Vulnerabilities > Videolan > Medium
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2023-05-10 | CVE-2023-32570 | Race Condition vulnerability in multiple products VideoLAN dav1d before 1.2.0 has a thread_task.c race condition that can lead to an application crash, related to dav1d_decode_frame_exit. | 5.9 |
| 2021-07-26 | CVE-2021-25801 | Out-of-bounds Read vulnerability in Videolan VLC Media Player 3.0.11 A buffer overflow vulnerability in the __Parse_indx component of VideoLAN VLC Media Player 3.0.11 allows attackers to cause an out-of-bounds read via a crafted .avi file. | 5.8 |
| 2021-07-26 | CVE-2021-25802 | Out-of-bounds Read vulnerability in Videolan VLC Media Player 3.0.11 A buffer overflow vulnerability in the AVI_ExtractSubtitle component of VideoLAN VLC Media Player 3.0.11 allows attackers to cause an out-of-bounds read via a crafted .avi file. | 5.8 |
| 2021-07-26 | CVE-2021-25803 | Integer Overflow or Wraparound vulnerability in Videolan VLC Media Player 3.0.11 A buffer overflow vulnerability in the vlc_input_attachment_New component of VideoLAN VLC Media Player 3.0.11 allows attackers to cause an out-of-bounds read via a crafted .avi file. | 5.8 |
| 2021-07-26 | CVE-2021-25804 | NULL Pointer Dereference vulnerability in Videolan VLC Media Player 3.0.11 A NULL-pointer dereference in "Open" in avi.c of VideoLAN VLC Media Player 3.0.11 can a denial of service (DOS) in the application. | 5.0 |
| 2020-02-06 | CVE-2013-3564 | Information Exposure vulnerability in Videolan VLC Media Player The web interface in VideoLAN VLC media player before 2.0.7 has no access control which allows remote attackers to view directory listings via the 'dir' command or issue other commands without authenticating. | 5.0 |
| 2020-01-31 | CVE-2013-3565 | Cross-site Scripting vulnerability in multiple products Multiple cross-site scripting (XSS) vulnerabilities in the HTTP Interface in VideoLAN VLC Media Player before 2.0.7 allow remote attackers to inject arbitrary web script or HTML via the (1) command parameter to requests/vlm_cmd.xml, (2) dir parameter to requests/browse.xml, or (3) URI in a request, which is returned in an error message through share/lua/intf/http.lua. | 6.1 |
| 2020-01-24 | CVE-2014-9630 | Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Videolan VLC Media Player The rtp_packetize_xiph_config function in modules/stream_out/rtpfmt.c in VideoLAN VLC media player before 2.1.6 uses a stack-allocation approach with a size determined by arbitrary input data, which allows remote attackers to cause a denial of service (memory corruption) or possibly have unspecified other impact via a crafted length value. | 6.8 |
| 2020-01-24 | CVE-2014-9629 | Classic Buffer Overflow vulnerability in Videolan VLC Media Player Integer overflow in the Encode function in modules/codec/schroedinger.c in VideoLAN VLC media player before 2.1.6 and 2.2.x before 2.2.1 allows remote attackers to conduct buffer overflow attacks and execute arbitrary code via a crafted length value. | 6.8 |
| 2020-01-24 | CVE-2014-9628 | Classic Buffer Overflow vulnerability in Videolan VLC Media Player The MP4_ReadBox_String function in modules/demux/mp4/libmp4.c in VideoLAN VLC media player before 2.1.6 allows remote attackers to trigger an unintended zero-size malloc and conduct buffer overflow attacks, and consequently execute arbitrary code, via a box size of 7. | 6.8 |