Vulnerabilities > Videolan > Medium
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2023-05-10 | CVE-2023-32570 | Race Condition vulnerability in multiple products VideoLAN dav1d before 1.2.0 has a thread_task.c race condition that can lead to an application crash, related to dav1d_decode_frame_exit. | 5.9 |
| 2020-02-06 | CVE-2013-3564 | Information Exposure vulnerability in Videolan VLC Media Player The web interface in VideoLAN VLC media player before 2.0.7 has no access control which allows remote attackers to view directory listings via the 'dir' command or issue other commands without authenticating. | 5.3 |
| 2020-01-31 | CVE-2013-3565 | Cross-site Scripting vulnerability in multiple products Multiple cross-site scripting (XSS) vulnerabilities in the HTTP Interface in VideoLAN VLC Media Player before 2.0.7 allow remote attackers to inject arbitrary web script or HTML via the (1) command parameter to requests/vlm_cmd.xml, (2) dir parameter to requests/browse.xml, or (3) URI in a request, which is returned in an error message through share/lua/intf/http.lua. | 6.1 |
| 2019-11-22 | CVE-2015-7810 | Time-of-check Time-of-use (TOCTOU) Race Condition vulnerability in multiple products libbluray MountManager class has a time-of-check time-of-use (TOCTOU) race when expanding JAR files | 4.7 |
| 2019-08-29 | CVE-2019-14534 | NULL Pointer Dereference vulnerability in multiple products In VideoLAN VLC media player 3.0.7.1, there is a NULL pointer dereference at the function SeekPercent of demux/asf/asf.c that will lead to a denial of service attack. | 5.5 |
| 2019-07-30 | CVE-2019-5460 | Double Free vulnerability in multiple products Double Free in VLC versions <= 3.0.6 leads to a crash. | 5.5 |
| 2019-07-16 | CVE-2019-13615 | Out-of-bounds Read vulnerability in Videolan VLC Media Player libebml before 1.3.6, as used in the MKV module in VideoLAN VLC Media Player binaries before 3.0.3, has a heap-based buffer over-read in EbmlElement::FindNextElement. | 5.5 |
| 2019-06-13 | CVE-2019-5439 | Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Videolan VLC Media Player A Buffer Overflow in VLC Media Player < 3.0.7 causes a crash which can possibly be further developed into a remote code execution exploit. | 6.5 |
| 2018-12-31 | CVE-2018-19937 | Improper Authentication vulnerability in Videolan VLC for Mobile A local, authenticated attacker can bypass the passcode in the VideoLAN VLC media player app before 3.1.5 for iOS by opening a URL and turning the phone. | 6.6 |
| 2017-05-23 | CVE-2017-8313 | Out-of-bounds Read vulnerability in Videolan VLC Media Player Heap out-of-bound read in ParseJSS in VideoLAN VLC before 2.2.5 due to missing check of string termination allows attackers to read data beyond allocated memory and potentially crash the process via a crafted subtitles file. | 5.5 |