Filtered by vendor Videolan
Subscribe
Total
127 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2009-2484 | 2 Microsoft, Videolan | 2 Windows, Vlc Media Player | 2026-04-23 | 9.3 HIGH | N/A |
| Stack-based buffer overflow in the Win32AddConnection function in modules/access/smb.c in VideoLAN VLC media player 0.9.9, when running on Microsoft Windows, allows remote attackers to cause a denial of service (application crash) and possibly execute arbitrary code via a long smb URI in a playlist file. | |||||
| CVE-2008-1768 | 1 Videolan | 1 Vlc | 2026-04-23 | 6.8 MEDIUM | N/A |
| Multiple integer overflows in VLC before 0.8.6f allow remote attackers to cause a denial of service (crash) via the (1) MP4 demuxer, (2) Real demuxer, and (3) Cinepak codec, which triggers a buffer overflow. | |||||
| CVE-2008-1489 | 1 Videolan | 1 Vlc | 2026-04-23 | 6.8 MEDIUM | N/A |
| Integer overflow in the MP4_ReadBox_rdrf function in libmp4.c for VLC 0.8.6e allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a crafted MP4 RDRF box that triggers a heap-based buffer overflow, a different vulnerability than CVE-2008-0984. | |||||
| CVE-2007-6683 | 1 Videolan | 1 Vlc | 2026-04-23 | 5.0 MEDIUM | N/A |
| The browser plugin in VideoLAN VLC 0.8.6d allows remote attackers to overwrite arbitrary files via (1) the :demuxdump-file option in a filename in a playlist, or (2) a EXTVLCOPT statement in an MP3 file, possibly an argument injection vulnerability. | |||||
| CVE-2008-5036 | 1 Videolan | 1 Vlc Media Player | 2026-04-23 | 9.3 HIGH | N/A |
| Stack-based buffer overflow in VideoLAN VLC media player 0.9.x before 0.9.6 might allow user-assisted attackers to execute arbitrary code via an an invalid RealText (rt) subtitle file, related to the ParseRealText function in modules/demux/subtitle.c. NOTE: this issue was SPLIT from CVE-2008-5032 on 20081110. | |||||
| CVE-2008-1769 | 1 Videolan | 1 Vlc | 2026-04-23 | 6.8 MEDIUM | N/A |
| VLC before 0.8.6f allow remote attackers to cause a denial of service (crash) via a crafted Cinepak file that triggers an out-of-bounds array access and memory corruption. | |||||
| CVE-2008-3794 | 1 Videolan | 1 Vlc Media Player | 2026-04-23 | 6.8 MEDIUM | N/A |
| Integer signedness error in the mms_ReceiveCommand function in modules/access/mms/mmstu.c in VLC Media Player 0.8.6i allows remote attackers to execute arbitrary code via a crafted mmst link with a negative size value, which bypasses a size check and triggers an integer overflow followed by a heap-based buffer overflow. | |||||
| CVE-2008-2430 | 2 Microsoft, Videolan | 2 Windows Nt, Vlc Media Player | 2026-04-23 | 9.3 HIGH | N/A |
| Integer overflow in the Open function in modules/demux/wav.c in VLC Media Player 0.8.6h on Windows allows remote attackers to execute arbitrary code via a large fmt chunk in a WAV file. | |||||
| CVE-2007-6682 | 1 Videolan | 1 Vlc | 2026-04-23 | 7.5 HIGH | N/A |
| Format string vulnerability in the httpd_FileCallBack function (network/httpd.c) in VideoLAN VLC 0.8.6d allows remote attackers to execute arbitrary code via format string specifiers in the Connection parameter. | |||||
| CVE-2008-2147 | 1 Videolan | 1 Vlc | 2026-04-23 | 4.6 MEDIUM | N/A |
| Untrusted search path vulnerability in VideoLAN VLC before 0.9.0 allows local users to execute arbitrary code via a malicious library under the modules/ or plugins/ subdirectories of the current working directory. | |||||
| CVE-2008-0296 | 2 Microsoft, Videolan | 2 Windows, Vlc Media Player | 2026-04-23 | 10.0 HIGH | N/A |
