Videolan Vlc Media Player vulnerabilities
135 known vulnerabilities affecting videolan/vlc_media_player.
Total CVEs
135
CISA KEV
0
Public exploits
40
Exploited in wild
0
Severity breakdown
CRITICAL32HIGH59MEDIUM44
Vulnerabilities
Page 1 of 7
CVE-2010-3275P2CRITICALCVSS 9.3PoC≤ 1.1.7v0.1.99b+68 more2011-03-28
CVE-2010-3275 [CRITICAL] CWE-119 CVE-2010-3275: libdirectx_plugin.dll in VideoLAN VLC Media Player before 1.1.8 allows remote attackers to execute a
libdirectx_plugin.dll in VideoLAN VLC Media Player before 1.1.8 allows remote attackers to execute arbitrary code via a crafted width in an AMV file, related to a "dangling pointer vulnerability."
nvdosv
CVE-2008-4654P2CRITICALCVSS 9.3PoCv0.9v0.9.1+3 more2008-10-22
CVE-2008-4654 [CRITICAL] CWE-119 CVE-2008-4654: Stack-based buffer overflow in the parse_master function in the Ty demux plugin (modules/demux/ty.c)
Stack-based buffer overflow in the parse_master function in the Ty demux plugin (modules/demux/ty.c) in VLC Media Player 0.9.0 through 0.9.4 allows remote attackers to execute arbitrary code via a TiVo TY media file with a header containing a crafted size value.
nvdosv
CVE-2012-1775P2CRITICALCVSS 9.3PoC≤ 2.0.0v0.1.99a+100 more2012-03-19
CVE-2012-1775 [CRITICAL] CWE-119 CVE-2012-1775: Stack-based buffer overflow in VideoLAN VLC media player before 2.0.1 allows remote attackers to exe
Stack-based buffer overflow in VideoLAN VLC media player before 2.0.1 allows remote attackers to execute arbitrary code via a crafted MMS:// stream.
nvdosv
CVE-2011-0531P2CRITICALCVSS 9.3PoC≤ 1.1.6.1v0.1.99b+67 more2011-02-07
CVE-2011-0531 [CRITICAL] CWE-20 CVE-2011-0531: demux/mkv/mkv.hpp in the MKV demuxer plugin in VideoLAN VLC media player 1.1.6.1 and earlier allows
demux/mkv/mkv.hpp in the MKV demuxer plugin in VideoLAN VLC media player 1.1.6.1 and earlier allows remote attackers to cause a denial of service (crash) and execute arbitrary commands via a crafted MKV (WebM or Matroska) file that triggers memory corruption, related to "class mismatching" and the MKV_IS_ID macro.
nvdosv
CVE-2016-5108P2CRITICALCVSS 9.8PoC≤ 2.2.32016-06-08
CVE-2016-5108 [CRITICAL] CWE-119 CVE-2016-5108: Buffer overflow in the DecodeAdpcmImaQT function in modules/codec/adpcm.c in VideoLAN VLC media play
Buffer overflow in the DecodeAdpcmImaQT function in modules/codec/adpcm.c in VideoLAN VLC media player before 2.2.4 allows remote attackers to cause a denial of service (crash) or possibly execute arbitrary code via a crafted QuickTime IMA file.
nvdosv
CVE-2011-0522P2MEDIUMCVSS 6.8PoCv1.1.0v1.1.1+5 more2011-02-07
CVE-2011-0522 [MEDIUM] CWE-119 CVE-2011-0522: The StripTags function in (1) the USF decoder (modules/codec/subtitles/subsdec.c) and (2) the Text d
The StripTags function in (1) the USF decoder (modules/codec/subtitles/subsdec.c) and (2) the Text decoder (modules/codec/subtitles/subsusf.c) in VideoLAN VLC Media Player 1.1 before 1.1.6-rc allows remote attackers to execute arbitrary code via a subtitle with an opening "" in an MKV file, which triggers heap memory corruption, as demonstrated using
nvdosv
CVE-2018-11529P2HIGHCVSS 8.0PoC≤ 2.2.82018-07-11
CVE-2018-11529 [HIGH] CWE-416 CVE-2018-11529: VideoLAN VLC media player 2.2.x is prone to a use after free vulnerability which an attacker can lev
VideoLAN VLC media player 2.2.x is prone to a use after free vulnerability which an attacker can leverage to execute arbitrary code via crafted MKV files. Failed exploit attempts will likely result in denial of service conditions.
