Search for packages
| purl | pkg:deb/ubuntu/vlc@0.8.6.release-0ubuntu2 |
| Vulnerability | Summary | Fixed by |
|---|---|---|
|
VCID-1y4k-7ebw-aaaq
Aliases: CVE-2013-3564 |
The web interface in VideoLAN VLC media player before 2.0.7 has no access control which allows remote attackers to view directory listings via the 'dir' command or issue other commands without authenticating. |
Affected by 12 other vulnerabilities. |
|
VCID-2k38-fqkr-aaae
Aliases: CVE-2019-14534 |
In VideoLAN VLC media player 3.0.7.1, there is a NULL pointer dereference at the function SeekPercent of demux/asf/asf.c that will lead to a denial of service attack. |
Affected by 1 other vulnerability. |
|
VCID-2rfq-rxmb-aaam
Aliases: CVE-2014-9743 |
Cross-site scripting (XSS) vulnerability in the httpd_HtmlError function in network/httpd.c in the web interface in VideoLAN VLC Media Player before 2.2.0 allows remote attackers to inject arbitrary web script or HTML via the path info. |
Affected by 34 other vulnerabilities. Affected by 30 other vulnerabilities. |
|
VCID-3uys-5rxv-aaaa
Aliases: CVE-2014-9627 |
The MP4_ReadBox_String function in modules/demux/mp4/libmp4.c in VideoLAN VLC media player before 2.1.6 performs an incorrect cast operation from a 64-bit integer to a 32-bit integer, which allows remote attackers to cause a denial of service or possibly have unspecified other impact via a large box size. |
Affected by 31 other vulnerabilities. Affected by 32 other vulnerabilities. |
|
VCID-4ezg-edcb-aaam
Aliases: CVE-2019-5439 |
A Buffer Overflow in VLC Media Player < 3.0.7 causes a crash which can possibly be further developed into a remote code execution exploit. |
Affected by 16 other vulnerabilities. Affected by 16 other vulnerabilities. |
|
VCID-5a9h-1xfq-aaas
Aliases: CVE-2014-9628 |
The MP4_ReadBox_String function in modules/demux/mp4/libmp4.c in VideoLAN VLC media player before 2.1.6 allows remote attackers to trigger an unintended zero-size malloc and conduct buffer overflow attacks, and consequently execute arbitrary code, via a box size of 7. |
Affected by 31 other vulnerabilities. Affected by 32 other vulnerabilities. |
|
VCID-86w9-dzzu-aaar
Aliases: CVE-2016-5108 |
Buffer overflow in the DecodeAdpcmImaQT function in modules/codec/adpcm.c in VideoLAN VLC media player before 2.2.4 allows remote attackers to cause a denial of service (crash) or possibly execute arbitrary code via a crafted QuickTime IMA file. |
Affected by 32 other vulnerabilities. Affected by 23 other vulnerabilities. |
|
VCID-8tp2-d742-aaab
Aliases: CVE-2019-14777 |
The Control function of demux/mkv/mkv.cpp in VideoLAN VLC media player 3.0.7.1 has a use-after-free. |
Affected by 1 other vulnerability. |
|
VCID-ag4r-e16c-aaaq
Aliases: CVE-2019-12874 |
An issue was discovered in zlib_decompress_extra in modules/demux/mkv/util.cpp in VideoLAN VLC media player 3.x through 3.0.7. The Matroska demuxer, while parsing a malformed MKV file type, has a double free. |
Affected by 13 other vulnerabilities. |
|
VCID-ajtu-rm8v-aaam
Aliases: CVE-2017-8311 |
Potential heap based buffer overflow in ParseJSS in VideoLAN VLC before 2.2.5 due to skipping NULL terminator in an input string allows attackers to execute arbitrary code via a crafted subtitles file. |
Affected by 32 other vulnerabilities. Affected by 23 other vulnerabilities. |
|
VCID-apt9-7tt5-aaar
Aliases: CVE-2014-6440 |
VideoLAN VLC media player before 2.1.5 allows remote attackers to execute arbitrary code or cause a denial of service. |
Affected by 31 other vulnerabilities. |
|
VCID-b91u-sqbs-aaaf
Aliases: CVE-2019-14533 |
The Control function of demux/asf/asf.c in VideoLAN VLC media player 3.0.7.1 has a use-after-free. |
Affected by 1 other vulnerability. |
|
VCID-bdy1-mwdc-aaar
Aliases: CVE-2014-9626 |
Integer underflow in the MP4_ReadBox_String function in modules/demux/mp4/libmp4.c in VideoLAN VLC media player before 2.1.6 allows remote attackers to cause a denial of service or possibly have unspecified other impact via a box size less than 7. |
Affected by 31 other vulnerabilities. Affected by 32 other vulnerabilities. |
|
VCID-c1gf-hm4y-aaar
Aliases: CVE-2014-9629 |
Integer overflow in the Encode function in modules/codec/schroedinger.c in VideoLAN VLC media player before 2.1.6 and 2.2.x before 2.2.1 allows remote attackers to conduct buffer overflow attacks and execute arbitrary code via a crafted length value. |
Affected by 31 other vulnerabilities. Affected by 32 other vulnerabilities. |
|
VCID-d5ps-9n98-aaak
Aliases: CVE-2019-14970 |
A vulnerability in mkv::event_thread_t in VideoLAN VLC media player 3.0.7.1 allows remote attackers to trigger a heap-based buffer overflow via a crafted .mkv file. |
Affected by 1 other vulnerability. |
|
VCID-dewf-nac3-aaaq
Aliases: CVE-2017-17670 |
