Vulnerabilities (CVE)

Filtered by vendor Videolan Subscribe
Filtered by product Vlc Media Player
Total 113 CVE
CVE Vendors Products Updated CVSS v2 CVSS v3
CVE-2012-5470 1 Videolan 1 Vlc Media Player 2025-04-11 4.3 MEDIUM N/A
libpng_plugin in VideoLAN VLC media player 2.0.3 allows remote attackers to cause a denial of service (application crash) via a crafted PNG file.
CVE-2011-2588 1 Videolan 1 Vlc Media Player 2025-04-11 6.8 MEDIUM N/A
Heap-based buffer overflow in the AVI_ChunkRead_strf function in libavi.c in the AVI demuxer in VideoLAN VLC media player before 1.1.11 allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a crafted AVI media file.
CVE-2010-2937 1 Videolan 1 Vlc Media Player 2025-04-11 5.0 MEDIUM N/A
The ReadMetaFromId3v2 function in taglib.cpp in the TagLib plugin in VideoLAN VLC media player 0.9.0 through 1.1.2 does not properly process ID3v2 tags, which allows remote attackers to cause a denial of service (application crash) via a crafted media file.
CVE-2011-0522 1 Videolan 1 Vlc Media Player 2025-04-11 6.8 MEDIUM N/A
The StripTags function in (1) the USF decoder (modules/codec/subtitles/subsdec.c) and (2) the Text decoder (modules/codec/subtitles/subsusf.c) in VideoLAN VLC Media Player 1.1 before 1.1.6-rc allows remote attackers to execute arbitrary code via a subtitle with an opening "<" without a closing ">" in an MKV file, which triggers heap memory corruption, as demonstrated using refined-australia-blu720p-sample.mkv.
CVE-2013-3245 1 Videolan 1 Vlc Media Player 2025-04-11 6.8 MEDIUM 6.3 MEDIUM
** DISPUTED ** plugins/demux/libmkv_plugin.dll in VideoLAN VLC Media Player 2.0.7, and possibly other versions, allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a crafted MKV file, possibly involving an integer overflow and out-of-bounds read or heap-based buffer overflow, or an uncaught exception. NOTE: the vendor disputes the severity and claimed vulnerability type of this issue, stating "This PoC crashes VLC, indeed, but does nothing more... this is not an integer overflow error, but an uncaught exception and I doubt that it is exploitable. This uncaught exception makes VLC abort, not execute random code, on my Linux 64bits machine." A PoC posted by the original researcher shows signs of an attacker-controlled out-of-bounds read, but the affected instruction does not involve a register that directly influences control flow.
CVE-2013-1954 1 Videolan 1 Vlc Media Player 2025-04-11 6.8 MEDIUM N/A
The ASF Demuxer (modules/demux/asf/asf.c) in VideoLAN VLC media player 2.0.5 and earlier allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a crafted ASF movie that triggers an out-of-bounds read.
CVE-2012-0904 1 Videolan 1 Vlc Media Player 2025-04-11 4.3 MEDIUM N/A
VLC media player 1.1.11 allows remote attackers to cause a denial of service (crash) via a long string in an amr file.
CVE-2013-6283 1 Videolan 1 Vlc Media Player 2025-04-11 7.5 HIGH N/A
VideoLAN VLC Media Player 2.0.8 and earlier allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a long string in a URL in a m3u file.
CVE-2010-3275 1 Videolan 1 Vlc Media Player 2025-04-11 9.3 HIGH N/A
libdirectx_plugin.dll in VideoLAN VLC Media Player before 1.1.8 allows remote attackers to execute arbitrary code via a crafted width in an AMV file, related to a "dangling pointer vulnerability."
CVE-2011-1684 1 Videolan 1 Vlc Media Player 2025-04-11 6.8 MEDIUM N/A
Heap-based buffer overflow in the MP4_ReadBox_skcr function in libmp4.c in the MP4 demultiplexer in VideoLAN VLC media player 1.x before 1.1.9 allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a crafted MP4 file.
