Videolan Vlc Media Player — known CVE vulnerabilities
Every CVE whose affected-product data names Videolan Vlc Media Player, ordered by CVSS severity, with EPSS exploit prediction and CISA KEV status.
CVEs (113)
CVE-2008-0296 — CVSS 10.0 (critical): Heap-based buffer overflow in the libaccess_realrtsp plugin in VideoLAN VLC Media Player 0.8.6d and earlier on Windows might allow remote…
CVE-2019-13962 — CVSS 9.8 (critical): lavc_CopyPicture in modules/codec/avcodec/video.c in VideoLAN VLC media player through 3.0.7 has a heap-based buffer over-read because it…
CVE-2019-12874 — CVSS 9.8 (critical): An issue was discovered in zlib_decompress_extra in modules/demux/mkv/util.cpp in VideoLAN VLC media player 3.x through 3.0.7. The Matroska…
CVE-2017-10699 — CVSS 9.8 (critical): avcodec 2.2.x, as used in VideoLAN VLC media player 2.2.7-x before 2017-06-29, allows out-of-bounds heap memory write due to calling…
CVE-2023-47359 — CVSS 9.8 (critical): Videolan VLC prior to version 3.0.20 contains an incorrect offset read that leads to a Heap-Based Buffer Overflow in function GetPacket()…
CVE-2016-5108 — CVSS 9.8 (critical): Buffer overflow in the DecodeAdpcmImaQT function in modules/codec/adpcm.c in VideoLAN VLC media player before 2.2.4 allows remote attackers…
CVE-2008-2430 — CVSS 9.3 (critical): Integer overflow in the Open function in modules/demux/wav.c in VLC Media Player 0.8.6h on Windows allows remote attackers to execute…
CVE-2008-3732 — CVSS 9.3 (critical): Integer overflow in the Open function in modules/demux/tta.c in VLC Media Player 0.8.6i allows remote attackers to cause a denial of…
CVE-2008-4654 — CVSS 9.3 (critical): Stack-based buffer overflow in the parse_master function in the Ty demux plugin (modules/demux/ty.c) in VLC Media Player 0.9.0 through…
CVE-2008-4686 — CVSS 9.3 (critical): Multiple integer overflows in ty.c in the TY demux plugin (aka the TiVo demuxer) in VideoLAN VLC media player, probably 0.9.4, might allow…
CVE-2008-5032 — CVSS 9.3 (critical): Stack-based buffer overflow in VideoLAN VLC media player 0.5.0 through 0.9.5 might allow user-assisted attackers to execute arbitrary code…
CVE-2008-5036 — CVSS 9.3 (critical): Stack-based buffer overflow in VideoLAN VLC media player 0.9.x before 0.9.6 might allow user-assisted attackers to execute arbitrary code…
CVE-2008-5276 — CVSS 9.3 (critical): Integer overflow in the ReadRealIndex function in real.c in the Real demuxer plugin in VideoLAN VLC media player 0.9.0 through 0.9.7 allows…
CVE-2009-2484 — CVSS 9.3 (critical): Stack-based buffer overflow in the Win32AddConnection function in modules/access/smb.c in VideoLAN VLC media player 0.9.9, when running on…
CVE-2010-0364 — CVSS 9.3 (critical): Stack-based buffer overflow in VideoLAN VLC Media Player 0.8.6 allows user-assisted remote attackers to execute arbitrary code via an ogg…
CVE-2011-0021 — CVSS 9.3 (critical): Multiple heap-based buffer overflows in cdg.c in the CDG decoder in VideoLAN VLC Media Player before 1.1.6 allow remote attackers to cause…
CVE-2011-0531 — CVSS 9.3 (critical): demux/mkv/mkv.hpp in the MKV demuxer plugin in VideoLAN VLC media player 1.1.6.1 and earlier allows remote attackers to cause a denial of…
CVE-2012-0023 — CVSS 9.3 (critical): Double free vulnerability in the get_chunk_header function in modules/demux/ty.c in VideoLAN VLC media player 0.9.0 through 1.1.12 allows…
CVE-2011-2194 — CVSS 9.3 (critical): Integer overflow in the XSPF playlist parser in VideoLAN VLC media player 0.8.5 through 1.1.9 allows remote attackers to cause a denial of…
CVE-2007-3316 — CVSS 9.3 (critical): Multiple format string vulnerabilities in plugins in VideoLAN VLC Media Player before 0.8.6c allow remote attackers to cause a denial of…
CVE-2008-0984 — CVSS 9.3 (critical): The MP4 demuxer (mp4.c) for VLC media player 0.8.6d and earlier, as used in Miro Player 1.1 and earlier, allows remote attackers to…
