Videolan Vlc Media Player vulnerabilities
135 known vulnerabilities affecting videolan/vlc_media_player.
Total CVEs
135
CISA KEV
0
Public exploits
40
Exploited in wild
0
Severity breakdown
CRITICAL32HIGH59MEDIUM44
Vulnerabilities
Page 4 of 7
CVE-2014-9625P3HIGHCVSS 7.8fixed in 2.1.62020-01-24
CVE-2014-9625 [HIGH] CWE-120 CVE-2014-9625: The GetUpdateFile function in misc/update.c in the Updater in VideoLAN VLC media player before 2.1.6
The GetUpdateFile function in misc/update.c in the Updater in VideoLAN VLC media player before 2.1.6 performs an incorrect cast operation from a 64-bit integer to a 32-bit integer, which allows remote attackers to conduct buffer overflow attacks and execute arbitrary code via a crafted update status file, aka an "integer truncation" vulnerability.
nvd
CVE-2012-5470P4MEDIUMCVSS 4.3PoCv2.0.32012-10-26
CVE-2012-5470 [MEDIUM] CWE-119 CVE-2012-5470: libpng_plugin in VideoLAN VLC media player 2.0.3 allows remote attackers to cause a denial of servic
libpng_plugin in VideoLAN VLC media player 2.0.3 allows remote attackers to cause a denial of service (application crash) via a crafted PNG file.
nvdosv
CVE-2024-46461P3HIGHCVSS 8.0≥ 0, < 3.0.21-0+deb11u1≥ 0, < 3.0.21-0+deb12u1+1 more2024-09-25
CVE-2024-46461 [HIGH] CVE-2024-46461: VLC media player 3
VLC media player 3.0.20 and earlier is vulnerable to denial of service through an integer overflow which could be triggered with a maliciously crafted mms stream (heap based overflow). If successful, a malicious third party could trigger either a crash of VLC or an arbitrary code execution with the target user's privileges.
osv
CVE-2023-47360P3HIGHCVSS 7.5fixed in 3.0.202023-11-07
CVE-2023-47360 [HIGH] CWE-191 CVE-2023-47360: Videolan VLC prior to version 3.0.20 contains an Integer underflow that leads to an incorrect packet
Videolan VLC prior to version 3.0.20 contains an Integer underflow that leads to an incorrect packet length.
nvdosv
CVE-2017-17670P3HIGHCVSS 8.8≤ 2.2.82017-12-15
CVE-2017-17670 [HIGH] CWE-416 CVE-2017-17670: In VideoLAN VLC media player through 2.2.8, there is a type conversion vulnerability in modules/demu
In VideoLAN VLC media player through 2.2.8, there is a type conversion vulnerability in modules/demux/mp4/libmp4.c in the MP4 demux module leading to a invalid free, because the type of a box may be changed between a read operation and a free operation.
nvdosv
CVE-2012-2396P4MEDIUMCVSS 4.3PoCv2.0.12012-04-19
CVE-2012-2396 [MEDIUM] CVE-2012-2396: VideoLAN VLC media player 2.0.1 allows remote attackers to cause a denial of service (divide-by-zero
VideoLAN VLC media player 2.0.1 allows remote attackers to cause a denial of service (divide-by-zero error and application crash) via a crafted MP4 file.
nvd
CVE-2014-9629P3HIGHCVSS 7.8fixed in 2.1.6≥ 2.2.0, < 2.2.12020-01-24
CVE-2014-9629 [HIGH] CWE-120 CVE-2014-9629: Integer overflow in the Encode function in modules/codec/schroedinger.c in VideoLAN VLC media player
Integer overflow in the Encode function in modules/codec/schroedinger.c in VideoLAN VLC media player before 2.1.6 and 2.2.x before 2.2.1 allows remote attackers to conduct buffer overflow attacks and execute arbitrary code via a crafted length value.
nvdosv
CVE-2020-6079P3HIGHCVSS 7.5≥ 0, < 3.0.8-42020-03-24
CVE-2020-6079 [HIGH] CVE-2020-6079: An exploitable denial-of-service vulnerability exists in the resource allocation handling of Videolabs libmicrodns 0
An exploitable denial-of-service vulnerability exists in the resource allocation handling of Videolabs libmicrodns 0.1.0. When encountering errors while parsing mDNS messages, some allocated data is not freed, possibly leading to a denial-of-service condition via resource exhaustion. An attacker can send one mDNS message repeatedly to trigger th
osv
CVE-2020-6077P3HIGHCVSS 7.5≥ 0, < 3.0.8-42020-03-24
CVE-2020-6077 [HIGH] CVE-2020-6077: An exploitable denial-of-service vulnerability exists in the message-parsing functionality of Videolabs libmicrodns 0
An exploitable denial-of-service vulnerability exists in the message-parsing functionality of Videolabs libmicrodns 0.1.0. When parsing mDNS messages, the implementation does not properly keep track of the available data in the message, possibly leading to an out-of-bounds read that would result in a denial of service. An attacker can send an m
osv
CVE-2020-6080P3HIGHCVSS 7.5≥ 0, < 3.0.8-42020-03-24
CVE-2020-6080 [HIGH] CVE-2020-6080: An exploitable denial-of-service vulnerability exists in the resource allocation handling of Videolabs libmicrodns 0
An exploitable denial-of-service vulnerability exists in the resource allocation handling of Videolabs libmicrodns 0.1.0. When encountering errors while parsing mDNS messages, some allocated data is not freed, possibly leading to a denial-of-service condition via resource exhaustion. An attacker can send one mDNS message repeatedly to trigger th
osv
CVE-2011-1087P3HIGHCVSS 7.6v1.0.52011-05-03
CVE-2011-1087 [HIGH] CWE-119 CVE-2011-1087: Buffer overflow in VideoLAN VLC media player 1.0.5 allows user-assisted remote attackers to cause a
Buffer overflow in VideoLAN VLC media player 1.0.5 allows user-assisted remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via a crafted .mp3 file that is played during bookmark creation.