CVE-2010-3907 1 Videolan 1 Vlc Media Player 2025-04-11 9.3 HIGH N/A
Multiple integer overflows in real.c in the Real demuxer plugin in VideoLAN VLC Media Player before 1.1.6 allow remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a zero i_subpackets value in a Real Media file, leading to a heap-based buffer overflow.
CVE-2010-3124 1 Videolan 1 Vlc Media Player 2025-04-11 9.3 HIGH N/A
Untrusted search path vulnerability in bin/winvlc.c in VLC Media Player 1.1.3 and earlier allows local users, and possibly remote attackers, to execute arbitrary code and conduct DLL hijacking attacks via a Trojan horse wintab32.dll that is located in the same folder as a .mp3 file.
CVE-2011-1087 1 Videolan 1 Vlc Media Player 2025-04-11 7.6 HIGH N/A
Buffer overflow in VideoLAN VLC media player 1.0.5 allows user-assisted remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via a crafted .mp3 file that is played during bookmark creation.
CVE-2011-0021 1 Videolan 1 Vlc Media Player 2025-04-11 9.3 HIGH N/A
Multiple heap-based buffer overflows in cdg.c in the CDG decoder in VideoLAN VLC Media Player before 1.1.6 allow remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a crafted CDG video.
CVE-2008-4558 1 Videolan 1 Vlc Media Player 2025-04-09 6.8 MEDIUM N/A
Array index error in VLC media player 0.9.2 allows remote attackers to overwrite arbitrary memory and execute arbitrary code via an XSPF playlist file with a negative identifier tag, which passes a signed comparison.
CVE-2008-4654 1 Videolan 1 Vlc Media Player 2025-04-09 9.3 HIGH N/A
Stack-based buffer overflow in the parse_master function in the Ty demux plugin (modules/demux/ty.c) in VLC Media Player 0.9.0 through 0.9.4 allows remote attackers to execute arbitrary code via a TiVo TY media file with a header containing a crafted size value.
CVE-2008-0295 1 Videolan 1 Vlc Media Player 2025-04-09 8.5 HIGH N/A
Heap-based buffer overflow in modules/access/rtsp/real_sdpplin.c in the Xine library, as used in VideoLAN VLC Media Player 0.8.6d and earlier, allows user-assisted remote attackers to cause a denial of service (crash) or execute arbitrary code via long Session Description Protocol (SDP) data.
CVE-2007-0017 1 Videolan 1 Vlc Media Player 2025-04-09 6.8 MEDIUM N/A
Multiple format string vulnerabilities in (1) the cdio_log_handler function in modules/access/cdda/access.c in the CDDA (libcdda_plugin) plugin, and the (2) cdio_log_handler and (3) vcd_log_handler functions in modules/access/vcdx/access.c in the VCDX (libvcdx_plugin) plugin, in VideoLAN VLC 0.7.0 through 0.8.6 allow user-assisted remote attackers to execute arbitrary code via format string specifiers in an invalid URI, as demonstrated by a udp://-- URI in an M3U file.
CVE-2009-2484 2 Microsoft, Videolan 2 Windows, Vlc Media Player 2025-04-09 9.3 HIGH N/A
Stack-based buffer overflow in the Win32AddConnection function in modules/access/smb.c in VideoLAN VLC media player 0.9.9, when running on Microsoft Windows, allows remote attackers to cause a denial of service (application crash) and possibly execute arbitrary code via a long smb URI in a playlist file.
CVE-2008-2430 2 Microsoft, Videolan 2 Windows Nt, Vlc Media Player 2025-04-09 9.3 HIGH N/A
Integer overflow in the Open function in modules/demux/wav.c in VLC Media Player 0.8.6h on Windows allows remote attackers to execute arbitrary code via a large fmt chunk in a WAV file.