Filtered by vendor Videolan
Subscribe
Total
125 CVE
CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
---|---|---|---|---|---|
CVE-2013-3565 | 2 Opensuse, Videolan | 2 Opensuse, Vlc Media Player | 2024-02-04 | 4.3 MEDIUM | 6.1 MEDIUM |
Multiple cross-site scripting (XSS) vulnerabilities in the HTTP Interface in VideoLAN VLC Media Player before 2.0.7 allow remote attackers to inject arbitrary web script or HTML via the (1) command parameter to requests/vlm_cmd.xml, (2) dir parameter to requests/browse.xml, or (3) URI in a request, which is returned in an error message through share/lua/intf/http.lua. | |||||
CVE-2014-9625 | 1 Videolan | 1 Vlc Media Player | 2024-02-04 | 6.8 MEDIUM | 7.8 HIGH |
The GetUpdateFile function in misc/update.c in the Updater in VideoLAN VLC media player before 2.1.6 performs an incorrect cast operation from a 64-bit integer to a 32-bit integer, which allows remote attackers to conduct buffer overflow attacks and execute arbitrary code via a crafted update status file, aka an "integer truncation" vulnerability. | |||||
CVE-2019-18278 | 2 Microsoft, Videolan | 2 Windows, Vlc Media Player | 2024-02-04 | 4.6 MEDIUM | 7.8 HIGH |
When executing VideoLAN VLC media player 3.0.8 with libqt on Windows, Data from a Faulting Address controls Code Flow starting at libqt_plugin!vlc_entry_license__3_0_0f+0x00000000003b9aba. NOTE: the VideoLAN security team indicates that they have not been contacted, and have no way of reproducing this issue. | |||||
CVE-2014-9628 | 1 Videolan | 1 Vlc Media Player | 2024-02-04 | 6.8 MEDIUM | 7.8 HIGH |
The MP4_ReadBox_String function in modules/demux/mp4/libmp4.c in VideoLAN VLC media player before 2.1.6 allows remote attackers to trigger an unintended zero-size malloc and conduct buffer overflow attacks, and consequently execute arbitrary code, via a box size of 7. | |||||
CVE-2019-13962 | 4 Canonical, Debian, Opensuse and 1 more | 5 Ubuntu Linux, Debian Linux, Backports Sle and 2 more | 2024-02-04 | 7.5 HIGH | 9.8 CRITICAL |
lavc_CopyPicture in modules/codec/avcodec/video.c in VideoLAN VLC media player through 3.0.7 has a heap-based buffer over-read because it does not properly validate the width and height. | |||||
CVE-2019-5460 | 2 Opensuse, Videolan | 3 Backports, Leap, Vlc Media Player | 2024-02-04 | 4.3 MEDIUM | 5.5 MEDIUM |
Double Free in VLC versions <= 3.0.6 leads to a crash. | |||||
CVE-2019-5439 | 1 Videolan | 1 Vlc Media Player | 2024-02-04 | 4.3 MEDIUM | 6.5 MEDIUM |
A Buffer Overflow in VLC Media Player < 3.0.7 causes a crash which can possibly be further developed into a remote code execution exploit. | |||||
CVE-2019-13615 | 1 Videolan | 1 Vlc Media Player | 2024-02-04 | 4.3 MEDIUM | 5.5 MEDIUM |
libebml before 1.3.6, as used in the MKV module in VideoLAN VLC Media Player binaries before 3.0.3, has a heap-based buffer over-read in EbmlElement::FindNextElement. | |||||
CVE-2019-14438 | 2 Debian, Videolan | 2 Debian Linux, Vlc Media Player | 2024-02-04 | 6.8 MEDIUM | 7.8 HIGH |
A heap-based buffer over-read in xiph_PackHeaders() in modules/demux/xiph.h in VideoLAN VLC media player 3.0.7.1 allows remote attackers to trigger a heap-based buffer over-read via a crafted .ogg file. | |||||
