Latest videolan vlc media player Vulnerabilities

CVE-2023-46814
A binary hijacking vulnerability exists within the VideoLAN VLC media player before 3.0.19 on Windows. The uninstaller attempts to execute code with elevated privileges out of a standard user writable...
Videolan Vlc Media Player<3.0.19
Microsoft Windows
CVE-2023-47359
Videolan VLC prior to version 3.0.20 contains an incorrect offset read that leads to a Heap-Based Buffer Overflow in function GetPacket() and results in a memory corruption.
Videolan Vlc Media Player<3.0.20
CVE-2023-47360
Videolan VLC prior to version 3.0.20 contains an Integer underflow that leads to an incorrect packet length.
Videolan Vlc Media Player<3.0.20
CVE-2022-41325
An integer overflow in the VNC module in VideoLAN VLC Media Player through 3.0.17.4 allows attackers, by tricking a user into opening a crafted playlist or connecting to a rogue VNC server, to crash V...
Videolan Vlc Media Player<=3.0.17.4
Debian Debian Linux=11.0
debian/vlc<=3.0.17.4-0+deb10u1
CVE-2021-25802
A buffer overflow vulnerability in the AVI_ExtractSubtitle component of VideoLAN VLC Media Player 3.0.11 allows attackers to cause an out-of-bounds read via a crafted .avi file.
Videolan Vlc Media Player=3.0.11
CVE-2021-25801
A buffer overflow vulnerability in the __Parse_indx component of VideoLAN VLC Media Player 3.0.11 allows attackers to cause an out-of-bounds read via a crafted .avi file.
Videolan Vlc Media Player=3.0.11
CVE-2021-25803
A buffer overflow vulnerability in the vlc_input_attachment_New component of VideoLAN VLC Media Player 3.0.11 allows attackers to cause an out-of-bounds read via a crafted .avi file.
Videolan Vlc Media Player=3.0.11
CVE-2020-26664
A vulnerability in EbmlTypeDispatcher::send in VideoLAN VLC media player 3.0.11 allows attackers to trigger a heap-based buffer overflow via a crafted .mkv file.
debian/vlc
Videolan Vlc Media Player<3.0.12
Debian Debian Linux=9.0
Debian Debian Linux=10.0
debian/vlc<=3.0.11-0+deb10u1<=3.0.11.1-3
CVE-2020-13428
A heap-based buffer overflow in the hxxx_AnnexB_to_xVC function in modules/packetizer/hxxx_nal.c in VideoLAN VLC media player before 3.0.11 for macOS/iOS allows remote attackers to cause a denial of s...
debian/vlc
Videolan Vlc Media Player<3.0.11
Videolan Vlc Media Player<3.0.11
Debian Debian Linux=9.0
Debian Debian Linux=10.0
CVE-2019-19721
An off-by-one error in the DecodeBlock function in codec/sdl_image.c in VideoLAN VLC media player before 3.0.9 allows remote attackers to cause a denial of service (memory corruption) via a crafted im...
Videolan Vlc Media Player<3.0.9
CVE-2013-3565
Multiple cross-site scripting (XSS) vulnerabilities in the HTTP Interface in VideoLAN VLC Media Player before 2.0.7 allow remote attackers to inject arbitrary web script or HTML via the (1) command pa...
Videolan Vlc Media Player<2.0.7
Oracle Java Runtime Environment (JRE)=13.1
CVE-2014-9630
The rtp_packetize_xiph_config function in modules/stream_out/rtpfmt.c in VideoLAN VLC media player before 2.1.6 uses a stack-allocation approach with a size determined by arbitrary input data, which a...
Videolan Vlc Media Player<2.1.6
CVE-2014-9627
The MP4_ReadBox_String function in modules/demux/mp4/libmp4.c in VideoLAN VLC media player before 2.1.6 performs an incorrect cast operation from a 64-bit integer to a 32-bit integer, which allows rem...
Videolan Vlc Media Player<2.1.6
CVE-2014-9628
The MP4_ReadBox_String function in modules/demux/mp4/libmp4.c in VideoLAN VLC media player before 2.1.6 allows remote attackers to trigger an unintended zero-size malloc and conduct buffer overflow at...
