Search for packages
| purl | pkg:deb/debian/vlc@2.1.5-1~bpo70%2B1 |
| Next non-vulnerable version | 3.0.21-0+deb11u1 |
| Latest non-vulnerable version | 3.0.21-0+deb11u1 |
| Risk | 10.0 |
| Vulnerability | Summary | Fixed by |
|---|---|---|
|
VCID-19d5-ynh8-wba4
Aliases: CVE-2020-6079 |
An exploitable denial-of-service vulnerability exists in the resource allocation handling of Videolabs libmicrodns 0.1.0. When encountering errors while parsing mDNS messages, some allocated data is not freed, possibly leading to a denial-of-service condition via resource exhaustion. An attacker can send one mDNS message repeatedly to trigger this vulnerability through decoding of the domain name performed by rr_decode. |
Affected by 11 other vulnerabilities. |
|
VCID-1u6b-6gz5-gqdd
Aliases: CVE-2017-17670 |
security update |
Affected by 11 other vulnerabilities. |
|
VCID-2a68-4wtr-7ke1
Aliases: CVE-2021-25803 |
A buffer overflow vulnerability in the vlc_input_attachment_New component of VideoLAN VLC Media Player 3.0.11 allows attackers to cause an out-of-bounds read via a crafted .avi file. |
Affected by 5 other vulnerabilities. |
|
VCID-4ygc-xk6x-5qb5
Aliases: CVE-2023-47360 |
Videolan VLC prior to version 3.0.20 contains an Integer underflow that leads to an incorrect packet length. |
Affected by 0 other vulnerabilities. |
|
VCID-5f8p-fknm-wbgj
Aliases: CVE-2019-14970 |
A vulnerability in mkv::event_thread_t in VideoLAN VLC media player 3.0.7.1 allows remote attackers to trigger a heap-based buffer overflow via a crafted .mkv file. |
Affected by 11 other vulnerabilities. |
|
VCID-5fdt-s2tc-w7ez
Aliases: CVE-2020-6080 |
An exploitable denial-of-service vulnerability exists in the resource allocation handling of Videolabs libmicrodns 0.1.0. When encountering errors while parsing mDNS messages, some allocated data is not freed, possibly leading to a denial-of-service condition via resource exhaustion. An attacker can send one mDNS message repeatedly to trigger this vulnerability through the function rr_read_RR [5] reads the current resource record, except for the RDATA section. This is read by the loop at in rr_read. For each RR type, a different function is called. When the RR type is 0x10, the function rr_read_TXT is called at [6]. |
Affected by 11 other vulnerabilities. |
|
VCID-5wt1-jzp3-77ca
Aliases: CVE-2019-13962 |
lavc_CopyPicture in modules/codec/avcodec/video.c in VideoLAN VLC media player through 3.0.7 has a heap-based buffer over-read because it does not properly validate the width and height. |
Affected by 11 other vulnerabilities. |
|
VCID-6du1-8sa1-x3b4
Aliases: CVE-2020-6077 |
An exploitable denial-of-service vulnerability exists in the message-parsing functionality of Videolabs libmicrodns 0.1.0. When parsing mDNS messages, the implementation does not properly keep track of the available data in the message, possibly leading to an out-of-bounds read that would result in a denial of service. An attacker can send an mDNS message to trigger this vulnerability. |
Affected by 11 other vulnerabilities. |
|
VCID-6m4z-ftwa-c7ah
Aliases: CVE-2017-8312 |
multiple issues |
Affected by 41 other vulnerabilities. |
|
VCID-6mr8-62kp-kues
Aliases: CVE-2015-5949 |
security update |
Affected by 41 other vulnerabilities. |
|
VCID-6t31-vq8v-ebcr
Aliases: CVE-2020-6071 |
An exploitable denial-of-service vulnerability exists in the resource record-parsing functionality of Videolabs libmicrodns 0.1.0. When parsing compressed labels in mDNS messages, the compression pointer is followed without checking for recursion, leading to a denial of service. An attacker can send an mDNS message to trigger this vulnerability. |
Affected by 11 other vulnerabilities. |
|
VCID-7x7t-ytud-juhh
Aliases: CVE-2020-6078 |
An exploitable denial-of-service vulnerability exists in the message-parsing functionality of Videolabs libmicrodns 0.1.0. When parsing mDNS messages in mdns_recv, the return value of the mdns_read_header function is not checked, leading to an uninitialized variable usage that eventually results in a null pointer dereference, leading to service crash. An attacker can send a series of mDNS messages to trigger this vulnerability. |
