Search for packages
| purl | pkg:deb/debian/vlc@3.0.11-0%2Bdeb9u1 |
| Next non-vulnerable version | 3.0.21-0+deb11u1 |
| Latest non-vulnerable version | 3.0.21-0+deb11u1 |
| Risk | 4.4 |
| Vulnerability | Summary | Fixed by |
|---|---|---|
|
VCID-2a68-4wtr-7ke1
Aliases: CVE-2021-25803 |
A buffer overflow vulnerability in the vlc_input_attachment_New component of VideoLAN VLC Media Player 3.0.11 allows attackers to cause an out-of-bounds read via a crafted .avi file. |
Affected by 5 other vulnerabilities. |
|
VCID-4ygc-xk6x-5qb5
Aliases: CVE-2023-47360 |
Videolan VLC prior to version 3.0.20 contains an Integer underflow that leads to an incorrect packet length. |
Affected by 0 other vulnerabilities. |
|
VCID-cyj2-72nh-3kgf
Aliases: CVE-2021-25801 |
A buffer overflow vulnerability in the __Parse_indx component of VideoLAN VLC Media Player 3.0.11 allows attackers to cause an out-of-bounds read via a crafted .avi file. |
Affected by 5 other vulnerabilities. |
|
VCID-g4af-hnmu-v3bm
Aliases: CVE-2020-26664 |
A vulnerability in EbmlTypeDispatcher::send in VideoLAN VLC media player 3.0.11 allows attackers to trigger a heap-based buffer overflow via a crafted .mkv file. |
Affected by 5 other vulnerabilities. |
|
VCID-gb3v-b7nc-ukc2
Aliases: CVE-2021-25804 |
A NULL-pointer dereference in "Open" in avi.c of VideoLAN VLC Media Player 3.0.11 can a denial of service (DOS) in the application. |
Affected by 5 other vulnerabilities. |
|
VCID-hmyn-3jkb-vqd6
Aliases: CVE-2020-13428 |
A heap-based buffer overflow in the hxxx_AnnexB_to_xVC function in modules/packetizer/hxxx_nal.c in VideoLAN VLC media player before 3.0.11 for macOS/iOS allows remote attackers to cause a denial of service (application crash) or execute arbitrary code via a crafted H.264 Annex-B video (.avi for example) file. |
Affected by 5 other vulnerabilities. |
|
VCID-naqh-vqhq-b3hw
Aliases: CVE-2024-46461 |
VLC media player 3.0.20 and earlier is vulnerable to denial of service through an integer overflow which could be triggered with a maliciously crafted mms stream (heap based overflow). If successful, a malicious third party could trigger either a crash of VLC or an arbitrary code execution with the target user's privileges. |
Affected by 0 other vulnerabilities. |
|
VCID-p71q-2a5r-eydb
Aliases: CVE-2021-25802 |
A buffer overflow vulnerability in the AVI_ExtractSubtitle component of VideoLAN VLC Media Player 3.0.11 allows attackers to cause an out-of-bounds read via a crafted .avi file. |
Affected by 5 other vulnerabilities. |
|
VCID-skzz-xkdf-xbhw
Aliases: CVE-2022-41325 |
An integer overflow in the VNC module in VideoLAN VLC Media Player through 3.0.17.4 allows attackers, by tricking a user into opening a crafted playlist or connecting to a rogue VNC server, to crash VLC or execute code under some conditions. |
Affected by 0 other vulnerabilities. |
|
VCID-ugj8-kgfn-dbhw
Aliases: CVE-2023-47359 |
Videolan VLC prior to version 3.0.20 contains an incorrect offset read that leads to a Heap-Based Buffer Overflow in function GetPacket() and results in a memory corruption. |
Affected by 0 other vulnerabilities. |
|
VCID-wek2-y3ku-pbbs
Aliases: DSA-5165-1 vlc |
security update |
Affected by 5 other vulnerabilities. Affected by 0 other vulnerabilities. |
| Vulnerability | Summary | Aliases |
|---|---|---|
| VCID-19d5-ynh8-wba4 | An exploitable denial-of-service vulnerability exists in the resource allocation handling of Videolabs libmicrodns 0.1.0. When encountering errors while parsing mDNS messages, some allocated data is not freed, possibly leading to a denial-of-service condition via resource exhaustion. An attacker can send one mDNS message repeatedly to trigger this vulnerability through decoding of the domain name performed by rr_decode. |
CVE-2020-6079
|
| VCID-1u6b-6gz5-gqdd | security update |
CVE-2017-17670
