cbcvebase.

Videolan Vlc Media Player vulnerabilities

135 known vulnerabilities affecting videolan/vlc_media_player.

Total CVEs
135
CISA KEV
0
Public exploits
40
Exploited in wild
0
Severity breakdown
CRITICAL32HIGH59MEDIUM44

Vulnerabilities

Page 7 of 7
CVE-2025-51602P4MEDIUMCVSS 4.8fixed in 3.0.222026-01-16
CVE-2025-51602 [MEDIUM] CWE-125 CVE-2025-51602: mmstu.c in VideoLAN VLC media player before 3.0.22 allows an out-of-bounds read and denial of servic mmstu.c in VideoLAN VLC media player before 3.0.22 allows an out-of-bounds read and denial of service via a crafted 0x01 response from an MMS server.
nvdosv
CVE-2019-13615P4MEDIUMCVSS 5.5fixed in 3.0.32019-07-16
CVE-2019-13615 [MEDIUM] CWE-125 CVE-2019-13615: libebml before 1.3.6, as used in the MKV module in VideoLAN VLC Media Player binaries before 3.0.3, libebml before 1.3.6, as used in the MKV module in VideoLAN VLC Media Player binaries before 3.0.3, has a heap-based buffer over-read in EbmlElement::FindNextElement.
nvd
CVE-2017-8312P4MEDIUMCVSS 5.5fixed in 2.2.62017-05-23
CVE-2017-8312 [MEDIUM] CWE-125 CVE-2017-8312: Heap out-of-bound read in ParseJSS in VideoLAN VLC due to missing check of string length allows atta Heap out-of-bound read in ParseJSS in VideoLAN VLC due to missing check of string length allows attackers to read heap uninitialized data via a crafted subtitles file.
nvdosv
CVE-2019-5460P4MEDIUMCVSS 5.5≤ 3.0.6vFixed in 3.0.72019-07-30
CVE-2019-5460 [MEDIUM] CWE-415 CVE-2019-5460: Double Free in VLC versions <= 3.0.6 leads to a crash. Double Free in VLC versions <= 3.0.6 leads to a crash.
nvdosv
CVE-2016-3941P4MEDIUMCVSS 5.5≤ 2.1.62016-04-18
CVE-2016-3941 [MEDIUM] CWE-119 CVE-2016-3941: Buffer overflow in the AStreamPeekStream function in input/stream.c in VideoLAN VLC media player bef Buffer overflow in the AStreamPeekStream function in input/stream.c in VideoLAN VLC media player before 2.2.0 allows remote attackers to cause a denial of service (crash) via a crafted wav file, related to "seek across EOF."
nvdosv
CVE-2010-1443P4MEDIUMCVSS 5.0≤ 1.0.5v0.5.0+42 more2014-12-26
CVE-2010-1443 [MEDIUM] CVE-2010-1443: The parse_track_node function in modules/demux/playlist/xspf.c in the XSPF playlist parser in VideoL The parse_track_node function in modules/demux/playlist/xspf.c in the XSPF playlist parser in VideoLAN VLC media player before 1.0.6 allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) via an empty location element in an XML Shareable Playlist Format (XSPF) document.
nvdosv
CVE-2014-9743P4MEDIUMCVSS 4.3≤ 2.1.62015-08-17
CVE-2014-9743 [MEDIUM] CWE-79 CVE-2014-9743: Cross-site scripting (XSS) vulnerability in the httpd_HtmlError function in network/httpd.c in the w Cross-site scripting (XSS) vulnerability in the httpd_HtmlError function in network/httpd.c in the web interface in VideoLAN VLC Media Player before 2.2.0 allows remote attackers to inject arbitrary web script or HTML via the path info.
nvdosv
CVE-2019-14534P4MEDIUMCVSS 5.5v3.0.7.12019-08-29
CVE-2019-14534 [MEDIUM] CWE-476 CVE-2019-14534: In VideoLAN VLC media player 3.0.7.1, there is a NULL pointer dereference at the function SeekPercen In VideoLAN VLC media player 3.0.7.1, there is a NULL pointer dereference at the function SeekPercent of demux/asf/asf.c that will lead to a denial of service attack.
