Vulnerabilities > Videolan > VLC Media Player

DATE CVE VULNERABILITY TITLE RISK
2019-07-30 CVE-2019-5460 Double Free vulnerability in multiple products
Double Free in VLC versions <= 3.0.6 leads to a crash.
local
low complexity
videolan opensuse CWE-415
5.5
2019-07-30 CVE-2019-5459 Integer Underflow (Wrap or Wraparound) vulnerability in multiple products
An Integer underflow in VLC Media Player versions < 3.0.7 leads to an out-of-band read.
local
low complexity
videolan opensuse CWE-191
7.1
2019-07-18 CVE-2019-13962 Out-of-bounds Read vulnerability in multiple products
lavc_CopyPicture in modules/codec/avcodec/video.c in VideoLAN VLC media player through 3.0.7 has a heap-based buffer over-read because it does not properly validate the width and height.
network
low complexity
videolan opensuse debian canonical CWE-125
critical
9.8
2019-07-16 CVE-2019-13615 Out-of-bounds Read vulnerability in Videolan VLC Media Player
libebml before 1.3.6, as used in the MKV module in VideoLAN VLC Media Player binaries before 3.0.3, has a heap-based buffer over-read in EbmlElement::FindNextElement.
local
low complexity
videolan CWE-125
5.5
2019-07-14 CVE-2019-13602 Integer Underflow (Wrap or Wraparound) vulnerability in multiple products
An Integer Underflow in MP4_EIA608_Convert() in modules/demux/mp4/mp4.c in VideoLAN VLC media player through 3.0.7.1 allows remote attackers to cause a denial of service (heap-based buffer overflow and crash) or possibly have unspecified other impact via a crafted .mp4 file.
local
low complexity
videolan debian canonical opensuse CWE-191
7.8
2019-06-18 CVE-2019-12874 Double Free vulnerability in Videolan VLC Media Player
An issue was discovered in zlib_decompress_extra in modules/demux/mkv/util.cpp in VideoLAN VLC media player 3.x through 3.0.7.
network
low complexity
videolan CWE-415
critical
9.8
2019-06-13 CVE-2019-5439 Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Videolan VLC Media Player
A Buffer Overflow in VLC Media Player < 3.0.7 causes a crash which can possibly be further developed into a remote code execution exploit.
network
low complexity
videolan CWE-119
6.5
2018-12-05 CVE-2018-19857 Access of Uninitialized Pointer vulnerability in multiple products
The CAF demuxer in modules/demux/caf.c in VideoLAN VLC media player 3.0.4 may read memory from an uninitialized pointer when processing magic cookies in CAF files, because a ReadKukiChunk() cast converts a return value to an unsigned int even if that value is negative.
network
low complexity
videolan debian CWE-824
critical
9.1
2018-07-11 CVE-2018-11529 Use After Free vulnerability in multiple products
VideoLAN VLC media player 2.2.x is prone to a use after free vulnerability which an attacker can leverage to execute arbitrary code via crafted MKV files.
low complexity
debian videolan CWE-416
8.0
2018-05-28 CVE-2018-11516 Use After Free vulnerability in Videolan VLC Media Player 3.0.0/3.0.1
The vlc_demux_chained_Delete function in input/demux_chained.c in VideoLAN VLC media player 3.0.1 allows remote attackers to cause a denial of service (heap corruption and application crash) or possibly have unspecified other impact via a crafted .swf file.
network
low complexity
videolan CWE-416
8.8