Note:
This project will be discontinued after December 13, 2021. [more]
Product:
Vlc_media_player
(Videolan)| Repositories | https://git.videolan.org/git/vlc.git |
| #Vulnerabilities | 113 |
| Date | Id | Summary | Products | Score | Patch | Annotated |
|---|---|---|---|---|---|---|
| 2013-07-10 | CVE-2013-3245 | plugins/demux/libmkv_plugin.dll in VideoLAN VLC Media Player 2.0.7, and possibly other versions, allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a crafted MKV file, possibly involving an integer overflow and out-of-bounds read or heap-based buffer overflow, or an uncaught exception. NOTE: the vendor disputes the severity and claimed vulnerability type of this issue, stating "This PoC crashes VLC, indeed, but does nothing more... this is... | Vlc_media_player | N/A | ||
| 2015-01-21 | CVE-2014-9597 | The picture_pool_Delete function in misc/picture_pool.c in VideoLAN VLC media player 2.1.5 allows remote attackers to execute arbitrary code or cause a denial of service (DEP violation and application crash) via a crafted FLV file. | Vlc_media_player | N/A | ||
| 2015-01-21 | CVE-2014-9598 | The picture_Release function in misc/picture.c in VideoLAN VLC media player 2.1.5 allows remote attackers to execute arbitrary code or cause a denial of service (write access violation) via a crafted M2V file. | Vlc_media_player | N/A | ||
| 2023-11-07 | CVE-2023-47359 | Videolan VLC prior to version 3.0.20 contains an incorrect offset read that leads to a Heap-Based Buffer Overflow in function GetPacket() and results in a memory corruption. | Vlc_media_player | 9.8 | ||
| 2023-11-07 | CVE-2023-47360 | Videolan VLC prior to version 3.0.20 contains an Integer underflow that leads to an incorrect packet length. | Vlc_media_player | 7.5 | ||
| 2023-11-22 | CVE-2023-46814 | A binary hijacking vulnerability exists within the VideoLAN VLC media player before 3.0.19 on Windows. The uninstaller attempts to execute code with elevated privileges out of a standard user writable location. Standard users may use this to gain arbitrary code execution as SYSTEM. | Vlc_media_player | 7.8 | ||
| 2008-10-22 | CVE-2008-4686 | Multiple integer overflows in ty.c in the TY demux plugin (aka the TiVo demuxer) in VideoLAN VLC media player, probably 0.9.4, might allow remote attackers to execute arbitrary code via a crafted .ty file, a different vulnerability than CVE-2008-4654. | Vlc_media_player | N/A | ||
| 2008-10-22 | CVE-2008-4654 | Stack-based buffer overflow in the parse_master function in the Ty demux plugin (modules/demux/ty.c) in VLC Media Player 0.9.0 through 0.9.4 allows remote attackers to execute arbitrary code via a TiVo TY media file with a header containing a crafted size value. | Vlc_media_player | N/A | ||
| 2008-11-10 | CVE-2008-5032 | Stack-based buffer overflow in VideoLAN VLC media player 0.5.0 through 0.9.5 might allow user-assisted attackers to execute arbitrary code via the header of an invalid CUE image file, related to modules/access/vcd/cdrom.c. NOTE: this identifier originally included an issue related to RealText, but that issue has been assigned a separate identifier, CVE-2008-5036. | Vlc_media_player | N/A | ||
| 2008-11-10 | CVE-2008-5036 | Stack-based buffer overflow in VideoLAN VLC media player 0.9.x before 0.9.6 might allow user-assisted attackers to execute arbitrary code via an an invalid RealText (rt) subtitle file, related to the ParseRealText function in modules/demux/subtitle.c. NOTE: this issue was SPLIT from CVE-2008-5032 on 20081110. | Vlc_media_player | N/A |