cbcvebase.

Videolan Vlc Media Player vulnerabilities

135 known vulnerabilities affecting videolan/vlc_media_player.

Total CVEs
135
CISA KEV
0
Public exploits
40
Exploited in wild
0
Severity breakdown
CRITICAL32HIGH59MEDIUM44

Vulnerabilities

Page 6 of 7
CVE-2013-3245P4MEDIUMCVSS 6.3v2.0.72013-07-10
CVE-2013-3245 [MEDIUM] CWE-119 CVE-2013-3245: plugins/demux/libmkv_plugin.dll in VideoLAN VLC Media Player 2.0.7, and possibly other versions, all plugins/demux/libmkv_plugin.dll in VideoLAN VLC Media Player 2.0.7, and possibly other versions, allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a crafted MKV file, possibly involving an integer overflow and out-of-bounds read or heap-based buffer overflow, or an uncaught exception. NOTE: the vendor
nvdosv
CVE-2017-9300P4HIGHCVSS 7.8≤ 2.2.42017-05-29
CVE-2017-9300 [HIGH] CWE-119 CVE-2017-9300: plugins\codec\libflac_plugin.dll in VideoLAN VLC media player 2.2.4 allows remote attackers to cause plugins\codec\libflac_plugin.dll in VideoLAN VLC media player 2.2.4 allows remote attackers to cause a denial of service (heap corruption and application crash) or possibly have unspecified other impact via a crafted FLAC file.
nvdosv
CVE-2012-3377P4MEDIUMCVSS 6.8≤ 2.0.1v0.1.99a+97 more2012-07-12
CVE-2012-3377 [MEDIUM] CWE-119 CVE-2012-3377: Heap-based buffer overflow in the Ogg_DecodePacket function in the OGG demuxer (modules/demux/ogg.c) Heap-based buffer overflow in the Ogg_DecodePacket function in the OGG demuxer (modules/demux/ogg.c) in VideoLAN VLC media player before 2.0.2 allows remote attackers to cause a denial of service (application crash) and possibly execute arbitrary code via a crafted OGG file.
nvdosv
CVE-2013-4388P4MEDIUMCVSS 6.8≤ 2.0.7v2.0.0+6 more2013-10-11
CVE-2013-4388 [MEDIUM] CWE-119 CVE-2013-4388: Buffer overflow in the mp4a packetizer (modules/packetizer/mpeg4audio.c) in VideoLAN VLC Media Playe Buffer overflow in the mp4a packetizer (modules/packetizer/mpeg4audio.c) in VideoLAN VLC Media Player before 2.0.8 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via unspecified vectors.
nvdosv
CVE-2011-2587P4MEDIUMCVSS 6.8v1.1.0v1.1.1+12 more2011-07-27
CVE-2011-2587 [MEDIUM] CWE-119 CVE-2011-2587: Heap-based buffer overflow in the DemuxAudioSipr function in real.c in the RealMedia demuxer in Vide Heap-based buffer overflow in the DemuxAudioSipr function in real.c in the RealMedia demuxer in VideoLAN VLC media player 1.1.x before 1.1.11 allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a crafted Real Media file.
nvdosv
CVE-2011-2588P4MEDIUMCVSS 6.8≤ 1.1.10.1v0.1.99b+72 more2011-07-27
CVE-2011-2588 [MEDIUM] CWE-119 CVE-2011-2588: Heap-based buffer overflow in the AVI_ChunkRead_strf function in libavi.c in the AVI demuxer in Vide Heap-based buffer overflow in the AVI_ChunkRead_strf function in libavi.c in the AVI demuxer in VideoLAN VLC media player before 1.1.11 allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a crafted AVI media file.
nvdosv
CVE-2011-1931P4MEDIUMCVSS 6.8≤ 1.1.9v0.1.99b+70 more2011-07-07
CVE-2011-1931 [MEDIUM] CWE-119 CVE-2011-1931: sp5xdec.c in the Sunplus SP5X JPEG decoder in libavcodec in FFmpeg before 0.6.3 and libav through 0. sp5xdec.c in the Sunplus SP5X JPEG decoder in libavcodec in FFmpeg before 0.6.3 and libav through 0.6.2, as used in VideoLAN VLC media player 1.1.9 and earlier and other products, performs a write operation outside the bounds of an unspecified array, which allows remote attackers to cause a denial of service (memory corruption) or possibly execute arb
nvd
CVE-2014-9626P4HIGHCVSS 7.8fixed in 2.1.62020-01-24
CVE-2014-9626 [HIGH] CWE-191 CVE-2014-9626: Integer underflow in the MP4_ReadBox_String function in modules/demux/mp4/libmp4.c in VideoLAN VLC m Integer underflow in the MP4_ReadBox_String function in modules/demux/mp4/libmp4.c in VideoLAN VLC media player before 2.1.6 allows remote attackers to cause a denial of service or possibly have unspecified other impact via a box size less than 7.
nvdosv
CVE-2014-9627P4HIGHCVSS 7.8fixed in 2.1.62020-01-24
CVE-2014-9627 [HIGH] CWE-704 CVE-2014-9627: The MP4_ReadBox_String function in modules/demux/mp4/libmp4.c in VideoLAN VLC media player before 2. The MP4_ReadBox_String function in modules/demux/mp4/libmp4.c in VideoLAN VLC media player before 2.1.6 performs an incorrect cast operation from a 64-bit integer to a 32-bit integer, which allows remote attackers to cause a denial of service or possibly have unspecified other impact via a large box size.