nvdosv
CVE-2010-1444P3HIGHCVSS 7.5≤ 1.0.5v0.5.0+42 more2014-12-26
CVE-2010-1444 [HIGH] CWE-119 CVE-2010-1444: The ZIP archive decompressor in VideoLAN VLC media player before 1.0.6 allows remote attackers to ca
The ZIP archive decompressor in VideoLAN VLC media player before 1.0.6 allows remote attackers to cause a denial of service (invalid memory access and application crash) or possibly execute arbitrary code via a crafted archive.
nvdosv
CVE-2020-6078P3HIGHCVSS 7.5≥ 0, < 3.0.8-42020-03-24
CVE-2020-6078 [HIGH] CVE-2020-6078: An exploitable denial-of-service vulnerability exists in the message-parsing functionality of Videolabs libmicrodns 0
An exploitable denial-of-service vulnerability exists in the message-parsing functionality of Videolabs libmicrodns 0.1.0. When parsing mDNS messages in mdns_recv, the return value of the mdns_read_header function is not checked, leading to an uninitialized variable usage that eventually results in a null pointer dereference, leading to service
osv
CVE-2014-9628P3HIGHCVSS 7.8fixed in 2.1.62020-01-24
CVE-2014-9628 [HIGH] CWE-120 CVE-2014-9628: The MP4_ReadBox_String function in modules/demux/mp4/libmp4.c in VideoLAN VLC media player before 2.
The MP4_ReadBox_String function in modules/demux/mp4/libmp4.c in VideoLAN VLC media player before 2.1.6 allows remote attackers to trigger an unintended zero-size malloc and conduct buffer overflow attacks, and consequently execute arbitrary code, via a box size of 7.
nvdosv
CVE-2019-5439P3MEDIUMCVSS 6.5fixed in 3.0.7vFixed in 3.0.72019-06-13
CVE-2019-5439 [MEDIUM] CWE-120 CVE-2019-5439: A Buffer Overflow in VLC Media Player < 3.0.7 causes a crash which can possibly be further developed
A Buffer Overflow in VLC Media Player < 3.0.7 causes a crash which can possibly be further developed into a remote code execution exploit.
nvdosv
CVE-2019-14970P3HIGHCVSS 7.8v3.0.7.12019-08-29
CVE-2019-14970 [HIGH] CWE-787 CVE-2019-14970: A vulnerability in mkv::event_thread_t in VideoLAN VLC media player 3.0.7.1 allows remote attackers
A vulnerability in mkv::event_thread_t in VideoLAN VLC media player 3.0.7.1 allows remote attackers to trigger a heap-based buffer overflow via a crafted .mkv file.
nvdosv
CVE-2019-14438P3HIGHCVSS 7.8v3.0.7.12019-08-29
CVE-2019-14438 [HIGH] CWE-125 CVE-2019-14438: A heap-based buffer over-read in xiph_PackHeaders() in modules/demux/xiph.h in VideoLAN VLC media pl
A heap-based buffer over-read in xiph_PackHeaders() in modules/demux/xiph.h in VideoLAN VLC media player 3.0.7.1 allows remote attackers to trigger a heap-based buffer over-read via a crafted .ogg file.
nvdosv
CVE-2020-6073P3HIGHCVSS 7.5≥ 0, < 3.0.8-42020-03-24
CVE-2020-6073 [HIGH] CVE-2020-6073: An exploitable denial-of-service vulnerability exists in the TXT record-parsing functionality of Videolabs libmicrodns 0
An exploitable denial-of-service vulnerability exists in the TXT record-parsing functionality of Videolabs libmicrodns 0.1.0. When parsing the RDATA section in a TXT record in mDNS messages, multiple integer overflows can be triggered, leading to a denial of service. An attacker can send an mDNS message to trigger this vulnerability.
osv
CVE-2018-11516P3HIGHCVSS 8.8v3.0.0v3.0.12018-05-28
CVE-2018-11516 [HIGH] CWE-416 CVE-2018-11516: The vlc_demux_chained_Delete function in input/demux_chained.c in VideoLAN VLC media player 3.0.1 al
The vlc_demux_chained_Delete function in input/demux_chained.c in VideoLAN VLC media player 3.0.1 allows remote attackers to cause a denial of service (heap corruption and application crash) or possibly have unspecified other impact via a crafted .swf file.
nvdosv
CVE-2010-1441P3HIGHCVSS 7.5≤ 1.0.5v0.5.0+42 more2014-12-26
CVE-2010-1441 [HIGH] CWE-119 CVE-2010-1441: Multiple heap-based buffer overflows in VideoLAN VLC media player before 1.0.6 allow remote attacker
Multiple heap-based buffer overflows in VideoLAN VLC media player before 1.0.6 allow remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a crafted byte stream to the (1) A/52, (2) DTS, or (3) MPEG Audio decoder.
nvdosv