Vulnerabilities > Videolan

DATE CVE VULNERABILITY TITLE RISK
2019-08-29 CVE-2019-14438 Out-of-bounds Read vulnerability in multiple products
A heap-based buffer over-read in xiph_PackHeaders() in modules/demux/xiph.h in VideoLAN VLC media player 3.0.7.1 allows remote attackers to trigger a heap-based buffer over-read via a crafted .ogg file.
local
low complexity
videolan debian CWE-125
7.8
7.8
2019-08-29 CVE-2019-14437 Improper Validation of Array Index vulnerability in multiple products
The xiph_SplitHeaders function in modules/demux/xiph.h in VideoLAN VLC media player 3.0.7.1 does not check array bounds properly.
local
low complexity
videolan debian CWE-129
7.8
7.8
2019-07-30 CVE-2019-5460 Double Free vulnerability in multiple products
Double Free in VLC versions <= 3.0.6 leads to a crash.
local
low complexity
videolan opensuse CWE-415
5.5
5.5
2019-07-30 CVE-2019-5459 Integer Underflow (Wrap or Wraparound) vulnerability in multiple products
An Integer underflow in VLC Media Player versions < 3.0.7 leads to an out-of-band read.
local
low complexity
videolan opensuse CWE-191
7.1
7.1
2019-07-18 CVE-2019-13962 Out-of-bounds Read vulnerability in multiple products
lavc_CopyPicture in modules/codec/avcodec/video.c in VideoLAN VLC media player through 3.0.7 has a heap-based buffer over-read because it does not properly validate the width and height.
network
low complexity
videolan opensuse debian canonical CWE-125
critical
 9.8
9.8
2019-07-16 CVE-2019-13615 Out-of-bounds Read vulnerability in Videolan VLC Media Player
libebml before 1.3.6, as used in the MKV module in VideoLAN VLC Media Player binaries before 3.0.3, has a heap-based buffer over-read in EbmlElement::FindNextElement.
local
low complexity
videolan CWE-125
5.5
5.5
2019-07-14 CVE-2019-13602 Integer Underflow (Wrap or Wraparound) vulnerability in multiple products
An Integer Underflow in MP4_EIA608_Convert() in modules/demux/mp4/mp4.c in VideoLAN VLC media player through 3.0.7.1 allows remote attackers to cause a denial of service (heap-based buffer overflow and crash) or possibly have unspecified other impact via a crafted .mp4 file.
local
low complexity
videolan debian canonical opensuse CWE-191
7.8
7.8
2019-06-18 CVE-2019-12874 Double Free vulnerability in Videolan VLC Media Player
An issue was discovered in zlib_decompress_extra in modules/demux/mkv/util.cpp in VideoLAN VLC media player 3.x through 3.0.7.
network
low complexity
videolan CWE-415
critical
 9.8
9.8
2019-06-13 CVE-2019-5439 Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Videolan VLC Media Player
A Buffer Overflow in VLC Media Player < 3.0.7 causes a crash which can possibly be further developed into a remote code execution exploit.
network
low complexity
videolan CWE-119
6.5
6.5
2018-12-31 CVE-2018-19937 Improper Authentication vulnerability in Videolan VLC for Mobile
A local, authenticated attacker can bypass the passcode in the VideoLAN VLC media player app before 3.1.5 for iOS by opening a URL and turning the phone.
low complexity
videolan CWE-287
6.6
6.6