Note:
This project will be discontinued after December 13, 2021. [more]
Product:
Vlc_media_player
(Videolan)| Repositories | https://git.videolan.org/git/vlc.git |
| #Vulnerabilities | 113 |
| Date | Id | Summary | Products | Score | Patch | Annotated |
|---|---|---|---|---|---|---|
| 2019-07-14 | CVE-2019-13602 | An Integer Underflow in MP4_EIA608_Convert() in modules/demux/mp4/mp4.c in VideoLAN VLC media player through 3.0.7.1 allows remote attackers to cause a denial of service (heap-based buffer overflow and crash) or possibly have unspecified other impact via a crafted .mp4 file. | Ubuntu_linux, Debian_linux, Backports_sle, Leap, Vlc_media_player | 7.8 | ||
| 2019-07-18 | CVE-2019-13962 | lavc_CopyPicture in modules/codec/avcodec/video.c in VideoLAN VLC media player through 3.0.7 has a heap-based buffer over-read because it does not properly validate the width and height. | Ubuntu_linux, Debian_linux, Backports_sle, Leap, Vlc_media_player | 9.8 | ||
| 2020-01-31 | CVE-2013-3565 | Multiple cross-site scripting (XSS) vulnerabilities in the HTTP Interface in VideoLAN VLC Media Player before 2.0.7 allow remote attackers to inject arbitrary web script or HTML via the (1) command parameter to requests/vlm_cmd.xml, (2) dir parameter to requests/browse.xml, or (3) URI in a request, which is returned in an error message through share/lua/intf/http.lua. | Opensuse, Vlc_media_player | 6.1 | ||
| 2020-05-15 | CVE-2019-19721 | An off-by-one error in the DecodeBlock function in codec/sdl_image.c in VideoLAN VLC media player before 3.0.9 allows remote attackers to cause a denial of service (memory corruption) via a crafted image file. NOTE: this may be related to the SDL_Image product. | Vlc_media_player | 7.8 | ||
| 2018-05-28 | CVE-2018-11516 | The vlc_demux_chained_Delete function in input/demux_chained.c in VideoLAN VLC media player 3.0.1 allows remote attackers to cause a denial of service (heap corruption and application crash) or possibly have unspecified other impact via a crafted .swf file. | Vlc_media_player | 8.8 | ||
| 2019-07-30 | CVE-2019-5460 | Double Free in VLC versions <= 3.0.6 leads to a crash. | Backports, Leap, Vlc_media_player | 5.5 | ||
| 2019-07-30 | CVE-2019-5459 | An Integer underflow in VLC Media Player versions < 3.0.7 leads to an out-of-band read. | Backports, Backports_sle, Leap, Vlc_media_player | 7.1 | ||
| 2019-08-29 | CVE-2019-14970 | A vulnerability in mkv::event_thread_t in VideoLAN VLC media player 3.0.7.1 allows remote attackers to trigger a heap-based buffer overflow via a crafted .mkv file. | Debian_linux, Vlc_media_player | 7.8 | ||
| 2019-08-29 | CVE-2019-14778 | The mkv::virtual_segment_c::seek method of demux/mkv/virtual_segment.cpp in VideoLAN VLC media player 3.0.7.1 has a use-after-free. | Debian_linux, Vlc_media_player | 7.8 | ||
| 2019-08-29 | CVE-2019-14777 | The Control function of demux/mkv/mkv.cpp in VideoLAN VLC media player 3.0.7.1 has a use-after-free. | Debian_linux, Vlc_media_player | 7.8 |