Videolan Vlc Media Player vulnerabilities

CVE-2019-5460 [MEDIUM] CWE-415 CVE-2019-5460: Double Free in VLC versions <= 3.0.6 leads to a crash. Double Free in VLC versions <= 3.0.6 leads to a crash.

CVE-2019-13962 [CRITICAL] CWE-125 CVE-2019-13962: lavc_CopyPicture in modules/codec/avcodec/video.c in VideoLAN VLC media player through 3.0.7 has a h lavc_CopyPicture in modules/codec/avcodec/video.c in VideoLAN VLC media player through 3.0.7 has a heap-based buffer over-read because it does not properly validate the width and height.

CVE-2019-13615 [MEDIUM] CWE-125 CVE-2019-13615: libebml before 1.3.6, as used in the MKV module in VideoLAN VLC Media Player binaries before 3.0.3, libebml before 1.3.6, as used in the MKV module in VideoLAN VLC Media Player binaries before 3.0.3, has a heap-based buffer over-read in EbmlElement::FindNextElement.

CVE-2019-13602 [HIGH] CWE-191 CVE-2019-13602: An Integer Underflow in MP4_EIA608_Convert() in modules/demux/mp4/mp4.c in VideoLAN VLC media player An Integer Underflow in MP4_EIA608_Convert() in modules/demux/mp4/mp4.c in VideoLAN VLC media player through 3.0.7.1 allows remote attackers to cause a denial of service (heap-based buffer overflow and crash) or possibly have unspecified other impact via a crafted .mp4 file.

CVE-2019-12874 [CRITICAL] CWE-415 CVE-2019-12874: An issue was discovered in zlib_decompress_extra in modules/demux/mkv/util.cpp in VideoLAN VLC media An issue was discovered in zlib_decompress_extra in modules/demux/mkv/util.cpp in VideoLAN VLC media player 3.x through 3.0.7. The Matroska demuxer, while parsing a malformed MKV file type, has a double free.

CVE-2019-5439 [MEDIUM] CWE-120 CVE-2019-5439: A Buffer Overflow in VLC Media Player < 3.0.7 causes a crash which can possibly be further developed A Buffer Overflow in VLC Media Player < 3.0.7 causes a crash which can possibly be further developed into a remote code execution exploit.

CVE-2018-19857 [CRITICAL] CWE-824 CVE-2018-19857: The CAF demuxer in modules/demux/caf.c in VideoLAN VLC media player 3.0.4 may read memory from an un The CAF demuxer in modules/demux/caf.c in VideoLAN VLC media player 3.0.4 may read memory from an uninitialized pointer when processing magic cookies in CAF files, because a ReadKukiChunk() cast converts a return value to an unsigned int even if that value is negative. This could result in a denial of service and/or a potential infoleak.

CVE-2018-11529 [HIGH] CWE-416 CVE-2018-11529: VideoLAN VLC media player 2.2.x is prone to a use after free vulnerability which an attacker can lev VideoLAN VLC media player 2.2.x is prone to a use after free vulnerability which an attacker can leverage to execute arbitrary code via crafted MKV files. Failed exploit attempts will likely result in denial of service conditions.

CVE-2018-11516 [HIGH] CWE-416 CVE-2018-11516: The vlc_demux_chained_Delete function in input/demux_chained.c in VideoLAN VLC media player 3.0.1 al The vlc_demux_chained_Delete function in input/demux_chained.c in VideoLAN VLC media player 3.0.1 allows remote attackers to cause a denial of service (heap corruption and application crash) or possibly have unspecified other impact via a crafted .swf file.

CVE-2017-17670 [HIGH] CWE-416 CVE-2017-17670: In VideoLAN VLC media player through 2.2.8, there is a type conversion vulnerability in modules/demu In VideoLAN VLC media player through 2.2.8, there is a type conversion vulnerability in modules/demux/mp4/libmp4.c in the MP4 demux module leading to a invalid free, because the type of a box may be changed between a read operation and a free operation.

