Videolan Vlc_media_player
55 CVEs affecting Videolan Vlc_media_player. Latest disclosed: 2023-11-07. Critical: 3, High: 5.
| CVE | Severity | Score | Published | Summary |
|---|---|---|---|---|
CVE-2023-47359 | Critical | 9.8 | 2023-11-07 | Videolan VLC prior to version 3.0.20 contains an incorrect offset read that leads to a Heap-Based Buffer Overflow in function GetPacket() and results in a memo… |
CVE-2017-10699 | Critical | 9.8 | 2017-06-30 | avcodec 2.2.x, as used in VideoLAN VLC media player 2.2.7-x before 2017-06-29, allows out-of-bounds heap memory write due to calling memcpy() with a wrong size… |
CVE-2016-5108 | Critical | 9.8 | 2016-06-08 | Buffer overflow in the DecodeAdpcmImaQT function in modules/codec/adpcm.c in VideoLAN VLC media player before 2.2.4 allows remote attackers to cause a denial o… |
CVE-2017-17670 | High | 8.8 | 2017-12-15 | In VideoLAN VLC media player through 2.2.8, there is a type conversion vulnerability in modules/demux/mp4/libmp4.c in the MP4 demux module leading to a invalid… |
CVE-2017-9301 | High | 7.8 | 2017-05-29 | plugins\audio_filter\libmpgatofixed32_plugin.dll in VideoLAN VLC media player 2.2.4 allows remote attackers to cause a denial of service (invalid read and appl… |
CVE-2017-9300 | High | 7.8 | 2017-05-29 | plugins\codec\libflac_plugin.dll in VideoLAN VLC media player 2.2.4 allows remote attackers to cause a denial of service (heap corruption and application crash… |
CVE-2017-8311 | High | 7.8 | 2017-05-23 | Potential heap based buffer overflow in ParseJSS in VideoLAN VLC before 2.2.5 due to skipping NULL terminator in an input string allows attackers to execute ar… |
CVE-2023-47360 | High | 7.5 | 2023-11-07 | Videolan VLC prior to version 3.0.20 contains an Integer underflow that leads to an incorrect packet length. |
CVE-2013-3245 | Medium | 6.3 | 2013-07-10 | plugins/demux/libmkv_plugin.dll in VideoLAN VLC Media Player 2.0.7, and possibly other versions, allows remote attackers to cause a denial of service (crash) a… |
CVE-2017-8313 | Medium | 5.5 | 2017-05-23 | Heap out-of-bound read in ParseJSS in VideoLAN VLC before 2.2.5 due to missing check of string termination allows attackers to read data beyond allocated memor… |
CVE-2017-8312 | Medium | 5.5 | 2017-05-23 | Heap out-of-bound read in ParseJSS in VideoLAN VLC due to missing check of string length allows attackers to read heap uninitialized data via a crafted subtitl… |
CVE-2017-8310 | Medium | 5.5 | 2017-05-23 | Heap out-of-bound read in CreateHtmlSubtitle in VideoLAN VLC 2.2.x due to missing check of string termination allows attackers to read data beyond allocated me… |
CVE-2016-3941 | Medium | 5.5 | 2016-04-18 | Buffer overflow in the AStreamPeekStream function in input/stream.c in VideoLAN VLC media player before 2.2.0 allows remote attackers to cause a denial of serv… |
CVE-2015-5949 | | 2015-08-25 | VideoLAN VLC media player 2.2.1 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a crafted 3GP file, which… | |
CVE-2014-9743 | | 2015-08-17 | Cross-site scripting (XSS) vulnerability in the httpd_HtmlError function in network/httpd.c in the web interface in VideoLAN VLC Media Player before 2.2.0 allo… | |
CVE-2014-9598 | | 2015-01-21 | The picture_Release function in misc/picture.c in VideoLAN VLC media player 2.1.5 allows remote attackers to execute arbitrary code or cause a denial of servic… | |
CVE-2014-9597 | | 2015-01-21 | The picture_pool_Delete function in misc/picture_pool.c in VideoLAN VLC media player 2.1.5 allows remote attackers to execute arbitrary code or cause a denial… | |
CVE-2011-3623 | | 2014-12-26 | Multiple stack-based buffer overflows in VideoLAN VLC media player before 1.0.2 allow remote attackers to execute arbitrary code via (1) a crafted ASF file, re… | |
CVE-2010-2062 | | 2014-12-26 | Integer underflow in the real_get_rdt_chunk function in real.c, as used in modules/access/rtsp/real.c in VideoLAN VLC media player before 1.0.1 and stream/real… | |
CVE-2010-1445 | | 2014-12-26 | Heap-based buffer overflow in VideoLAN VLC media player before 1.0.6 allows remote attackers to cause a denial of service (application crash) or possibly execu… |