0.8.6h on Windows allows remote attackers to execute arbitrary code via a large fmt chunk in a WAV file. | |||||
CVE-2010-3276 | 1 Videolan | 1 Vlc Media Player | 2018-10-10 | 9.3 HIGH | N/A |
libdirectx_plugin.dll in VideoLAN VLC Media Player before 1.1.8 allows remote attackers to execute arbitrary code via a crafted width in an NSV file. | |||||
CVE-2010-3275 | 1 Videolan | 1 Vlc Media Player | 2018-10-10 | 9.3 HIGH | N/A |
libdirectx_plugin.dll in VideoLAN VLC Media Player before 1.1.8 allows remote attackers to execute arbitrary code via a crafted width in an AMV file, related to a "dangling pointer vulnerability." | |||||
CVE-2015-5949 | 1 Videolan | 1 Vlc Media Player | 2018-10-09 | 6.8 MEDIUM | N/A |
VideoLAN VLC media player 2.2.1 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a crafted 3GP file, which triggers the freeing of arbitrary pointers. | |||||
CVE-2017-8311 | 1 Videolan | 1 Vlc Media Player | 2018-04-26 | 6.8 MEDIUM | 7.8 HIGH |
Potential heap based buffer overflow in ParseJSS in VideoLAN VLC before 2.2.5 due to skipping NULL terminator in an input string allows attackers to execute arbitrary code via a crafted subtitles file. | |||||
CVE-2012-1776 | 1 Videolan | 1 Vlc Media Player | 2018-01-05 | 9.3 HIGH | N/A |
Multiple heap-based buffer overflows in VideoLAN VLC media player before 2.0.1 allow remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a crafted Real RTSP stream. | |||||
CVE-2012-1775 | 1 Videolan | 1 Vlc Media Player | 2017-12-13 | 9.3 HIGH | N/A |
Stack-based buffer overflow in VideoLAN VLC media player before 2.0.1 allows remote attackers to execute arbitrary code via a crafted MMS:// stream. | |||||
CVE-2012-2396 | 1 Videolan | 1 Vlc Media Player | 2017-12-12 | 4.3 MEDIUM | N/A |
VideoLAN VLC media player 2.0.1 allows remote attackers to cause a denial of service (divide-by-zero error and application crash) via a crafted MP4 file. |