|
| VCID-5f8p-fknm-wbgj | A vulnerability in mkv::event_thread_t in VideoLAN VLC media player 3.0.7.1 allows remote attackers to trigger a heap-based buffer overflow via a crafted .mkv file. |
CVE-2019-14970
|
| VCID-5fdt-s2tc-w7ez | An exploitable denial-of-service vulnerability exists in the resource allocation handling of Videolabs libmicrodns 0.1.0. When encountering errors while parsing mDNS messages, some allocated data is not freed, possibly leading to a denial-of-service condition via resource exhaustion. An attacker can send one mDNS message repeatedly to trigger this vulnerability through the function rr_read_RR [5] reads the current resource record, except for the RDATA section. This is read by the loop at in rr_read. For each RR type, a different function is called. When the RR type is 0x10, the function rr_read_TXT is called at [6]. |
CVE-2020-6080
|
| VCID-5wt1-jzp3-77ca | lavc_CopyPicture in modules/codec/avcodec/video.c in VideoLAN VLC media player through 3.0.7 has a heap-based buffer over-read because it does not properly validate the width and height. |
CVE-2019-13962
|
| VCID-6du1-8sa1-x3b4 | An exploitable denial-of-service vulnerability exists in the message-parsing functionality of Videolabs libmicrodns 0.1.0. When parsing mDNS messages, the implementation does not properly keep track of the available data in the message, possibly leading to an out-of-bounds read that would result in a denial of service. An attacker can send an mDNS message to trigger this vulnerability. |
CVE-2020-6077
|
| VCID-6t31-vq8v-ebcr | An exploitable denial-of-service vulnerability exists in the resource record-parsing functionality of Videolabs libmicrodns 0.1.0. When parsing compressed labels in mDNS messages, the compression pointer is followed without checking for recursion, leading to a denial of service. An attacker can send an mDNS message to trigger this vulnerability. |
CVE-2020-6071
|
| VCID-7x7t-ytud-juhh | An exploitable denial-of-service vulnerability exists in the message-parsing functionality of Videolabs libmicrodns 0.1.0. When parsing mDNS messages in mdns_recv, the return value of the mdns_read_header function is not checked, leading to an uninitialized variable usage that eventually results in a null pointer dereference, leading to service crash. An attacker can send a series of mDNS messages to trigger this vulnerability. |
CVE-2020-6078
|
| VCID-98da-2v4n-5ug4 | An off-by-one error in the DecodeBlock function in codec/sdl_image.c in VideoLAN VLC media player before 3.0.9 allows remote attackers to cause a denial of service (memory corruption) via a crafted image file. NOTE: this may be related to the SDL_Image product. |
CVE-2019-19721
|
| VCID-9wr8-rtd2-2kga | A heap-based buffer over-read in xiph_PackHeaders() in modules/demux/xiph.h in VideoLAN VLC media player 3.0.7.1 allows remote attackers to trigger a heap-based buffer over-read via a crafted .ogg file. |
CVE-2019-14438
|
| VCID-ancr-az4h-sqge | A divide-by-zero error exists in the Control function of demux/caf.c in VideoLAN VLC media player 3.0.7.1. As a result, an FPE can be triggered via a crafted CAF file. |
CVE-2019-14498
|
| VCID-ct4d-3qzt-abbk | A heap-based buffer over-read exists in DemuxInit() in demux/asf/asf.c in VideoLAN VLC media player 3.0.7.1 via a crafted .mkv file. |
CVE-2019-14776
|
| VCID-dfaw-wjfr-nuag | The xiph_SplitHeaders function in modules/demux/xiph.h in VideoLAN VLC media player 3.0.7.1 does not check array bounds properly. As a result, a heap-based buffer over-read can be triggered via a crafted .ogg file. |
CVE-2019-14437
|
| VCID-djvp-sr79-q7dj |
CVE-2017-10699
|
|
| VCID-erst-qkfp-zkf4 | VideoLAN VLC media player 2.2.x is prone to a use after free vulnerability which an attacker can leverage to execute arbitrary code via crafted MKV files. Failed exploit attempts will likely result in denial of service conditions. |
