Videolan VLC prior to version 3.0.20 contains an Integer underflow that leads to an incorrect packet length.
Max CVSS
7.5
EPSS Score
0.05%
Published
2023-11-07
Updated
2023-12-01
Videolan VLC prior to version 3.0.20 contains an incorrect offset read that leads to a Heap-Based Buffer Overflow in function GetPacket() and results in a memory corruption.
Max CVSS
9.8
EPSS Score
0.09%
Published
2023-11-07
Updated
2023-12-01
A binary hijacking vulnerability exists within the VideoLAN VLC media player before 3.0.19 on Windows. The uninstaller attempts to execute code with elevated privileges out of a standard user writable location. Standard users may use this to gain arbitrary code execution as SYSTEM.
Max CVSS
7.8
EPSS Score
0.04%
Published
2023-11-22
Updated
2023-11-29
An integer overflow in the VNC module in VideoLAN VLC Media Player through 3.0.17.4 allows attackers, by tricking a user into opening a crafted playlist or connecting to a rogue VNC server, to crash VLC or execute code under some conditions.
Max CVSS
7.8
EPSS Score
0.07%
Published
2022-12-06
Updated
2022-12-08
A NULL-pointer dereference in "Open" in avi.c of VideoLAN VLC Media Player 3.0.11 can a denial of service (DOS) in the application.
Max CVSS
7.5
EPSS Score
0.09%
Published
2021-07-26
Updated
2021-08-04
A buffer overflow vulnerability in the vlc_input_attachment_New component of VideoLAN VLC Media Player 3.0.11 allows attackers to cause an out-of-bounds read via a crafted .avi file.
Max CVSS
7.1
EPSS Score
0.07%
Published
2021-07-26
Updated
2022-05-03
A buffer overflow vulnerability in the AVI_ExtractSubtitle component of VideoLAN VLC Media Player 3.0.11 allows attackers to cause an out-of-bounds read via a crafted .avi file.
Max CVSS
7.1
EPSS Score
0.07%
Published
2021-07-26
Updated
2022-05-03
A buffer overflow vulnerability in the __Parse_indx component of VideoLAN VLC Media Player 3.0.11 allows attackers to cause an out-of-bounds read via a crafted .avi file.
Max CVSS
7.1
EPSS Score
0.07%
Published
2021-07-26
Updated
2022-05-03
A vulnerability in EbmlTypeDispatcher::send in VideoLAN VLC media player 3.0.11 allows attackers to trigger a heap-based buffer overflow via a crafted .mkv file.
Max CVSS
7.8
EPSS Score
0.22%
Published
2021-01-08
Updated
2023-02-03
A heap-based buffer overflow in the hxxx_AnnexB_to_xVC function in modules/packetizer/hxxx_nal.c in VideoLAN VLC media player before 3.0.11 for macOS/iOS allows remote attackers to cause a denial of service (application crash) or execute arbitrary code via a crafted H.264 Annex-B video (.avi for example) file.
Max CVSS
7.8
EPSS Score
0.69%
Published
2020-06-08
Updated
2023-03-03
An off-by-one error in the DecodeBlock function in codec/sdl_image.c in VideoLAN VLC media player before 3.0.9 allows remote attackers to cause a denial of service (memory corruption) via a crafted image file. NOTE: this may be related to the SDL_Image product.
Max CVSS
7.8
EPSS Score
0.43%
Published
2020-05-15
Updated
2021-07-21
When executing VideoLAN VLC media player 3.0.8 with libqt on Windows, Data from a Faulting Address controls Code Flow starting at libqt_plugin!vlc_entry_license__3_0_0f+0x00000000003b9aba. NOTE: the VideoLAN security team indicates that they have not been contacted, and have no way of reproducing this issue.
Max CVSS
7.8
EPSS Score
0.05%
Published
2019-10-23
Updated
2020-08-24
A vulnerability in mkv::event_thread_t in VideoLAN VLC media player 3.0.7.1 allows remote attackers to trigger a heap-based buffer overflow via a crafted .mkv file.
