Vlc Media Player

vlc_media_player

Vendor: Videolan • 113 CVEs

CVEs (113)

CVE VENDORS PRODUCTS UPDATED PUBLISHED CVSS
CVE-2017-17670 2Debian Videolan 2Debian Linux Vlc Media Player May 13, 2026 Dec 15, 2017 N/A· v4 8.8 HIGH· v3 6.8 MEDIUM· v2 In VideoLAN VLC media player through 2.2.8, there is a type conversion vulnerability in modules/demux/mp4/libmp4.c in the MP4 demux module leading to a invalid free, because the type of a box may be changed between a rea...Show more In VideoLAN VLC media player through 2.2.8, there is a type conversion vulnerability in modules/demux/mp4/libmp4.c in the MP4 demux module leading to a invalid free, because the type of a box may be changed between a read operation and a free operation.Show less
CVE-2017-10699 1Videolan 1Vlc Media Player May 13, 2026 Jun 30, 2017 N/A· v4 9.8 CRITICAL· v3 7.5 HIGH· v2 avcodec 2.2.x, as used in VideoLAN VLC media player 2.2.7-x before 2017-06-29, allows out-of-bounds heap memory write due to calling memcpy() with a wrong size, leading to a denial of service (application crash) or possi...Show more avcodec 2.2.x, as used in VideoLAN VLC media player 2.2.7-x before 2017-06-29, allows out-of-bounds heap memory write due to calling memcpy() with a wrong size, leading to a denial of service (application crash) or possibly code execution.Show less
CVE-2017-9301 1Videolan 1Vlc Media Player May 13, 2026 May 29, 2017 N/A· v4 7.8 HIGH· v3 6.8 MEDIUM· v2 plugins\audio_filter\libmpgatofixed32_plugin.dll in VideoLAN VLC media player 2.2.4 allows remote attackers to cause a denial of service (invalid read and application crash) or possibly have unspecified other impact via...Show more plugins\audio_filter\libmpgatofixed32_plugin.dll in VideoLAN VLC media player 2.2.4 allows remote attackers to cause a denial of service (invalid read and application crash) or possibly have unspecified other impact via a crafted file.Show less
CVE-2017-9300 1Videolan 1Vlc Media Player May 13, 2026 May 29, 2017 N/A· v4 7.8 HIGH· v3 6.8 MEDIUM· v2 plugins\codec\libflac_plugin.dll in VideoLAN VLC media player 2.2.4 allows remote attackers to cause a denial of service (heap corruption and application crash) or possibly have unspecified other impact via a crafted FLA...Show more plugins\codec\libflac_plugin.dll in VideoLAN VLC media player 2.2.4 allows remote attackers to cause a denial of service (heap corruption and application crash) or possibly have unspecified other impact via a crafted FLAC file.Show less
CVE-2017-8313 1Videolan 1Vlc Media Player May 13, 2026 May 23, 2017 N/A· v4 5.5 MEDIUM· v3 4.3 MEDIUM· v2 Heap out-of-bound read in ParseJSS in VideoLAN VLC before 2.2.5 due to missing check of string termination allows attackers to read data beyond allocated memory and potentially crash the process via a crafted subtitles f...Show more Heap out-of-bound read in ParseJSS in VideoLAN VLC before 2.2.5 due to missing check of string termination allows attackers to read data beyond allocated memory and potentially crash the process via a crafted subtitles file.Show less
CVE-2017-8312 2Debian Videolan 2Debian Linux Vlc Media Player May 13, 2026 May 23, 2017 N/A· v4 5.5 MEDIUM· v3 4.3 MEDIUM· v2 Heap out-of-bound read in ParseJSS in VideoLAN VLC due to missing check of string length allows attackers to read heap uninitialized data via a crafted subtitles file.
CVE-2017-8311 1Videolan 1Vlc Media Player May 13, 2026 May 23, 2017 N/A· v4 7.8 HIGH· v3 6.8 MEDIUM· v2 Potential heap based buffer overflow in ParseJSS in VideoLAN VLC before 2.2.5 due to skipping NULL terminator in an input string allows attackers to execute arbitrary code via a crafted subtitles file.
