Vulnerabilities > Videolan > VLC Media Player > Medium

DATE CVE VULNERABILITY TITLE RISK
2020-02-06 CVE-2013-3564 Information Exposure vulnerability in Videolan VLC Media Player
The web interface in VideoLAN VLC media player before 2.0.7 has no access control which allows remote attackers to view directory listings via the 'dir' command or issue other commands without authenticating.
network
low complexity
videolan CWE-200
5.3
2020-01-31 CVE-2013-3565 Cross-site Scripting vulnerability in multiple products
Multiple cross-site scripting (XSS) vulnerabilities in the HTTP Interface in VideoLAN VLC Media Player before 2.0.7 allow remote attackers to inject arbitrary web script or HTML via the (1) command parameter to requests/vlm_cmd.xml, (2) dir parameter to requests/browse.xml, or (3) URI in a request, which is returned in an error message through share/lua/intf/http.lua.
network
low complexity
videolan opensuse CWE-79
6.1
2019-08-29 CVE-2019-14534 NULL Pointer Dereference vulnerability in multiple products
In VideoLAN VLC media player 3.0.7.1, there is a NULL pointer dereference at the function SeekPercent of demux/asf/asf.c that will lead to a denial of service attack.
local
low complexity
videolan debian CWE-476
5.5
2019-07-30 CVE-2019-5460 Double Free vulnerability in multiple products
Double Free in VLC versions <= 3.0.6 leads to a crash.
local
low complexity
videolan opensuse CWE-415
5.5
2019-07-16 CVE-2019-13615 Out-of-bounds Read vulnerability in Videolan VLC Media Player
libebml before 1.3.6, as used in the MKV module in VideoLAN VLC Media Player binaries before 3.0.3, has a heap-based buffer over-read in EbmlElement::FindNextElement.
local
low complexity
videolan CWE-125
5.5
2019-06-13 CVE-2019-5439 Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Videolan VLC Media Player
A Buffer Overflow in VLC Media Player < 3.0.7 causes a crash which can possibly be further developed into a remote code execution exploit.
network
low complexity
videolan CWE-119
6.5
2017-05-23 CVE-2017-8313 Out-of-bounds Read vulnerability in Videolan VLC Media Player
Heap out-of-bound read in ParseJSS in VideoLAN VLC before 2.2.5 due to missing check of string termination allows attackers to read data beyond allocated memory and potentially crash the process via a crafted subtitles file.
local
low complexity
videolan CWE-125
5.5
2017-05-23 CVE-2017-8312 Out-of-bounds Read vulnerability in multiple products
Heap out-of-bound read in ParseJSS in VideoLAN VLC due to missing check of string length allows attackers to read heap uninitialized data via a crafted subtitles file.
local
low complexity
videolan debian CWE-125
5.5
2017-05-23 CVE-2017-8310 Out-of-bounds Read vulnerability in Videolan VLC Media Player
Heap out-of-bound read in CreateHtmlSubtitle in VideoLAN VLC 2.2.x due to missing check of string termination allows attackers to read data beyond allocated memory and potentially crash the process (causing a denial of service) via a crafted subtitles file.
local
low complexity
videolan CWE-125
5.5
2016-04-18 CVE-2016-3941 Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in multiple products
Buffer overflow in the AStreamPeekStream function in input/stream.c in VideoLAN VLC media player before 2.2.0 allows remote attackers to cause a denial of service (crash) via a crafted wav file, related to "seek across EOF."
local
low complexity
videolan canonical CWE-119
5.5