Vlc Media Player

vlc_media_player

Vendor: Videolan • 113 CVEs

CVEs (113)

CVE VENDORS PRODUCTS UPDATED PUBLISHED CVSS
CVE-2010-1441 1Videolan 1Vlc Media Player May 6, 2026 Dec 26, 2014 N/A· v4 N/A· v3 7.5 HIGH· v2 Multiple heap-based buffer overflows in VideoLAN VLC media player before 1.0.6 allow remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a crafted byte stream to the (...Show more Multiple heap-based buffer overflows in VideoLAN VLC media player before 1.0.6 allow remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a crafted byte stream to the (1) A/52, (2) DTS, or (3) MPEG Audio decoder.Show less
CVE-2014-3441 1Videolan 1Vlc Media Player May 6, 2026 May 14, 2014 N/A· v4 N/A· v3 4.3 MEDIUM· v2 codec\libpng_plugin.dll in VideoLAN VLC Media Player 2.1.3 allows remote attackers to cause a denial of service (crash) via a crafted .png file, as demonstrated by a png in a .wave file.
CVE-2013-7340 1Videolan 1Vlc Media Player May 6, 2026 Mar 21, 2014 N/A· v4 N/A· v3 4.3 MEDIUM· v2 VideoLAN VLC Media Player before 2.0.7 allows remote attackers to cause a denial of service (memory consumption) via a crafted playlist file.
CVE-2014-1684 1Videolan 1Vlc Media Player Apr 29, 2026 Mar 3, 2014 N/A· v4 N/A· v3 4.3 MEDIUM· v2 The ASF_ReadObject_file_properties function in modules/demux/asf/libasf.c in the ASF Demuxer in VideoLAN VLC Media Player before 2.1.3 allows remote attackers to cause a denial of service (divide-by-zero error and crash)...Show more The ASF_ReadObject_file_properties function in modules/demux/asf/libasf.c in the ASF Demuxer in VideoLAN VLC Media Player before 2.1.3 allows remote attackers to cause a denial of service (divide-by-zero error and crash) via a zero minimum and maximum data packet size in an ASF file.Show less
CVE-2013-6934 2Live555 Videolan 2Streaming Media Vlc Media Player Apr 29, 2026 Jan 23, 2014 N/A· v4 N/A· v3 7.5 HIGH· v2 The parseRTSPRequestString function in Live Networks Live555 Streaming Media 2013.11.26, as used in VideoLAN VLC Media Player, allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary c...Show more The parseRTSPRequestString function in Live Networks Live555 Streaming Media 2013.11.26, as used in VideoLAN VLC Media Player, allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a space character at the beginning of an RTSP message, which triggers an integer underflow, infinite loop, and buffer overflow. NOTE: this vulnerability exists because of an incomplete fix for CVE-2013-6933.Show less
CVE-2013-6283 1Videolan 1Vlc Media Player Apr 29, 2026 Oct 25, 2013 N/A· v4 N/A· v3 7.5 HIGH· v2 VideoLAN VLC Media Player 2.0.8 and earlier allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a long string in a URL in a m3u file.
CVE-2013-4388 1Videolan 1Vlc Media Player Apr 29, 2026 Oct 11, 2013 N/A· v4 N/A· v3 6.8 MEDIUM· v2 Buffer overflow in the mp4a packetizer (modules/packetizer/mpeg4audio.c) in VideoLAN VLC Media Player before 2.0.8 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via unsp...Show more Buffer overflow in the mp4a packetizer (modules/packetizer/mpeg4audio.c) in VideoLAN VLC Media Player before 2.0.8 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via unspecified vectors.Show less
CVE-2013-3245 1Videolan 1Vlc Media Player Apr 29, 2026 Jul 10, 2013 N/A· v4 6.3 MEDIUM· v3 6.8 MEDIUM· v2 plugins/demux/libmkv_plugin.dll in VideoLAN VLC Media Player 2.0.7, and possibly other versions, allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a crafted MKV file, po...Show more plugins/demux/libmkv_plugin.dll in VideoLAN VLC Media Player 2.0.7, and possibly other versions, allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a crafted MKV file, possibly involving an integer overflow and out-of-bounds read or heap-based buffer overflow, or an uncaught exception. NOTE: the vendor disputes the severity and claimed vulnerability type of this issue, stating "This PoC crashes VLC, indeed, but does nothing more... this is not an integer overflow error, but an uncaught exception and I doubt that it is exploitable. This uncaught exception makes VLC abort, not execute random code, on my Linux 64bits machine." A PoC posted by the original researcher shows signs of an attacker-controlled out-of-bounds read, but the affected instruction does not involve a register that directly influences control flowShow less
CVE-2013-1954 1Videolan 1Vlc Media Player Apr 29, 2026 Jul 10, 2013 N/A· v4 N/A· v3 6.8 MEDIUM· v2 The ASF Demuxer (modules/demux/asf/asf.c) in VideoLAN VLC media player 2.0.5 and earlier allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a crafted ASF movie that trigg...Show more The ASF Demuxer (modules/demux/asf/asf.c) in VideoLAN VLC media player 2.0.5 and earlier allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a crafted ASF movie that triggers an out-of-bounds read.Show less