CVE-2017-8310 1Videolan 1Vlc Media Player May 13, 2026 May 23, 2017 N/A· v4 5.5 MEDIUM· v3 4.3 MEDIUM· v2 Heap out-of-bound read in CreateHtmlSubtitle in VideoLAN VLC 2.2.x due to missing check of string termination allows attackers to read data beyond allocated memory and potentially crash the process (causing a denial of s...Show more Heap out-of-bound read in CreateHtmlSubtitle in VideoLAN VLC 2.2.x due to missing check of string termination allows attackers to read data beyond allocated memory and potentially crash the process (causing a denial of service) via a crafted subtitles file.Show less
CVE-2016-5108 2Debian Videolan 2Debian Linux Vlc Media Player May 6, 2026 Jun 8, 2016 N/A· v4 9.8 CRITICAL· v3 7.5 HIGH· v2 Buffer overflow in the DecodeAdpcmImaQT function in modules/codec/adpcm.c in VideoLAN VLC media player before 2.2.4 allows remote attackers to cause a denial of service (crash) or possibly execute arbitrary code via a cr...Show more Buffer overflow in the DecodeAdpcmImaQT function in modules/codec/adpcm.c in VideoLAN VLC media player before 2.2.4 allows remote attackers to cause a denial of service (crash) or possibly execute arbitrary code via a crafted QuickTime IMA file.Show less
CVE-2016-3941 2Canonical Videolan 2Ubuntu Linux Vlc Media Player May 6, 2026 Apr 18, 2016 N/A· v4 5.5 MEDIUM· v3 4.3 MEDIUM· v2 Buffer overflow in the AStreamPeekStream function in input/stream.c in VideoLAN VLC media player before 2.2.0 allows remote attackers to cause a denial of service (crash) via a crafted wav file, related to "seek across E...Show more Buffer overflow in the AStreamPeekStream function in input/stream.c in VideoLAN VLC media player before 2.2.0 allows remote attackers to cause a denial of service (crash) via a crafted wav file, related to "seek across EOF."Show less
CVE-2015-5949 1Videolan 1Vlc Media Player May 6, 2026 Aug 25, 2015 N/A· v4 N/A· v3 6.8 MEDIUM· v2 VideoLAN VLC media player 2.2.1 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a crafted 3GP file, which triggers the freeing of arbitrary pointers.
CVE-2014-9743 1Videolan 1Vlc Media Player May 6, 2026 Aug 17, 2015 N/A· v4 N/A· v3 4.3 MEDIUM· v2 Cross-site scripting (XSS) vulnerability in the httpd_HtmlError function in network/httpd.c in the web interface in VideoLAN VLC Media Player before 2.2.0 allows remote attackers to inject arbitrary web script or HTML vi...Show more Cross-site scripting (XSS) vulnerability in the httpd_HtmlError function in network/httpd.c in the web interface in VideoLAN VLC Media Player before 2.2.0 allows remote attackers to inject arbitrary web script or HTML via the path info.Show less
CVE-2014-9598 1Videolan 1Vlc Media Player May 6, 2026 Jan 21, 2015 N/A· v4 N/A· v3 6.8 MEDIUM· v2 The picture_Release function in misc/picture.c in VideoLAN VLC media player 2.1.5 allows remote attackers to execute arbitrary code or cause a denial of service (write access violation) via a crafted M2V file.
CVE-2014-9597 1Videolan 1Vlc Media Player May 6, 2026 Jan 21, 2015 N/A· v4 N/A· v3 6.8 MEDIUM· v2 The picture_pool_Delete function in misc/picture_pool.c in VideoLAN VLC media player 2.1.5 allows remote attackers to execute arbitrary code or cause a denial of service (DEP violation and application crash) via a crafte...Show more The picture_pool_Delete function in misc/picture_pool.c in VideoLAN VLC media player 2.1.5 allows remote attackers to execute arbitrary code or cause a denial of service (DEP violation and application crash) via a crafted FLV file.Show less
