Vlc Media Player

vlc_media_player

Vendor: Videolan • 113 CVEs

CVEs (113)

CVE VENDORS PRODUCTS UPDATED PUBLISHED CVSS
CVE-2023-46814 1Videolan 1Vlc Media Player Nov 21, 2024 Nov 22, 2023 N/A· v4 7.8 HIGH· v3 N/A· v2 A binary hijacking vulnerability exists within the VideoLAN VLC media player before 3.0.19 on Windows. The uninstaller attempts to execute code with elevated privileges out of a standard user writable location. Standard...Show more A binary hijacking vulnerability exists within the VideoLAN VLC media player before 3.0.19 on Windows. The uninstaller attempts to execute code with elevated privileges out of a standard user writable location. Standard users may use this to gain arbitrary code execution as SYSTEM.Show less
CVE-2023-47360 1Videolan 1Vlc Media Player May 28, 2026 Nov 7, 2023 N/A· v4 7.5 HIGH· v3 N/A· v2 Videolan VLC prior to version 3.0.20 contains an Integer underflow that leads to an incorrect packet length.
CVE-2023-47359 1Videolan 1Vlc Media Player May 28, 2026 Nov 7, 2023 N/A· v4 9.8 CRITICAL· v3 N/A· v2 Videolan VLC prior to version 3.0.20 contains an incorrect offset read that leads to a Heap-Based Buffer Overflow in function GetPacket() and results in a memory corruption.
CVE-2022-41325 2Debian Videolan 2Debian Linux Vlc Media Player Apr 23, 2025 Dec 6, 2022 N/A· v4 7.8 HIGH· v3 N/A· v2 An integer overflow in the VNC module in VideoLAN VLC Media Player through 3.0.17.4 allows attackers, by tricking a user into opening a crafted playlist or connecting to a rogue VNC server, to crash VLC or execute code u...Show more An integer overflow in the VNC module in VideoLAN VLC Media Player through 3.0.17.4 allows attackers, by tricking a user into opening a crafted playlist or connecting to a rogue VNC server, to crash VLC or execute code under some conditions.Show less
CVE-2021-25804 1Videolan 1Vlc Media Player Nov 21, 2024 Jul 26, 2021 N/A· v4 7.5 HIGH· v3 5.0 MEDIUM· v2 A NULL-pointer dereference in "Open" in avi.c of VideoLAN VLC Media Player 3.0.11 can a denial of service (DOS) in the application.
CVE-2021-25803 1Videolan 1Vlc Media Player Nov 21, 2024 Jul 26, 2021 N/A· v4 7.1 HIGH· v3 5.8 MEDIUM· v2 A buffer overflow vulnerability in the vlc_input_attachment_New component of VideoLAN VLC Media Player 3.0.11 allows attackers to cause an out-of-bounds read via a crafted .avi file.
CVE-2021-25802 1Videolan 1Vlc Media Player Nov 21, 2024 Jul 26, 2021 N/A· v4 7.1 HIGH· v3 5.8 MEDIUM· v2 A buffer overflow vulnerability in the AVI_ExtractSubtitle component of VideoLAN VLC Media Player 3.0.11 allows attackers to cause an out-of-bounds read via a crafted .avi file.
CVE-2021-25801 1Videolan 1Vlc Media Player Nov 21, 2024 Jul 26, 2021 N/A· v4 7.1 HIGH· v3 5.8 MEDIUM· v2 A buffer overflow vulnerability in the __Parse_indx component of VideoLAN VLC Media Player 3.0.11 allows attackers to cause an out-of-bounds read via a crafted .avi file.
CVE-2020-26664 2Debian Videolan 2Debian Linux Vlc Media Player Nov 21, 2024 Jan 8, 2021 N/A· v4 7.8 HIGH· v3 6.8 MEDIUM· v2 A vulnerability in EbmlTypeDispatcher::send in VideoLAN VLC media player 3.0.11 allows attackers to trigger a heap-based buffer overflow via a crafted .mkv file.