Videolan Vlc Media Player<2.1.6
CVE-2014-9625
The GetUpdateFile function in misc/update.c in the Updater in VideoLAN VLC media player before 2.1.6 performs an incorrect cast operation from a 64-bit integer to a 32-bit integer, which allows remote...
Videolan Vlc Media Player<2.1.6
CVE-2019-18278
When executing VideoLAN VLC media player 3.0.8 with libqt on Windows, Data from a Faulting Address controls Code Flow starting at libqt_plugin!vlc_entry_license__3_0_0f+0x00000000003b9aba. NOTE: the V...
Videolan Vlc Media Player=3.0.8
Microsoft Windows
CVE-2019-14776
A heap-based buffer over-read exists in DemuxInit() in demux/asf/asf.c in VideoLAN VLC media player 3.0.7.1 via a crafted .mkv file.
Videolan Vlc Media Player=3.0.7.1
Debian Debian Linux=9.0
Debian Debian Linux=10.0
ubuntu/vlc<3.0.8-0ubuntu18.04.1
ubuntu/vlc<3.0.8-0ubuntu19.04.1
ubuntu/vlc<3.0.8-1
and 1 more
CVE-2019-14533
The Control function of demux/asf/asf.c in VideoLAN VLC media player 3.0.7.1 has a use-after-free.
Videolan Vlc Media Player=3.0.7.1
Debian Debian Linux=9.0
Debian Debian Linux=10.0
ubuntu/vlc<3.0.8-0ubuntu18.04.1
ubuntu/vlc<3.0.8-0ubuntu19.04.1
ubuntu/vlc<3.0.8-1
and 1 more
CVE-2019-14438
A heap-based buffer over-read in xiph_PackHeaders() in modules/demux/xiph.h in VideoLAN VLC media player 3.0.7.1 allows remote attackers to trigger a heap-based buffer over-read via a crafted .ogg fil...
Videolan Vlc Media Player=3.0.7.1
Debian Debian Linux=9.0
Debian Debian Linux=10.0
ubuntu/vlc<3.0.8-0ubuntu18.04.1
ubuntu/vlc<3.0.8-0ubuntu19.04.1
ubuntu/vlc<3.0.8-1
and 1 more
CVE-2019-14535
A divide-by-zero error exists in the SeekIndex function of demux/asf/asf.c in VideoLAN VLC media player 3.0.7.1. As a result, an FPE can be triggered via a crafted WMV file.
Videolan Vlc Media Player=3.0.7.1
Debian Debian Linux=9.0
Debian Debian Linux=10.0
ubuntu/vlc<3.0.8-0ubuntu18.04.1
ubuntu/vlc<3.0.8-0ubuntu19.04.1
ubuntu/vlc<3.0.8-1
and 1 more
CVE-2019-14534
In VideoLAN VLC media player 3.0.7.1, there is a NULL pointer dereference at the function SeekPercent of demux/asf/asf.c that will lead to a denial of service attack.
Videolan Vlc Media Player=3.0.7.1
Debian Debian Linux=9.0
Debian Debian Linux=10.0
ubuntu/vlc<3.0.8-0ubuntu18.04.1
ubuntu/vlc<3.0.8-0ubuntu19.04.1
ubuntu/vlc<3.0.8-1
and 1 more
CVE-2019-14437
The xiph_SplitHeaders function in modules/demux/xiph.h in VideoLAN VLC media player 3.0.7.1 does not check array bounds properly. As a result, a heap-based buffer over-read can be triggered via a craf...
Videolan Vlc Media Player=3.0.7.1
Debian Debian Linux=9.0
Debian Debian Linux=10.0
ubuntu/vlc<3.0.8-0ubuntu18.04.1
ubuntu/vlc<3.0.8-1
ubuntu/vlc<3.0.8-0ubuntu19.04.1
and 1 more
CVE-2019-14498
A divide-by-zero error exists in the Control function of demux/caf.c in VideoLAN VLC media player 3.0.7.1. As a result, an FPE can be triggered via a crafted CAF file.
Videolan Vlc Media Player=3.0.7.1
Debian Debian Linux=9.0
Debian Debian Linux=10.0
ubuntu/vlc<3.0.8-0ubuntu18.04.1
ubuntu/vlc<3.0.8-0ubuntu19.04.1
ubuntu/vlc<3.0.8-1
and 1 more
CVE-2019-14777
The Control function of demux/mkv/mkv.cpp in VideoLAN VLC media player 3.0.7.1 has a use-after-free.
Videolan Vlc Media Player=3.0.7.1
Debian Debian Linux=9.0
Debian Debian Linux=10.0
ubuntu/vlc<3.0.8-0ubuntu18.04.1
ubuntu/vlc<3.0.8-0ubuntu19.04.1
ubuntu/vlc<3.0.8-1
and 1 more
CVE-2019-14970
A vulnerability in mkv::event_thread_t in VideoLAN VLC media player 3.0.7.1 allows remote attackers to trigger a heap-based buffer overflow via a crafted .mkv file.