nvdosv
CVE-2017-9301P4HIGHCVSS 7.8≤ 2.2.42017-05-29
CVE-2017-9301 [HIGH] CWE-125 CVE-2017-9301: plugins\audio_filter\libmpgatofixed32_plugin.dll in VideoLAN VLC media player 2.2.4 allows remote at plugins\audio_filter\libmpgatofixed32_plugin.dll in VideoLAN VLC media player 2.2.4 allows remote attackers to cause a denial of service (invalid read and application crash) or possibly have unspecified other impact via a crafted file.
nvdosv
CVE-2019-5459P4HIGHCVSS 7.1fixed in 3.0.7vFixed in 3.0.72019-07-30
CVE-2019-5459 [HIGH] CWE-191 CVE-2019-5459: An Integer underflow in VLC Media Player versions < 3.0.7 leads to an out-of-band read. An Integer underflow in VLC Media Player versions < 3.0.7 leads to an out-of-band read.
nvdosv
CVE-2013-3564P4MEDIUMCVSS 5.3fixed in 2.0.72020-02-06
CVE-2013-3564 [MEDIUM] CWE-200 CVE-2013-3564: The web interface in VideoLAN VLC media player before 2.0.7 has no access control which allows remot The web interface in VideoLAN VLC media player before 2.0.7 has no access control which allows remote attackers to view directory listings via the 'dir' command or issue other commands without authenticating.
nvdosv
CVE-2021-25801P4HIGHCVSS 7.1v3.0.112021-07-26
CVE-2021-25801 [HIGH] CWE-125 CVE-2021-25801: A buffer overflow vulnerability in the __Parse_indx component of VideoLAN VLC Media Player 3.0.11 al A buffer overflow vulnerability in the __Parse_indx component of VideoLAN VLC Media Player 3.0.11 allows attackers to cause an out-of-bounds read via a crafted .avi file.
nvdosv
CVE-2007-6683P4MEDIUMCVSS 5.0≥ 0, < 0.8.6.c-4.12008-01-17
CVE-2007-6683 [MEDIUM] CVE-2007-6683: The browser plugin in VideoLAN VLC 0 The browser plugin in VideoLAN VLC 0.8.6d allows remote attackers to overwrite arbitrary files via (1) the :demuxdump-file option in a filename in a playlist, or (2) a EXTVLCOPT statement in an MP3 file, possibly an argument injection vulnerability.
osv
CVE-2021-25803P4HIGHCVSS 7.1v3.0.112021-07-26
CVE-2021-25803 [HIGH] CWE-190 CVE-2021-25803: A buffer overflow vulnerability in the vlc_input_attachment_New component of VideoLAN VLC Media Play A buffer overflow vulnerability in the vlc_input_attachment_New component of VideoLAN VLC Media Player 3.0.11 allows attackers to cause an out-of-bounds read via a crafted .avi file.
nvdosv
CVE-2021-25802P4HIGHCVSS 7.1v3.0.112021-07-26
CVE-2021-25802 [HIGH] CWE-125 CVE-2021-25802: A buffer overflow vulnerability in the AVI_ExtractSubtitle component of VideoLAN VLC Media Player 3. A buffer overflow vulnerability in the AVI_ExtractSubtitle component of VideoLAN VLC Media Player 3.0.11 allows attackers to cause an out-of-bounds read via a crafted .avi file.
nvdosv
CVE-2013-3565P4MEDIUMCVSS 6.1fixed in 2.0.72020-01-31
CVE-2013-3565 [MEDIUM] CWE-79 CVE-2013-3565: Multiple cross-site scripting (XSS) vulnerabilities in the HTTP Interface in VideoLAN VLC Media Play Multiple cross-site scripting (XSS) vulnerabilities in the HTTP Interface in VideoLAN VLC Media Player before 2.0.7 allow remote attackers to inject arbitrary web script or HTML via the (1) command parameter to requests/vlm_cmd.xml, (2) dir parameter to requests/browse.xml, or (3) URI in a request, which is returned in an error message through share/lu
nvdosv
CVE-2007-3467P4HIGHCVSS 7.8≤ 0.8.6b2007-06-27
CVE-2007-3467 [HIGH] CVE-2007-3467: Integer overflow in the __status_Update function in stats.c VideoLAN VLC Media Player before 0.8.6c Integer overflow in the __status_Update function in stats.c VideoLAN VLC Media Player before 0.8.6c allows remote attackers to cause a denial of service (crash) via a WAV file with a large sample rate.
nvdosv
CVE-2007-3468P4HIGHCVSS 7.8≤ 0.8.6b2007-06-27
CVE-2007-3468 [HIGH] CVE-2007-3468: input.c in VideoLAN VLC Media Player before 0.8.6c allows remote attackers to cause a denial of serv input.c in VideoLAN VLC Media Player before 0.8.6c allows remote attackers to cause a denial of service (crash) via a crafted WAV file that causes an uninitialized i_nb_resamplers variable to be used.
nvdosv
CVE-2008-1768P4MEDIUMCVSS 6.8≥ 0, < 0.8.6.e-2.12008-04-25
CVE-2008-1768 [MEDIUM] CVE-2008-1768: Multiple integer overflows in VLC before 0 Multiple integer overflows in VLC before 0.8.6f allow remote attackers to cause a denial of service (crash) via the (1) MP4 demuxer, (2) Real demuxer, and (3) Cinepak codec, which triggers a buffer overflow.
osv
Videolan Vlc Media Player vulnerabilities | cvebase