Videolan Vlc Media Player vulnerabilities
135 known vulnerabilities affecting videolan/vlc_media_player.
Total CVEs
135
CISA KEV
0
Public exploits
40
Exploited in wild
0
Severity breakdown
CRITICAL32HIGH59MEDIUM44
Vulnerabilities
Page 5 of 7
CVE-2010-1442P3HIGHCVSS 7.5≤ 1.0.5v0.5.0+42 more2014-12-26
CVE-2010-1442 [HIGH] CWE-119 CVE-2010-1442: VideoLAN VLC media player before 1.0.6 allows remote attackers to cause a denial of service (invalid
VideoLAN VLC media player before 1.0.6 allows remote attackers to cause a denial of service (invalid memory access and application crash) or possibly execute arbitrary code via a crafted byte stream to the (1) AVI, (2) ASF, or (3) Matroska (aka MKV) demuxer.
nvdosv
CVE-2020-6071P3HIGHCVSS 7.5≥ 0, < 3.0.8-42020-03-24
CVE-2020-6071 [HIGH] CVE-2020-6071: An exploitable denial-of-service vulnerability exists in the resource record-parsing functionality of Videolabs libmicrodns 0
An exploitable denial-of-service vulnerability exists in the resource record-parsing functionality of Videolabs libmicrodns 0.1.0. When parsing compressed labels in mDNS messages, the compression pointer is followed without checking for recursion, leading to a denial of service. An attacker can send an mDNS message to trigger this vulne
osv
CVE-2019-14437P3HIGHCVSS 7.8v3.0.7.12019-08-29
CVE-2019-14437 [HIGH] CWE-125 CVE-2019-14437: The xiph_SplitHeaders function in modules/demux/xiph.h in VideoLAN VLC media player 3.0.7.1 does not
The xiph_SplitHeaders function in modules/demux/xiph.h in VideoLAN VLC media player 3.0.7.1 does not check array bounds properly. As a result, a heap-based buffer over-read can be triggered via a crafted .ogg file.
nvdosv
CVE-2010-1445P3HIGHCVSS 7.5≤ 1.0.5v0.5.0+42 more2014-12-26
CVE-2010-1445 [HIGH] CWE-119 CVE-2010-1445: Heap-based buffer overflow in VideoLAN VLC media player before 1.0.6 allows remote attackers to caus
Heap-based buffer overflow in VideoLAN VLC media player before 1.0.6 allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a crafted byte stream in an RTMP session.
nvdosv
CVE-2020-13428P3HIGHCVSS 7.8fixed in 3.0.112020-06-08
CVE-2020-13428 [HIGH] CWE-787 CVE-2020-13428: A heap-based buffer overflow in the hxxx_AnnexB_to_xVC function in modules/packetizer/hxxx_nal.c in
A heap-based buffer overflow in the hxxx_AnnexB_to_xVC function in modules/packetizer/hxxx_nal.c in VideoLAN VLC media player before 3.0.11 for macOS/iOS allows remote attackers to cause a denial of service (application crash) or execute arbitrary code via a crafted H.264 Annex-B video (.avi for example) file.
nvdosv
CVE-2019-13602P3HIGHCVSS 7.8≤ 3.0.7.12019-07-14
CVE-2019-13602 [HIGH] CWE-191 CVE-2019-13602: An Integer Underflow in MP4_EIA608_Convert() in modules/demux/mp4/mp4.c in VideoLAN VLC media player
An Integer Underflow in MP4_EIA608_Convert() in modules/demux/mp4/mp4.c in VideoLAN VLC media player through 3.0.7.1 allows remote attackers to cause a denial of service (heap-based buffer overflow and crash) or possibly have unspecified other impact via a crafted .mp4 file.
nvdosv
CVE-2020-26664P3HIGHCVSS 7.8fixed in 3.0.122021-01-08
CVE-2020-26664 [HIGH] CWE-787 CVE-2020-26664: A vulnerability in EbmlTypeDispatcher::send in VideoLAN VLC media player 3.0.11 allows attackers to
A vulnerability in EbmlTypeDispatcher::send in VideoLAN VLC media player 3.0.11 allows attackers to trigger a heap-based buffer overflow via a crafted .mkv file.
nvdosv
CVE-2019-14498P3HIGHCVSS 7.8v3.0.7.12019-08-29
CVE-2019-14498 [HIGH] CWE-369 CVE-2019-14498: A divide-by-zero error exists in the Control function of demux/caf.c in VideoLAN VLC media player 3.
A divide-by-zero error exists in the Control function of demux/caf.c in VideoLAN VLC media player 3.0.7.1. As a result, an FPE can be triggered via a crafted CAF file.
nvdosv
CVE-2019-14776P3HIGHCVSS 7.8v3.0.7.12019-08-29
CVE-2019-14776 [HIGH] CWE-125 CVE-2019-14776: A heap-based buffer over-read exists in DemuxInit() in demux/asf/asf.c in VideoLAN VLC media player
A heap-based buffer over-read exists in DemuxInit() in demux/asf/asf.c in VideoLAN VLC media player 3.0.7.1 via a crafted .mkv file.
nvdosv
CVE-2019-14533P3HIGHCVSS 7.8v3.0.7.12019-08-29
CVE-2019-14533 [HIGH] CWE-416 CVE-2019-14533: The Control function of demux/asf/asf.c in VideoLAN VLC media player 3.0.7.1 has a use-after-free.