Affected by 11 other vulnerabilities. |
|
VCID-98da-2v4n-5ug4
Aliases: CVE-2019-19721 |
An off-by-one error in the DecodeBlock function in codec/sdl_image.c in VideoLAN VLC media player before 3.0.9 allows remote attackers to cause a denial of service (memory corruption) via a crafted image file. NOTE: this may be related to the SDL_Image product. |
Affected by 11 other vulnerabilities. |
|
VCID-9wr8-rtd2-2kga
Aliases: CVE-2019-14438 |
A heap-based buffer over-read in xiph_PackHeaders() in modules/demux/xiph.h in VideoLAN VLC media player 3.0.7.1 allows remote attackers to trigger a heap-based buffer over-read via a crafted .ogg file. |
Affected by 11 other vulnerabilities. |
|
VCID-ancr-az4h-sqge
Aliases: CVE-2019-14498 |
A divide-by-zero error exists in the Control function of demux/caf.c in VideoLAN VLC media player 3.0.7.1. As a result, an FPE can be triggered via a crafted CAF file. |
Affected by 11 other vulnerabilities. |
|
VCID-c1my-kt36-tuee
Aliases: CVE-2014-9626 |
security update |
Affected by 49 other vulnerabilities. |
|
VCID-ct4d-3qzt-abbk
Aliases: CVE-2019-14776 |
A heap-based buffer over-read exists in DemuxInit() in demux/asf/asf.c in VideoLAN VLC media player 3.0.7.1 via a crafted .mkv file. |
Affected by 11 other vulnerabilities. |
|
VCID-cyj2-72nh-3kgf
Aliases: CVE-2021-25801 |
A buffer overflow vulnerability in the __Parse_indx component of VideoLAN VLC Media Player 3.0.11 allows attackers to cause an out-of-bounds read via a crafted .avi file. |
Affected by 5 other vulnerabilities. |
|
VCID-dfaw-wjfr-nuag
Aliases: CVE-2019-14437 |
The xiph_SplitHeaders function in modules/demux/xiph.h in VideoLAN VLC media player 3.0.7.1 does not check array bounds properly. As a result, a heap-based buffer over-read can be triggered via a crafted .ogg file. |
Affected by 11 other vulnerabilities. |
|
VCID-djvp-sr79-q7dj
Aliases: CVE-2017-10699 |
Affected by 41 other vulnerabilities. Affected by 11 other vulnerabilities. |
|
|
VCID-erst-qkfp-zkf4
Aliases: CVE-2018-11529 |
VideoLAN VLC media player 2.2.x is prone to a use after free vulnerability which an attacker can leverage to execute arbitrary code via crafted MKV files. Failed exploit attempts will likely result in denial of service conditions. |
Affected by 11 other vulnerabilities. |
|
VCID-etx9-y1en-k3dd
Aliases: CVE-2018-19857 |
The CAF demuxer in modules/demux/caf.c in VideoLAN VLC media player 3.0.4 may read memory from an uninitialized pointer when processing magic cookies in CAF files, because a ReadKukiChunk() cast converts a return value to an unsigned int even if that value is negative. This could result in a denial of service and/or a potential infoleak. |
Affected by 11 other vulnerabilities. |
|
VCID-f4kc-16pn-eyaa
Aliases: CVE-2013-7340 |
Affected by 49 other vulnerabilities. |
|
|
VCID-fsfr-yzsf-syh4
Aliases: CVE-2019-14533 |
The Control function of demux/asf/asf.c in VideoLAN VLC media player 3.0.7.1 has a use-after-free. |
Affected by 11 other vulnerabilities. |
|
VCID-g4af-hnmu-v3bm
Aliases: CVE-2020-26664 |
A vulnerability in EbmlTypeDispatcher::send in VideoLAN VLC media player 3.0.11 allows attackers to trigger a heap-based buffer overflow via a crafted .mkv file. |
Affected by 5 other vulnerabilities. |
|
VCID-g6bj-u82u-aqcd
Aliases: CVE-2017-9300 |
security update |
Affected by 41 other vulnerabilities. Affected by 11 other vulnerabilities. |
|
VCID-gb3v-b7nc-ukc2
Aliases: CVE-2021-25804 |
A NULL-pointer dereference in "Open" in avi.c of VideoLAN VLC Media Player 3.0.11 can a denial of service (DOS) in the application. |
Affected by 5 other vulnerabilities. |
|
VCID-gkdn-pgz1-kyg8
Aliases: CVE-2020-6072 |
An exploitable code execution vulnerability exists in the label-parsing functionality of Videolabs libmicrodns 0.1.0. When parsing compressed labels in mDNS messages, the rr_decode function's return value is not checked, leading to a double free that could be exploited to execute arbitrary code. An attacker can send an mDNS message to trigger this vulnerability. |