nvdosv
CVE-2008-5036P3CRITICALCVSS 9.3PoCv0.9v0.9.0+5 more2008-11-10
CVE-2008-5036 [CRITICAL] CVE-2008-5036: Stack-based buffer overflow in VideoLAN VLC media player 0.9.x before 0.9.6 might allow user-assiste
Stack-based buffer overflow in VideoLAN VLC media player 0.9.x before 0.9.6 might allow user-assisted attackers to execute arbitrary code via an an invalid RealText (rt) subtitle file, related to the ParseRealText function in modules/demux/subtitle.c. NOTE: this issue was SPLIT from CVE-2008-5032 on 20081110.
nvdosv
CVE-2007-6682P3HIGHCVSS 7.5PoC≥ 0, < 0.8.6.c-4.12008-01-17
CVE-2007-6682 [HIGH] CVE-2007-6682: Format string vulnerability in the httpd_FileCallBack function (network/httpd
Format string vulnerability in the httpd_FileCallBack function (network/httpd.c) in VideoLAN VLC 0.8.6d allows remote attackers to execute arbitrary code via format string specifiers in the Connection parameter.
osv
CVE-2009-2484P3CRITICALCVSS 9.3PoCv0.9.92009-07-16
CVE-2009-2484 [CRITICAL] CWE-119 CVE-2009-2484: Stack-based buffer overflow in the Win32AddConnection function in modules/access/smb.c in VideoLAN V
Stack-based buffer overflow in the Win32AddConnection function in modules/access/smb.c in VideoLAN VLC media player 0.9.9, when running on Microsoft Windows, allows remote attackers to cause a denial of service (application crash) and possibly execute arbitrary code via a long smb URI in a playlist file.
nvd
CVE-2013-1868P3CRITICALCVSS 9.3PoC≤ 2.0.4v2.0.0+3 more2013-07-10
CVE-2013-1868 [CRITICAL] CWE-119 CVE-2013-1868: Multiple buffer overflows in VideoLAN VLC media player 2.0.4 and earlier allow remote attackers to c
Multiple buffer overflows in VideoLAN VLC media player 2.0.4 and earlier allow remote attackers to cause a denial of service (crash) and execute arbitrary code via vectors related to the (1) freetype renderer and (2) HTML subtitle parser.
nvdosv
CVE-2008-0984P3CRITICALCVSS 9.3PoC≤ 0.8.6d2008-02-26
CVE-2008-0984 [CRITICAL] CWE-399 CVE-2008-0984: The MP4 demuxer (mp4.c) for VLC media player 0.8.6d and earlier, as used in Miro Player 1.1 and earl
The MP4 demuxer (mp4.c) for VLC media player 0.8.6d and earlier, as used in Miro Player 1.1 and earlier, allows remote attackers to overwrite arbitrary memory and execute arbitrary code via a malformed MP4 file.
nvdosv
CVE-2008-0296P3CRITICALCVSS 10.0PoC≤ 0.8.6d2008-01-16
CVE-2008-0296 [CRITICAL] CWE-119 CVE-2008-0296: Heap-based buffer overflow in the libaccess_realrtsp plugin in VideoLAN VLC Media Player 0.8.6d and
Heap-based buffer overflow in the libaccess_realrtsp plugin in VideoLAN VLC Media Player 0.8.6d and earlier on Windows might allow remote RTSP servers to cause a denial of service (application crash) or execute arbitrary code via a long string.