CVE-2011-3623 1Videolan 1Vlc Media Player May 6, 2026 Dec 26, 2014 N/A· v4 N/A· v3 7.5 HIGH· v2 Multiple stack-based buffer overflows in VideoLAN VLC media player before 1.0.2 allow remote attackers to execute arbitrary code via (1) a crafted ASF file, related to the ASF_ObjectDumpDebug function in modules/demux/as...Show more Multiple stack-based buffer overflows in VideoLAN VLC media player before 1.0.2 allow remote attackers to execute arbitrary code via (1) a crafted ASF file, related to the ASF_ObjectDumpDebug function in modules/demux/asf/libasf.c; (2) a crafted AVI file, related to the AVI_ChunkDumpDebug_level function in modules/demux/avi/libavi.c; or (3) a crafted MP4 file, related to the __MP4_BoxDumpStructure function in modules/demux/mp4/libmp4.c.Show less
CVE-2010-2062 1Videolan 1Vlc Media Player May 6, 2026 Dec 26, 2014 N/A· v4 N/A· v3 7.5 HIGH· v2 Integer underflow in the real_get_rdt_chunk function in real.c, as used in modules/access/rtsp/real.c in VideoLAN VLC media player before 1.0.1 and stream/realrtsp/real.c in MPlayer before r29447, allows remote attackers...Show more Integer underflow in the real_get_rdt_chunk function in real.c, as used in modules/access/rtsp/real.c in VideoLAN VLC media player before 1.0.1 and stream/realrtsp/real.c in MPlayer before r29447, allows remote attackers to execute arbitrary code via a crafted length value in an RDT chunk header.Show less
CVE-2010-1445 1Videolan 1Vlc Media Player May 6, 2026 Dec 26, 2014 N/A· v4 N/A· v3 7.5 HIGH· v2 Heap-based buffer overflow in VideoLAN VLC media player before 1.0.6 allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a crafted byte stream in an RTMP sessio...Show more Heap-based buffer overflow in VideoLAN VLC media player before 1.0.6 allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a crafted byte stream in an RTMP session.Show less
CVE-2010-1444 1Videolan 1Vlc Media Player May 6, 2026 Dec 26, 2014 N/A· v4 N/A· v3 7.5 HIGH· v2 The ZIP archive decompressor in VideoLAN VLC media player before 1.0.6 allows remote attackers to cause a denial of service (invalid memory access and application crash) or possibly execute arbitrary code via a crafted a...Show more The ZIP archive decompressor in VideoLAN VLC media player before 1.0.6 allows remote attackers to cause a denial of service (invalid memory access and application crash) or possibly execute arbitrary code via a crafted archive.Show less
CVE-2010-1443 1Videolan 1Vlc Media Player May 6, 2026 Dec 26, 2014 N/A· v4 N/A· v3 5.0 MEDIUM· v2 The parse_track_node function in modules/demux/playlist/xspf.c in the XSPF playlist parser in VideoLAN VLC media player before 1.0.6 allows remote attackers to cause a denial of service (NULL pointer dereference and appl...Show more The parse_track_node function in modules/demux/playlist/xspf.c in the XSPF playlist parser in VideoLAN VLC media player before 1.0.6 allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) via an empty location element in an XML Shareable Playlist Format (XSPF) document.Show less
CVE-2010-1442 1Videolan 1Vlc Media Player May 6, 2026 Dec 26, 2014 N/A· v4 N/A· v3 7.5 HIGH· v2 VideoLAN VLC media player before 1.0.6 allows remote attackers to cause a denial of service (invalid memory access and application crash) or possibly execute arbitrary code via a crafted byte stream to the (1) AVI, (2) A...Show more VideoLAN VLC media player before 1.0.6 allows remote attackers to cause a denial of service (invalid memory access and application crash) or possibly execute arbitrary code via a crafted byte stream to the (1) AVI, (2) ASF, or (3) Matroska (aka MKV) demuxer.Show less

Previous 1 234 5 6 Next