Vulnerabilities (CVE)

Filtered by vendor Videolan Subscribe
Total 126 CVE
CVE Vendors Products Updated CVSS v2 CVSS v3
CVE-2011-1684 1 Videolan 1 Vlc Media Player 2024-11-21 6.8 MEDIUM N/A
Heap-based buffer overflow in the MP4_ReadBox_skcr function in libmp4.c in the MP4 demultiplexer in VideoLAN VLC media player 1.x before 1.1.9 allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a crafted MP4 file.
CVE-2011-1087 1 Videolan 1 Vlc Media Player 2024-11-21 7.6 HIGH N/A
Buffer overflow in VideoLAN VLC media player 1.0.5 allows user-assisted remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via a crafted .mp3 file that is played during bookmark creation.
CVE-2011-0531 1 Videolan 1 Vlc Media Player 2024-11-21 9.3 HIGH N/A
demux/mkv/mkv.hpp in the MKV demuxer plugin in VideoLAN VLC media player 1.1.6.1 and earlier allows remote attackers to cause a denial of service (crash) and execute arbitrary commands via a crafted MKV (WebM or Matroska) file that triggers memory corruption, related to "class mismatching" and the MKV_IS_ID macro.
CVE-2011-0522 1 Videolan 1 Vlc Media Player 2024-11-21 6.8 MEDIUM N/A
The StripTags function in (1) the USF decoder (modules/codec/subtitles/subsdec.c) and (2) the Text decoder (modules/codec/subtitles/subsusf.c) in VideoLAN VLC Media Player 1.1 before 1.1.6-rc allows remote attackers to execute arbitrary code via a subtitle with an opening "<" without a closing ">" in an MKV file, which triggers heap memory corruption, as demonstrated using refined-australia-blu720p-sample.mkv.
CVE-2011-0021 1 Videolan 1 Vlc Media Player 2024-11-21 9.3 HIGH N/A
Multiple heap-based buffer overflows in cdg.c in the CDG decoder in VideoLAN VLC Media Player before 1.1.6 allow remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a crafted CDG video.
CVE-2010-3907 1 Videolan 1 Vlc Media Player 2024-11-21 9.3 HIGH N/A
Multiple integer overflows in real.c in the Real demuxer plugin in VideoLAN VLC Media Player before 1.1.6 allow remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a zero i_subpackets value in a Real Media file, leading to a heap-based buffer overflow.
CVE-2010-3276 1 Videolan 1 Vlc Media Player 2024-11-21 9.3 HIGH N/A
libdirectx_plugin.dll in VideoLAN VLC Media Player before 1.1.8 allows remote attackers to execute arbitrary code via a crafted width in an NSV file.
CVE-2010-3275 1 Videolan 1 Vlc Media Player 2024-11-21 9.3 HIGH N/A
libdirectx_plugin.dll in VideoLAN VLC Media Player before 1.1.8 allows remote attackers to execute arbitrary code via a crafted width in an AMV file, related to a "dangling pointer vulnerability."
CVE-2010-3124 1 Videolan 1 Vlc Media Player 2024-11-21 9.3 HIGH N/A
Untrusted search path vulnerability in bin/winvlc.c in VLC Media Player 1.1.3 and earlier allows local users, and possibly remote attackers, to execute arbitrary code and conduct DLL hijacking attacks via a Trojan horse wintab32.dll that is located in the same folder as a .mp3 file.
CVE-2010-2937 1 Videolan 1 Vlc Media Player 2024-11-21 5.0 MEDIUM N/A
The ReadMetaFromId3v2 function in taglib.cpp in the TagLib plugin in VideoLAN VLC media player 0.9.0 through 1.1.2 does not properly process ID3v2 tags, which allows remote attackers to cause a denial of service (application crash) via a crafted media file.
CVE-2010-2062 1 Videolan 1 Vlc Media Player 2024-11-21 7.5 HIGH N/A
Integer underflow in the real_get_rdt_chunk function in real.c, as used in modules/access/rtsp/real.c in VideoLAN VLC media player before 1.0.1 and stream/realrtsp/real.c in MPlayer before r29447, allows remote attackers to execute arbitrary code via a crafted length value in an RDT chunk header.
CVE-2010-1445 1 Videolan 1 Vlc Media Player 2024-11-21 7.5 HIGH N/A
Heap-based buffer overflow in VideoLAN VLC media player before 1.0.6 allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a crafted byte stream in an RTMP session.
CVE-2010-1444 1 Videolan 1 Vlc Media Player 2024-11-21 7.5 HIGH N/A
The ZIP archive decompressor in VideoLAN VLC media player before 1.0.6 allows remote attackers to cause a denial of service (invalid memory access and application crash) or possibly execute arbitrary code via a crafted archive.
CVE-2010-1443 1 Videolan 1 Vlc Media Player 2024-11-21 5.0 MEDIUM N/A
The parse_track_node function in modules/demux/playlist/xspf.c in the XSPF playlist parser in VideoLAN VLC media player before 1.0.6 allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) via an empty location element in an XML Shareable Playlist Format (XSPF) document.
CVE-2010-1442 1 Videolan 1 Vlc Media Player 2024-11-21 7.5 HIGH N/A
VideoLAN VLC media player before 1.0.6 allows remote attackers to cause a denial of service (invalid memory access and application crash) or possibly execute arbitrary code via a crafted byte stream to the (1) AVI, (2) ASF, or (3) Matroska (aka MKV) demuxer.
CVE-2010-1441 1 Videolan 1 Vlc Media Player 2024-11-21 7.5 HIGH N/A
Multiple heap-based buffer overflows in VideoLAN VLC media player before 1.0.6 allow remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a crafted byte stream to the (1) A/52, (2) DTS, or (3) MPEG Audio decoder.
CVE-2010-0364 1 Videolan 1 Vlc Media Player 2024-11-21 9.3 HIGH N/A
Stack-based buffer overflow in VideoLAN VLC Media Player 0.8.6 allows user-assisted remote attackers to execute arbitrary code via an ogg file with a crafted Advanced SubStation Alpha Subtitle (.ass) file, probably involving the Dialogue field.
CVE-2009-2484 2 Microsoft, Videolan 2 Windows, Vlc Media Player 2024-11-21 9.3 HIGH N/A
Stack-based buffer overflow in the Win32AddConnection function in modules/access/smb.c in VideoLAN VLC media player 0.9.9, when running on Microsoft Windows, allows remote attackers to cause a denial of service (application crash) and possibly execute arbitrary code via a long smb URI in a playlist file.
CVE-2009-1045 1 Videolan 1 Vlc Media Player 2024-11-21 5.0 MEDIUM N/A
requests/status.xml in VLC 0.9.8a allows remote attackers to cause a denial of service (stack consumption and crash) via a long input argument in an in_play action.
CVE-2008-5276 1 Videolan 1 Vlc Media Player 2024-11-21 9.3 HIGH N/A
Integer overflow in the ReadRealIndex function in real.c in the Real demuxer plugin in VideoLAN VLC media player 0.9.0 through 0.9.7 allows remote attackers to execute arbitrary code via a malformed RealMedia (.rm) file that triggers a heap-based buffer overflow.