CVE-2018-11529
|
| VCID-etx9-y1en-k3dd | The CAF demuxer in modules/demux/caf.c in VideoLAN VLC media player 3.0.4 may read memory from an uninitialized pointer when processing magic cookies in CAF files, because a ReadKukiChunk() cast converts a return value to an unsigned int even if that value is negative. This could result in a denial of service and/or a potential infoleak. |
CVE-2018-19857
|
| VCID-fsfr-yzsf-syh4 | The Control function of demux/asf/asf.c in VideoLAN VLC media player 3.0.7.1 has a use-after-free. |
CVE-2019-14533
|
| VCID-g6bj-u82u-aqcd | security update |
CVE-2017-9300
|
| VCID-gkdn-pgz1-kyg8 | An exploitable code execution vulnerability exists in the label-parsing functionality of Videolabs libmicrodns 0.1.0. When parsing compressed labels in mDNS messages, the rr_decode function's return value is not checked, leading to a double free that could be exploited to execute arbitrary code. An attacker can send an mDNS message to trigger this vulnerability. |
CVE-2020-6072
|
| VCID-hmyn-3jkb-vqd6 | A heap-based buffer overflow in the hxxx_AnnexB_to_xVC function in modules/packetizer/hxxx_nal.c in VideoLAN VLC media player before 3.0.11 for macOS/iOS allows remote attackers to cause a denial of service (application crash) or execute arbitrary code via a crafted H.264 Annex-B video (.avi for example) file. |
CVE-2020-13428
|
| VCID-k8ar-n2ms-4uef | The vlc_demux_chained_Delete function in input/demux_chained.c in VideoLAN VLC media player 3.0.1 allows remote attackers to cause a denial of service (heap corruption and application crash) or possibly have unspecified other impact via a crafted .swf file. |
CVE-2018-11516
|
| VCID-mdac-vnjt-5yfy | A Buffer Overflow in VLC Media Player < 3.0.7 causes a crash which can possibly be further developed into a remote code execution exploit. |
CVE-2019-5439
|
| VCID-p8wg-zz87-tfa1 | The Control function of demux/mkv/mkv.cpp in VideoLAN VLC media player 3.0.7.1 has a use-after-free. |
CVE-2019-14777
|
| VCID-qx18-ry6t-rqak | An Integer Underflow in MP4_EIA608_Convert() in modules/demux/mp4/mp4.c in VideoLAN VLC media player through 3.0.7.1 allows remote attackers to cause a denial of service (heap-based buffer overflow and crash) or possibly have unspecified other impact via a crafted .mp4 file. |
CVE-2019-13602
|
| VCID-ruge-ebnx-sbcs | Double Free in VLC versions <= 3.0.6 leads to a crash. |
CVE-2019-5460
|
| VCID-symn-p429-ubhx | An exploitable denial-of-service vulnerability exists in the TXT record-parsing functionality of Videolabs libmicrodns 0.1.0. When parsing the RDATA section in a TXT record in mDNS messages, multiple integer overflows can be triggered, leading to a denial of service. An attacker can send an mDNS message to trigger this vulnerability. |
CVE-2020-6073
|
| VCID-vt8s-famf-zfg4 | The mkv::virtual_segment_c::seek method of demux/mkv/virtual_segment.cpp in VideoLAN VLC media player 3.0.7.1 has a use-after-free. |
CVE-2019-14778
|
| VCID-vvd4-txpk-cyf9 | In VideoLAN VLC media player 3.0.7.1, there is a NULL pointer dereference at the function SeekPercent of demux/asf/asf.c that will lead to a denial of service attack. |
CVE-2019-14534
|
| VCID-x4vk-jbkk-9ydc | A divide-by-zero error exists in the SeekIndex function of demux/asf/asf.c in VideoLAN VLC media player 3.0.7.1. As a result, an FPE can be triggered via a crafted WMV file. |
CVE-2019-14535
|
| VCID-xkvw-3cby-3uch | An issue was discovered in zlib_decompress_extra in modules/demux/mkv/util.cpp in VideoLAN VLC media player 3.x through 3.0.7. The Matroska demuxer, while parsing a malformed MKV file type, has a double free. |
CVE-2019-12874
|
| VCID-xnfj-9jyy-efa4 | An Integer underflow in VLC Media Player versions < 3.0.7 leads to an out-of-band read. |
CVE-2019-5459
|