Vulnerabilities > Videolan > VLC Media Player

DATE CVE VULNERABILITY TITLE RISK
2017-12-15 CVE-2017-17670 Use After Free vulnerability in multiple products
In VideoLAN VLC media player through 2.2.8, there is a type conversion vulnerability in modules/demux/mp4/libmp4.c in the MP4 demux module leading to a invalid free, because the type of a box may be changed between a read operation and a free operation.
network
low complexity
videolan debian CWE-416
8.8
2017-06-30 CVE-2017-10699 Out-of-bounds Write vulnerability in Videolan VLC Media Player
avcodec 2.2.x, as used in VideoLAN VLC media player 2.2.7-x before 2017-06-29, allows out-of-bounds heap memory write due to calling memcpy() with a wrong size, leading to a denial of service (application crash) or possibly code execution.
network
low complexity
videolan CWE-787
critical
9.8
2017-05-29 CVE-2017-9301 Out-of-bounds Read vulnerability in Videolan VLC Media Player
plugins\audio_filter\libmpgatofixed32_plugin.dll in VideoLAN VLC media player 2.2.4 allows remote attackers to cause a denial of service (invalid read and application crash) or possibly have unspecified other impact via a crafted file.
local
low complexity
videolan CWE-125
7.8
2017-05-29 CVE-2017-9300 Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Videolan VLC Media Player
plugins\codec\libflac_plugin.dll in VideoLAN VLC media player 2.2.4 allows remote attackers to cause a denial of service (heap corruption and application crash) or possibly have unspecified other impact via a crafted FLAC file.
local
low complexity
videolan CWE-119
7.8
2017-05-23 CVE-2017-8313 Out-of-bounds Read vulnerability in Videolan VLC Media Player
Heap out-of-bound read in ParseJSS in VideoLAN VLC before 2.2.5 due to missing check of string termination allows attackers to read data beyond allocated memory and potentially crash the process via a crafted subtitles file.
local
low complexity
videolan CWE-125
5.5
2017-05-23 CVE-2017-8312 Out-of-bounds Read vulnerability in multiple products
Heap out-of-bound read in ParseJSS in VideoLAN VLC due to missing check of string length allows attackers to read heap uninitialized data via a crafted subtitles file.
local
low complexity
videolan debian CWE-125
5.5
2017-05-23 CVE-2017-8311 Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Videolan VLC Media Player
Potential heap based buffer overflow in ParseJSS in VideoLAN VLC before 2.2.5 due to skipping NULL terminator in an input string allows attackers to execute arbitrary code via a crafted subtitles file.
local
low complexity
videolan CWE-119
7.8
2017-05-23 CVE-2017-8310 Out-of-bounds Read vulnerability in Videolan VLC Media Player
Heap out-of-bound read in CreateHtmlSubtitle in VideoLAN VLC 2.2.x due to missing check of string termination allows attackers to read data beyond allocated memory and potentially crash the process (causing a denial of service) via a crafted subtitles file.
local
low complexity
videolan CWE-125
5.5
2016-06-08 CVE-2016-5108 Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in multiple products
Buffer overflow in the DecodeAdpcmImaQT function in modules/codec/adpcm.c in VideoLAN VLC media player before 2.2.4 allows remote attackers to cause a denial of service (crash) or possibly execute arbitrary code via a crafted QuickTime IMA file.
network
low complexity
debian videolan CWE-119
critical
9.8
2016-04-18 CVE-2016-3941 Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in multiple products
Buffer overflow in the AStreamPeekStream function in input/stream.c in VideoLAN VLC media player before 2.2.0 allows remote attackers to cause a denial of service (crash) via a crafted wav file, related to "seek across EOF."
local
low complexity
videolan canonical CWE-119
5.5