Vulnerabilities > Videolan > High
DATE | CVE | VULNERABILITY TITLE | RISK |
---|---|---|---|
2017-12-15 | CVE-2017-17670 | Use After Free vulnerability in multiple products In VideoLAN VLC media player through 2.2.8, there is a type conversion vulnerability in modules/demux/mp4/libmp4.c in the MP4 demux module leading to a invalid free, because the type of a box may be changed between a read operation and a free operation. | 8.8 |
2017-05-29 | CVE-2017-9301 | Out-of-bounds Read vulnerability in Videolan VLC Media Player plugins\audio_filter\libmpgatofixed32_plugin.dll in VideoLAN VLC media player 2.2.4 allows remote attackers to cause a denial of service (invalid read and application crash) or possibly have unspecified other impact via a crafted file. | 7.8 |
2017-05-29 | CVE-2017-9300 | Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Videolan VLC Media Player plugins\codec\libflac_plugin.dll in VideoLAN VLC media player 2.2.4 allows remote attackers to cause a denial of service (heap corruption and application crash) or possibly have unspecified other impact via a crafted FLAC file. | 7.8 |
2017-05-23 | CVE-2017-8311 | Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Videolan VLC Media Player Potential heap based buffer overflow in ParseJSS in VideoLAN VLC before 2.2.5 due to skipping NULL terminator in an input string allows attackers to execute arbitrary code via a crafted subtitles file. | 7.8 |