CVE-2010-3124 — CVSS 9.3 (critical): Untrusted search path vulnerability in bin/winvlc.c in VLC Media Player 1.1.3 and earlier allows local users, and possibly remote…
CVE-2010-3275 — CVSS 9.3 (critical): libdirectx_plugin.dll in VideoLAN VLC Media Player before 1.1.8 allows remote attackers to execute arbitrary code via a crafted width in an…
CVE-2010-3276 — CVSS 9.3 (critical): libdirectx_plugin.dll in VideoLAN VLC Media Player before 1.1.8 allows remote attackers to execute arbitrary code via a crafted width in an…
CVE-2010-3907 — CVSS 9.3 (critical): Multiple integer overflows in real.c in the Real demuxer plugin in VideoLAN VLC Media Player before 1.1.6 allow remote attackers to cause a…
CVE-2012-1775 — CVSS 9.3 (critical): Stack-based buffer overflow in VideoLAN VLC media player before 2.0.1 allows remote attackers to execute arbitrary code via a crafted…
CVE-2013-1868 — CVSS 9.3 (critical): Multiple buffer overflows in VideoLAN VLC media player 2.0.4 and earlier allow remote attackers to cause a denial of service (crash) and…
CVE-2012-1776 — CVSS 9.3 (critical): Multiple heap-based buffer overflows in VideoLAN VLC media player before 2.0.1 allow remote attackers to cause a denial of service…
CVE-2018-19857 — CVSS 9.1 (critical): The CAF demuxer in modules/demux/caf.c in VideoLAN VLC media player 3.0.4 may read memory from an uninitialized pointer when processing…
CVE-2018-11516 — CVSS 8.8 (high): The vlc_demux_chained_Delete function in input/demux_chained.c in VideoLAN VLC media player 3.0.1 allows remote attackers to cause a denial…
CVE-2017-17670 — CVSS 8.8 (high): In VideoLAN VLC media player through 2.2.8, there is a type conversion vulnerability in modules/demux/mp4/libmp4.c in the MP4 demux module…
CVE-2008-0295 — CVSS 8.5 (high): Heap-based buffer overflow in modules/access/rtsp/real_sdpplin.c in the Xine library, as used in VideoLAN VLC Media Player 0.8.6d and…
CVE-2018-11529 — CVSS 8.0 (high): VideoLAN VLC media player 2.2.x is prone to a use after free vulnerability which an attacker can leverage to execute arbitrary code via…
CVE-2019-18278 — CVSS 7.8 (high): When executing VideoLAN VLC media player 3.0.8 with libqt on Windows, Data from a Faulting Address controls Code Flow starting at…
CVE-2007-0256 — CVSS 7.8 (high): VideoLAN VLC 0.8.6a allows remote attackers to cause a denial of service (application crash) via a crafted .wmv file.
CVE-2007-3467 — CVSS 7.8 (high): Integer overflow in the __status_Update function in stats.c VideoLAN VLC Media Player before 0.8.6c allows remote attackers to cause a…
CVE-2007-3468 — CVSS 7.8 (high): input.c in VideoLAN VLC Media Player before 0.8.6c allows remote attackers to cause a denial of service (crash) via a crafted WAV file that…
CVE-2014-9625 — CVSS 7.8 (high): The GetUpdateFile function in misc/update.c in the Updater in VideoLAN VLC media player before 2.1.6 performs an incorrect cast operation…
CVE-2014-9626 — CVSS 7.8 (high): Integer underflow in the MP4_ReadBox_String function in modules/demux/mp4/libmp4.c in VideoLAN VLC media player before 2.1.6 allows remote…
CVE-2014-9627 — CVSS 7.8 (high): The MP4_ReadBox_String function in modules/demux/mp4/libmp4.c in VideoLAN VLC media player before 2.1.6 performs an incorrect cast…
CVE-2014-9628 — CVSS 7.8 (high): The MP4_ReadBox_String function in modules/demux/mp4/libmp4.c in VideoLAN VLC media player before 2.1.6 allows remote attackers to trigger…
CVE-2014-9629 — CVSS 7.8 (high): Integer overflow in the Encode function in modules/codec/schroedinger.c in VideoLAN VLC media player before 2.1.6 and 2.2.x before 2.2.1…
CVE-2014-9630 — CVSS 7.8 (high): The rtp_packetize_xiph_config function in modules/stream_out/rtpfmt.c in VideoLAN VLC media player before 2.1.6 uses a stack-allocation…
CVE-2017-8311 — CVSS 7.8 (high): Potential heap based buffer overflow in ParseJSS in VideoLAN VLC before 2.2.5 due to skipping NULL terminator in an input string allows…