CVE-2020-13428 2Debian Videolan 2Debian Linux Vlc Media Player Nov 21, 2024 Jun 8, 2020 N/A· v4 7.8 HIGH· v3 6.8 MEDIUM· v2 A heap-based buffer overflow in the hxxx_AnnexB_to_xVC function in modules/packetizer/hxxx_nal.c in VideoLAN VLC media player before 3.0.11 for macOS/iOS allows remote attackers to cause a denial of service (application...Show more A heap-based buffer overflow in the hxxx_AnnexB_to_xVC function in modules/packetizer/hxxx_nal.c in VideoLAN VLC media player before 3.0.11 for macOS/iOS allows remote attackers to cause a denial of service (application crash) or execute arbitrary code via a crafted H.264 Annex-B video (.avi for example) file.Show less
CVE-2019-19721 1Videolan 1Vlc Media Player Nov 21, 2024 May 15, 2020 N/A· v4 7.8 HIGH· v3 6.8 MEDIUM· v2 An off-by-one error in the DecodeBlock function in codec/sdl_image.c in VideoLAN VLC media player before 3.0.9 allows remote attackers to cause a denial of service (memory corruption) via a crafted image file. NOTE: this...Show more An off-by-one error in the DecodeBlock function in codec/sdl_image.c in VideoLAN VLC media player before 3.0.9 allows remote attackers to cause a denial of service (memory corruption) via a crafted image file. NOTE: this may be related to the SDL_Image product.Show less
CVE-2013-3564 1Videolan 1Vlc Media Player Nov 21, 2024 Feb 6, 2020 N/A· v4 5.3 MEDIUM· v3 5.0 MEDIUM· v2 The web interface in VideoLAN VLC media player before 2.0.7 has no access control which allows remote attackers to view directory listings via the 'dir' command or issue other commands without authenticating.
CVE-2013-3565 2Opensuse Videolan 2Opensuse Vlc Media Player Nov 21, 2024 Jan 31, 2020 N/A· v4 6.1 MEDIUM· v3 4.3 MEDIUM· v2 Multiple cross-site scripting (XSS) vulnerabilities in the HTTP Interface in VideoLAN VLC Media Player before 2.0.7 allow remote attackers to inject arbitrary web script or HTML via the (1) command parameter to requests/...Show more Multiple cross-site scripting (XSS) vulnerabilities in the HTTP Interface in VideoLAN VLC Media Player before 2.0.7 allow remote attackers to inject arbitrary web script or HTML via the (1) command parameter to requests/vlm_cmd.xml, (2) dir parameter to requests/browse.xml, or (3) URI in a request, which is returned in an error message through share/lua/intf/http.lua.Show less
CVE-2014-9630 1Videolan 1Vlc Media Player Nov 21, 2024 Jan 24, 2020 N/A· v4 7.8 HIGH· v3 6.8 MEDIUM· v2 The rtp_packetize_xiph_config function in modules/stream_out/rtpfmt.c in VideoLAN VLC media player before 2.1.6 uses a stack-allocation approach with a size determined by arbitrary input data, which allows remote attacke...Show more The rtp_packetize_xiph_config function in modules/stream_out/rtpfmt.c in VideoLAN VLC media player before 2.1.6 uses a stack-allocation approach with a size determined by arbitrary input data, which allows remote attackers to cause a denial of service (memory corruption) or possibly have unspecified other impact via a crafted length value.Show less
CVE-2014-9629 1Videolan 1Vlc Media Player Nov 21, 2024 Jan 24, 2020 N/A· v4 7.8 HIGH· v3 6.8 MEDIUM· v2 Integer overflow in the Encode function in modules/codec/schroedinger.c in VideoLAN VLC media player before 2.1.6 and 2.2.x before 2.2.1 allows remote attackers to conduct buffer overflow attacks and execute arbitrary co...Show more Integer overflow in the Encode function in modules/codec/schroedinger.c in VideoLAN VLC media player before 2.1.6 and 2.2.x before 2.2.1 allows remote attackers to conduct buffer overflow attacks and execute arbitrary code via a crafted length value.Show less