CVE-2017-10699 [CRITICAL] CWE-787 CVE-2017-10699: avcodec 2.2.x, as used in VideoLAN VLC media player 2.2.7-x before 2017-06-29, allows out-of-bounds avcodec 2.2.x, as used in VideoLAN VLC media player 2.2.7-x before 2017-06-29, allows out-of-bounds heap memory write due to calling memcpy() with a wrong size, leading to a denial of service (application crash) or possibly code execution.

CVE-2017-9300 [HIGH] CWE-119 CVE-2017-9300: plugins\codec\libflac_plugin.dll in VideoLAN VLC media player 2.2.4 allows remote attackers to cause plugins\codec\libflac_plugin.dll in VideoLAN VLC media player 2.2.4 allows remote attackers to cause a denial of service (heap corruption and application crash) or possibly have unspecified other impact via a crafted FLAC file.

CVE-2017-9301 [HIGH] CWE-125 CVE-2017-9301: plugins\audio_filter\libmpgatofixed32_plugin.dll in VideoLAN VLC media player 2.2.4 allows remote at plugins\audio_filter\libmpgatofixed32_plugin.dll in VideoLAN VLC media player 2.2.4 allows remote attackers to cause a denial of service (invalid read and application crash) or possibly have unspecified other impact via a crafted file.

CVE-2017-8311 [HIGH] CWE-119 CVE-2017-8311: Potential heap based buffer overflow in ParseJSS in VideoLAN VLC before 2.2.5 due to skipping NULL t Potential heap based buffer overflow in ParseJSS in VideoLAN VLC before 2.2.5 due to skipping NULL terminator in an input string allows attackers to execute arbitrary code via a crafted subtitles file.

CVE-2017-8312 [MEDIUM] CWE-125 CVE-2017-8312: Heap out-of-bound read in ParseJSS in VideoLAN VLC due to missing check of string length allows atta Heap out-of-bound read in ParseJSS in VideoLAN VLC due to missing check of string length allows attackers to read heap uninitialized data via a crafted subtitles file.

CVE-2017-8310 [MEDIUM] CWE-125 CVE-2017-8310: Heap out-of-bound read in CreateHtmlSubtitle in VideoLAN VLC 2.2.x due to missing check of string te Heap out-of-bound read in CreateHtmlSubtitle in VideoLAN VLC 2.2.x due to missing check of string termination allows attackers to read data beyond allocated memory and potentially crash the process (causing a denial of service) via a crafted subtitles file.

CVE-2017-8313 [MEDIUM] CWE-125 CVE-2017-8313: Heap out-of-bound read in ParseJSS in VideoLAN VLC before 2.2.5 due to missing check of string termi Heap out-of-bound read in ParseJSS in VideoLAN VLC before 2.2.5 due to missing check of string termination allows attackers to read data beyond allocated memory and potentially crash the process via a crafted subtitles file.

CVE-2014-6440 [CRITICAL] CVE-2014-6440: VideoLAN VLC media player before 2 VideoLAN VLC media player before 2.1.5 allows remote attackers to execute arbitrary code or cause a denial of service.

CVE-2016-5108 [CRITICAL] CWE-119 CVE-2016-5108: Buffer overflow in the DecodeAdpcmImaQT function in modules/codec/adpcm.c in VideoLAN VLC media play Buffer overflow in the DecodeAdpcmImaQT function in modules/codec/adpcm.c in VideoLAN VLC media player before 2.2.4 allows remote attackers to cause a denial of service (crash) or possibly execute arbitrary code via a crafted QuickTime IMA file.

CVE-2016-3941 [MEDIUM] CWE-119 CVE-2016-3941: Buffer overflow in the AStreamPeekStream function in input/stream.c in VideoLAN VLC media player bef Buffer overflow in the AStreamPeekStream function in input/stream.c in VideoLAN VLC media player before 2.2.0 allows remote attackers to cause a denial of service (crash) via a crafted wav file, related to "seek across EOF."