Note:
This project will be discontinued after December 13, 2021. [more]
Product:
Vlc_media_player
(Videolan)| Repositories | https://git.videolan.org/git/vlc.git |
| #Vulnerabilities | 113 |
| Date | Id | Summary | Products | Score | Patch | Annotated |
|---|---|---|---|---|---|---|
| 2021-01-08 | CVE-2020-26664 | A vulnerability in EbmlTypeDispatcher::send in VideoLAN VLC media player 3.0.11 allows attackers to trigger a heap-based buffer overflow via a crafted .mkv file. | Debian_linux, Vlc_media_player | 7.8 | ||
| 2021-07-26 | CVE-2021-25801 | A buffer overflow vulnerability in the __Parse_indx component of VideoLAN VLC Media Player 3.0.11 allows attackers to cause an out-of-bounds read via a crafted .avi file. | Vlc_media_player | 7.1 | ||
| 2021-07-26 | CVE-2021-25802 | A buffer overflow vulnerability in the AVI_ExtractSubtitle component of VideoLAN VLC Media Player 3.0.11 allows attackers to cause an out-of-bounds read via a crafted .avi file. | Vlc_media_player | 7.1 | ||
| 2021-07-26 | CVE-2021-25803 | A buffer overflow vulnerability in the vlc_input_attachment_New component of VideoLAN VLC Media Player 3.0.11 allows attackers to cause an out-of-bounds read via a crafted .avi file. | Vlc_media_player | 7.1 | ||
| 2021-07-26 | CVE-2021-25804 | A NULL-pointer dereference in "Open" in avi.c of VideoLAN VLC Media Player 3.0.11 can a denial of service (DOS) in the application. | Vlc_media_player | 7.5 | ||
| 2022-12-06 | CVE-2022-41325 | An integer overflow in the VNC module in VideoLAN VLC Media Player through 3.0.17.4 allows attackers, by tricking a user into opening a crafted playlist or connecting to a rogue VNC server, to crash VLC or execute code under some conditions. | Debian_linux, Vlc_media_player | 7.8 | ||
| 2023-11-07 | CVE-2023-47359 | Videolan VLC prior to version 3.0.20 contains an incorrect offset read that leads to a Heap-Based Buffer Overflow in function GetPacket() and results in a memory corruption. | Vlc_media_player | 9.8 | ||
| 2023-11-07 | CVE-2023-47360 | Videolan VLC prior to version 3.0.20 contains an Integer underflow that leads to an incorrect packet length. | Vlc_media_player | 7.5 | ||
| 2023-11-22 | CVE-2023-46814 | A binary hijacking vulnerability exists within the VideoLAN VLC media player before 3.0.19 on Windows. The uninstaller attempts to execute code with elevated privileges out of a standard user writable location. Standard users may use this to gain arbitrary code execution as SYSTEM. | Vlc_media_player | 7.8 | ||
| 2013-07-10 | CVE-2013-3245 | plugins/demux/libmkv_plugin.dll in VideoLAN VLC Media Player 2.0.7, and possibly other versions, allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a crafted MKV file, possibly involving an integer overflow and out-of-bounds read or heap-based buffer overflow, or an uncaught exception. NOTE: the vendor disputes the severity and claimed vulnerability type of this issue, stating "This PoC crashes VLC, indeed, but does nothing more... this is... | Vlc_media_player | N/A |