CVE-2017-9300 — CVSS 7.8 (high): plugins\codec\libflac_plugin.dll in VideoLAN VLC media player 2.2.4 allows remote attackers to cause a denial of service (heap corruption…
CVE-2017-9301 — CVSS 7.8 (high): plugins\audio_filter\libmpgatofixed32_plugin.dll in VideoLAN VLC media player 2.2.4 allows remote attackers to cause a denial of service…
CVE-2019-13602 — CVSS 7.8 (high): An Integer Underflow in MP4_EIA608_Convert() in modules/demux/mp4/mp4.c in VideoLAN VLC media player through 3.0.7.1 allows remote…
CVE-2019-14437 — CVSS 7.8 (high): The xiph_SplitHeaders function in modules/demux/xiph.h in VideoLAN VLC media player 3.0.7.1 does not check array bounds properly. As a…
CVE-2019-14438 — CVSS 7.8 (high): A heap-based buffer over-read in xiph_PackHeaders() in modules/demux/xiph.h in VideoLAN VLC media player 3.0.7.1 allows remote attackers to…
CVE-2019-14498 — CVSS 7.8 (high): A divide-by-zero error exists in the Control function of demux/caf.c in VideoLAN VLC media player 3.0.7.1. As a result, an FPE can be…
CVE-2019-14533 — CVSS 7.8 (high): The Control function of demux/asf/asf.c in VideoLAN VLC media player 3.0.7.1 has a use-after-free.
CVE-2019-14535 — CVSS 7.8 (high): A divide-by-zero error exists in the SeekIndex function of demux/asf/asf.c in VideoLAN VLC media player 3.0.7.1. As a result, an FPE can be…
CVE-2019-14776 — CVSS 7.8 (high): A heap-based buffer over-read exists in DemuxInit() in demux/asf/asf.c in VideoLAN VLC media player 3.0.7.1 via a crafted .mkv file.
CVE-2019-14777 — CVSS 7.8 (high): The Control function of demux/mkv/mkv.cpp in VideoLAN VLC media player 3.0.7.1 has a use-after-free.
CVE-2019-14778 — CVSS 7.8 (high): The mkv::virtual_segment_c::seek method of demux/mkv/virtual_segment.cpp in VideoLAN VLC media player 3.0.7.1 has a use-after-free.
CVE-2019-14970 — CVSS 7.8 (high): A vulnerability in mkv::event_thread_t in VideoLAN VLC media player 3.0.7.1 allows remote attackers to trigger a heap-based buffer overflow…
CVE-2019-19721 — CVSS 7.8 (high): An off-by-one error in the DecodeBlock function in codec/sdl_image.c in VideoLAN VLC media player before 3.0.9 allows remote attackers to…
CVE-2020-13428 — CVSS 7.8 (high): A heap-based buffer overflow in the hxxx_AnnexB_to_xVC function in modules/packetizer/hxxx_nal.c in VideoLAN VLC media player before 3.0.11…
CVE-2020-26664 — CVSS 7.8 (high): A vulnerability in EbmlTypeDispatcher::send in VideoLAN VLC media player 3.0.11 allows attackers to trigger a heap-based buffer overflow…
CVE-2022-41325 — CVSS 7.8 (high): An integer overflow in the VNC module in VideoLAN VLC Media Player through 3.0.17.4 allows attackers, by tricking a user into opening a…
CVE-2023-46814 — CVSS 7.8 (high): A binary hijacking vulnerability exists within the VideoLAN VLC media player before 3.0.19 on Windows. The uninstaller attempts to execute…
CVE-2011-1087 — CVSS 7.6 (high): Buffer overflow in VideoLAN VLC media player 1.0.5 allows user-assisted remote attackers to cause a denial of service (memory corruption…
CVE-2010-1442 — CVSS 7.5 (high): VideoLAN VLC media player before 1.0.6 allows remote attackers to cause a denial of service (invalid memory access and application crash)…
CVE-2010-1441 — CVSS 7.5 (high): Multiple heap-based buffer overflows in VideoLAN VLC media player before 1.0.6 allow remote attackers to cause a denial of service…
CVE-2011-3623 — CVSS 7.5 (high): Multiple stack-based buffer overflows in VideoLAN VLC media player before 1.0.2 allow remote attackers to execute arbitrary code via (1) a…
CVE-2010-1445 — CVSS 7.5 (high): Heap-based buffer overflow in VideoLAN VLC media player before 1.0.6 allows remote attackers to cause a denial of service (application…
CVE-2010-1444 — CVSS 7.5 (high): The ZIP archive decompressor in VideoLAN VLC media player before 1.0.6 allows remote attackers to cause a denial of service (invalid memory…
CVE-2021-25804 — CVSS 7.5 (high): A NULL-pointer dereference in "Open" in avi.c of VideoLAN VLC Media Player 3.0.11 can a denial of service (DOS) in the application.
