Videolan Vlc Media Player vulnerabilities
135 known vulnerabilities affecting videolan/vlc_media_player.
Total CVEs
135
CISA KEV
0
Public exploits
40
Exploited in wild
0
Severity breakdown
CRITICAL32HIGH59MEDIUM44
Vulnerabilities
Page 3 of 7
CVE-2009-1045P4MEDIUMCVSS 5.0PoCv0.9.8a2009-03-23
CVE-2009-1045 [MEDIUM] CWE-20 CVE-2009-1045: requests/status.xml in VLC 0.9.8a allows remote attackers to cause a denial of service (stack consum
requests/status.xml in VLC 0.9.8a allows remote attackers to cause a denial of service (stack consumption and crash) via a long input argument in an in_play action.
nvdosv
CVE-2023-47359P3CRITICALCVSS 9.8fixed in 3.0.202023-11-07
CVE-2023-47359 [CRITICAL] CWE-787 CVE-2023-47359: Videolan VLC prior to version 3.0.20 contains an incorrect offset read that leads to a Heap-Based Bu
Videolan VLC prior to version 3.0.20 contains an incorrect offset read that leads to a Heap-Based Buffer Overflow in function GetPacket() and results in a memory corruption.
nvdosv
CVE-2008-5276P3CRITICALCVSS 9.3v0.9.0v0.9.1+7 more2008-12-03
CVE-2008-5276 [CRITICAL] CWE-189 CVE-2008-5276: Integer overflow in the ReadRealIndex function in real.c in the Real demuxer plugin in VideoLAN VLC
Integer overflow in the ReadRealIndex function in real.c in the Real demuxer plugin in VideoLAN VLC media player 0.9.0 through 0.9.7 allows remote attackers to execute arbitrary code via a malformed RealMedia (.rm) file that triggers a heap-based buffer overflow.
nvdosv
CVE-2019-13962P3CRITICALCVSS 9.8≤ 3.0.72019-07-18
CVE-2019-13962 [CRITICAL] CWE-125 CVE-2019-13962: lavc_CopyPicture in modules/codec/avcodec/video.c in VideoLAN VLC media player through 3.0.7 has a h
lavc_CopyPicture in modules/codec/avcodec/video.c in VideoLAN VLC media player through 3.0.7 has a heap-based buffer over-read because it does not properly validate the width and height.
nvdosv
CVE-2008-2430P3CRITICALCVSS 9.3v0.8.6h2008-07-07
CVE-2008-2430 [CRITICAL] CWE-189 CVE-2008-2430: Integer overflow in the Open function in modules/demux/wav.c in VLC Media Player 0.8.6h on Windows a
Integer overflow in the Open function in modules/demux/wav.c in VLC Media Player 0.8.6h on Windows allows remote attackers to execute arbitrary code via a large fmt chunk in a WAV file.
nvdosv
CVE-2010-2062P3HIGHCVSS 7.5≤ 1.0.0v0.5.0+37 more2014-12-26
CVE-2010-2062 [HIGH] CWE-189 CVE-2010-2062: Integer underflow in the real_get_rdt_chunk function in real.c, as used in modules/access/rtsp/real.
Integer underflow in the real_get_rdt_chunk function in real.c, as used in modules/access/rtsp/real.c in VideoLAN VLC media player before 1.0.1 and stream/realrtsp/real.c in MPlayer before r29447, allows remote attackers to execute arbitrary code via a crafted length value in an RDT chunk header.
nvdosv
CVE-2014-1684P4MEDIUMCVSS 4.3PoC≤ 2.1.2v1.0.0+35 more2014-03-03
CVE-2014-1684 [MEDIUM] CWE-189 CVE-2014-1684: The ASF_ReadObject_file_properties function in modules/demux/asf/libasf.c in the ASF Demuxer in Vide
The ASF_ReadObject_file_properties function in modules/demux/asf/libasf.c in the ASF Demuxer in VideoLAN VLC Media Player before 2.1.3 allows remote attackers to cause a denial of service (divide-by-zero error and crash) via a zero minimum and maximum data packet size in an ASF file.
nvdosv
CVE-2011-3623P3HIGHCVSS 7.5≤ 1.0.1v0.5.0+38 more2014-12-26
CVE-2011-3623 [HIGH] CWE-119 CVE-2011-3623: Multiple stack-based buffer overflows in VideoLAN VLC media player before 1.0.2 allow remote attacke
Multiple stack-based buffer overflows in VideoLAN VLC media player before 1.0.2 allow remote attackers to execute arbitrary code via (1) a crafted ASF file, related to the ASF_ObjectDumpDebug function in modules/demux/asf/libasf.c; (2) a crafted AVI file, related to the AVI_ChunkDumpDebug_level function in modules/demux/avi/libavi.c; or (3) a crafted MP
nvdosv
CVE-2017-10699P3CRITICALCVSS 9.8v2.2.0v2.2.1+7 more2017-06-30
CVE-2017-10699 [CRITICAL] CWE-787 CVE-2017-10699: avcodec 2.2.x, as used in VideoLAN VLC media player 2.2.7-x before 2017-06-29, allows out-of-bounds
avcodec 2.2.x, as used in VideoLAN VLC media player 2.2.7-x before 2017-06-29, allows out-of-bounds heap memory write due to calling memcpy() with a wrong size, leading to a denial of service (application crash) or possibly code execution.