Videolan Vlc Media Player=3.0.7.1
Debian Debian Linux=9.0
Debian Debian Linux=10.0
ubuntu/vlc<3.0.8-0ubuntu18.04.1
ubuntu/vlc<3.0.8-0ubuntu19.04.1
ubuntu/vlc<3.0.8-1
and 1 more
CVE-2019-14778
The mkv::virtual_segment_c::seek method of demux/mkv/virtual_segment.cpp in VideoLAN VLC media player 3.0.7.1 has a use-after-free.
Videolan Vlc Media Player=3.0.7.1
Debian Debian Linux=9.0
Debian Debian Linux=10.0
ubuntu/vlc<3.0.8-0ubuntu18.04.1
ubuntu/vlc<3.0.8-0ubuntu19.04.1
ubuntu/vlc<3.0.8-1
and 1 more
CVE-2019-13962
lavc_CopyPicture in modules/codec/avcodec/video.c in VideoLAN VLC media player through 3.0.7 has a heap-based buffer over-read because it does not properly validate the width and height.
Videolan Vlc Media Player<=3.0.7
openSUSE Backports SLE=15.0
openSUSE Backports SLE=15.0-sp1
openSUSE Leap=15.0
openSUSE Leap=15.1
Debian Debian Linux=9.0
and 7 more
CVE-2019-13602
An Integer Underflow in MP4_EIA608_Convert() in modules/demux/mp4/mp4.c in VideoLAN VLC media player through 3.0.7.1 allows remote attackers to cause a denial of service (heap-based buffer overflow an...
Videolan Vlc Media Player<=3.0.7.1
Debian Debian Linux=9.0
Debian Debian Linux=10.0
Canonical Ubuntu Linux=18.04
Canonical Ubuntu Linux=19.04
openSUSE Backports SLE=15.0
and 7 more
CVE-2019-12874
An issue was discovered in zlib_decompress_extra in modules/demux/mkv/util.cpp in VideoLAN VLC media player 3.x through 3.0.7. The Matroska demuxer, while parsing a malformed MKV file type, has a doub...
Videolan Vlc Media Player>=3.0.0<=3.0.7
ubuntu/vlc<3.0.7.1-0ubuntu18.04.1
ubuntu/vlc<3.0.7.1-0ubuntu19.04.1
ubuntu/vlc<3.0.7-1
debian/vlc
CVE-2019-5439
A Buffer Overflow in VLC Media Player < 3.0.7 causes a crash which can possibly be further developed into a remote code execution exploit.
Videolan Vlc Media Player<3.0.7
ubuntu/vlc<3.0.7.1-0ubuntu18.04.1
ubuntu/vlc<3.0.7.1-0ubuntu19.04.1
ubuntu/vlc<3.0.7-1
debian/vlc
CVE-2018-19857
The CAF demuxer in modules/demux/caf.c in VideoLAN VLC media player 3.0.4 may read memory from an uninitialized pointer when processing magic cookies in CAF files, because a ReadKukiChunk() cast conve...
Videolan Vlc Media Player=3.0.4
Debian Debian Linux=9.0
ubuntu/vlc<3.0.7.1-0ubuntu18.04.1
ubuntu/vlc<3.0.4-4
debian/vlc
CVE-2018-11529
VideoLAN VLC media player 2.2.x is prone to a use after free vulnerability which an attacker can leverage to execute arbitrary code via crafted MKV files. Failed exploit attempts will likely result in...
debian/vlc
Debian Debian Linux=9.0
Videolan Vlc Media Player<=2.2.8
CVE-2018-11516
The vlc_demux_chained_Delete function in input/demux_chained.c in VideoLAN VLC media player 3.0.1 allows remote attackers to cause a denial of service (heap corruption and application crash) or possib...
Videolan Vlc Media Player=3.0.0
Videolan Vlc Media Player=3.0.1

Company

Resources

Contact

SecAlerts Pty Ltd.
132 Wickham Terrace
Fortitude Valley,
QLD 4006, Australia
info@secalerts.co
By using SecAlerts services, you agree to our services end-user license agreement. This website is safeguarded by reCAPTCHA and governed by the Google Privacy Policy and Terms of Service. All names, logos, and brands of products are owned by their respective owners, and any usage of these names, logos, and brands for identification purposes only does not imply endorsement. If you possess any content that requires removal, please get in touch with us.
© 2024 SecAlerts Pty Ltd.
ABN: 70 645 966 203, ACN: 645 966 203