cpe:2.3:a:videolan:vlc_media_player:0.2.60:*:*:*:*:*:*:*
Videolan VLC prior to version 3.0.20 contains an Integer underflow that leads to an incorrect packet length.
Max CVSS
7.5
EPSS Score
0.05%
Published
2023-11-07
Updated
2023-12-01
Videolan VLC prior to version 3.0.20 contains an incorrect offset read that leads to a Heap-Based Buffer Overflow in function GetPacket() and results in a memory corruption.
Max CVSS
9.8
EPSS Score
0.09%
Published
2023-11-07
Updated
2023-12-01
A binary hijacking vulnerability exists within the VideoLAN VLC media player before 3.0.19 on Windows. The uninstaller attempts to execute code with elevated privileges out of a standard user writable location. Standard users may use this to gain arbitrary code execution as SYSTEM.
Max CVSS
7.8
EPSS Score
0.04%
Published
2023-11-22
Updated
2023-11-29
An integer overflow in the VNC module in VideoLAN VLC Media Player through 3.0.17.4 allows attackers, by tricking a user into opening a crafted playlist or connecting to a rogue VNC server, to crash VLC or execute code under some conditions.
Max CVSS
7.8
EPSS Score
0.07%
Published
2022-12-06
Updated
2022-12-08
A vulnerability in EbmlTypeDispatcher::send in VideoLAN VLC media player 3.0.11 allows attackers to trigger a heap-based buffer overflow via a crafted .mkv file.
Max CVSS
7.8
EPSS Score
0.22%
Published
2021-01-08
Updated
2023-02-03
An off-by-one error in the DecodeBlock function in codec/sdl_image.c in VideoLAN VLC media player before 3.0.9 allows remote attackers to cause a denial of service (memory corruption) via a crafted image file. NOTE: this may be related to the SDL_Image product.
Max CVSS
7.8
EPSS Score
0.43%
Published
2020-05-15
Updated
2021-07-21
lavc_CopyPicture in modules/codec/avcodec/video.c in VideoLAN VLC media player through 3.0.7 has a heap-based buffer over-read because it does not properly validate the width and height.
Max CVSS
9.8
EPSS Score
0.91%
Published
2019-07-18
Updated
2022-04-18
libebml before 1.3.6, as used in the MKV module in VideoLAN VLC Media Player binaries before 3.0.3, has a heap-based buffer over-read in EbmlElement::FindNextElement.
Max CVSS
5.5
EPSS Score
0.10%
Published
2019-07-16
Updated
2020-08-24
An Integer Underflow in MP4_EIA608_Convert() in modules/demux/mp4/mp4.c in VideoLAN VLC media player through 3.0.7.1 allows remote attackers to cause a denial of service (heap-based buffer overflow and crash) or possibly have unspecified other impact via a crafted .mp4 file.
Max CVSS
7.8
EPSS Score
0.67%
Published
2019-07-14
Updated
2022-04-18
Double Free in VLC versions <= 3.0.6 leads to a crash.
Max CVSS
5.5
EPSS Score
0.08%
Published
2019-07-30
Updated
2023-03-03
An Integer underflow in VLC Media Player versions < 3.0.7 leads to an out-of-band read.
Max CVSS
7.1
EPSS Score
0.08%
Published
2019-07-30
Updated
2021-11-03
A Buffer Overflow in VLC Media Player < 3.0.7 causes a crash which can possibly be further developed into a remote code execution exploit.
Max CVSS
6.5
EPSS Score
3.45%
Published
2019-06-13
Updated
2019-06-17

CVE-2018-11529

Public exploit
VideoLAN VLC media player 2.2.x is prone to a use after free vulnerability which an attacker can leverage to execute arbitrary code via crafted MKV files. Failed exploit attempts will likely result in denial of service conditions.
Max CVSS
8.0
EPSS Score
77.73%
Published
2018-07-11
Updated
2019-03-21
In VideoLAN VLC media player through 2.2.8, there is a type conversion vulnerability in modules/demux/mp4/libmp4.c in the MP4 demux module leading to a invalid free, because the type of a box may be changed between a read operation and a free operation.
