Vulnerabilities > Videolan > VLC Media Player > High
DATE | CVE | VULNERABILITY TITLE | RISK |
---|---|---|---|
2019-08-29 | CVE-2019-14776 | Out-of-bounds Read vulnerability in multiple products A heap-based buffer over-read exists in DemuxInit() in demux/asf/asf.c in VideoLAN VLC media player 3.0.7.1 via a crafted .mkv file. | 7.8 |
2019-08-29 | CVE-2019-14533 | Use After Free vulnerability in multiple products The Control function of demux/asf/asf.c in VideoLAN VLC media player 3.0.7.1 has a use-after-free. | 7.8 |
2019-08-29 | CVE-2019-14535 | Divide By Zero vulnerability in multiple products A divide-by-zero error exists in the SeekIndex function of demux/asf/asf.c in VideoLAN VLC media player 3.0.7.1. | 7.8 |
2019-08-29 | CVE-2019-14498 | Divide By Zero vulnerability in multiple products A divide-by-zero error exists in the Control function of demux/caf.c in VideoLAN VLC media player 3.0.7.1. | 7.8 |
2019-08-29 | CVE-2019-14438 | Out-of-bounds Read vulnerability in multiple products A heap-based buffer over-read in xiph_PackHeaders() in modules/demux/xiph.h in VideoLAN VLC media player 3.0.7.1 allows remote attackers to trigger a heap-based buffer over-read via a crafted .ogg file. | 7.8 |
2019-08-29 | CVE-2019-14437 | Improper Validation of Array Index vulnerability in multiple products The xiph_SplitHeaders function in modules/demux/xiph.h in VideoLAN VLC media player 3.0.7.1 does not check array bounds properly. | 7.8 |
2019-07-30 | CVE-2019-5459 | Integer Underflow (Wrap or Wraparound) vulnerability in multiple products An Integer underflow in VLC Media Player versions < 3.0.7 leads to an out-of-band read. | 7.1 |
2019-07-14 | CVE-2019-13602 | Integer Underflow (Wrap or Wraparound) vulnerability in multiple products An Integer Underflow in MP4_EIA608_Convert() in modules/demux/mp4/mp4.c in VideoLAN VLC media player through 3.0.7.1 allows remote attackers to cause a denial of service (heap-based buffer overflow and crash) or possibly have unspecified other impact via a crafted .mp4 file. | 7.8 |
2018-07-11 | CVE-2018-11529 | Use After Free vulnerability in multiple products VideoLAN VLC media player 2.2.x is prone to a use after free vulnerability which an attacker can leverage to execute arbitrary code via crafted MKV files. | 8.0 |
2018-05-28 | CVE-2018-11516 | Use After Free vulnerability in Videolan VLC Media Player 3.0.0/3.0.1 The vlc_demux_chained_Delete function in input/demux_chained.c in VideoLAN VLC media player 3.0.1 allows remote attackers to cause a denial of service (heap corruption and application crash) or possibly have unspecified other impact via a crafted .swf file. | 8.8 |