Max CVSS
7.8
EPSS Score
0.22%
Published
2019-08-29
Updated
2020-08-24
The mkv::virtual_segment_c::seek method of demux/mkv/virtual_segment.cpp in VideoLAN VLC media player 3.0.7.1 has a use-after-free.
Max CVSS
7.8
EPSS Score
0.19%
Published
2019-08-29
Updated
2020-08-18
The Control function of demux/mkv/mkv.cpp in VideoLAN VLC media player 3.0.7.1 has a use-after-free.
Max CVSS
7.8
EPSS Score
0.19%
Published
2019-08-29
Updated
2020-08-18
A heap-based buffer over-read exists in DemuxInit() in demux/asf/asf.c in VideoLAN VLC media player 3.0.7.1 via a crafted .mkv file.
Max CVSS
7.8
EPSS Score
0.13%
Published
2019-08-29
Updated
2020-08-18
A divide-by-zero error exists in the SeekIndex function of demux/asf/asf.c in VideoLAN VLC media player 3.0.7.1. As a result, an FPE can be triggered via a crafted WMV file.
Max CVSS
7.8
EPSS Score
0.19%
Published
2019-08-29
Updated
2020-08-18
In VideoLAN VLC media player 3.0.7.1, there is a NULL pointer dereference at the function SeekPercent of demux/asf/asf.c that will lead to a denial of service attack.
Max CVSS
5.5
EPSS Score
0.15%
Published
2019-08-29
Updated
2020-08-18
The Control function of demux/asf/asf.c in VideoLAN VLC media player 3.0.7.1 has a use-after-free.
Max CVSS
7.8
EPSS Score
0.19%
Published
2019-08-29
Updated
2020-08-18
A divide-by-zero error exists in the Control function of demux/caf.c in VideoLAN VLC media player 3.0.7.1. As a result, an FPE can be triggered via a crafted CAF file.
Max CVSS
7.8
EPSS Score
0.19%
Published
2019-08-29
Updated
2020-08-18
A heap-based buffer over-read in xiph_PackHeaders() in modules/demux/xiph.h in VideoLAN VLC media player 3.0.7.1 allows remote attackers to trigger a heap-based buffer over-read via a crafted .ogg file.
Max CVSS
7.8
EPSS Score
0.22%
Published
2019-08-29
Updated
2020-08-18
The xiph_SplitHeaders function in modules/demux/xiph.h in VideoLAN VLC media player 3.0.7.1 does not check array bounds properly. As a result, a heap-based buffer over-read can be triggered via a crafted .ogg file.
Max CVSS
7.8
EPSS Score
0.15%
Published
2019-08-29
Updated
2020-08-24
lavc_CopyPicture in modules/codec/avcodec/video.c in VideoLAN VLC media player through 3.0.7 has a heap-based buffer over-read because it does not properly validate the width and height.
Max CVSS
9.8
EPSS Score
0.91%
Published
2019-07-18
Updated
2022-04-18
libebml before 1.3.6, as used in the MKV module in VideoLAN VLC Media Player binaries before 3.0.3, has a heap-based buffer over-read in EbmlElement::FindNextElement.
Max CVSS
5.5
EPSS Score
0.10%
Published
2019-07-16
Updated
2020-08-24
An Integer Underflow in MP4_EIA608_Convert() in modules/demux/mp4/mp4.c in VideoLAN VLC media player through 3.0.7.1 allows remote attackers to cause a denial of service (heap-based buffer overflow and crash) or possibly have unspecified other impact via a crafted .mp4 file.
Max CVSS
7.8
EPSS Score
0.67%
Published
2019-07-14
Updated
2022-04-18
113 vulnerabilities found
1 2 3 4 5
This web site uses cookies for managing your session, storing preferences, website analytics and additional purposes described in our privacy policy.
By using this web site you are agreeing to CVEdetails.com terms of use!