Search for packages
| purl | pkg:deb/debian/vlc@2.2.7-1~deb8u1 |
| Next non-vulnerable version | 3.0.21-0+deb11u1 |
| Latest non-vulnerable version | 3.0.21-0+deb11u1 |
| Risk | 10.0 |
| Vulnerability | Summary | Fixed by |
|---|---|---|
|
VCID-19d5-ynh8-wba4
Aliases: CVE-2020-6079 |
An exploitable denial-of-service vulnerability exists in the resource allocation handling of Videolabs libmicrodns 0.1.0. When encountering errors while parsing mDNS messages, some allocated data is not freed, possibly leading to a denial-of-service condition via resource exhaustion. An attacker can send one mDNS message repeatedly to trigger this vulnerability through decoding of the domain name performed by rr_decode. |
Affected by 11 other vulnerabilities. |
|
VCID-1u6b-6gz5-gqdd
Aliases: CVE-2017-17670 |
security update |
Affected by 11 other vulnerabilities. |
|
VCID-2a68-4wtr-7ke1
Aliases: CVE-2021-25803 |
A buffer overflow vulnerability in the vlc_input_attachment_New component of VideoLAN VLC Media Player 3.0.11 allows attackers to cause an out-of-bounds read via a crafted .avi file. |
Affected by 5 other vulnerabilities. |
|
VCID-4ygc-xk6x-5qb5
Aliases: CVE-2023-47360 |
Videolan VLC prior to version 3.0.20 contains an Integer underflow that leads to an incorrect packet length. |
Affected by 0 other vulnerabilities. |
|
VCID-5f8p-fknm-wbgj
Aliases: CVE-2019-14970 |
A vulnerability in mkv::event_thread_t in VideoLAN VLC media player 3.0.7.1 allows remote attackers to trigger a heap-based buffer overflow via a crafted .mkv file. |
Affected by 11 other vulnerabilities. |
|
VCID-5fdt-s2tc-w7ez
Aliases: CVE-2020-6080 |
An exploitable denial-of-service vulnerability exists in the resource allocation handling of Videolabs libmicrodns 0.1.0. When encountering errors while parsing mDNS messages, some allocated data is not freed, possibly leading to a denial-of-service condition via resource exhaustion. An attacker can send one mDNS message repeatedly to trigger this vulnerability through the function rr_read_RR [5] reads the current resource record, except for the RDATA section. This is read by the loop at in rr_read. For each RR type, a different function is called. When the RR type is 0x10, the function rr_read_TXT is called at [6]. |
Affected by 11 other vulnerabilities. |
|
VCID-5wt1-jzp3-77ca
Aliases: CVE-2019-13962 |
lavc_CopyPicture in modules/codec/avcodec/video.c in VideoLAN VLC media player through 3.0.7 has a heap-based buffer over-read because it does not properly validate the width and height. |
Affected by 11 other vulnerabilities. |
|
VCID-6du1-8sa1-x3b4
Aliases: CVE-2020-6077 |
An exploitable denial-of-service vulnerability exists in the message-parsing functionality of Videolabs libmicrodns 0.1.0. When parsing mDNS messages, the implementation does not properly keep track of the available data in the message, possibly leading to an out-of-bounds read that would result in a denial of service. An attacker can send an mDNS message to trigger this vulnerability. |
Affected by 11 other vulnerabilities. |
|
VCID-6t31-vq8v-ebcr
Aliases: CVE-2020-6071 |
An exploitable denial-of-service vulnerability exists in the resource record-parsing functionality of Videolabs libmicrodns 0.1.0. When parsing compressed labels in mDNS messages, the compression pointer is followed without checking for recursion, leading to a denial of service. An attacker can send an mDNS message to trigger this vulnerability. |
Affected by 11 other vulnerabilities. |
|
VCID-7x7t-ytud-juhh
Aliases: CVE-2020-6078 |
An exploitable denial-of-service vulnerability exists in the message-parsing functionality of Videolabs libmicrodns 0.1.0. When parsing mDNS messages in mdns_recv, the return value of the mdns_read_header function is not checked, leading to an uninitialized variable usage that eventually results in a null pointer dereference, leading to service crash. An attacker can send a series of mDNS messages to trigger this vulnerability. |
Affected by 11 other vulnerabilities. |
|
VCID-98da-2v4n-5ug4
Aliases: CVE-2019-19721 |
An off-by-one error in the DecodeBlock function in codec/sdl_image.c in VideoLAN VLC media player before 3.0.9 allows remote attackers to cause a denial of service (memory corruption) via a crafted image file. NOTE: this may be related to the SDL_Image product. |
Affected by 11 other vulnerabilities. |
|
VCID-9wr8-rtd2-2kga
