Vulnerabilities > Videolan > Critical
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2023-11-07 | CVE-2023-47359 | Out-of-bounds Write vulnerability in Videolan VLC Media Player Videolan VLC prior to version 3.0.20 contains an incorrect offset read that leads to a Heap-Based Buffer Overflow in function GetPacket() and results in a memory corruption. | 9.8 |
| 2019-07-18 | CVE-2019-13962 | Out-of-bounds Read vulnerability in multiple products lavc_CopyPicture in modules/codec/avcodec/video.c in VideoLAN VLC media player through 3.0.7 has a heap-based buffer over-read because it does not properly validate the width and height. | 9.8 |
| 2019-06-18 | CVE-2019-12874 | Double Free vulnerability in Videolan VLC Media Player An issue was discovered in zlib_decompress_extra in modules/demux/mkv/util.cpp in VideoLAN VLC media player 3.x through 3.0.7. | 9.8 |
| 2018-12-05 | CVE-2018-19857 | Access of Uninitialized Pointer vulnerability in multiple products The CAF demuxer in modules/demux/caf.c in VideoLAN VLC media player 3.0.4 may read memory from an uninitialized pointer when processing magic cookies in CAF files, because a ReadKukiChunk() cast converts a return value to an unsigned int even if that value is negative. | 9.1 |
| 2013-07-10 | CVE-2013-1868 | Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in Videolan VLC Media Player Multiple buffer overflows in VideoLAN VLC media player 2.0.4 and earlier allow remote attackers to cause a denial of service (crash) and execute arbitrary code via vectors related to the (1) freetype renderer and (2) HTML subtitle parser. | 9.3 |
| 2012-03-19 | CVE-2012-1776 | Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in Videolan VLC Media Player Multiple heap-based buffer overflows in VideoLAN VLC media player before 2.0.1 allow remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a crafted Real RTSP stream. | 9.3 |
| 2011-06-24 | CVE-2011-2194 | Numeric Errors vulnerability in Videolan VLC Media Player Integer overflow in the XSPF playlist parser in VideoLAN VLC media player 0.8.5 through 1.1.9 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via unspecified vectors that trigger a heap-based buffer overflow. | 9.3 |
| 2011-03-28 | CVE-2010-3276 | Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in Videolan VLC Media Player libdirectx_plugin.dll in VideoLAN VLC Media Player before 1.1.8 allows remote attackers to execute arbitrary code via a crafted width in an NSV file. | 9.3 |
| 2011-03-28 | CVE-2010-3275 | Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in Videolan VLC Media Player libdirectx_plugin.dll in VideoLAN VLC Media Player before 1.1.8 allows remote attackers to execute arbitrary code via a crafted width in an AMV file, related to a "dangling pointer vulnerability." | 9.3 |
| 2010-01-21 | CVE-2010-0364 | Buffer Errors vulnerability in Videolan VLC Media Player 0.8.6 Stack-based buffer overflow in VideoLAN VLC Media Player 0.8.6 allows user-assisted remote attackers to execute arbitrary code via an ogg file with a crafted Advanced SubStation Alpha Subtitle (.ass) file, probably involving the Dialogue field. | 9.3 |