CVE-2018-11529

Public exploit
VideoLAN VLC media player 2.2.x is prone to a use after free vulnerability which an attacker can leverage to execute arbitrary code via crafted MKV files. Failed exploit attempts will likely result in denial of service conditions.
Max CVSS
8.0
EPSS Score
77.73%
Published
2018-07-11
Updated
2019-03-21

CVE-2012-1775

Public exploit
Stack-based buffer overflow in VideoLAN VLC media player before 2.0.1 allows remote attackers to execute arbitrary code via a crafted MMS:// stream.
Max CVSS
9.3
EPSS Score
95.93%
Published
2012-03-19
Updated
2017-12-14

CVE-2011-0531

Public exploit
demux/mkv/mkv.hpp in the MKV demuxer plugin in VideoLAN VLC media player 1.1.6.1 and earlier allows remote attackers to cause a denial of service (crash) and execute arbitrary commands via a crafted MKV (WebM or Matroska) file that triggers memory corruption, related to "class mismatching" and the MKV_IS_ID macro.
Max CVSS
9.3
EPSS Score
97.13%
Published
2011-02-07
Updated
2017-09-19

CVE-2010-3275

Public exploit
libdirectx_plugin.dll in VideoLAN VLC Media Player before 1.1.8 allows remote attackers to execute arbitrary code via a crafted width in an AMV file, related to a "dangling pointer vulnerability."
Max CVSS
9.3
EPSS Score
93.76%
Published
2011-03-28
Updated
2018-10-10

CVE-2009-2484

Public exploit
Stack-based buffer overflow in the Win32AddConnection function in modules/access/smb.c in VideoLAN VLC media player 0.9.9, when running on Microsoft Windows, allows remote attackers to cause a denial of service (application crash) and possibly execute arbitrary code via a long smb URI in a playlist file.
Max CVSS
9.3
EPSS Score
95.88%
Published
2009-07-16
Updated
2017-09-19

CVE-2008-5036

Public exploit
Stack-based buffer overflow in VideoLAN VLC media player 0.9.x before 0.9.6 might allow user-assisted attackers to execute arbitrary code via an an invalid RealText (rt) subtitle file, related to the ParseRealText function in modules/demux/subtitle.c. NOTE: this issue was SPLIT from CVE-2008-5032 on 20081110.
Max CVSS
9.3
EPSS Score
97.20%
Published
2008-11-10
Updated
2018-10-11