CVE-2019-12874 | 1 Videolan | 1 Vlc Media Player | 2024-02-04 | 7.5 HIGH | 9.8 CRITICAL |
An issue was discovered in zlib_decompress_extra in modules/demux/mkv/util.cpp in VideoLAN VLC media player 3.x through 3.0.7. The Matroska demuxer, while parsing a malformed MKV file type, has a double free. | |||||
CVE-2019-14533 | 2 Debian, Videolan | 2 Debian Linux, Vlc Media Player | 2024-02-04 | 6.8 MEDIUM | 7.8 HIGH |
The Control function of demux/asf/asf.c in VideoLAN VLC media player 3.0.7.1 has a use-after-free. | |||||
CVE-2019-14534 | 2 Debian, Videolan | 2 Debian Linux, Vlc Media Player | 2024-02-04 | 4.3 MEDIUM | 5.5 MEDIUM |
In VideoLAN VLC media player 3.0.7.1, there is a NULL pointer dereference at the function SeekPercent of demux/asf/asf.c that will lead to a denial of service attack. | |||||
CVE-2019-14778 | 2 Debian, Videolan | 2 Debian Linux, Vlc Media Player | 2024-02-04 | 6.8 MEDIUM | 7.8 HIGH |
The mkv::virtual_segment_c::seek method of demux/mkv/virtual_segment.cpp in VideoLAN VLC media player 3.0.7.1 has a use-after-free. | |||||
CVE-2019-14777 | 2 Debian, Videolan | 2 Debian Linux, Vlc Media Player | 2024-02-04 | 6.8 MEDIUM | 7.8 HIGH |
The Control function of demux/mkv/mkv.cpp in VideoLAN VLC media player 3.0.7.1 has a use-after-free. | |||||
CVE-2019-13602 | 4 Canonical, Debian, Opensuse and 1 more | 5 Ubuntu Linux, Debian Linux, Backports Sle and 2 more | 2024-02-04 | 6.8 MEDIUM | 7.8 HIGH |
An Integer Underflow in MP4_EIA608_Convert() in modules/demux/mp4/mp4.c in VideoLAN VLC media player through 3.0.7.1 allows remote attackers to cause a denial of service (heap-based buffer overflow and crash) or possibly have unspecified other impact via a crafted .mp4 file. | |||||
CVE-2019-14776 | 2 Debian, Videolan | 2 Debian Linux, Vlc Media Player | 2024-02-04 | 6.8 MEDIUM | 7.8 HIGH |
A heap-based buffer over-read exists in DemuxInit() in demux/asf/asf.c in VideoLAN VLC media player 3.0.7.1 via a crafted .mkv file. | |||||
CVE-2019-14535 | 2 Debian, Videolan | 2 Debian Linux, Vlc Media Player | 2024-02-04 | 6.8 MEDIUM | 7.8 HIGH |
A divide-by-zero error exists in the SeekIndex function of demux/asf/asf.c in VideoLAN VLC media player 3.0.7.1. As a result, an FPE can be triggered via a crafted WMV file. | |||||
CVE-2019-14970 | 2 Debian, Videolan | 2 Debian Linux, Vlc Media Player | 2024-02-04 | 6.8 MEDIUM | 7.8 HIGH |
A vulnerability in mkv::event_thread_t in VideoLAN VLC media player 3.0.7.1 allows remote attackers to trigger a heap-based buffer overflow via a crafted .mkv file. | |||||
CVE-2019-14498 | 2 Debian, Videolan | 2 Debian Linux, Vlc Media Player | 2024-02-04 | 6.8 MEDIUM | 7.8 HIGH |
A divide-by-zero error exists in the Control function of demux/caf.c in VideoLAN VLC media player 3.0.7.1. As a result, an FPE can be triggered via a crafted CAF file. | |||||
CVE-2019-14437 | 2 Debian, Videolan | 2 Debian Linux, Vlc Media Player | 2024-02-04 | 6.8 MEDIUM | 7.8 HIGH |
The xiph_SplitHeaders function in modules/demux/xiph.h in VideoLAN VLC media player 3.0.7.1 does not check array bounds properly. As a result, a heap-based buffer over-read can be triggered via a crafted .ogg file. |