Vulnerabilities > Videolan

DATE CVE VULNERABILITY TITLE RISK
2021-07-26 CVE-2021-25801 Classic Buffer Overflow vulnerability in Videolan VLC Media Player 3.0.11
A buffer overflow vulnerability in the __Parse_indx component of VideoLAN VLC Media Player 3.0.11 allows attackers to cause an out-of-bounds read via a crafted .avi file.
network
videolan CWE-120
5.8
2021-07-26 CVE-2021-25802 Classic Buffer Overflow vulnerability in Videolan VLC Media Player 3.0.11
A buffer overflow vulnerability in the AVI_ExtractSubtitle component of VideoLAN VLC Media Player 3.0.11 allows attackers to cause an out-of-bounds read via a crafted .avi file.
network
videolan CWE-120
5.8
2021-07-26 CVE-2021-25803 Classic Buffer Overflow vulnerability in Videolan VLC Media Player 3.0.11
A buffer overflow vulnerability in the vlc_input_attachment_New component of VideoLAN VLC Media Player 3.0.11 allows attackers to cause an out-of-bounds read via a crafted .avi file.
network
videolan CWE-120
5.8
2021-07-26 CVE-2021-25804 NULL Pointer Dereference vulnerability in Videolan VLC Media Player 3.0.11
A NULL-pointer dereference in "Open" in avi.c of VideoLAN VLC Media Player 3.0.11 can a denial of service (DOS) in the application.
network
low complexity
videolan CWE-476
5.0
2021-01-08 CVE-2020-26664 Out-of-bounds Write vulnerability in multiple products
A vulnerability in EbmlTypeDispatcher::send in VideoLAN VLC media player 3.0.11 allows attackers to trigger a heap-based buffer overflow via a crafted .mkv file.
6.8
2020-06-08 CVE-2020-13428 Out-of-bounds Write vulnerability in Videolan VLC Media Player
A heap-based buffer overflow in the hxxx_AnnexB_to_xVC function in modules/packetizer/hxxx_nal.c in VideoLAN VLC media player before 3.0.11 for macOS/iOS allows remote attackers to cause a denial of service (application crash) or execute arbitrary code via a crafted H.264 Annex-B video (.avi for example) file.
network
videolan CWE-787
6.8
2020-05-15 CVE-2019-19721 Off-by-one Error vulnerability in Videolan VLC Media Player
An off-by-one error in the DecodeBlock function in codec/sdl_image.c in VideoLAN VLC media player before 3.0.9 allows remote attackers to cause a denial of service (memory corruption) via a crafted image file.
network
videolan CWE-193
6.8
2020-02-06 CVE-2013-3564 Information Exposure vulnerability in Videolan VLC Media Player
The web interface in VideoLAN VLC media player before 2.0.7 has no access control which allows remote attackers to view directory listings via the 'dir' command or issue other commands without authenticating.
network
low complexity
videolan CWE-200
5.0
2020-01-31 CVE-2013-3565 Cross-site Scripting vulnerability in multiple products
Multiple cross-site scripting (XSS) vulnerabilities in the HTTP Interface in VideoLAN VLC Media Player before 2.0.7 allow remote attackers to inject arbitrary web script or HTML via the (1) command parameter to requests/vlm_cmd.xml, (2) dir parameter to requests/browse.xml, or (3) URI in a request, which is returned in an error message through share/lua/intf/http.lua.
4.3
2020-01-24 CVE-2014-9630 Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Videolan VLC Media Player
The rtp_packetize_xiph_config function in modules/stream_out/rtpfmt.c in VideoLAN VLC media player before 2.1.6 uses a stack-allocation approach with a size determined by arbitrary input data, which allows remote attackers to cause a denial of service (memory corruption) or possibly have unspecified other impact via a crafted length value.
network
videolan CWE-119
6.8