Filtered by vendor Videolan
Subscribe
Total
122 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2012-0023 | 1 Videolan | 1 Vlc Media Player | 2017-11-29 | 9.3 HIGH | N/A |
| Double free vulnerability in the get_chunk_header function in modules/demux/ty.c in VideoLAN VLC media player 0.9.0 through 1.1.12 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a crafted TiVo (TY) file. | |||||
| CVE-2017-10699 | 1 Videolan | 1 Vlc Media Player | 2017-11-22 | 7.5 HIGH | 9.8 CRITICAL |
| avcodec 2.2.x, as used in VideoLAN VLC media player 2.2.7-x before 2017-06-29, allows out-of-bounds heap memory write due to calling memcpy() with a wrong size, leading to a denial of service (application crash) or possibly code execution. | |||||
| CVE-2017-9300 | 1 Videolan | 1 Vlc Media Player | 2017-11-22 | 6.8 MEDIUM | 7.8 HIGH |
| plugins\codec\libflac_plugin.dll in VideoLAN VLC media player 2.2.4 allows remote attackers to cause a denial of service (heap corruption and application crash) or possibly have unspecified other impact via a crafted FLAC file. | |||||
| CVE-2017-8313 | 1 Videolan | 1 Vlc Media Player | 2017-11-03 | 4.3 MEDIUM | 5.5 MEDIUM |
| Heap out-of-bound read in ParseJSS in VideoLAN VLC before 2.2.5 due to missing check of string termination allows attackers to read data beyond allocated memory and potentially crash the process via a crafted subtitles file. | |||||
| CVE-2017-8310 | 1 Videolan | 1 Vlc Media Player | 2017-11-03 | 4.3 MEDIUM | 5.5 MEDIUM |
| Heap out-of-bound read in CreateHtmlSubtitle in VideoLAN VLC 2.2.x due to missing check of string termination allows attackers to read data beyond allocated memory and potentially crash the process (causing a denial of service) via a crafted subtitles file. | |||||
| CVE-2007-0256 | 1 Videolan | 1 Vlc Media Player | 2017-10-10 | 7.8 HIGH | N/A |
| VideoLAN VLC 0.8.6a allows remote attackers to cause a denial of service (application crash) via a crafted .wmv file. | |||||
| CVE-2007-0017 | 1 Videolan | 1 Vlc Media Player | 2017-10-10 | 6.8 MEDIUM | N/A |
| Multiple format string vulnerabilities in (1) the cdio_log_handler function in modules/access/cdda/access.c in the CDDA (libcdda_plugin) plugin, and the (2) cdio_log_handler and (3) vcd_log_handler functions in modules/access/vcdx/access.c in the VCDX (libvcdx_plugin) plugin, in VideoLAN VLC 0.7.0 through 0.8.6 allow user-assisted remote attackers to execute arbitrary code via format string specifiers in an invalid URI, as demonstrated by a udp://-- URI in an M3U file. | |||||
| CVE-2009-1045 | 1 Videolan | 1 Vlc Media Player | 2017-09-28 | 5.0 MEDIUM | N/A |
| requests/status.xml in VLC 0.9.8a allows remote attackers to cause a denial of service (stack consumption and crash) via a long input argument in an in_play action. | |||||
| CVE-2008-4686 | 1 Videolan | 1 Vlc Media Player | 2017-09-28 | 9.3 HIGH | N/A |
| Multiple integer overflows in ty.c in the TY demux plugin (aka the TiVo demuxer) in VideoLAN VLC media player, probably 0.9.4, might allow remote attackers to execute arbitrary code via a crafted .ty file, a different vulnerability than CVE-2008-4654. | |||||
| CVE-2008-3794 | 1 Videolan | 1 Vlc Media Player | 2017-09-28 | 6.8 MEDIUM | N/A |