CVE-2008-4654

Public exploit
Stack-based buffer overflow in the parse_master function in the Ty demux plugin (modules/demux/ty.c) in VLC Media Player 0.9.0 through 0.9.4 allows remote attackers to execute arbitrary code via a TiVo TY media file with a header containing a crafted size value.
Max CVSS
9.3
EPSS Score
75.35%
Published
2008-10-22
Updated
2018-10-11
Videolan VLC prior to version 3.0.20 contains an Integer underflow that leads to an incorrect packet length.
Max CVSS
7.5
EPSS Score
0.05%
Published
2023-11-07
Updated
2023-12-01
Videolan VLC prior to version 3.0.20 contains an incorrect offset read that leads to a Heap-Based Buffer Overflow in function GetPacket() and results in a memory corruption.
Max CVSS
9.8
EPSS Score
0.09%
Published
2023-11-07
Updated
2023-12-01
A binary hijacking vulnerability exists within the VideoLAN VLC media player before 3.0.19 on Windows. The uninstaller attempts to execute code with elevated privileges out of a standard user writable location. Standard users may use this to gain arbitrary code execution as SYSTEM.
Max CVSS
7.8
EPSS Score
0.04%
Published
2023-11-22
Updated
2023-11-29
An integer overflow in the VNC module in VideoLAN VLC Media Player through 3.0.17.4 allows attackers, by tricking a user into opening a crafted playlist or connecting to a rogue VNC server, to crash VLC or execute code under some conditions.
Max CVSS
7.8
EPSS Score
0.07%
Published
2022-12-06
Updated
2022-12-08
A NULL-pointer dereference in "Open" in avi.c of VideoLAN VLC Media Player 3.0.11 can a denial of service (DOS) in the application.
Max CVSS
7.5
EPSS Score
0.09%
Published
2021-07-26
Updated
2021-08-04
A buffer overflow vulnerability in the vlc_input_attachment_New component of VideoLAN VLC Media Player 3.0.11 allows attackers to cause an out-of-bounds read via a crafted .avi file.
Max CVSS
7.1
EPSS Score
0.07%
Published
2021-07-26
Updated
2022-05-03
A buffer overflow vulnerability in the AVI_ExtractSubtitle component of VideoLAN VLC Media Player 3.0.11 allows attackers to cause an out-of-bounds read via a crafted .avi file.
Max CVSS
7.1
EPSS Score
0.07%
Published
2021-07-26
Updated
2022-05-03
A buffer overflow vulnerability in the __Parse_indx component of VideoLAN VLC Media Player 3.0.11 allows attackers to cause an out-of-bounds read via a crafted .avi file.
Max CVSS
7.1
EPSS Score
0.07%
Published
2021-07-26
Updated
2022-05-03
A vulnerability in EbmlTypeDispatcher::send in VideoLAN VLC media player 3.0.11 allows attackers to trigger a heap-based buffer overflow via a crafted .mkv file.
Max CVSS
7.8
EPSS Score
0.22%
Published
2021-01-08
Updated
2023-02-03
A heap-based buffer overflow in the hxxx_AnnexB_to_xVC function in modules/packetizer/hxxx_nal.c in VideoLAN VLC media player before 3.0.11 for macOS/iOS allows remote attackers to cause a denial of service (application crash) or execute arbitrary code via a crafted H.264 Annex-B video (.avi for example) file.
Max CVSS
7.8
EPSS Score
0.69%
Published
2020-06-08
Updated
2023-03-03
An off-by-one error in the DecodeBlock function in codec/sdl_image.c in VideoLAN VLC media player before 3.0.9 allows remote attackers to cause a denial of service (memory corruption) via a crafted image file. NOTE: this may be related to the SDL_Image product.
Max CVSS
7.8
EPSS Score
0.43%
Published
2020-05-15
Updated
2021-07-21
When executing VideoLAN VLC media player 3.0.8 with libqt on Windows, Data from a Faulting Address controls Code Flow starting at libqt_plugin!vlc_entry_license__3_0_0f+0x00000000003b9aba. NOTE: the VideoLAN security team indicates that they have not been contacted, and have no way of reproducing this issue.
Max CVSS
7.8
EPSS Score
0.05%
Published
2019-10-23
Updated
2020-08-24
A vulnerability in mkv::event_thread_t in VideoLAN VLC media player 3.0.7.1 allows remote attackers to trigger a heap-based buffer overflow via a crafted .mkv file.
Max CVSS
7.8
EPSS Score
0.22%
Published
2019-08-29
Updated
2020-08-24
The mkv::virtual_segment_c::seek method of demux/mkv/virtual_segment.cpp in VideoLAN VLC media player 3.0.7.1 has a use-after-free.
Max CVSS
7.8
EPSS Score
0.19%
Published
2019-08-29
Updated
2020-08-18
The Control function of demux/mkv/mkv.cpp in VideoLAN VLC media player 3.0.7.1 has a use-after-free.
Max CVSS
7.8
EPSS Score
0.19%
Published
2019-08-29
Updated
2020-08-18
A heap-based buffer over-read exists in DemuxInit() in demux/asf/asf.c in VideoLAN VLC media player 3.0.7.1 via a crafted .mkv file.
Max CVSS
7.8
EPSS Score
0.13%
Published
2019-08-29
Updated
2020-08-18
A divide-by-zero error exists in the SeekIndex function of demux/asf/asf.c in VideoLAN VLC media player 3.0.7.1. As a result, an FPE can be triggered via a crafted WMV file.
Max CVSS
7.8
EPSS Score
0.19%
Published
2019-08-29
Updated
2020-08-18
In VideoLAN VLC media player 3.0.7.1, there is a NULL pointer dereference at the function SeekPercent of demux/asf/asf.c that will lead to a denial of service attack.
Max CVSS
5.5
EPSS Score
0.15%
Published
2019-08-29
Updated
2020-08-18
113 vulnerabilities found
1 2 3 4 5
This web site uses cookies for managing your session, storing preferences, website analytics and additional purposes described in our privacy policy.
By using this web site you are agreeing to CVEdetails.com terms of use!