CVE-2013-6283 — CVSS 7.5 (high): VideoLAN VLC Media Player 2.0.8 and earlier allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary…
CVE-2010-2062 — CVSS 7.5 (high): Integer underflow in the real_get_rdt_chunk function in real.c, as used in modules/access/rtsp/real.c in VideoLAN VLC media player before…
CVE-2013-6934 — CVSS 7.5 (high): The parseRTSPRequestString function in Live Networks Live555 Streaming Media 2013.11.26, as used in VideoLAN VLC Media Player, allows…
CVE-2023-47360 — CVSS 7.5 (high): Videolan VLC prior to version 3.0.20 contains an Integer underflow that leads to an incorrect packet length.
CVE-2021-25802 — CVSS 7.1 (high): A buffer overflow vulnerability in the AVI_ExtractSubtitle component of VideoLAN VLC Media Player 3.0.11 allows attackers to cause an…
CVE-2021-25801 — CVSS 7.1 (high): A buffer overflow vulnerability in the __Parse_indx component of VideoLAN VLC Media Player 3.0.11 allows attackers to cause an…
CVE-2021-25803 — CVSS 7.1 (high): A buffer overflow vulnerability in the vlc_input_attachment_New component of VideoLAN VLC Media Player 3.0.11 allows attackers to cause an…
CVE-2007-6262 — CVSS 6.8 (medium): A certain ActiveX control in axvlc.dll in VideoLAN VLC 0.8.6 before 0.8.6d allows remote attackers to execute arbitrary code via crafted…
CVE-2014-9598 — CVSS 6.8 (medium): The picture_Release function in misc/picture.c in VideoLAN VLC media player 2.1.5 allows remote attackers to execute arbitrary code or…
CVE-2014-9597 — CVSS 6.8 (medium): The picture_pool_Delete function in misc/picture_pool.c in VideoLAN VLC media player 2.1.5 allows remote attackers to execute arbitrary…
CVE-2015-5949 — CVSS 6.8 (medium): VideoLAN VLC media player 2.2.1 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a…
CVE-2008-4558 — CVSS 6.8 (medium): Array index error in VLC media player 0.9.2 allows remote attackers to overwrite arbitrary memory and execute arbitrary code via an XSPF…
CVE-2007-0017 — CVSS 6.8 (medium): Multiple format string vulnerabilities in (1) the cdio_log_handler function in modules/access/cdda/access.c in the CDDA (libcdda_plugin)…
CVE-2008-3794 — CVSS 6.8 (medium): Integer signedness error in the mms_ReceiveCommand function in modules/access/mms/mmstu.c in VLC Media Player 0.8.6i allows remote…
CVE-2011-1931 — CVSS 6.8 (medium): sp5xdec.c in the Sunplus SP5X JPEG decoder in libavcodec in FFmpeg before 0.6.3 and libav through 0.6.2, as used in VideoLAN VLC media…
CVE-2011-1684 — CVSS 6.8 (medium): Heap-based buffer overflow in the MP4_ReadBox_skcr function in libmp4.c in the MP4 demultiplexer in VideoLAN VLC media player 1.x before…
CVE-2011-2587 — CVSS 6.8 (medium): Heap-based buffer overflow in the DemuxAudioSipr function in real.c in the RealMedia demuxer in VideoLAN VLC media player 1.1.x before…
CVE-2011-2588 — CVSS 6.8 (medium): Heap-based buffer overflow in the AVI_ChunkRead_strf function in libavi.c in the AVI demuxer in VideoLAN VLC media player before 1.1.11…
CVE-2011-0522 — CVSS 6.8 (medium): The StripTags function in (1) the USF decoder (modules/codec/subtitles/subsdec.c) and (2) the Text decoder (modules/codec/subtitles/subsusf…
CVE-2012-3377 — CVSS 6.8 (medium): Heap-based buffer overflow in the Ogg_DecodePacket function in the OGG demuxer (modules/demux/ogg.c) in VideoLAN VLC media player before…
CVE-2013-1954 — CVSS 6.8 (medium): The ASF Demuxer (modules/demux/asf/asf.c) in VideoLAN VLC media player 2.0.5 and earlier allows remote attackers to cause a denial of…
CVE-2013-4388 — CVSS 6.8 (medium): Buffer overflow in the mp4a packetizer (modules/packetizer/mpeg4audio.c) in VideoLAN VLC Media Player before 2.0.8 allows remote attackers…
CVE-2019-5439 — CVSS 6.5 (medium): A Buffer Overflow in VLC Media Player < 3.0.7 causes a crash which can possibly be further developed into a remote code execution exploit.
