Filtered by vendor Videolan Subscriptions
Filtered by product Vlc Media Player Subscriptions
Total 114 CVE
CVE Vendors Products Updated CVSS v3.1
CVE-2016-5108 2 Debian, Videolan 2 Debian Linux, Vlc Media Player 2024-11-21 N/A
Buffer overflow in the DecodeAdpcmImaQT function in modules/codec/adpcm.c in VideoLAN VLC media player before 2.2.4 allows remote attackers to cause a denial of service (crash) or possibly execute arbitrary code via a crafted QuickTime IMA file.
CVE-2016-3941 2 Canonical, Videolan 2 Ubuntu Linux, Vlc Media Player 2024-11-21 N/A
Buffer overflow in the AStreamPeekStream function in input/stream.c in VideoLAN VLC media player before 2.2.0 allows remote attackers to cause a denial of service (crash) via a crafted wav file, related to "seek across EOF."
CVE-2015-5949 1 Videolan 1 Vlc Media Player 2024-11-21 N/A
VideoLAN VLC media player 2.2.1 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a crafted 3GP file, which triggers the freeing of arbitrary pointers.
CVE-2014-9743 1 Videolan 1 Vlc Media Player 2024-11-21 N/A
Cross-site scripting (XSS) vulnerability in the httpd_HtmlError function in network/httpd.c in the web interface in VideoLAN VLC Media Player before 2.2.0 allows remote attackers to inject arbitrary web script or HTML via the path info.
CVE-2014-9630 1 Videolan 1 Vlc Media Player 2024-11-21 7.8 High
The rtp_packetize_xiph_config function in modules/stream_out/rtpfmt.c in VideoLAN VLC media player before 2.1.6 uses a stack-allocation approach with a size determined by arbitrary input data, which allows remote attackers to cause a denial of service (memory corruption) or possibly have unspecified other impact via a crafted length value.
CVE-2014-9629 1 Videolan 1 Vlc Media Player 2024-11-21 7.8 High
Integer overflow in the Encode function in modules/codec/schroedinger.c in VideoLAN VLC media player before 2.1.6 and 2.2.x before 2.2.1 allows remote attackers to conduct buffer overflow attacks and execute arbitrary code via a crafted length value.
CVE-2014-9628 1 Videolan 1 Vlc Media Player 2024-11-21 7.8 High
The MP4_ReadBox_String function in modules/demux/mp4/libmp4.c in VideoLAN VLC media player before 2.1.6 allows remote attackers to trigger an unintended zero-size malloc and conduct buffer overflow attacks, and consequently execute arbitrary code, via a box size of 7.
CVE-2014-9627 1 Videolan 1 Vlc Media Player 2024-11-21 7.8 High
The MP4_ReadBox_String function in modules/demux/mp4/libmp4.c in VideoLAN VLC media player before 2.1.6 performs an incorrect cast operation from a 64-bit integer to a 32-bit integer, which allows remote attackers to cause a denial of service or possibly have unspecified other impact via a large box size.
CVE-2014-9626 1 Videolan 1 Vlc Media Player 2024-11-21 7.8 High
Integer underflow in the MP4_ReadBox_String function in modules/demux/mp4/libmp4.c in VideoLAN VLC media player before 2.1.6 allows remote attackers to cause a denial of service or possibly have unspecified other impact via a box size less than 7.
CVE-2014-9625 1 Videolan 1 Vlc Media Player 2024-11-21 7.8 High
The GetUpdateFile function in misc/update.c in the Updater in VideoLAN VLC media player before 2.1.6 performs an incorrect cast operation from a 64-bit integer to a 32-bit integer, which allows remote attackers to conduct buffer overflow attacks and execute arbitrary code via a crafted update status file, aka an "integer truncation" vulnerability.
CVE-2014-9598 1 Videolan 1 Vlc Media Player 2024-11-21 N/A
The picture_Release function in misc/picture.c in VideoLAN VLC media player 2.1.5 allows remote attackers to execute arbitrary code or cause a denial of service (write access violation) via a crafted M2V file.
CVE-2014-9597 1 Videolan 1 Vlc Media Player 2024-11-21 N/A
The picture_pool_Delete function in misc/picture_pool.c in VideoLAN VLC media player 2.1.5 allows remote attackers to execute arbitrary code or cause a denial of service (DEP violation and application crash) via a crafted FLV file.
CVE-2014-3441 1 Videolan 1 Vlc Media Player 2024-11-21 N/A
codec\libpng_plugin.dll in VideoLAN VLC Media Player 2.1.3 allows remote attackers to cause a denial of service (crash) via a crafted .png file, as demonstrated by a png in a .wave file.
CVE-2014-1684 1 Videolan 1 Vlc Media Player 2024-11-21 N/A
The ASF_ReadObject_file_properties function in modules/demux/asf/libasf.c in the ASF Demuxer in VideoLAN VLC Media Player before 2.1.3 allows remote attackers to cause a denial of service (divide-by-zero error and crash) via a zero minimum and maximum data packet size in an ASF file.
CVE-2013-7340 1 Videolan 1 Vlc Media Player 2024-11-21 N/A
VideoLAN VLC Media Player before 2.0.7 allows remote attackers to cause a denial of service (memory consumption) via a crafted playlist file.
CVE-2013-6934 2 Live555, Videolan 2 Streaming Media, Vlc Media Player 2024-11-21 N/A
The parseRTSPRequestString function in Live Networks Live555 Streaming Media 2013.11.26, as used in VideoLAN VLC Media Player, allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a space character at the beginning of an RTSP message, which triggers an integer underflow, infinite loop, and buffer overflow. NOTE: this vulnerability exists because of an incomplete fix for CVE-2013-6933.
CVE-2013-6283 1 Videolan 1 Vlc Media Player 2024-11-21 N/A
VideoLAN VLC Media Player 2.0.8 and earlier allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a long string in a URL in a m3u file.
CVE-2013-4388 1 Videolan 1 Vlc Media Player 2024-11-21 N/A
Buffer overflow in the mp4a packetizer (modules/packetizer/mpeg4audio.c) in VideoLAN VLC Media Player before 2.0.8 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via unspecified vectors.
CVE-2013-3565 2 Opensuse, Videolan 2 Opensuse, Vlc Media Player 2024-11-21 6.1 Medium
Multiple cross-site scripting (XSS) vulnerabilities in the HTTP Interface in VideoLAN VLC Media Player before 2.0.7 allow remote attackers to inject arbitrary web script or HTML via the (1) command parameter to requests/vlm_cmd.xml, (2) dir parameter to requests/browse.xml, or (3) URI in a request, which is returned in an error message through share/lua/intf/http.lua.
CVE-2013-3564 1 Videolan 1 Vlc Media Player 2024-11-21 5.3 Medium
The web interface in VideoLAN VLC media player before 2.0.7 has no access control which allows remote attackers to view directory listings via the 'dir' command or issue other commands without authenticating.