Vulnerabilities > Videolan > VLC Media Player > 0.1.99d
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2023-11-22 | CVE-2023-46814 | Uncontrolled Search Path Element vulnerability in Videolan VLC Media Player A binary hijacking vulnerability exists within the VideoLAN VLC media player before 3.0.19 on Windows. | 7.8 |
| 2023-11-07 | CVE-2023-47359 | Out-of-bounds Write vulnerability in Videolan VLC Media Player Videolan VLC prior to version 3.0.20 contains an incorrect offset read that leads to a Heap-Based Buffer Overflow in function GetPacket() and results in a memory corruption. | 9.8 |
| 2023-11-07 | CVE-2023-47360 | Integer Underflow (Wrap or Wraparound) vulnerability in Videolan VLC Media Player Videolan VLC prior to version 3.0.20 contains an Integer underflow that leads to an incorrect packet length. | 7.5 |
| 2022-12-06 | CVE-2022-41325 | Integer Overflow or Wraparound vulnerability in multiple products An integer overflow in the VNC module in VideoLAN VLC Media Player through 3.0.17.4 allows attackers, by tricking a user into opening a crafted playlist or connecting to a rogue VNC server, to crash VLC or execute code under some conditions. | 7.8 |
| 2021-01-08 | CVE-2020-26664 | Out-of-bounds Write vulnerability in multiple products A vulnerability in EbmlTypeDispatcher::send in VideoLAN VLC media player 3.0.11 allows attackers to trigger a heap-based buffer overflow via a crafted .mkv file. | 7.8 |
| 2020-05-15 | CVE-2019-19721 | Off-by-one Error vulnerability in Videolan VLC Media Player An off-by-one error in the DecodeBlock function in codec/sdl_image.c in VideoLAN VLC media player before 3.0.9 allows remote attackers to cause a denial of service (memory corruption) via a crafted image file. | 7.8 |
| 2020-02-06 | CVE-2013-3564 | Information Exposure vulnerability in Videolan VLC Media Player The web interface in VideoLAN VLC media player before 2.0.7 has no access control which allows remote attackers to view directory listings via the 'dir' command or issue other commands without authenticating. | 5.3 |
| 2020-01-31 | CVE-2013-3565 | Cross-site Scripting vulnerability in multiple products Multiple cross-site scripting (XSS) vulnerabilities in the HTTP Interface in VideoLAN VLC Media Player before 2.0.7 allow remote attackers to inject arbitrary web script or HTML via the (1) command parameter to requests/vlm_cmd.xml, (2) dir parameter to requests/browse.xml, or (3) URI in a request, which is returned in an error message through share/lua/intf/http.lua. | 6.1 |
| 2020-01-24 | CVE-2014-9630 | Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Videolan VLC Media Player The rtp_packetize_xiph_config function in modules/stream_out/rtpfmt.c in VideoLAN VLC media player before 2.1.6 uses a stack-allocation approach with a size determined by arbitrary input data, which allows remote attackers to cause a denial of service (memory corruption) or possibly have unspecified other impact via a crafted length value. | 7.8 |
| 2020-01-24 | CVE-2014-9629 | Classic Buffer Overflow vulnerability in Videolan VLC Media Player Integer overflow in the Encode function in modules/codec/schroedinger.c in VideoLAN VLC media player before 2.1.6 and 2.2.x before 2.2.1 allows remote attackers to conduct buffer overflow attacks and execute arbitrary code via a crafted length value. | 7.8 |