Vulnerabilities (CVE)

Join the Common Vulnerabilities and Exposures (CVE) community and start to get notified about new vulnerabilities.

Filtered by vendor Videolan Subscribe
Filtered by product Vlc Media Player
Total 110 CVE
CVE Vendors Products Updated CVSS v2 CVSS v3
CVE-2018-11516 1 Videolan 1 Vlc Media Player 2023-03-03 6.8 MEDIUM 8.8 HIGH
The vlc_demux_chained_Delete function in input/demux_chained.c in VideoLAN VLC media player 3.0.1 allows remote attackers to cause a denial of service (heap corruption and application crash) or possibly have unspecified other impact via a crafted .swf file.
CVE-2019-5460 2 Opensuse, Videolan 3 Backports, Leap, Vlc Media Player 2023-03-03 4.3 MEDIUM 5.5 MEDIUM
Double Free in VLC versions <= 3.0.6 leads to a crash.
CVE-2020-13428 2 Debian, Videolan 2 Debian Linux, Vlc Media Player 2023-03-02 6.8 MEDIUM 7.8 HIGH
A heap-based buffer overflow in the hxxx_AnnexB_to_xVC function in modules/packetizer/hxxx_nal.c in VideoLAN VLC media player before 3.0.11 for macOS/iOS allows remote attackers to cause a denial of service (application crash) or execute arbitrary code via a crafted H.264 Annex-B video (.avi for example) file.
CVE-2020-26664 2 Debian, Videolan 2 Debian Linux, Vlc Media Player 2023-02-03 6.8 MEDIUM 7.8 HIGH
A vulnerability in EbmlTypeDispatcher::send in VideoLAN VLC media player 3.0.11 allows attackers to trigger a heap-based buffer overflow via a crafted .mkv file.
CVE-2022-41325 2 Debian, Videolan 2 Debian Linux, Vlc Media Player 2022-12-08 N/A 7.8 HIGH
An integer overflow in the VNC module in VideoLAN VLC Media Player through 3.0.17.4 allows attackers, by tricking a user into opening a crafted playlist or connecting to a rogue VNC server, to crash VLC or execute code under some conditions.
CVE-2021-25802 1 Videolan 1 Vlc Media Player 2022-05-03 5.8 MEDIUM 7.1 HIGH
A buffer overflow vulnerability in the AVI_ExtractSubtitle component of VideoLAN VLC Media Player 3.0.11 allows attackers to cause an out-of-bounds read via a crafted .avi file.
CVE-2021-25803 1 Videolan 1 Vlc Media Player 2022-05-03 5.8 MEDIUM 7.1 HIGH
A buffer overflow vulnerability in the vlc_input_attachment_New component of VideoLAN VLC Media Player 3.0.11 allows attackers to cause an out-of-bounds read via a crafted .avi file.
CVE-2021-25801 1 Videolan 1 Vlc Media Player 2022-05-03 5.8 MEDIUM 7.1 HIGH
A buffer overflow vulnerability in the __Parse_indx component of VideoLAN VLC Media Player 3.0.11 allows attackers to cause an out-of-bounds read via a crafted .avi file.
CVE-2019-13962 4 Canonical, Debian, Opensuse and 1 more 5 Ubuntu Linux, Debian Linux, Backports Sle and 2 more 2022-04-18 7.5 HIGH 9.8 CRITICAL
lavc_CopyPicture in modules/codec/avcodec/video.c in VideoLAN VLC media player through 3.0.7 has a heap-based buffer over-read because it does not properly validate the width and height.
CVE-2019-13602 4 Canonical, Debian, Opensuse and 1 more 5 Ubuntu Linux, Debian Linux, Backports Sle and 2 more 2022-04-18 6.8 MEDIUM 7.8 HIGH
An Integer Underflow in MP4_EIA608_Convert() in modules/demux/mp4/mp4.c in VideoLAN VLC media player through 3.0.7.1 allows remote attackers to cause a denial of service (heap-based buffer overflow and crash) or possibly have unspecified other impact via a crafted .mp4 file.
CVE-2019-5459 2 Opensuse, Videolan 4 Backports, Backports Sle, Leap and 1 more 2021-11-03 5.8 MEDIUM 7.1 HIGH
An Integer underflow in VLC Media Player versions < 3.0.7 leads to an out-of-band read.
CVE-2021-25804 1 Videolan 1 Vlc Media Player 2021-08-03 5.0 MEDIUM 7.5 HIGH
A NULL-pointer dereference in "Open" in avi.c of VideoLAN VLC Media Player 3.0.11 can a denial of service (DOS) in the application.
CVE-2019-19721 1 Videolan 1 Vlc Media Player 2021-07-21 6.8 MEDIUM 7.8 HIGH
An off-by-one error in the DecodeBlock function in codec/sdl_image.c in VideoLAN VLC media player before 3.0.9 allows remote attackers to cause a denial of service (memory corruption) via a crafted image file. NOTE: this may be related to the SDL_Image product.
CVE-2019-14437 2 Debian, Videolan 2 Debian Linux, Vlc Media Player 2020-08-24 6.8 MEDIUM 7.8 HIGH
The xiph_SplitHeaders function in modules/demux/xiph.h in VideoLAN VLC media player 3.0.7.1 does not check array bounds properly. As a result, a heap-based buffer over-read can be triggered via a crafted .ogg file.
CVE-2019-18278 2 Microsoft, Videolan 2 Windows, Vlc Media Player 2020-08-24 4.6 MEDIUM 7.8 HIGH
When executing VideoLAN VLC media player 3.0.8 with libqt on Windows, Data from a Faulting Address controls Code Flow starting at libqt_plugin!vlc_entry_license__3_0_0f+0x00000000003b9aba. NOTE: the VideoLAN security team indicates that they have not been contacted, and have no way of reproducing this issue.
CVE-2019-14970 2 Debian, Videolan 2 Debian Linux, Vlc Media Player 2020-08-24 6.8 MEDIUM 7.8 HIGH
A vulnerability in mkv::event_thread_t in VideoLAN VLC media player 3.0.7.1 allows remote attackers to trigger a heap-based buffer overflow via a crafted .mkv file.
CVE-2019-13615 1 Videolan 1 Vlc Media Player 2020-08-24 4.3 MEDIUM 5.5 MEDIUM
libebml before 1.3.6, as used in the MKV module in VideoLAN VLC Media Player binaries before 3.0.3, has a heap-based buffer over-read in EbmlElement::FindNextElement.
CVE-2019-14533 2 Debian, Videolan 2 Debian Linux, Vlc Media Player 2020-08-18 6.8 MEDIUM 7.8 HIGH
The Control function of demux/asf/asf.c in VideoLAN VLC media player 3.0.7.1 has a use-after-free.
CVE-2019-14535 2 Debian, Videolan 2 Debian Linux, Vlc Media Player 2020-08-18 6.8 MEDIUM 7.8 HIGH
A divide-by-zero error exists in the SeekIndex function of demux/asf/asf.c in VideoLAN VLC media player 3.0.7.1. As a result, an FPE can be triggered via a crafted WMV file.
CVE-2019-14438 2 Debian, Videolan 2 Debian Linux, Vlc Media Player 2020-08-18 6.8 MEDIUM 7.8 HIGH
A heap-based buffer over-read in xiph_PackHeaders() in modules/demux/xiph.h in VideoLAN VLC media player 3.0.7.1 allows remote attackers to trigger a heap-based buffer over-read via a crafted .ogg file.