Vulnerabilities > Videolan > High

DATE CVE VULNERABILITY TITLE RISK
2019-08-29 CVE-2019-14776 Out-of-bounds Read vulnerability in multiple products
A heap-based buffer over-read exists in DemuxInit() in demux/asf/asf.c in VideoLAN VLC media player 3.0.7.1 via a crafted .mkv file.
local
low complexity
videolan debian CWE-125
7.8
2019-08-29 CVE-2019-14533 Use After Free vulnerability in multiple products
The Control function of demux/asf/asf.c in VideoLAN VLC media player 3.0.7.1 has a use-after-free.
local
low complexity
videolan debian CWE-416
7.8
2019-08-29 CVE-2019-14535 Divide By Zero vulnerability in multiple products
A divide-by-zero error exists in the SeekIndex function of demux/asf/asf.c in VideoLAN VLC media player 3.0.7.1.
local
low complexity
videolan debian CWE-369
7.8
2019-08-29 CVE-2019-14498 Divide By Zero vulnerability in multiple products
A divide-by-zero error exists in the Control function of demux/caf.c in VideoLAN VLC media player 3.0.7.1.
local
low complexity
videolan debian CWE-369
7.8
2019-08-29 CVE-2019-14438 Out-of-bounds Read vulnerability in multiple products
A heap-based buffer over-read in xiph_PackHeaders() in modules/demux/xiph.h in VideoLAN VLC media player 3.0.7.1 allows remote attackers to trigger a heap-based buffer over-read via a crafted .ogg file.
local
low complexity
videolan debian CWE-125
7.8
2019-08-29 CVE-2019-14437 Improper Validation of Array Index vulnerability in multiple products
The xiph_SplitHeaders function in modules/demux/xiph.h in VideoLAN VLC media player 3.0.7.1 does not check array bounds properly.
local
low complexity
videolan debian CWE-129
7.8
2019-07-30 CVE-2019-5459 Integer Underflow (Wrap or Wraparound) vulnerability in multiple products
An Integer underflow in VLC Media Player versions < 3.0.7 leads to an out-of-band read.
local
low complexity
videolan opensuse CWE-191
7.1
2019-07-14 CVE-2019-13602 Integer Underflow (Wrap or Wraparound) vulnerability in multiple products
An Integer Underflow in MP4_EIA608_Convert() in modules/demux/mp4/mp4.c in VideoLAN VLC media player through 3.0.7.1 allows remote attackers to cause a denial of service (heap-based buffer overflow and crash) or possibly have unspecified other impact via a crafted .mp4 file.
local
low complexity
videolan debian canonical opensuse CWE-191
7.8
2018-07-11 CVE-2018-11529 Use After Free vulnerability in multiple products
VideoLAN VLC media player 2.2.x is prone to a use after free vulnerability which an attacker can leverage to execute arbitrary code via crafted MKV files.
low complexity
debian videolan CWE-416
8.0
2018-05-28 CVE-2018-11516 Use After Free vulnerability in Videolan VLC Media Player 3.0.0/3.0.1
The vlc_demux_chained_Delete function in input/demux_chained.c in VideoLAN VLC media player 3.0.1 allows remote attackers to cause a denial of service (heap corruption and application crash) or possibly have unspecified other impact via a crafted .swf file.
network
low complexity
videolan CWE-416
8.8