CVE-2013-1868 1Videolan 1Vlc Media Player Apr 29, 2026 Jul 10, 2013 N/A· v4 N/A· v3 9.3 HIGH· v2 Multiple buffer overflows in VideoLAN VLC media player 2.0.4 and earlier allow remote attackers to cause a denial of service (crash) and execute arbitrary code via vectors related to the (1) freetype renderer and (2) HTM...Show more Multiple buffer overflows in VideoLAN VLC media player 2.0.4 and earlier allow remote attackers to cause a denial of service (crash) and execute arbitrary code via vectors related to the (1) freetype renderer and (2) HTML subtitle parser.Show less
CVE-2012-5855 1Videolan 1Vlc Media Player Apr 29, 2026 Jul 10, 2013 N/A· v4 N/A· v3 4.3 MEDIUM· v2 The SHAddToRecentDocs function in VideoLAN VLC media player 2.0.4 and earlier might allow user-assisted attackers to cause a denial of service (crash) via a crafted file name that triggers an incorrect string-length calc...Show more The SHAddToRecentDocs function in VideoLAN VLC media player 2.0.4 and earlier might allow user-assisted attackers to cause a denial of service (crash) via a crafted file name that triggers an incorrect string-length calculation when the file is added to VLC. NOTE: it is not clear whether this issue crosses privilege boundaries or whether it can be exploited without user interaction.Show less
CVE-2012-0023 1Videolan 1Vlc Media Player Apr 29, 2026 Oct 30, 2012 N/A· v4 N/A· v3 9.3 HIGH· v2 Double free vulnerability in the get_chunk_header function in modules/demux/ty.c in VideoLAN VLC media player 0.9.0 through 1.1.12 allows remote attackers to cause a denial of service (crash) and possibly execute arbitra...Show more Double free vulnerability in the get_chunk_header function in modules/demux/ty.c in VideoLAN VLC media player 0.9.0 through 1.1.12 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a crafted TiVo (TY) file.Show less
CVE-2012-5470 1Videolan 1Vlc Media Player Apr 29, 2026 Oct 26, 2012 N/A· v4 N/A· v3 4.3 MEDIUM· v2 libpng_plugin in VideoLAN VLC media player 2.0.3 allows remote attackers to cause a denial of service (application crash) via a crafted PNG file.
CVE-2012-3377 1Videolan 1Vlc Media Player Apr 29, 2026 Jul 12, 2012 N/A· v4 N/A· v3 6.8 MEDIUM· v2 Heap-based buffer overflow in the Ogg_DecodePacket function in the OGG demuxer (modules/demux/ogg.c) in VideoLAN VLC media player before 2.0.2 allows remote attackers to cause a denial of service (application crash) and...Show more Heap-based buffer overflow in the Ogg_DecodePacket function in the OGG demuxer (modules/demux/ogg.c) in VideoLAN VLC media player before 2.0.2 allows remote attackers to cause a denial of service (application crash) and possibly execute arbitrary code via a crafted OGG file.Show less
CVE-2012-2396 1Videolan 1Vlc Media Player Apr 29, 2026 Apr 19, 2012 N/A· v4 N/A· v3 4.3 MEDIUM· v2 VideoLAN VLC media player 2.0.1 allows remote attackers to cause a denial of service (divide-by-zero error and application crash) via a crafted MP4 file.
CVE-2012-1776 1Videolan 1Vlc Media Player Apr 29, 2026 Mar 19, 2012 N/A· v4 N/A· v3 9.3 HIGH· v2 Multiple heap-based buffer overflows in VideoLAN VLC media player before 2.0.1 allow remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a crafted Real RTSP stream.
CVE-2012-1775 1Videolan 1Vlc Media Player Apr 29, 2026 Mar 19, 2012 N/A· v4 N/A· v3 9.3 HIGH· v2 Stack-based buffer overflow in VideoLAN VLC media player before 2.0.1 allows remote attackers to execute arbitrary code via a crafted MMS:// stream.
CVE-2012-0904 1Videolan 1Vlc Media Player Apr 29, 2026 Jan 20, 2012 N/A· v4 N/A· v3 4.3 MEDIUM· v2 VLC media player 1.1.11 allows remote attackers to cause a denial of service (crash) via a long string in an amr file.
CVE-2011-2588 1Videolan 1Vlc Media Player Apr 29, 2026 Jul 27, 2011 N/A· v4 N/A· v3 6.8 MEDIUM· v2 Heap-based buffer overflow in the AVI_ChunkRead_strf function in libavi.c in the AVI demuxer in VideoLAN VLC media player before 1.1.11 allows remote attackers to cause a denial of service (application crash) or possibly...Show more Heap-based buffer overflow in the AVI_ChunkRead_strf function in libavi.c in the AVI demuxer in VideoLAN VLC media player before 1.1.11 allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a crafted AVI media file.Show less
CVE-2011-2587 1Videolan 1Vlc Media Player Apr 29, 2026 Jul 27, 2011 N/A· v4 N/A· v3 6.8 MEDIUM· v2 Heap-based buffer overflow in the DemuxAudioSipr function in real.c in the RealMedia demuxer in VideoLAN VLC media player 1.1.x before 1.1.11 allows remote attackers to cause a denial of service (application crash) or po...Show more Heap-based buffer overflow in the DemuxAudioSipr function in real.c in the RealMedia demuxer in VideoLAN VLC media player 1.1.x before 1.1.11 allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a crafted Real Media file.Show less

Previous 1 2 345 6 Next