Vulnerabilities (CVE)

  1. OpenCVE
  2. Vulnerabilities (CVE)
Filtered by vendor Videolan Subscribe
Filtered by product Vlc Media Player

CVSS v3 Filter

ALL
NONE (0.0) LOW (0.1 - 3.9) MEDIUM (4.0 - 6.9) HIGH (7.0 - 8.9) CRITICAL (9.0 - 10.0)

Search

Total 6 CVE
CVE Vendors Products Updated CVSS v2 CVSS v3
CVE-2023-47359 1 Videolan 1 Vlc Media Player 2023-12-01 N/A 9.8 CRITICAL
Videolan VLC prior to version 3.0.20 contains an incorrect offset read that leads to a Heap-Based Buffer Overflow in function GetPacket() and results in a memory corruption.
CVE-2019-13962 1 Videolan 1 Vlc Media Player 2021-07-21 7.5 HIGH 9.8 CRITICAL
lavc_CopyPicture in modules/codec/avcodec/video.c in VideoLAN VLC media player through 3.0.7 has a heap-based buffer over-read because it does not properly validate the width and height.
CVE-2018-19857 2 Debian, Videolan 2 Debian Linux, Vlc Media Player 2019-07-25 6.4 MEDIUM 9.1 CRITICAL
The CAF demuxer in modules/demux/caf.c in VideoLAN VLC media player 3.0.4 may read memory from an uninitialized pointer when processing magic cookies in CAF files, because a ReadKukiChunk() cast converts a return value to an unsigned int even if that value is negative. This could result in a denial of service and/or a potential infoleak.
CVE-2019-12874 1 Videolan 1 Vlc Media Player 2019-06-25 7.5 HIGH 9.8 CRITICAL
An issue was discovered in zlib_decompress_extra in modules/demux/mkv/util.cpp in VideoLAN VLC media player 3.x through 3.0.7. The Matroska demuxer, while parsing a malformed MKV file type, has a double free.
CVE-2017-10699 1 Videolan 1 Vlc Media Player 2017-11-23 7.5 HIGH 9.8 CRITICAL
avcodec 2.2.x, as used in VideoLAN VLC media player 2.2.7-x before 2017-06-29, allows out-of-bounds heap memory write due to calling memcpy() with a wrong size, leading to a denial of service (application crash) or possibly code execution.
CVE-2016-5108 2 Debian, Videolan 2 Debian Linux, Vlc Media Player 2017-07-01 7.5 HIGH 9.8 CRITICAL
Buffer overflow in the DecodeAdpcmImaQT function in modules/codec/adpcm.c in VideoLAN VLC media player before 2.2.4 allows remote attackers to cause a denial of service (crash) or possibly execute arbitrary code via a crafted QuickTime IMA file.