Max CVSS
8.8
EPSS Score
0.31%
Published
2017-12-15
Updated
2019-04-26
plugins\audio_filter\libmpgatofixed32_plugin.dll in VideoLAN VLC media player 2.2.4 allows remote attackers to cause a denial of service (invalid read and application crash) or possibly have unspecified other impact via a crafted file.
Max CVSS
7.8
EPSS Score
0.47%
Published
2017-05-29
Updated
2017-06-06
plugins\codec\libflac_plugin.dll in VideoLAN VLC media player 2.2.4 allows remote attackers to cause a denial of service (heap corruption and application crash) or possibly have unspecified other impact via a crafted FLAC file.
Max CVSS
7.8
EPSS Score
0.82%
Published
2017-05-29
Updated
2017-11-23
Heap out-of-bound read in ParseJSS in VideoLAN VLC before 2.2.5 due to missing check of string termination allows attackers to read data beyond allocated memory and potentially crash the process via a crafted subtitles file.
Max CVSS
5.5
EPSS Score
0.14%
Published
2017-05-23
Updated
2017-11-04
Heap out-of-bound read in ParseJSS in VideoLAN VLC due to missing check of string length allows attackers to read heap uninitialized data via a crafted subtitles file.
Max CVSS
5.5
EPSS Score
0.10%
Published
2017-05-23
Updated
2018-10-17
Potential heap based buffer overflow in ParseJSS in VideoLAN VLC before 2.2.5 due to skipping NULL terminator in an input string allows attackers to execute arbitrary code via a crafted subtitles file.
Max CVSS
7.8
EPSS Score
10.18%
Published
2017-05-23
Updated
2018-04-27
Buffer overflow in the DecodeAdpcmImaQT function in modules/codec/adpcm.c in VideoLAN VLC media player before 2.2.4 allows remote attackers to cause a denial of service (crash) or possibly execute arbitrary code via a crafted QuickTime IMA file.
Max CVSS
9.8
EPSS Score
28.17%
Published
2016-06-08
Updated
2017-07-01
Buffer overflow in the AStreamPeekStream function in input/stream.c in VideoLAN VLC media player before 2.2.0 allows remote attackers to cause a denial of service (crash) via a crafted wav file, related to "seek across EOF."
Max CVSS
5.5
EPSS Score
0.67%
Published
2016-04-18
Updated
2016-11-30
VideoLAN VLC media player 2.2.1 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a crafted 3GP file, which triggers the freeing of arbitrary pointers.
Max CVSS
6.8
EPSS Score
18.40%
Published
2015-08-25
Updated
2018-10-09
Cross-site scripting (XSS) vulnerability in the httpd_HtmlError function in network/httpd.c in the web interface in VideoLAN VLC Media Player before 2.2.0 allows remote attackers to inject arbitrary web script or HTML via the path info.
Max CVSS
4.3
EPSS Score
0.50%
Published
2015-08-17
Updated
2015-08-19
The rtp_packetize_xiph_config function in modules/stream_out/rtpfmt.c in VideoLAN VLC media player before 2.1.6 uses a stack-allocation approach with a size determined by arbitrary input data, which allows remote attackers to cause a denial of service (memory corruption) or possibly have unspecified other impact via a crafted length value.
Max CVSS
7.8
EPSS Score
0.28%
Published
2020-01-24
Updated
2020-01-29
Integer overflow in the Encode function in modules/codec/schroedinger.c in VideoLAN VLC media player before 2.1.6 and 2.2.x before 2.2.1 allows remote attackers to conduct buffer overflow attacks and execute arbitrary code via a crafted length value.
Max CVSS
7.8
EPSS Score
1.06%
Published
2020-01-24
Updated
2020-01-29
62 vulnerabilities found
1 2 3
This web site uses cookies for managing your session, storing preferences, website analytics and additional purposes described in our privacy policy.
By using this web site you are agreeing to CVEdetails.com terms of use!