nvdosv
CVE-2012-1776P3CRITICALCVSS 9.3≤ 2.0.0v0.1.99a+100 more2012-03-19
CVE-2012-1776 [CRITICAL] CWE-119 CVE-2012-1776: Multiple heap-based buffer overflows in VideoLAN VLC media player before 2.0.1 allow remote attacker
Multiple heap-based buffer overflows in VideoLAN VLC media player before 2.0.1 allow remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a crafted Real RTSP stream.
nvdosv
CVE-2019-12874P3CRITICALCVSS 9.8≥ 3.0.0, ≤ 3.0.72019-06-18
CVE-2019-12874 [CRITICAL] CWE-415 CVE-2019-12874: An issue was discovered in zlib_decompress_extra in modules/demux/mkv/util.cpp in VideoLAN VLC media
An issue was discovered in zlib_decompress_extra in modules/demux/mkv/util.cpp in VideoLAN VLC media player 3.x through 3.0.7. The Matroska demuxer, while parsing a malformed MKV file type, has a double free.
nvdosv
CVE-2012-0904P4MEDIUMCVSS 4.3PoCv1.1.112012-01-20
CVE-2012-0904 [MEDIUM] CWE-399 CVE-2012-0904: VLC media player 1.1.11 allows remote attackers to cause a denial of service (crash) via a long stri
VLC media player 1.1.11 allows remote attackers to cause a denial of service (crash) via a long string in an amr file.
nvd
CVE-2018-19857P3CRITICALCVSS 9.1v3.0.42018-12-05
CVE-2018-19857 [CRITICAL] CWE-824 CVE-2018-19857: The CAF demuxer in modules/demux/caf.c in VideoLAN VLC media player 3.0.4 may read memory from an un
The CAF demuxer in modules/demux/caf.c in VideoLAN VLC media player 3.0.4 may read memory from an uninitialized pointer when processing magic cookies in CAF files, because a ReadKukiChunk() cast converts a return value to an unsigned int even if that value is negative. This could result in a denial of service and/or a potential infoleak.
nvdosv
CVE-2023-46814P3HIGHCVSS 7.8fixed in 3.0.192023-11-22
CVE-2023-46814 [HIGH] CWE-427 CVE-2023-46814: A binary hijacking vulnerability exists within the VideoLAN VLC media player before 3.0.19 on Window
A binary hijacking vulnerability exists within the VideoLAN VLC media player before 3.0.19 on Windows. The uninstaller attempts to execute code with elevated privileges out of a standard user writable location. Standard users may use this to gain arbitrary code execution as SYSTEM.
nvd
CVE-2011-0021P3CRITICALCVSS 9.3≤ 1.1.5v0.1.99b+65 more2011-01-25
CVE-2011-0021 [CRITICAL] CWE-119 CVE-2011-0021: Multiple heap-based buffer overflows in cdg.c in the CDG decoder in VideoLAN VLC Media Player before
Multiple heap-based buffer overflows in cdg.c in the CDG decoder in VideoLAN VLC Media Player before 1.1.6 allow remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a crafted CDG video.
nvdosv
CVE-2012-0023P3CRITICALCVSS 9.3v0.9.0v0.9.1+32 more2012-10-30
CVE-2012-0023 [CRITICAL] CWE-399 CVE-2012-0023: Double free vulnerability in the get_chunk_header function in modules/demux/ty.c in VideoLAN VLC med
Double free vulnerability in the get_chunk_header function in modules/demux/ty.c in VideoLAN VLC media player 0.9.0 through 1.1.12 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a crafted TiVo (TY) file.
nvdosv
CVE-2015-5949P3MEDIUMCVSS 6.8≤ 2.2.12015-08-25
CVE-2015-5949 [MEDIUM] CWE-119 CVE-2015-5949: VideoLAN VLC media player 2.2.1 allows remote attackers to cause a denial of service (crash) and pos
VideoLAN VLC media player 2.2.1 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a crafted 3GP file, which triggers the freeing of arbitrary pointers.
nvdosv
CVE-2005-4048P3HIGHCVSS 7.5≥ 0, < 0.8.4.debian-22005-12-07
CVE-2005-4048 [HIGH] CVE-2005-4048: Heap-based buffer overflow in the avcodec_default_get_buffer function (utils
Heap-based buffer overflow in the avcodec_default_get_buffer function (utils.c) in FFmpeg libavcodec 0.4.9-pre1 and earlier, as used in products such as (1) mplayer, (2) xine-lib, (3) Xmovie, and (4) GStreamer, allows remote attackers to execute arbitrary commands via small PNG images with palettes.
osv
CVE-2010-3907P3CRITICALCVSS 9.3≤ 1.1.5v0.1.99b+65 more2011-01-03
CVE-2010-3907 [CRITICAL] CWE-189 CVE-2010-3907: Multiple integer overflows in real.c in the Real demuxer plugin in VideoLAN VLC Media Player before
Multiple integer overflows in real.c in the Real demuxer plugin in VideoLAN VLC Media Player before 1.1.6 allow remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a zero i_subpackets value in a Real Media file, leading to a heap-based buffer overflow.
nvdosv
CVE-2014-3441P4MEDIUMCVSS 4.3PoCv2.1.32014-05-14
CVE-2014-3441 [MEDIUM] CWE-119 CVE-2014-3441: codec\libpng_plugin.dll in VideoLAN VLC Media Player 2.1.3 allows remote attackers to cause a denial
codec\libpng_plugin.dll in VideoLAN VLC Media Player 2.1.3 allows remote attackers to cause a denial of service (crash) via a crafted .png file, as demonstrated by a png in a .wave file.
nvd