Filtered by vendor Videolan
Subscribe
Total
127 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2008-5032 | 1 Videolan | 1 Vlc Media Player | 2026-04-23 | 9.3 HIGH | N/A |
| Stack-based buffer overflow in VideoLAN VLC media player 0.5.0 through 0.9.5 might allow user-assisted attackers to execute arbitrary code via the header of an invalid CUE image file, related to modules/access/vcd/cdrom.c. NOTE: this identifier originally included an issue related to RealText, but that issue has been assigned a separate identifier, CVE-2008-5036. | |||||
| CVE-2007-3468 | 1 Videolan | 1 Vlc Media Player | 2026-04-23 | 7.8 HIGH | N/A |
| input.c in VideoLAN VLC Media Player before 0.8.6c allows remote attackers to cause a denial of service (crash) via a crafted WAV file that causes an uninitialized i_nb_resamplers variable to be used. | |||||
| CVE-2009-1045 | 1 Videolan | 1 Vlc Media Player | 2026-04-23 | 5.0 MEDIUM | N/A |
| requests/status.xml in VLC 0.9.8a allows remote attackers to cause a denial of service (stack consumption and crash) via a long input argument in an in_play action. | |||||
| CVE-2007-6262 | 1 Videolan | 1 Vlc Media Player | 2026-04-23 | 6.8 MEDIUM | N/A |
| A certain ActiveX control in axvlc.dll in VideoLAN VLC 0.8.6 before 0.8.6d allows remote attackers to execute arbitrary code via crafted arguments to the (1) addTarget, (2) getVariable, or (3) setVariable function, resulting from a "bad initialized pointer," aka a "recursive plugin release vulnerability." | |||||
| CVE-2007-6684 | 1 Videolan | 1 Vlc | 2026-04-23 | 5.0 MEDIUM | N/A |
| The RTSP module in VideoLAN VLC 0.8.6d allows remote attackers to cause a denial of service (crash) via a request without a Transport parameter, which triggers a NULL pointer dereference. | |||||
| CVE-2007-3467 | 1 Videolan | 1 Vlc Media Player | 2026-04-23 | 7.8 HIGH | N/A |
| Integer overflow in the __status_Update function in stats.c VideoLAN VLC Media Player before 0.8.6c allows remote attackers to cause a denial of service (crash) via a WAV file with a large sample rate. | |||||
| CVE-2008-0984 | 2 Miro, Videolan | 2 Miro Player, Vlc Media Player | 2026-04-23 | 9.3 HIGH | N/A |
| The MP4 demuxer (mp4.c) for VLC media player 0.8.6d and earlier, as used in Miro Player 1.1 and earlier, allows remote attackers to overwrite arbitrary memory and execute arbitrary code via a malformed MP4 file. | |||||
| CVE-2008-4654 | 1 Videolan | 1 Vlc Media Player | 2026-04-23 | 9.3 HIGH | N/A |
| Stack-based buffer overflow in the parse_master function in the Ty demux plugin (modules/demux/ty.c) in VLC Media Player 0.9.0 through 0.9.4 allows remote attackers to execute arbitrary code via a TiVo TY media file with a header containing a crafted size value. | |||||
| CVE-2008-0295 | 1 Videolan | 1 Vlc Media Player | 2026-04-23 | 8.5 HIGH | N/A |
| Heap-based buffer overflow in modules/access/rtsp/real_sdpplin.c in the Xine library, as used in VideoLAN VLC Media Player 0.8.6d and earlier, allows user-assisted remote attackers to cause a denial of service (crash) or execute arbitrary code via long Session Description Protocol (SDP) data. | |||||
| CVE-2018-19937 | 1 Videolan | 1 Vlc For Mobile | 2025-05-06 | 4.6 MEDIUM | 6.6 MEDIUM |