nvdosv
CVE-2008-3732P3CRITICALCVSS 9.3PoCv0.8.6i2008-08-20
CVE-2008-3732 [CRITICAL] CWE-189 CVE-2008-3732: Integer overflow in the Open function in modules/demux/tta.c in VLC Media Player 0.8.6i allows remot
Integer overflow in the Open function in modules/demux/tta.c in VLC Media Player 0.8.6i allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a crafted TTA file, which triggers a heap-based buffer overflow. NOTE: some of these details are obtained from third party information.
nvdosv
CVE-2010-3124P3CRITICALCVSS 9.3PoC≤ 1.1.3v0.1.99b+63 more2010-08-26
CVE-2010-3124 [CRITICAL] CVE-2010-3124: Untrusted search path vulnerability in bin/winvlc.c in VLC Media Player 1.1.3 and earlier allows loc
Untrusted search path vulnerability in bin/winvlc.c in VLC Media Player 1.1.3 and earlier allows local users, and possibly remote attackers, to execute arbitrary code and conduct DLL hijacking attacks via a Trojan horse wintab32.dll that is located in the same folder as a .mp3 file.
nvd
CVE-2011-2194P3CRITICALCVSS 9.3PoCv0.8.5v0.8.6+38 more2011-06-24
CVE-2011-2194 [CRITICAL] CWE-189 CVE-2011-2194: Integer overflow in the XSPF playlist parser in VideoLAN VLC media player 0.8.5 through 1.1.9 allows
Integer overflow in the XSPF playlist parser in VideoLAN VLC media player 0.8.5 through 1.1.9 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via unspecified vectors that trigger a heap-based buffer overflow.
nvdosv
CVE-2008-4686P3CRITICALCVSS 9.3PoCv0.9.0v0.9.1+3 more2008-10-22
CVE-2008-4686 [CRITICAL] CVE-2008-4686: Multiple integer overflows in ty.c in the TY demux plugin (aka the TiVo demuxer) in VideoLAN VLC med
Multiple integer overflows in ty.c in the TY demux plugin (aka the TiVo demuxer) in VideoLAN VLC media player, probably 0.9.4, might allow remote attackers to execute arbitrary code via a crafted .ty file, a different vulnerability than CVE-2008-4654.
nvdosv
CVE-2008-0295P3HIGHCVSS 8.5PoC≤ 0.8.6d2008-01-16
CVE-2008-0295 [HIGH] CWE-119 CVE-2008-0295: Heap-based buffer overflow in modules/access/rtsp/real_sdpplin.c in the Xine library, as used in Vid
Heap-based buffer overflow in modules/access/rtsp/real_sdpplin.c in the Xine library, as used in VideoLAN VLC Media Player 0.8.6d and earlier, allows user-assisted remote attackers to cause a denial of service (crash) or execute arbitrary code via long Session Description Protocol (SDP) data.
nvdosv
CVE-2008-5032P3CRITICALCVSS 9.3PoCv0.5.0v0.5.3+29 more2008-11-10
CVE-2008-5032 [CRITICAL] CWE-119 CVE-2008-5032: Stack-based buffer overflow in VideoLAN VLC media player 0.5.0 through 0.9.5 might allow user-assist
Stack-based buffer overflow in VideoLAN VLC media player 0.5.0 through 0.9.5 might allow user-assisted attackers to execute arbitrary code via the header of an invalid CUE image file, related to modules/access/vcd/cdrom.c. NOTE: this identifier originally included an issue related to RealText, but that issue has been assigned a separate identifier,
nvdosv
CVE-2007-6681P3HIGHCVSS 7.5PoC≥ 0, < 0.8.6.c-4.12008-01-17
CVE-2007-6681 [HIGH] CVE-2007-6681: Stack-based buffer overflow in modules/demux/subtitle
Stack-based buffer overflow in modules/demux/subtitle.c in VideoLAN VLC 0.8.6d allows remote attackers to execute arbitrary code via a long subtitle in a (1) MicroDvd, (2) SSA, and (3) Vplayer file.
osv
1 / 7Next →