CVE-2013-3245 — CVSS 6.3 (medium): plugins/demux/libmkv_plugin.dll in VideoLAN VLC Media Player 2.0.7, and possibly other versions, allows remote attackers to cause a denial…
CVE-2013-3565 — CVSS 6.1 (medium): Multiple cross-site scripting (XSS) vulnerabilities in the HTTP Interface in VideoLAN VLC Media Player before 2.0.7 allow remote attackers…
CVE-2017-8313 — CVSS 5.5 (medium): Heap out-of-bound read in ParseJSS in VideoLAN VLC before 2.2.5 due to missing check of string termination allows attackers to read data…
CVE-2016-3941 — CVSS 5.5 (medium): Buffer overflow in the AStreamPeekStream function in input/stream.c in VideoLAN VLC media player before 2.2.0 allows remote attackers to…
CVE-2017-8312 — CVSS 5.5 (medium): Heap out-of-bound read in ParseJSS in VideoLAN VLC due to missing check of string length allows attackers to read heap uninitialized data…
CVE-2017-8310 — CVSS 5.5 (medium): Heap out-of-bound read in CreateHtmlSubtitle in VideoLAN VLC 2.2.x due to missing check of string termination allows attackers to read data…
CVE-2019-14534 — CVSS 5.5 (medium): In VideoLAN VLC media player 3.0.7.1, there is a NULL pointer dereference at the function SeekPercent of demux/asf/asf.c that will lead to…
CVE-2019-13615 — CVSS 5.5 (medium): libebml before 1.3.6, as used in the MKV module in VideoLAN VLC Media Player binaries before 3.0.3, has a heap-based buffer over-read in…
CVE-2013-3564 — CVSS 5.3 (medium): The web interface in VideoLAN VLC media player before 2.0.7 has no access control which allows remote attackers to view directory listings…
CVE-2010-2937 — CVSS 5.0 (medium): The ReadMetaFromId3v2 function in taglib.cpp in the TagLib plugin in VideoLAN VLC media player 0.9.0 through 1.1.2 does not properly…
CVE-2010-1443 — CVSS 5.0 (medium): The parse_track_node function in modules/demux/playlist/xspf.c in the XSPF playlist parser in VideoLAN VLC media player before 1.0.6 allows…
CVE-2009-1045 — CVSS 5.0 (medium): requests/status.xml in VLC 0.9.8a allows remote attackers to cause a denial of service (stack consumption and crash) via a long input…
CVE-2014-9743 — CVSS 4.3 (medium): Cross-site scripting (XSS) vulnerability in the httpd_HtmlError function in network/httpd.c in the web interface in VideoLAN VLC Media…
CVE-2012-2396 — CVSS 4.3 (medium): VideoLAN VLC media player 2.0.1 allows remote attackers to cause a denial of service (divide-by-zero error and application crash) via a…
CVE-2013-7340 — CVSS 4.3 (medium): VideoLAN VLC Media Player before 2.0.7 allows remote attackers to cause a denial of service (memory consumption) via a crafted playlist…
CVE-2012-5855 — CVSS 4.3 (medium): The SHAddToRecentDocs function in VideoLAN VLC media player 2.0.4 and earlier might allow user-assisted attackers to cause a denial of…
CVE-2012-5470 — CVSS 4.3 (medium): libpng_plugin in VideoLAN VLC media player 2.0.3 allows remote attackers to cause a denial of service (application crash) via a crafted PNG…
CVE-2014-3441 — CVSS 4.3 (medium): codec\libpng_plugin.dll in VideoLAN VLC Media Player 2.1.3 allows remote attackers to cause a denial of service (crash) via a crafted .png…
CVE-2012-0904 — CVSS 4.3 (medium): VLC media player 1.1.11 allows remote attackers to cause a denial of service (crash) via a long string in an amr file.
CVE-2014-1684 — CVSS 4.3 (medium): The ASF_ReadObject_file_properties function in modules/demux/asf/libasf.c in the ASF Demuxer in VideoLAN VLC Media Player before 2.1.3…