Note:
This project will be discontinued after December 13, 2021. [more]
Product:
Vlc_media_player
(Videolan)Repositories | https://git.videolan.org/git/vlc.git |
#Vulnerabilities | 113 |
Date | Id | Summary | Products | Score | Patch | Annotated |
---|---|---|---|---|---|---|
2019-08-29 | CVE-2019-14498 | A divide-by-zero error exists in the Control function of demux/caf.c in VideoLAN VLC media player 3.0.7.1. As a result, an FPE can be triggered via a crafted CAF file. | Debian_linux, Vlc_media_player | 7.8 | ||
2019-08-29 | CVE-2019-14438 | A heap-based buffer over-read in xiph_PackHeaders() in modules/demux/xiph.h in VideoLAN VLC media player 3.0.7.1 allows remote attackers to trigger a heap-based buffer over-read via a crafted .ogg file. | Debian_linux, Vlc_media_player | 7.8 | ||
2019-08-29 | CVE-2019-14437 | The xiph_SplitHeaders function in modules/demux/xiph.h in VideoLAN VLC media player 3.0.7.1 does not check array bounds properly. As a result, a heap-based buffer over-read can be triggered via a crafted .ogg file. | Debian_linux, Vlc_media_player | 7.8 | ||
2020-02-06 | CVE-2013-3564 | The web interface in VideoLAN VLC media player before 2.0.7 has no access control which allows remote attackers to view directory listings via the 'dir' command or issue other commands without authenticating. | Vlc_media_player | N/A | ||
2020-01-24 | CVE-2014-9630 | The rtp_packetize_xiph_config function in modules/stream_out/rtpfmt.c in VideoLAN VLC media player before 2.1.6 uses a stack-allocation approach with a size determined by arbitrary input data, which allows remote attackers to cause a denial of service (memory corruption) or possibly have unspecified other impact via a crafted length value. | Vlc_media_player | N/A | ||
2020-01-24 | CVE-2014-9629 | Integer overflow in the Encode function in modules/codec/schroedinger.c in VideoLAN VLC media player before 2.1.6 and 2.2.x before 2.2.1 allows remote attackers to conduct buffer overflow attacks and execute arbitrary code via a crafted length value. | Vlc_media_player | N/A | ||
2020-01-24 | CVE-2014-9628 | The MP4_ReadBox_String function in modules/demux/mp4/libmp4.c in VideoLAN VLC media player before 2.1.6 allows remote attackers to trigger an unintended zero-size malloc and conduct buffer overflow attacks, and consequently execute arbitrary code, via a box size of 7. | Vlc_media_player | N/A | ||
2020-01-24 | CVE-2014-9627 | The MP4_ReadBox_String function in modules/demux/mp4/libmp4.c in VideoLAN VLC media player before 2.1.6 performs an incorrect cast operation from a 64-bit integer to a 32-bit integer, which allows remote attackers to cause a denial of service or possibly have unspecified other impact via a large box size. | Vlc_media_player | N/A | ||
2020-01-24 | CVE-2014-9626 | Integer underflow in the MP4_ReadBox_String function in modules/demux/mp4/libmp4.c in VideoLAN VLC media player before 2.1.6 allows remote attackers to cause a denial of service or possibly have unspecified other impact via a box size less than 7. | Vlc_media_player | N/A | ||
2020-01-24 | CVE-2014-9625 | The GetUpdateFile function in misc/update.c in the Updater in VideoLAN VLC media player before 2.1.6 performs an incorrect cast operation from a 64-bit integer to a 32-bit integer, which allows remote attackers to conduct buffer overflow attacks and execute arbitrary code via a crafted update status file, aka an "integer truncation" vulnerability. | Vlc_media_player | N/A |