Vulnerabilities > Videolan > VLC Media Player > Critical

DATE CVE VULNERABILITY TITLE RISK
2023-11-07 CVE-2023-47359 Out-of-bounds Write vulnerability in Videolan VLC Media Player
Videolan VLC prior to version 3.0.20 contains an incorrect offset read that leads to a Heap-Based Buffer Overflow in function GetPacket() and results in a memory corruption.
network
low complexity
videolan CWE-787
critical
9.8
2019-07-18 CVE-2019-13962 Out-of-bounds Read vulnerability in multiple products
lavc_CopyPicture in modules/codec/avcodec/video.c in VideoLAN VLC media player through 3.0.7 has a heap-based buffer over-read because it does not properly validate the width and height.
network
low complexity
videolan opensuse debian canonical CWE-125
critical
9.8
2019-06-18 CVE-2019-12874 Double Free vulnerability in Videolan VLC Media Player
An issue was discovered in zlib_decompress_extra in modules/demux/mkv/util.cpp in VideoLAN VLC media player 3.x through 3.0.7.
network
low complexity
videolan CWE-415
critical
9.8
2018-12-05 CVE-2018-19857 Access of Uninitialized Pointer vulnerability in multiple products
The CAF demuxer in modules/demux/caf.c in VideoLAN VLC media player 3.0.4 may read memory from an uninitialized pointer when processing magic cookies in CAF files, because a ReadKukiChunk() cast converts a return value to an unsigned int even if that value is negative.
network
low complexity
videolan debian CWE-824
critical
9.1
2017-06-30 CVE-2017-10699 Out-of-bounds Write vulnerability in Videolan VLC Media Player
avcodec 2.2.x, as used in VideoLAN VLC media player 2.2.7-x before 2017-06-29, allows out-of-bounds heap memory write due to calling memcpy() with a wrong size, leading to a denial of service (application crash) or possibly code execution.
network
low complexity
videolan CWE-787
critical
9.8
2016-06-08 CVE-2016-5108 Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in multiple products
Buffer overflow in the DecodeAdpcmImaQT function in modules/codec/adpcm.c in VideoLAN VLC media player before 2.2.4 allows remote attackers to cause a denial of service (crash) or possibly execute arbitrary code via a crafted QuickTime IMA file.
network
low complexity
debian videolan CWE-119
critical
9.8