Vulnerabilities > Videolan > VLC Media Player

DATE CVE VULNERABILITY TITLE RISK
2023-11-22 CVE-2023-46814 Uncontrolled Search Path Element vulnerability in Videolan VLC Media Player
A binary hijacking vulnerability exists within the VideoLAN VLC media player before 3.0.19 on Windows.
local
low complexity
videolan CWE-427
7.8
2023-11-07 CVE-2023-47359 Out-of-bounds Write vulnerability in Videolan VLC Media Player
Videolan VLC prior to version 3.0.20 contains an incorrect offset read that leads to a Heap-Based Buffer Overflow in function GetPacket() and results in a memory corruption.
network
low complexity
videolan CWE-787
critical
9.8
2023-11-07 CVE-2023-47360 Integer Underflow (Wrap or Wraparound) vulnerability in Videolan VLC Media Player
Videolan VLC prior to version 3.0.20 contains an Integer underflow that leads to an incorrect packet length.
network
low complexity
videolan CWE-191
7.5
2022-12-06 CVE-2022-41325 Integer Overflow or Wraparound vulnerability in multiple products
An integer overflow in the VNC module in VideoLAN VLC Media Player through 3.0.17.4 allows attackers, by tricking a user into opening a crafted playlist or connecting to a rogue VNC server, to crash VLC or execute code under some conditions.
local
low complexity
videolan debian CWE-190
7.8
2021-07-26 CVE-2021-25801 Out-of-bounds Read vulnerability in Videolan VLC Media Player 3.0.11
A buffer overflow vulnerability in the __Parse_indx component of VideoLAN VLC Media Player 3.0.11 allows attackers to cause an out-of-bounds read via a crafted .avi file.
local
low complexity
videolan CWE-125
7.1
2021-07-26 CVE-2021-25802 Out-of-bounds Read vulnerability in Videolan VLC Media Player 3.0.11
A buffer overflow vulnerability in the AVI_ExtractSubtitle component of VideoLAN VLC Media Player 3.0.11 allows attackers to cause an out-of-bounds read via a crafted .avi file.
local
low complexity
videolan CWE-125
7.1
2021-07-26 CVE-2021-25803 Integer Overflow or Wraparound vulnerability in Videolan VLC Media Player 3.0.11
A buffer overflow vulnerability in the vlc_input_attachment_New component of VideoLAN VLC Media Player 3.0.11 allows attackers to cause an out-of-bounds read via a crafted .avi file.
local
low complexity
videolan CWE-190
7.1
2021-07-26 CVE-2021-25804 NULL Pointer Dereference vulnerability in Videolan VLC Media Player 3.0.11
A NULL-pointer dereference in "Open" in avi.c of VideoLAN VLC Media Player 3.0.11 can a denial of service (DOS) in the application.
network
low complexity
videolan CWE-476
7.5
2021-01-08 CVE-2020-26664 Out-of-bounds Write vulnerability in multiple products
A vulnerability in EbmlTypeDispatcher::send in VideoLAN VLC media player 3.0.11 allows attackers to trigger a heap-based buffer overflow via a crafted .mkv file.
local
low complexity
videolan debian CWE-787
7.8
2020-06-08 CVE-2020-13428 Out-of-bounds Write vulnerability in multiple products
A heap-based buffer overflow in the hxxx_AnnexB_to_xVC function in modules/packetizer/hxxx_nal.c in VideoLAN VLC media player before 3.0.11 for macOS/iOS allows remote attackers to cause a denial of service (application crash) or execute arbitrary code via a crafted H.264 Annex-B video (.avi for example) file.
local
low complexity
videolan debian CWE-787
7.8