Videolan Vlc Media Player vulnerabilities
135 known vulnerabilities affecting videolan/vlc_media_player.
Total CVEs
135
CISA KEV
0
Public exploits
40
Exploited in wild
0
Severity breakdown
CRITICAL32HIGH59MEDIUM44
Vulnerabilities
Page 2 of 7
CVE-2013-6283P3HIGHCVSS 7.5PoC≤ 2.0.8v1.0.0+31 more2013-10-25
CVE-2013-6283 [HIGH] CWE-20 CVE-2013-6283: VideoLAN VLC Media Player 2.0.8 and earlier allows remote attackers to cause a denial of service (cr
VideoLAN VLC Media Player 2.0.8 and earlier allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a long string in a URL in a m3u file.
nvdosv
CVE-2017-8311P3HIGHCVSS 7.8PoC≤ 2.2.42017-05-23
CVE-2017-8311 [HIGH] CWE-119 CVE-2017-8311: Potential heap based buffer overflow in ParseJSS in VideoLAN VLC before 2.2.5 due to skipping NULL t
Potential heap based buffer overflow in ParseJSS in VideoLAN VLC before 2.2.5 due to skipping NULL terminator in an input string allows attackers to execute arbitrary code via a crafted subtitles file.
nvdosv
CVE-2008-3794P3MEDIUMCVSS 6.8PoCv0.8.6i2008-08-26
CVE-2008-3794 [MEDIUM] CWE-189 CVE-2008-3794: Integer signedness error in the mms_ReceiveCommand function in modules/access/mms/mmstu.c in VLC Med
Integer signedness error in the mms_ReceiveCommand function in modules/access/mms/mmstu.c in VLC Media Player 0.8.6i allows remote attackers to execute arbitrary code via a crafted mmst link with a negative size value, which bypasses a size check and triggers an integer overflow followed by a heap-based buffer overflow.
nvdosv
CVE-2014-9598P3MEDIUMCVSS 6.8PoCv2.1.52015-01-21
CVE-2014-9598 [MEDIUM] CWE-20 CVE-2014-9598: The picture_Release function in misc/picture.c in VideoLAN VLC media player 2.1.5 allows remote atta
The picture_Release function in misc/picture.c in VideoLAN VLC media player 2.1.5 allows remote attackers to execute arbitrary code or cause a denial of service (write access violation) via a crafted M2V file.
nvd
CVE-2010-0364P3CRITICALCVSS 9.3PoCv0.8.62010-01-21
CVE-2010-0364 [CRITICAL] CWE-119 CVE-2010-0364: Stack-based buffer overflow in VideoLAN VLC Media Player 0.8.6 allows user-assisted remote attackers
Stack-based buffer overflow in VideoLAN VLC Media Player 0.8.6 allows user-assisted remote attackers to execute arbitrary code via an ogg file with a crafted Advanced SubStation Alpha Subtitle (.ass) file, probably involving the Dialogue field.
nvdosv
CVE-2008-1489P3CRITICALCVSS 9.3PoC≥ 0, < 0.8.6.e-1.12008-03-25
CVE-2008-1489 [CRITICAL] CVE-2008-1489: Integer overflow in the MP4_ReadBox_rdrf function in libmp4
Integer overflow in the MP4_ReadBox_rdrf function in libmp4.c for VLC 0.8.6e allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a crafted MP4 RDRF box that triggers a heap-based buffer overflow, a different vulnerability than CVE-2008-0984.
osv
CVE-2008-0073P3MEDIUMCVSS 6.8PoC≥ 0, < 0.8.6.e-22008-03-24
CVE-2008-0073 [MEDIUM] CVE-2008-0073: Array index error in the sdpplin_parse function in input/libreal/sdpplin
Array index error in the sdpplin_parse function in input/libreal/sdpplin.c in xine-lib 1.1.10.1 allows remote RTSP servers to execute arbitrary code via a large streamid SDP parameter.
osv
CVE-2008-4558P3MEDIUMCVSS 6.8PoCv0.9.22008-10-15
CVE-2008-4558 [MEDIUM] CWE-399 CVE-2008-4558: Array index error in VLC media player 0.9.2 allows remote attackers to overwrite arbitrary memory an
Array index error in VLC media player 0.9.2 allows remote attackers to overwrite arbitrary memory and execute arbitrary code via an XSPF playlist file with a negative identifier tag, which passes a signed comparison.
nvdosv
CVE-2008-1881P3HIGHCVSS 7.5PoC≥ 0, < 0.8.6.e-2.12008-04-17
CVE-2008-1881 [HIGH] CVE-2008-1881: Stack-based buffer overflow in the ParseSSA function (modules/demux/subtitle
Stack-based buffer overflow in the ParseSSA function (modules/demux/subtitle.c) in VLC 0.8.6e allows remote attackers to execute arbitrary code via a long subtitle in an SSA file. NOTE: this issue is due to an incomplete fix for CVE-2007-6681.
osv
CVE-2014-9597P3MEDIUMCVSS 6.8PoCv2.1.52015-01-21
CVE-2014-9597 [MEDIUM] CWE-20 CVE-2014-9597: The picture_pool_Delete function in misc/picture_pool.c in VideoLAN VLC media player 2.1.5 allows re
The picture_pool_Delete function in misc/picture_pool.c in VideoLAN VLC media player 2.1.5 allows remote attackers to execute arbitrary code or cause a denial of service (DEP violation and application crash) via a crafted FLV file.
