Product:

Vlc_media_player

(Videolan)
Repositories https://git.videolan.org/git/vlc.git
#Vulnerabilities 113
Date Id Summary Products Score Patch Annotated
2019-08-29 CVE-2019-14776 A heap-based buffer over-read exists in DemuxInit() in demux/asf/asf.c in VideoLAN VLC media player 3.0.7.1 via a crafted .mkv file. Debian_linux, Vlc_media_player 7.8
2019-08-29 CVE-2019-14535 A divide-by-zero error exists in the SeekIndex function of demux/asf/asf.c in VideoLAN VLC media player 3.0.7.1. As a result, an FPE can be triggered via a crafted WMV file. Debian_linux, Vlc_media_player 7.8
2019-08-29 CVE-2019-14534 In VideoLAN VLC media player 3.0.7.1, there is a NULL pointer dereference at the function SeekPercent of demux/asf/asf.c that will lead to a denial of service attack. Debian_linux, Vlc_media_player 5.5
2019-08-29 CVE-2019-14533 The Control function of demux/asf/asf.c in VideoLAN VLC media player 3.0.7.1 has a use-after-free. Debian_linux, Vlc_media_player 7.8
2019-08-29 CVE-2019-14498 A divide-by-zero error exists in the Control function of demux/caf.c in VideoLAN VLC media player 3.0.7.1. As a result, an FPE can be triggered via a crafted CAF file. Debian_linux, Vlc_media_player 7.8
2019-08-29 CVE-2019-14438 A heap-based buffer over-read in xiph_PackHeaders() in modules/demux/xiph.h in VideoLAN VLC media player 3.0.7.1 allows remote attackers to trigger a heap-based buffer over-read via a crafted .ogg file. Debian_linux, Vlc_media_player 7.8
2019-08-29 CVE-2019-14437 The xiph_SplitHeaders function in modules/demux/xiph.h in VideoLAN VLC media player 3.0.7.1 does not check array bounds properly. As a result, a heap-based buffer over-read can be triggered via a crafted .ogg file. Debian_linux, Vlc_media_player 7.8
2020-02-06 CVE-2013-3564 The web interface in VideoLAN VLC media player before 2.0.7 has no access control which allows remote attackers to view directory listings via the 'dir' command or issue other commands without authenticating. Vlc_media_player N/A
2020-01-24 CVE-2014-9630 The rtp_packetize_xiph_config function in modules/stream_out/rtpfmt.c in VideoLAN VLC media player before 2.1.6 uses a stack-allocation approach with a size determined by arbitrary input data, which allows remote attackers to cause a denial of service (memory corruption) or possibly have unspecified other impact via a crafted length value. Vlc_media_player N/A
2020-01-24 CVE-2014-9629 Integer overflow in the Encode function in modules/codec/schroedinger.c in VideoLAN VLC media player before 2.1.6 and 2.2.x before 2.2.1 allows remote attackers to conduct buffer overflow attacks and execute arbitrary code via a crafted length value. Vlc_media_player N/A