Aliases: CVE-2019-14438 |
A heap-based buffer over-read in xiph_PackHeaders() in modules/demux/xiph.h in VideoLAN VLC media player 3.0.7.1 allows remote attackers to trigger a heap-based buffer over-read via a crafted .ogg file. |
Affected by 11 other vulnerabilities. |
|
VCID-ancr-az4h-sqge
Aliases: CVE-2019-14498 |
A divide-by-zero error exists in the Control function of demux/caf.c in VideoLAN VLC media player 3.0.7.1. As a result, an FPE can be triggered via a crafted CAF file. |
Affected by 11 other vulnerabilities. |
|
VCID-ct4d-3qzt-abbk
Aliases: CVE-2019-14776 |
A heap-based buffer over-read exists in DemuxInit() in demux/asf/asf.c in VideoLAN VLC media player 3.0.7.1 via a crafted .mkv file. |
Affected by 11 other vulnerabilities. |
|
VCID-cyj2-72nh-3kgf
Aliases: CVE-2021-25801 |
A buffer overflow vulnerability in the __Parse_indx component of VideoLAN VLC Media Player 3.0.11 allows attackers to cause an out-of-bounds read via a crafted .avi file. |
Affected by 5 other vulnerabilities. |
|
VCID-dfaw-wjfr-nuag
Aliases: CVE-2019-14437 |
The xiph_SplitHeaders function in modules/demux/xiph.h in VideoLAN VLC media player 3.0.7.1 does not check array bounds properly. As a result, a heap-based buffer over-read can be triggered via a crafted .ogg file. |
Affected by 11 other vulnerabilities. |
|
VCID-djvp-sr79-q7dj
Aliases: CVE-2017-10699 |
Affected by 11 other vulnerabilities. |
|
|
VCID-erst-qkfp-zkf4
Aliases: CVE-2018-11529 |
VideoLAN VLC media player 2.2.x is prone to a use after free vulnerability which an attacker can leverage to execute arbitrary code via crafted MKV files. Failed exploit attempts will likely result in denial of service conditions. |
Affected by 11 other vulnerabilities. |
|
VCID-etx9-y1en-k3dd
Aliases: CVE-2018-19857 |
The CAF demuxer in modules/demux/caf.c in VideoLAN VLC media player 3.0.4 may read memory from an uninitialized pointer when processing magic cookies in CAF files, because a ReadKukiChunk() cast converts a return value to an unsigned int even if that value is negative. This could result in a denial of service and/or a potential infoleak. |
Affected by 11 other vulnerabilities. |
|
VCID-fsfr-yzsf-syh4
Aliases: CVE-2019-14533 |
The Control function of demux/asf/asf.c in VideoLAN VLC media player 3.0.7.1 has a use-after-free. |
Affected by 11 other vulnerabilities. |
|
VCID-g4af-hnmu-v3bm
Aliases: CVE-2020-26664 |
A vulnerability in EbmlTypeDispatcher::send in VideoLAN VLC media player 3.0.11 allows attackers to trigger a heap-based buffer overflow via a crafted .mkv file. |
Affected by 5 other vulnerabilities. |
|
VCID-g6bj-u82u-aqcd
Aliases: CVE-2017-9300 |
security update |
Affected by 11 other vulnerabilities. |
|
VCID-gb3v-b7nc-ukc2
Aliases: CVE-2021-25804 |
A NULL-pointer dereference in "Open" in avi.c of VideoLAN VLC Media Player 3.0.11 can a denial of service (DOS) in the application. |
Affected by 5 other vulnerabilities. |
|
VCID-gkdn-pgz1-kyg8
Aliases: CVE-2020-6072 |
An exploitable code execution vulnerability exists in the label-parsing functionality of Videolabs libmicrodns 0.1.0. When parsing compressed labels in mDNS messages, the rr_decode function's return value is not checked, leading to a double free that could be exploited to execute arbitrary code. An attacker can send an mDNS message to trigger this vulnerability. |
Affected by 11 other vulnerabilities. |
|
VCID-hmyn-3jkb-vqd6
Aliases: CVE-2020-13428 |
A heap-based buffer overflow in the hxxx_AnnexB_to_xVC function in modules/packetizer/hxxx_nal.c in VideoLAN VLC media player before 3.0.11 for macOS/iOS allows remote attackers to cause a denial of service (application crash) or execute arbitrary code via a crafted H.264 Annex-B video (.avi for example) file. |
Affected by 11 other vulnerabilities. Affected by 5 other vulnerabilities. |
|
VCID-k8ar-n2ms-4uef
Aliases: CVE-2018-11516 |
The vlc_demux_chained_Delete function in input/demux_chained.c in VideoLAN VLC media player 3.0.1 allows remote attackers to cause a denial of service (heap corruption and application crash) or possibly have unspecified other impact via a crafted .swf file. |
Affected by 11 other vulnerabilities. |
|
VCID-mdac-vnjt-5yfy
Aliases: CVE-2019-5439 |
A Buffer Overflow in VLC Media Player < 3.0.7 causes a crash which can possibly be further developed into a remote code execution exploit. |
