Vulnerabilities > Videolan
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2018-12-05 | CVE-2018-19857 | Access of Uninitialized Pointer vulnerability in multiple products The CAF demuxer in modules/demux/caf.c in VideoLAN VLC media player 3.0.4 may read memory from an uninitialized pointer when processing magic cookies in CAF files, because a ReadKukiChunk() cast converts a return value to an unsigned int even if that value is negative. | 9.1 |
| 2018-07-11 | CVE-2018-11529 | Use After Free vulnerability in multiple products VideoLAN VLC media player 2.2.x is prone to a use after free vulnerability which an attacker can leverage to execute arbitrary code via crafted MKV files. | 6.8 |
| 2018-05-28 | CVE-2018-11516 | Use After Free vulnerability in Videolan VLC Media Player 3.0.0/3.0.1 The vlc_demux_chained_Delete function in input/demux_chained.c in VideoLAN VLC media player 3.0.1 allows remote attackers to cause a denial of service (heap corruption and application crash) or possibly have unspecified other impact via a crafted .swf file. | 8.8 |
| 2017-12-15 | CVE-2017-17670 | Use After Free vulnerability in multiple products In VideoLAN VLC media player through 2.2.8, there is a type conversion vulnerability in modules/demux/mp4/libmp4.c in the MP4 demux module leading to a invalid free, because the type of a box may be changed between a read operation and a free operation. | 6.8 |
| 2017-06-30 | CVE-2017-10699 | Out-of-bounds Write vulnerability in Videolan VLC Media Player avcodec 2.2.x, as used in VideoLAN VLC media player 2.2.7-x before 2017-06-29, allows out-of-bounds heap memory write due to calling memcpy() with a wrong size, leading to a denial of service (application crash) or possibly code execution. | 7.5 |
| 2017-05-29 | CVE-2017-9301 | Out-of-bounds Read vulnerability in Videolan VLC Media Player plugins\audio_filter\libmpgatofixed32_plugin.dll in VideoLAN VLC media player 2.2.4 allows remote attackers to cause a denial of service (invalid read and application crash) or possibly have unspecified other impact via a crafted file. | 6.8 |
| 2017-05-29 | CVE-2017-9300 | Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Videolan VLC Media Player plugins\codec\libflac_plugin.dll in VideoLAN VLC media player 2.2.4 allows remote attackers to cause a denial of service (heap corruption and application crash) or possibly have unspecified other impact via a crafted FLAC file. | 6.8 |
| 2017-05-23 | CVE-2017-8313 | Out-of-bounds Read vulnerability in Videolan VLC Media Player Heap out-of-bound read in ParseJSS in VideoLAN VLC before 2.2.5 due to missing check of string termination allows attackers to read data beyond allocated memory and potentially crash the process via a crafted subtitles file. | 5.5 |
| 2017-05-23 | CVE-2017-8312 | Out-of-bounds Read vulnerability in multiple products Heap out-of-bound read in ParseJSS in VideoLAN VLC due to missing check of string length allows attackers to read heap uninitialized data via a crafted subtitles file. | 5.5 |
| 2017-05-23 | CVE-2017-8311 | Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Videolan VLC Media Player Potential heap based buffer overflow in ParseJSS in VideoLAN VLC before 2.2.5 due to skipping NULL terminator in an input string allows attackers to execute arbitrary code via a crafted subtitles file. | 7.8 |