Affected by 11 other vulnerabilities. |
|
VCID-hmyn-3jkb-vqd6
Aliases: CVE-2020-13428 |
A heap-based buffer overflow in the hxxx_AnnexB_to_xVC function in modules/packetizer/hxxx_nal.c in VideoLAN VLC media player before 3.0.11 for macOS/iOS allows remote attackers to cause a denial of service (application crash) or execute arbitrary code via a crafted H.264 Annex-B video (.avi for example) file. |
Affected by 11 other vulnerabilities. Affected by 5 other vulnerabilities. |
|
VCID-ht1s-k9s5-b7gx
Aliases: CVE-2014-9629 |
security update |
Affected by 49 other vulnerabilities. |
|
VCID-j932-cs62-dba8
Aliases: CVE-2014-9743 |
Affected by 49 other vulnerabilities. |
|
|
VCID-jfea-zbst-6ybc
Aliases: CVE-2014-9628 |
security update |
Affected by 49 other vulnerabilities. |
|
VCID-js4t-zmsj-pbaj
Aliases: CVE-2014-9627 |
security update |
Affected by 49 other vulnerabilities. |
|
VCID-k2rn-eths-b7hs
Aliases: CVE-2017-8313 |
security update |
Affected by 41 other vulnerabilities. |
|
VCID-k8ar-n2ms-4uef
Aliases: CVE-2018-11516 |
The vlc_demux_chained_Delete function in input/demux_chained.c in VideoLAN VLC media player 3.0.1 allows remote attackers to cause a denial of service (heap corruption and application crash) or possibly have unspecified other impact via a crafted .swf file. |
Affected by 11 other vulnerabilities. |
|
VCID-mdac-vnjt-5yfy
Aliases: CVE-2019-5439 |
A Buffer Overflow in VLC Media Player < 3.0.7 causes a crash which can possibly be further developed into a remote code execution exploit. |
Affected by 11 other vulnerabilities. |
|
VCID-naqh-vqhq-b3hw
Aliases: CVE-2024-46461 |
VLC media player 3.0.20 and earlier is vulnerable to denial of service through an integer overflow which could be triggered with a maliciously crafted mms stream (heap based overflow). If successful, a malicious third party could trigger either a crash of VLC or an arbitrary code execution with the target user's privileges. |
Affected by 0 other vulnerabilities. |
|
VCID-p71q-2a5r-eydb
Aliases: CVE-2021-25802 |
A buffer overflow vulnerability in the AVI_ExtractSubtitle component of VideoLAN VLC Media Player 3.0.11 allows attackers to cause an out-of-bounds read via a crafted .avi file. |
Affected by 5 other vulnerabilities. |
|
VCID-p8wg-zz87-tfa1
Aliases: CVE-2019-14777 |
The Control function of demux/mkv/mkv.cpp in VideoLAN VLC media player 3.0.7.1 has a use-after-free. |
Affected by 11 other vulnerabilities. |
|
VCID-qx18-ry6t-rqak
Aliases: CVE-2019-13602 |
An Integer Underflow in MP4_EIA608_Convert() in modules/demux/mp4/mp4.c in VideoLAN VLC media player through 3.0.7.1 allows remote attackers to cause a denial of service (heap-based buffer overflow and crash) or possibly have unspecified other impact via a crafted .mp4 file. |
Affected by 11 other vulnerabilities. |
|
VCID-ruge-ebnx-sbcs
Aliases: CVE-2019-5460 |
Double Free in VLC versions <= 3.0.6 leads to a crash. |
Affected by 11 other vulnerabilities. |
|
VCID-rz16-a27f-9ufc
Aliases: CVE-2017-8310 |
multiple issues |
Affected by 41 other vulnerabilities. |
|
VCID-s3ys-jajk-1yab
Aliases: CVE-2014-6440 |
Affected by 49 other vulnerabilities. |
|
|
VCID-skzz-xkdf-xbhw
Aliases: CVE-2022-41325 |
An integer overflow in the VNC module in VideoLAN VLC Media Player through 3.0.17.4 allows attackers, by tricking a user into opening a crafted playlist or connecting to a rogue VNC server, to crash VLC or execute code under some conditions. |
Affected by 0 other vulnerabilities. |
|
VCID-symn-p429-ubhx
Aliases: CVE-2020-6073 |
An exploitable denial-of-service vulnerability exists in the TXT record-parsing functionality of Videolabs libmicrodns 0.1.0. When parsing the RDATA section in a TXT record in mDNS messages, multiple integer overflows can be triggered, leading to a denial of service. An attacker can send an mDNS message to trigger this vulnerability. |
Affected by 11 other vulnerabilities. |
|
VCID-ugj8-kgfn-dbhw