| Integer signedness error in the mms_ReceiveCommand function in modules/access/mms/mmstu.c in VLC Media Player 0.8.6i allows remote attackers to execute arbitrary code via a crafted mmst link with a negative size value, which bypasses a size check and triggers an integer overflow followed by a heap-based buffer overflow. | |||||
| CVE-2008-3732 | 1 Videolan | 1 Vlc Media Player | 2017-09-28 | 9.3 HIGH | N/A |
| Integer overflow in the Open function in modules/demux/tta.c in VLC Media Player 0.8.6i allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a crafted TTA file, which triggers a heap-based buffer overflow. NOTE: some of these details are obtained from third party information. | |||||
| CVE-2008-1769 | 1 Videolan | 1 Vlc | 2017-09-28 | 6.8 MEDIUM | N/A |
| VLC before 0.8.6f allow remote attackers to cause a denial of service (crash) via a crafted Cinepak file that triggers an out-of-bounds array access and memory corruption. | |||||
| CVE-2007-6681 | 1 Videolan | 1 Vlc | 2017-09-28 | 7.5 HIGH | N/A |
| Stack-based buffer overflow in modules/demux/subtitle.c in VideoLAN VLC 0.8.6d allows remote attackers to execute arbitrary code via a long subtitle in a (1) MicroDvd, (2) SSA, and (3) Vplayer file. | |||||
| CVE-2007-6682 | 1 Videolan | 1 Vlc | 2017-09-28 | 7.5 HIGH | N/A |
| Format string vulnerability in the httpd_FileCallBack function (network/httpd.c) in VideoLAN VLC 0.8.6d allows remote attackers to execute arbitrary code via format string specifiers in the Connection parameter. | |||||
| CVE-2007-6683 | 1 Videolan | 1 Vlc | 2017-09-28 | 5.0 MEDIUM | N/A |
| The browser plugin in VideoLAN VLC 0.8.6d allows remote attackers to overwrite arbitrary files via (1) the :demuxdump-file option in a filename in a playlist, or (2) a EXTVLCOPT statement in an MP3 file, possibly an argument injection vulnerability. | |||||
| CVE-2007-6684 | 1 Videolan | 1 Vlc | 2017-09-28 | 5.0 MEDIUM | N/A |
| The RTSP module in VideoLAN VLC 0.8.6d allows remote attackers to cause a denial of service (crash) via a request without a Transport parameter, which triggers a NULL pointer dereference. | |||||
| CVE-2008-0295 | 1 Videolan | 1 Vlc Media Player | 2017-09-28 | 8.5 HIGH | N/A |
| Heap-based buffer overflow in modules/access/rtsp/real_sdpplin.c in the Xine library, as used in VideoLAN VLC Media Player 0.8.6d and earlier, allows user-assisted remote attackers to cause a denial of service (crash) or execute arbitrary code via long Session Description Protocol (SDP) data. | |||||
| CVE-2008-0296 | 2 Microsoft, Videolan | 2 Windows, Vlc Media Player | 2017-09-28 | 10.0 HIGH | N/A |
| Heap-based buffer overflow in the libaccess_realrtsp plugin in VideoLAN VLC Media Player 0.8.6d and earlier on Windows might allow remote RTSP servers to cause a denial of service (application crash) or execute arbitrary code via a long string. | |||||
| CVE-2008-1489 | 1 Videolan | 1 Vlc | 2017-09-28 | 6.8 MEDIUM | N/A |
| Integer overflow in the MP4_ReadBox_rdrf function in libmp4.c for VLC 0.8.6e allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a crafted MP4 RDRF box that triggers a heap-based buffer overflow, a different vulnerability than CVE-2008-0984. | |||||
| CVE-2008-1768 | 1 Videolan | 1 Vlc | 2017-09-28 | 6.8 MEDIUM | N/A |
| Multiple integer overflows in VLC before 0.8.6f allow remote attackers to cause a denial of service (crash) via the (1) MP4 demuxer, (2) Real demuxer, and (3) Cinepak codec, which triggers a buffer overflow. | |||||