Affected by 11 other vulnerabilities. |
|
VCID-naqh-vqhq-b3hw
Aliases: CVE-2024-46461 |
VLC media player 3.0.20 and earlier is vulnerable to denial of service through an integer overflow which could be triggered with a maliciously crafted mms stream (heap based overflow). If successful, a malicious third party could trigger either a crash of VLC or an arbitrary code execution with the target user's privileges. |
Affected by 0 other vulnerabilities. |
|
VCID-p71q-2a5r-eydb
Aliases: CVE-2021-25802 |
A buffer overflow vulnerability in the AVI_ExtractSubtitle component of VideoLAN VLC Media Player 3.0.11 allows attackers to cause an out-of-bounds read via a crafted .avi file. |
Affected by 5 other vulnerabilities. |
|
VCID-p8wg-zz87-tfa1
Aliases: CVE-2019-14777 |
The Control function of demux/mkv/mkv.cpp in VideoLAN VLC media player 3.0.7.1 has a use-after-free. |
Affected by 11 other vulnerabilities. |
|
VCID-qx18-ry6t-rqak
Aliases: CVE-2019-13602 |
An Integer Underflow in MP4_EIA608_Convert() in modules/demux/mp4/mp4.c in VideoLAN VLC media player through 3.0.7.1 allows remote attackers to cause a denial of service (heap-based buffer overflow and crash) or possibly have unspecified other impact via a crafted .mp4 file. |
Affected by 11 other vulnerabilities. |
|
VCID-ruge-ebnx-sbcs
Aliases: CVE-2019-5460 |
Double Free in VLC versions <= 3.0.6 leads to a crash. |
Affected by 11 other vulnerabilities. |
|
VCID-skzz-xkdf-xbhw
Aliases: CVE-2022-41325 |
An integer overflow in the VNC module in VideoLAN VLC Media Player through 3.0.17.4 allows attackers, by tricking a user into opening a crafted playlist or connecting to a rogue VNC server, to crash VLC or execute code under some conditions. |
Affected by 0 other vulnerabilities. |
|
VCID-symn-p429-ubhx
Aliases: CVE-2020-6073 |
An exploitable denial-of-service vulnerability exists in the TXT record-parsing functionality of Videolabs libmicrodns 0.1.0. When parsing the RDATA section in a TXT record in mDNS messages, multiple integer overflows can be triggered, leading to a denial of service. An attacker can send an mDNS message to trigger this vulnerability. |
Affected by 11 other vulnerabilities. |
|
VCID-ugj8-kgfn-dbhw
Aliases: CVE-2023-47359 |
Videolan VLC prior to version 3.0.20 contains an incorrect offset read that leads to a Heap-Based Buffer Overflow in function GetPacket() and results in a memory corruption. |
Affected by 0 other vulnerabilities. |
|
VCID-vt8s-famf-zfg4
Aliases: CVE-2019-14778 |
The mkv::virtual_segment_c::seek method of demux/mkv/virtual_segment.cpp in VideoLAN VLC media player 3.0.7.1 has a use-after-free. |
Affected by 11 other vulnerabilities. |
|
VCID-vvd4-txpk-cyf9
Aliases: CVE-2019-14534 |
In VideoLAN VLC media player 3.0.7.1, there is a NULL pointer dereference at the function SeekPercent of demux/asf/asf.c that will lead to a denial of service attack. |
Affected by 11 other vulnerabilities. |
|
VCID-wek2-y3ku-pbbs
Aliases: DSA-5165-1 vlc |
security update |
Affected by 5 other vulnerabilities. Affected by 0 other vulnerabilities. |
|
VCID-x4vk-jbkk-9ydc
Aliases: CVE-2019-14535 |
A divide-by-zero error exists in the SeekIndex function of demux/asf/asf.c in VideoLAN VLC media player 3.0.7.1. As a result, an FPE can be triggered via a crafted WMV file. |
Affected by 11 other vulnerabilities. |
|
VCID-xkvw-3cby-3uch
Aliases: CVE-2019-12874 |
An issue was discovered in zlib_decompress_extra in modules/demux/mkv/util.cpp in VideoLAN VLC media player 3.x through 3.0.7. The Matroska demuxer, while parsing a malformed MKV file type, has a double free. |
Affected by 11 other vulnerabilities. |
|
VCID-xnfj-9jyy-efa4
Aliases: CVE-2019-5459 |
An Integer underflow in VLC Media Player versions < 3.0.7 leads to an out-of-band read. |
Affected by 11 other vulnerabilities. |
| Vulnerability | Summary | Aliases |
|---|---|---|
| VCID-6m4z-ftwa-c7ah | multiple issues |
CVE-2017-8312
|
| VCID-6mr8-62kp-kues | security update |
CVE-2015-5949
|
| VCID-djvp-sr79-q7dj |
CVE-2017-10699
|
|
| VCID-g6bj-u82u-aqcd | security update |
CVE-2017-9300
|
| VCID-k2rn-eths-b7hs | security update |
CVE-2017-8313
|
| VCID-rz16-a27f-9ufc | multiple issues |
CVE-2017-8310
|
| VCID-up5q-yphy-6khu | multiple issues |
CVE-2017-8311
|
| VCID-vsqd-9nk3-fygw |
CVE-2016-3941
|
|
| VCID-xvp1-93bp-5qaa | security update |
CVE-2016-5108
|
| VCID-zxec-3xb5-s3bv |
CVE-2017-9301
|