Aliases: CVE-2023-47359 |
Videolan VLC prior to version 3.0.20 contains an incorrect offset read that leads to a Heap-Based Buffer Overflow in function GetPacket() and results in a memory corruption. |
Affected by 0 other vulnerabilities. |
|
VCID-up5q-yphy-6khu
Aliases: CVE-2017-8311 |
multiple issues |
Affected by 41 other vulnerabilities. |
|
VCID-vsqd-9nk3-fygw
Aliases: CVE-2016-3941 |
Affected by 41 other vulnerabilities. |
|
|
VCID-vt8s-famf-zfg4
Aliases: CVE-2019-14778 |
The mkv::virtual_segment_c::seek method of demux/mkv/virtual_segment.cpp in VideoLAN VLC media player 3.0.7.1 has a use-after-free. |
Affected by 11 other vulnerabilities. |
|
VCID-vvd4-txpk-cyf9
Aliases: CVE-2019-14534 |
In VideoLAN VLC media player 3.0.7.1, there is a NULL pointer dereference at the function SeekPercent of demux/asf/asf.c that will lead to a denial of service attack. |
Affected by 11 other vulnerabilities. |
|
VCID-wek2-y3ku-pbbs
Aliases: DSA-5165-1 vlc |
security update |
Affected by 5 other vulnerabilities. Affected by 0 other vulnerabilities. |
|
VCID-x4vk-jbkk-9ydc
Aliases: CVE-2019-14535 |
A divide-by-zero error exists in the SeekIndex function of demux/asf/asf.c in VideoLAN VLC media player 3.0.7.1. As a result, an FPE can be triggered via a crafted WMV file. |
Affected by 11 other vulnerabilities. |
|
VCID-xkvw-3cby-3uch
Aliases: CVE-2019-12874 |
An issue was discovered in zlib_decompress_extra in modules/demux/mkv/util.cpp in VideoLAN VLC media player 3.x through 3.0.7. The Matroska demuxer, while parsing a malformed MKV file type, has a double free. |
Affected by 11 other vulnerabilities. |
|
VCID-xnfj-9jyy-efa4
Aliases: CVE-2019-5459 |
An Integer underflow in VLC Media Player versions < 3.0.7 leads to an out-of-band read. |
Affected by 11 other vulnerabilities. |
|
VCID-xspd-1ukf-y3a1
Aliases: CVE-2014-9630 |
security update |
Affected by 49 other vulnerabilities. |
|
VCID-xvp1-93bp-5qaa
Aliases: CVE-2016-5108 |
security update |
Affected by 41 other vulnerabilities. |
|
VCID-zxec-3xb5-s3bv
Aliases: CVE-2017-9301 |
Affected by 41 other vulnerabilities. |
| Vulnerability | Summary | Aliases |
|---|---|---|
| VCID-4x6y-yrxh-23fg | The web interface in VideoLAN VLC media player before 2.0.7 has no access control which allows remote attackers to view directory listings via the 'dir' command or issue other commands without authenticating. |
CVE-2013-3564
|
| VCID-9pu4-wn17-bufy | security update |
CVE-2013-1868
|
| VCID-adgq-ph6n-8ug9 |
CVE-2012-5470
|
|
| VCID-bvct-eebq-4uat | security update |
CVE-2013-1954
|
| VCID-chmv-3aqh-xybt | security update |
CVE-2013-4388
|
| VCID-dwmn-n8w4-mfh9 |
CVE-2014-1684
|
|
| VCID-fj93-wnwg-1kde | plugins/demux/libmkv_plugin.dll in VideoLAN VLC Media Player 2.0.7, and possibly other versions, allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a crafted MKV file, possibly involving an integer overflow and out-of-bounds read or heap-based buffer overflow, or an uncaught exception. NOTE: the vendor disputes the severity and claimed vulnerability type of this issue, stating "This PoC crashes VLC, indeed, but does nothing more... this is not an integer overflow error, but an uncaught exception and I doubt that it is exploitable. This uncaught exception makes VLC abort, not execute random code, on my Linux 64bits machine." A PoC posted by the original researcher shows signs of an attacker-controlled out-of-bounds read, but the affected instruction does not involve a register that directly influences control flow |
CVE-2013-3245
|
| VCID-sgu5-3ueu-uyd6 | Multiple cross-site scripting (XSS) vulnerabilities in the HTTP Interface in VideoLAN VLC Media Player before 2.0.7 allow remote attackers to inject arbitrary web script or HTML via the (1) command parameter to requests/vlm_cmd.xml, (2) dir parameter to requests/browse.xml, or (3) URI in a request, which is returned in an error message through share/lua/intf/http.lua. |
CVE-2013-3565
|
| VCID-uzbe-xhs5-j7ex | security update |
CVE-2013-6933
|
| VCID-yfn8-2y2w-13ez |
CVE-2013-6283
|