| A local, authenticated attacker can bypass the passcode in the VideoLAN VLC media player app before 3.1.5 for iOS by opening a URL and turning the phone. | |||||
| CVE-2022-41325 | 2 Debian, Videolan | 2 Debian Linux, Vlc Media Player | 2025-04-23 | N/A | 7.8 HIGH |
| An integer overflow in the VNC module in VideoLAN VLC Media Player through 3.0.17.4 allows attackers, by tricking a user into opening a crafted playlist or connecting to a rogue VNC server, to crash VLC or execute code under some conditions. | |||||
| CVE-2017-9300 | 1 Videolan | 1 Vlc Media Player | 2025-04-20 | 6.8 MEDIUM | 7.8 HIGH |
| plugins\codec\libflac_plugin.dll in VideoLAN VLC media player 2.2.4 allows remote attackers to cause a denial of service (heap corruption and application crash) or possibly have unspecified other impact via a crafted FLAC file. | |||||
| CVE-2014-6440 | 1 Videolan | 1 Vlc | 2025-04-20 | 7.5 HIGH | 9.8 CRITICAL |
| VideoLAN VLC media player before 2.1.5 allows remote attackers to execute arbitrary code or cause a denial of service. | |||||
| CVE-2017-9301 | 1 Videolan | 1 Vlc Media Player | 2025-04-20 | 6.8 MEDIUM | 7.8 HIGH |
| plugins\audio_filter\libmpgatofixed32_plugin.dll in VideoLAN VLC media player 2.2.4 allows remote attackers to cause a denial of service (invalid read and application crash) or possibly have unspecified other impact via a crafted file. | |||||
| CVE-2017-8312 | 2 Debian, Videolan | 2 Debian Linux, Vlc Media Player | 2025-04-20 | 4.3 MEDIUM | 5.5 MEDIUM |
| Heap out-of-bound read in ParseJSS in VideoLAN VLC due to missing check of string length allows attackers to read heap uninitialized data via a crafted subtitles file. | |||||
| CVE-2017-8310 | 1 Videolan | 1 Vlc Media Player | 2025-04-20 | 4.3 MEDIUM | 5.5 MEDIUM |
| Heap out-of-bound read in CreateHtmlSubtitle in VideoLAN VLC 2.2.x due to missing check of string termination allows attackers to read data beyond allocated memory and potentially crash the process (causing a denial of service) via a crafted subtitles file. | |||||
| CVE-2017-8313 | 1 Videolan | 1 Vlc Media Player | 2025-04-20 | 4.3 MEDIUM | 5.5 MEDIUM |
| Heap out-of-bound read in ParseJSS in VideoLAN VLC before 2.2.5 due to missing check of string termination allows attackers to read data beyond allocated memory and potentially crash the process via a crafted subtitles file. | |||||
| CVE-2017-10699 | 1 Videolan | 1 Vlc Media Player | 2025-04-20 | 7.5 HIGH | 9.8 CRITICAL |
| avcodec 2.2.x, as used in VideoLAN VLC media player 2.2.7-x before 2017-06-29, allows out-of-bounds heap memory write due to calling memcpy() with a wrong size, leading to a denial of service (application crash) or possibly code execution. | |||||
| CVE-2017-17670 | 2 Debian, Videolan | 2 Debian Linux, Vlc Media Player | 2025-04-20 | 6.8 MEDIUM | 8.8 HIGH |
| In VideoLAN VLC media player through 2.2.8, there is a type conversion vulnerability in modules/demux/mp4/libmp4.c in the MP4 demux module leading to a invalid free, because the type of a box may be changed between a read operation and a free operation. | |||||
| CVE-2017-8311 | 1 Videolan | 1 Vlc Media Player | 2025-04-20 | 6.8 MEDIUM | 7.8 HIGH |
| Potential heap based buffer overflow in ParseJSS in VideoLAN VLC before 2.2.5 due to skipping NULL terminator in an input string allows attackers to execute arbitrary code via a crafted subtitles file. | |||||