The Control function of demux/asf/asf.c in VideoLAN VLC media player 3.0.7.1 has a use-after-free.
nvdosv
CVE-2019-18278P3HIGHCVSS 7.8v3.0.82019-10-23
CVE-2019-18278 [HIGH] CVE-2019-18278: When executing VideoLAN VLC media player 3.0.8 with libqt on Windows, Data from a Faulting Address c
When executing VideoLAN VLC media player 3.0.8 with libqt on Windows, Data from a Faulting Address controls Code Flow starting at libqt_plugin!vlc_entry_license__3_0_0f+0x00000000003b9aba. NOTE: the VideoLAN security team indicates that they have not been contacted, and have no way of reproducing this issue.
nvd
CVE-2013-1954P4MEDIUMCVSS 6.8≤ 2.0.5v2.0.0+4 more2013-07-10
CVE-2013-1954 [MEDIUM] CWE-119 CVE-2013-1954: The ASF Demuxer (modules/demux/asf/asf.c) in VideoLAN VLC media player 2.0.5 and earlier allows remo
The ASF Demuxer (modules/demux/asf/asf.c) in VideoLAN VLC media player 2.0.5 and earlier allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a crafted ASF movie that triggers an out-of-bounds read.
nvdosv
CVE-2014-9630P4HIGHCVSS 7.8fixed in 2.1.62020-01-24
CVE-2014-9630 [HIGH] CWE-119 CVE-2014-9630: The rtp_packetize_xiph_config function in modules/stream_out/rtpfmt.c in VideoLAN VLC media player b
The rtp_packetize_xiph_config function in modules/stream_out/rtpfmt.c in VideoLAN VLC media player before 2.1.6 uses a stack-allocation approach with a size determined by arbitrary input data, which allows remote attackers to cause a denial of service (memory corruption) or possibly have unspecified other impact via a crafted length value.
nvdosv
CVE-2019-14535P4HIGHCVSS 7.8v3.0.7.12019-08-29
CVE-2019-14535 [HIGH] CWE-369 CVE-2019-14535: A divide-by-zero error exists in the SeekIndex function of demux/asf/asf.c in VideoLAN VLC media pla
A divide-by-zero error exists in the SeekIndex function of demux/asf/asf.c in VideoLAN VLC media player 3.0.7.1. As a result, an FPE can be triggered via a crafted WMV file.
nvdosv
CVE-2019-14777P4HIGHCVSS 7.8v3.0.7.12019-08-29
CVE-2019-14777 [HIGH] CWE-416 CVE-2019-14777: The Control function of demux/mkv/mkv.cpp in VideoLAN VLC media player 3.0.7.1 has a use-after-free.
The Control function of demux/mkv/mkv.cpp in VideoLAN VLC media player 3.0.7.1 has a use-after-free.
nvdosv
CVE-2019-19721P4HIGHCVSS 7.8fixed in 3.0.92020-05-15
CVE-2019-19721 [HIGH] CWE-193 CVE-2019-19721: An off-by-one error in the DecodeBlock function in codec/sdl_image.c in VideoLAN VLC media player be
An off-by-one error in the DecodeBlock function in codec/sdl_image.c in VideoLAN VLC media player before 3.0.9 allows remote attackers to cause a denial of service (memory corruption) via a crafted image file. NOTE: this may be related to the SDL_Image product.
nvdosv
CVE-2022-41325P4HIGHCVSS 7.8≤ 3.0.17.42022-12-06
CVE-2022-41325 [HIGH] CWE-190 CVE-2022-41325: An integer overflow in the VNC module in VideoLAN VLC Media Player through 3.0.17.4 allows attackers
An integer overflow in the VNC module in VideoLAN VLC Media Player through 3.0.17.4 allows attackers, by tricking a user into opening a crafted playlist or connecting to a rogue VNC server, to crash VLC or execute code under some conditions.
nvdosv
CVE-2011-1684P4MEDIUMCVSS 6.8v1.0.0v1.0.1+15 more2011-05-03
CVE-2011-1684 [MEDIUM] CWE-119 CVE-2011-1684: Heap-based buffer overflow in the MP4_ReadBox_skcr function in libmp4.c in the MP4 demultiplexer in
Heap-based buffer overflow in the MP4_ReadBox_skcr function in libmp4.c in the MP4 demultiplexer in VideoLAN VLC media player 1.x before 1.1.9 allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a crafted MP4 file.
nvdosv
CVE-2019-14778P4HIGHCVSS 7.8v3.0.7.12019-08-29
CVE-2019-14778 [HIGH] CWE-416 CVE-2019-14778: The mkv::virtual_segment_c::seek method of demux/mkv/virtual_segment.cpp in VideoLAN VLC media playe
The mkv::virtual_segment_c::seek method of demux/mkv/virtual_segment.cpp in VideoLAN VLC media player 3.0.7.1 has a use-after-free.
nvdosv
CVE-2021-25804P4HIGHCVSS 7.5v3.0.112021-07-26
CVE-2021-25804 [HIGH] CWE-476 CVE-2021-25804: A NULL-pointer dereference in "Open" in avi.c of VideoLAN VLC Media Player 3.0.11 can a denial of se
A NULL-pointer dereference in "Open" in avi.c of VideoLAN VLC Media Player 3.0.11 can a denial of service (DOS) in the application.
nvdosv