| Heap-based buffer overflow in the libaccess_realrtsp plugin in VideoLAN VLC Media Player 0.8.6d and earlier on Windows might allow remote RTSP servers to cause a denial of service (application crash) or execute arbitrary code via a long string. | |||||
| CVE-2007-0017 | 1 Videolan | 1 Vlc Media Player | 2026-04-23 | 6.8 MEDIUM | N/A |
| Multiple format string vulnerabilities in (1) the cdio_log_handler function in modules/access/cdda/access.c in the CDDA (libcdda_plugin) plugin, and the (2) cdio_log_handler and (3) vcd_log_handler functions in modules/access/vcdx/access.c in the VCDX (libvcdx_plugin) plugin, in VideoLAN VLC 0.7.0 through 0.8.6 allow user-assisted remote attackers to execute arbitrary code via format string specifiers in an invalid URI, as demonstrated by a udp://-- URI in an M3U file. | |||||
| CVE-2008-1881 | 1 Videolan | 1 Vlc | 2026-04-23 | 6.8 MEDIUM | N/A |
| Stack-based buffer overflow in the ParseSSA function (modules/demux/subtitle.c) in VLC 0.8.6e allows remote attackers to execute arbitrary code via a long subtitle in an SSA file. NOTE: this issue is due to an incomplete fix for CVE-2007-6681. | |||||
| CVE-2007-6681 | 1 Videolan | 1 Vlc | 2026-04-23 | 7.5 HIGH | N/A |
| Stack-based buffer overflow in modules/demux/subtitle.c in VideoLAN VLC 0.8.6d allows remote attackers to execute arbitrary code via a long subtitle in a (1) MicroDvd, (2) SSA, and (3) Vplayer file. | |||||
| CVE-2007-0256 | 1 Videolan | 1 Vlc Media Player | 2026-04-23 | 7.8 HIGH | N/A |
| VideoLAN VLC 0.8.6a allows remote attackers to cause a denial of service (application crash) via a crafted .wmv file. | |||||
| CVE-2008-5276 | 1 Videolan | 1 Vlc Media Player | 2026-04-23 | 9.3 HIGH | N/A |
| Integer overflow in the ReadRealIndex function in real.c in the Real demuxer plugin in VideoLAN VLC media player 0.9.0 through 0.9.7 allows remote attackers to execute arbitrary code via a malformed RealMedia (.rm) file that triggers a heap-based buffer overflow. | |||||
| CVE-2008-4558 | 1 Videolan | 1 Vlc Media Player | 2026-04-23 | 6.8 MEDIUM | N/A |
| Array index error in VLC media player 0.9.2 allows remote attackers to overwrite arbitrary memory and execute arbitrary code via an XSPF playlist file with a negative identifier tag, which passes a signed comparison. | |||||
| CVE-2008-3732 | 1 Videolan | 1 Vlc Media Player | 2026-04-23 | 9.3 HIGH | N/A |
| Integer overflow in the Open function in modules/demux/tta.c in VLC Media Player 0.8.6i allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a crafted TTA file, which triggers a heap-based buffer overflow. NOTE: some of these details are obtained from third party information. | |||||
| CVE-2008-4686 | 1 Videolan | 1 Vlc Media Player | 2026-04-23 | 9.3 HIGH | N/A |
| Multiple integer overflows in ty.c in the TY demux plugin (aka the TiVo demuxer) in VideoLAN VLC media player, probably 0.9.4, might allow remote attackers to execute arbitrary code via a crafted .ty file, a different vulnerability than CVE-2008-4654. | |||||
| CVE-2007-3316 | 1 Videolan | 1 Vlc Media Player | 2026-04-23 | 9.3 HIGH | N/A |
| Multiple format string vulnerabilities in plugins in VideoLAN VLC Media Player before 0.8.6c allow remote attackers to cause a denial of service (crash) or execute arbitrary code via format string specifiers in (1) an Ogg/Vorbis file, (2) an Ogg/Theora file, (3) a CDDB entry for a CD Digital Audio (CDDA) file, or (4) Service Announce Protocol (SAP) multicast packets. | |||||