nvdosv
CVE-2007-6684P4MEDIUMCVSS 5.0≥ 0, < 0.8.6.c-4.12008-01-17
CVE-2007-6684 [MEDIUM] CVE-2007-6684: The RTSP module in VideoLAN VLC 0 The RTSP module in VideoLAN VLC 0.8.6d allows remote attackers to cause a denial of service (crash) via a request without a Transport parameter, which triggers a NULL pointer dereference.
osv
CVE-2017-8313P4MEDIUMCVSS 5.5≤ 2.2.42017-05-23
CVE-2017-8313 [MEDIUM] CWE-125 CVE-2017-8313: Heap out-of-bound read in ParseJSS in VideoLAN VLC before 2.2.5 due to missing check of string termi Heap out-of-bound read in ParseJSS in VideoLAN VLC before 2.2.5 due to missing check of string termination allows attackers to read data beyond allocated memory and potentially crash the process via a crafted subtitles file.
nvdosv
CVE-2010-2937P4MEDIUMCVSS 5.0v0.9.0v0.9.1+20 more2010-08-20
CVE-2010-2937 [MEDIUM] CWE-20 CVE-2010-2937: The ReadMetaFromId3v2 function in taglib.cpp in the TagLib plugin in VideoLAN VLC media player 0.9.0 The ReadMetaFromId3v2 function in taglib.cpp in the TagLib plugin in VideoLAN VLC media player 0.9.0 through 1.1.2 does not properly process ID3v2 tags, which allows remote attackers to cause a denial of service (application crash) via a crafted media file.
nvdosv
CVE-2017-8310P4MEDIUMCVSS 5.5v2.2.0v2.2.1+4 more2017-05-23
CVE-2017-8310 [MEDIUM] CWE-125 CVE-2017-8310: Heap out-of-bound read in CreateHtmlSubtitle in VideoLAN VLC 2.2.x due to missing check of string te Heap out-of-bound read in CreateHtmlSubtitle in VideoLAN VLC 2.2.x due to missing check of string termination allows attackers to read data beyond allocated memory and potentially crash the process (causing a denial of service) via a crafted subtitles file.
nvdosv
CVE-2013-7340P4MEDIUMCVSS 4.3≤ 2.0.6v0.1.99a+103 more2014-03-21
CVE-2013-7340 [MEDIUM] CWE-399 CVE-2013-7340: VideoLAN VLC Media Player before 2.0.7 allows remote attackers to cause a denial of service (memory VideoLAN VLC Media Player before 2.0.7 allows remote attackers to cause a denial of service (memory consumption) via a crafted playlist file.
nvdosv
CVE-2012-5855P4MEDIUMCVSS 4.3≤ 2.0.4v2.0.0+3 more2013-07-10
CVE-2012-5855 [MEDIUM] CWE-189 CVE-2012-5855: The SHAddToRecentDocs function in VideoLAN VLC media player 2.0.4 and earlier might allow user-assis The SHAddToRecentDocs function in VideoLAN VLC media player 2.0.4 and earlier might allow user-assisted attackers to cause a denial of service (crash) via a crafted file name that triggers an incorrect string-length calculation when the file is added to VLC. NOTE: it is not clear whether this issue crosses privilege boundaries or whether it can be exp
nvd
CVE-2008-2147P4MEDIUMCVSS 4.6≥ 0, < 0.8.6.e-2.22008-05-12
CVE-2008-2147 [MEDIUM] CVE-2008-2147: Untrusted search path vulnerability in VideoLAN VLC before 0 Untrusted search path vulnerability in VideoLAN VLC before 0.9.0 allows local users to execute arbitrary code via a malicious library under the modules/ or plugins/ subdirectories of the current working directory.
osv
Videolan Vlc Media Player vulnerabilities | cvebase