Note:
This project will be discontinued after December 13, 2021. [more]
Product:
Vlc_media_player
(Videolan)| Repositories | https://git.videolan.org/git/vlc.git |
| #Vulnerabilities | 113 |
| Date | Id | Summary | Products | Score | Patch | Annotated |
|---|---|---|---|---|---|---|
| 2019-08-29 | CVE-2019-14776 | A heap-based buffer over-read exists in DemuxInit() in demux/asf/asf.c in VideoLAN VLC media player 3.0.7.1 via a crafted .mkv file. | Debian_linux, Vlc_media_player | 7.8 | ||
| 2019-08-29 | CVE-2019-14535 | A divide-by-zero error exists in the SeekIndex function of demux/asf/asf.c in VideoLAN VLC media player 3.0.7.1. As a result, an FPE can be triggered via a crafted WMV file. | Debian_linux, Vlc_media_player | 7.8 | ||
| 2019-08-29 | CVE-2019-14534 | In VideoLAN VLC media player 3.0.7.1, there is a NULL pointer dereference at the function SeekPercent of demux/asf/asf.c that will lead to a denial of service attack. | Debian_linux, Vlc_media_player | 5.5 | ||
| 2019-08-29 | CVE-2019-14533 | The Control function of demux/asf/asf.c in VideoLAN VLC media player 3.0.7.1 has a use-after-free. | Debian_linux, Vlc_media_player | 7.8 | ||
| 2019-08-29 | CVE-2019-14498 | A divide-by-zero error exists in the Control function of demux/caf.c in VideoLAN VLC media player 3.0.7.1. As a result, an FPE can be triggered via a crafted CAF file. | Debian_linux, Vlc_media_player | 7.8 | ||
| 2019-08-29 | CVE-2019-14438 | A heap-based buffer over-read in xiph_PackHeaders() in modules/demux/xiph.h in VideoLAN VLC media player 3.0.7.1 allows remote attackers to trigger a heap-based buffer over-read via a crafted .ogg file. | Debian_linux, Vlc_media_player | 7.8 | ||
| 2019-08-29 | CVE-2019-14437 | The xiph_SplitHeaders function in modules/demux/xiph.h in VideoLAN VLC media player 3.0.7.1 does not check array bounds properly. As a result, a heap-based buffer over-read can be triggered via a crafted .ogg file. | Debian_linux, Vlc_media_player | 7.8 | ||
| 2020-02-06 | CVE-2013-3564 | The web interface in VideoLAN VLC media player before 2.0.7 has no access control which allows remote attackers to view directory listings via the 'dir' command or issue other commands without authenticating. | Vlc_media_player | N/A | ||
| 2020-01-24 | CVE-2014-9630 | The rtp_packetize_xiph_config function in modules/stream_out/rtpfmt.c in VideoLAN VLC media player before 2.1.6 uses a stack-allocation approach with a size determined by arbitrary input data, which allows remote attackers to cause a denial of service (memory corruption) or possibly have unspecified other impact via a crafted length value. | Vlc_media_player | N/A | ||
| 2020-01-24 | CVE-2014-9629 | Integer overflow in the Encode function in modules/codec/schroedinger.c in VideoLAN VLC media player before 2.1.6 and 2.2.x before 2.2.1 allows remote attackers to conduct buffer overflow attacks and execute arbitrary code via a crafted length value. | Vlc_media_player | N/A |