nvdosv
CVE-2007-0017P3MEDIUMCVSS 6.8PoCv0.7.0v0.7.1+8 more2007-01-03
CVE-2007-0017 [MEDIUM] CWE-134 CVE-2007-0017: Multiple format string vulnerabilities in (1) the cdio_log_handler function in modules/access/cdda/a
Multiple format string vulnerabilities in (1) the cdio_log_handler function in modules/access/cdda/access.c in the CDDA (libcdda_plugin) plugin, and the (2) cdio_log_handler and (3) vcd_log_handler functions in modules/access/vcdx/access.c in the VCDX (libvcdx_plugin) plugin, in VideoLAN VLC 0.7.0 through 0.8.6 allow user-assisted remote attackers to
nvdosv
CVE-2007-6262P3MEDIUMCVSS 6.8PoCv0.8.6v0.8.6a+1 more2007-12-06
CVE-2007-6262 [MEDIUM] CWE-119 CVE-2007-6262: A certain ActiveX control in axvlc.dll in VideoLAN VLC 0.8.6 before 0.8.6d allows remote attackers t
A certain ActiveX control in axvlc.dll in VideoLAN VLC 0.8.6 before 0.8.6d allows remote attackers to execute arbitrary code via crafted arguments to the (1) addTarget, (2) getVariable, or (3) setVariable function, resulting from a "bad initialized pointer," aka a "recursive plugin release vulnerability."
nvd
CVE-2020-6072P3CRITICALCVSS 9.8≥ 0, < 3.0.8-42020-03-24
CVE-2020-6072 [CRITICAL] CVE-2020-6072: An exploitable code execution vulnerability exists in the label-parsing functionality of Videolabs libmicrodns 0
An exploitable code execution vulnerability exists in the label-parsing functionality of Videolabs libmicrodns 0.1.0. When parsing compressed labels in mDNS messages, the rr_decode function's return value is not checked, leading to a double free that could be exploited to execute arbitrary code. An attacker can send an mDNS message to trigger th
osv
CVE-2007-0256P4HIGHCVSS 7.8PoCv0.8.6a2007-01-16
CVE-2007-0256 [HIGH] CVE-2007-0256: VideoLAN VLC 0.8.6a allows remote attackers to cause a denial of service (application crash) via a c
VideoLAN VLC 0.8.6a allows remote attackers to cause a denial of service (application crash) via a crafted .wmv file.
nvdosv
CVE-2014-6440P3CRITICALCVSS 9.8≥ 0, < 2.1.5-12017-03-28
CVE-2014-6440 [CRITICAL] CVE-2014-6440: VideoLAN VLC media player before 2
VideoLAN VLC media player before 2.1.5 allows remote attackers to execute arbitrary code or cause a denial of service.
osv
CVE-2013-6934P3HIGHCVSS 7.5fixed in 2.1.02014-01-23
CVE-2013-6934 [HIGH] CVE-2013-6934: The parseRTSPRequestString function in Live Networks Live555 Streaming Media 2013.11.26, as used in
The parseRTSPRequestString function in Live Networks Live555 Streaming Media 2013.11.26, as used in VideoLAN VLC Media Player, allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a space character at the beginning of an RTSP message, which triggers an integer underflow, infinite loop, and buffer overflow. NOTE: th
nvd
CVE-2008-1769P4MEDIUMCVSS 6.8PoC≥ 0, < 0.8.6.e-2.12008-04-25
CVE-2008-1769 [MEDIUM] CVE-2008-1769: VLC before 0
VLC before 0.8.6f allow remote attackers to cause a denial of service (crash) via a crafted Cinepak file that triggers an out-of-bounds array access and memory corruption.
osv
CVE-2010-3276P3CRITICALCVSS 9.3≤ 1.1.7v0.1.99b+68 more2011-03-28
CVE-2010-3276 [CRITICAL] CWE-119 CVE-2010-3276: libdirectx_plugin.dll in VideoLAN VLC Media Player before 1.1.8 allows remote attackers to execute a
libdirectx_plugin.dll in VideoLAN VLC Media Player before 1.1.8 allows remote attackers to execute arbitrary code via a crafted width in an NSV file.
nvdosv
CVE-2013-6933P3HIGHCVSS 7.5≥ 0, < 2.1.4-12014-01-23
CVE-2013-6933 [HIGH] CVE-2013-6933: The parseRTSPRequestString function in Live Networks Live555 Streaming Media 2011
The parseRTSPRequestString function in Live Networks Live555 Streaming Media 2011.08.13 through 2013.11.25, as used in VideoLAN VLC Media Player, allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a (1) space or (2) tab character at the beginning of an RTSP message, which triggers an integer underflow, infinite loop, and buffer ov
osv
CVE-2007-3316P3CRITICALCVSS 9.3v0.8.6av0.8.6b2007-06-21
CVE-2007-3316 [CRITICAL] CVE-2007-3316: Multiple format string vulnerabilities in plugins in VideoLAN VLC Media Player before 0.8.6c allow r
Multiple format string vulnerabilities in plugins in VideoLAN VLC Media Player before 0.8.6c allow remote attackers to cause a denial of service (crash) or execute arbitrary code via format string specifiers in (1) an Ogg/Vorbis file, (2) an Ogg/Theora file, (3) a CDDB entry for a CD Digital Audio (CDDA) file, or (4) Service Announce Protocol (SAP) multicas
nvdosv