CVE-2014-9628 1Videolan 1Vlc Media Player Nov 21, 2024 Jan 24, 2020 N/A· v4 7.8 HIGH· v3 6.8 MEDIUM· v2 The MP4_ReadBox_String function in modules/demux/mp4/libmp4.c in VideoLAN VLC media player before 2.1.6 allows remote attackers to trigger an unintended zero-size malloc and conduct buffer overflow attacks, and consequen...Show more The MP4_ReadBox_String function in modules/demux/mp4/libmp4.c in VideoLAN VLC media player before 2.1.6 allows remote attackers to trigger an unintended zero-size malloc and conduct buffer overflow attacks, and consequently execute arbitrary code, via a box size of 7.Show less
CVE-2014-9627 1Videolan 1Vlc Media Player Nov 21, 2024 Jan 24, 2020 N/A· v4 7.8 HIGH· v3 6.8 MEDIUM· v2 The MP4_ReadBox_String function in modules/demux/mp4/libmp4.c in VideoLAN VLC media player before 2.1.6 performs an incorrect cast operation from a 64-bit integer to a 32-bit integer, which allows remote attackers to cau...Show more The MP4_ReadBox_String function in modules/demux/mp4/libmp4.c in VideoLAN VLC media player before 2.1.6 performs an incorrect cast operation from a 64-bit integer to a 32-bit integer, which allows remote attackers to cause a denial of service or possibly have unspecified other impact via a large box size.Show less
CVE-2014-9626 1Videolan 1Vlc Media Player Nov 21, 2024 Jan 24, 2020 N/A· v4 7.8 HIGH· v3 6.8 MEDIUM· v2 Integer underflow in the MP4_ReadBox_String function in modules/demux/mp4/libmp4.c in VideoLAN VLC media player before 2.1.6 allows remote attackers to cause a denial of service or possibly have unspecified other impact...Show more Integer underflow in the MP4_ReadBox_String function in modules/demux/mp4/libmp4.c in VideoLAN VLC media player before 2.1.6 allows remote attackers to cause a denial of service or possibly have unspecified other impact via a box size less than 7.Show less
CVE-2014-9625 1Videolan 1Vlc Media Player Nov 21, 2024 Jan 24, 2020 N/A· v4 7.8 HIGH· v3 6.8 MEDIUM· v2 The GetUpdateFile function in misc/update.c in the Updater in VideoLAN VLC media player before 2.1.6 performs an incorrect cast operation from a 64-bit integer to a 32-bit integer, which allows remote attackers to conduc...Show more The GetUpdateFile function in misc/update.c in the Updater in VideoLAN VLC media player before 2.1.6 performs an incorrect cast operation from a 64-bit integer to a 32-bit integer, which allows remote attackers to conduct buffer overflow attacks and execute arbitrary code via a crafted update status file, aka an "integer truncation" vulnerability.Show less
CVE-2019-18278 1Videolan 1Vlc Media Player Nov 21, 2024 Oct 23, 2019 N/A· v4 7.8 HIGH· v3 4.6 MEDIUM· v2 When executing VideoLAN VLC media player 3.0.8 with libqt on Windows, Data from a Faulting Address controls Code Flow starting at libqt_plugin!vlc_entry_license__3_0_0f+0x00000000003b9aba. NOTE: the VideoLAN security tea...Show more When executing VideoLAN VLC media player 3.0.8 with libqt on Windows, Data from a Faulting Address controls Code Flow starting at libqt_plugin!vlc_entry_license__3_0_0f+0x00000000003b9aba. NOTE: the VideoLAN security team indicates that they have not been contacted, and have no way of reproducing this issue.Show less

12 3 4 5 6 Next