In VideoLAN VLC media player through 2.2.8, there is a type conversion vulnerability in modules/demux/mp4/libmp4.c in the MP4 demux module leading to a invalid free, because the type of a box may be changed between a read operation and a free operation. |
Affected by 17 other vulnerabilities. |
|
VCID-dz1k-nr3t-aaag
Aliases: CVE-2019-14438 |
A heap-based buffer over-read in xiph_PackHeaders() in modules/demux/xiph.h in VideoLAN VLC media player 3.0.7.1 allows remote attackers to trigger a heap-based buffer over-read via a crafted .ogg file. |
Affected by 1 other vulnerability. |
|
VCID-e43m-9cbb-aaag
Aliases: CVE-2019-13962 |
lavc_CopyPicture in modules/codec/avcodec/video.c in VideoLAN VLC media player through 3.0.7 has a heap-based buffer over-read because it does not properly validate the width and height. |
Affected by 1 other vulnerability. |
|
VCID-ewjn-4fvc-aaam
Aliases: CVE-2017-9301 |
plugins\audio_filter\libmpgatofixed32_plugin.dll in VideoLAN VLC media player 2.2.4 allows remote attackers to cause a denial of service (invalid read and application crash) or possibly have unspecified other impact via a crafted file. |
Affected by 18 other vulnerabilities. |
|
VCID-g3em-5bjx-aaae
Aliases: CVE-2019-14776 |
A heap-based buffer over-read exists in DemuxInit() in demux/asf/asf.c in VideoLAN VLC media player 3.0.7.1 via a crafted .mkv file. |
Affected by 1 other vulnerability. |
|
VCID-ge3g-m8dt-aaag
Aliases: CVE-2017-8310 |
Heap out-of-bound read in CreateHtmlSubtitle in VideoLAN VLC 2.2.x due to missing check of string termination allows attackers to read data beyond allocated memory and potentially crash the process (causing a denial of service) via a crafted subtitles file. |
Affected by 32 other vulnerabilities. Affected by 23 other vulnerabilities. |
|
VCID-gfs8-ag36-aaab
Aliases: CVE-2019-19721 |
An off-by-one error in the DecodeBlock function in codec/sdl_image.c in VideoLAN VLC media player before 3.0.9 allows remote attackers to cause a denial of service (memory corruption) via a crafted image file. NOTE: this may be related to the SDL_Image product. |
Affected by 0 other vulnerabilities. |
|
VCID-jh37-vq2f-aaas
Aliases: CVE-2018-11516 |
The vlc_demux_chained_Delete function in input/demux_chained.c in VideoLAN VLC media player 3.0.1 allows remote attackers to cause a denial of service (heap corruption and application crash) or possibly have unspecified other impact via a crafted .swf file. |
Affected by 20 other vulnerabilities. |
|
VCID-jm87-cnqc-aaak
Aliases: CVE-2019-14498 |
A divide-by-zero error exists in the Control function of demux/caf.c in VideoLAN VLC media player 3.0.7.1. As a result, an FPE can be triggered via a crafted CAF file. |
Affected by 1 other vulnerability. |
|
VCID-n8pa-nh5p-aaaf
Aliases: CVE-2017-8313 |
Heap out-of-bound read in ParseJSS in VideoLAN VLC before 2.2.5 due to missing check of string termination allows attackers to read data beyond allocated memory and potentially crash the process via a crafted subtitles file. |
Affected by 32 other vulnerabilities. Affected by 23 other vulnerabilities. |
|
VCID-nkbf-fhjh-aaah
Aliases: CVE-2013-4388 |
Buffer overflow in the mp4a packetizer (modules/packetizer/mpeg4audio.c) in VideoLAN VLC Media Player before 2.0.8 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via unspecified vectors. |
Affected by 40 other vulnerabilities. |
|
VCID-nkp7-xrsb-aaaj
Aliases: CVE-2017-8312 |
Heap out-of-bound read in ParseJSS in VideoLAN VLC due to missing check of string length allows attackers to read heap uninitialized data via a crafted subtitles file. |
Affected by 32 other vulnerabilities. Affected by 23 other vulnerabilities. |
|
VCID-q1ru-5x11-aaak
Aliases: CVE-2019-14778 |
The mkv::virtual_segment_c::seek method of demux/mkv/virtual_segment.cpp in VideoLAN VLC media player 3.0.7.1 has a use-after-free. |
Affected by 1 other vulnerability. |
|
VCID-qfr8-z773-aaak
Aliases: CVE-2013-3565 |
Multiple cross-site scripting (XSS) vulnerabilities in the HTTP Interface in VideoLAN VLC Media Player before 2.0.7 allow remote attackers to inject arbitrary web script or HTML via the (1) command parameter to requests/vlm_cmd.xml, (2) dir parameter to requests/browse.xml, or (3) URI in a request, which is returned in an error message through share/lua/intf/http.lua. |
Affected by 39 other vulnerabilities. |
|
VCID-rz81-dept-aaam
Aliases: CVE-2019-14535 |
A divide-by-zero error exists in the SeekIndex function of demux/asf/asf.c in VideoLAN VLC media player 3.0.7.1. As a result, an FPE can be triggered via a crafted WMV file. |
Affected by 1 other vulnerability. |
|
VCID-t1e7-x86m-aaaq
Aliases: CVE-2014-1684 |
The ASF_ReadObject_file_properties function in modules/demux/asf/libasf.c in the ASF Demuxer in VideoLAN VLC Media Player before 2.1.3 allows remote attackers to cause a denial of service (divide-by-zero error and crash) via a zero minimum and maximum data packet size in an ASF file. |
Affected by 38 other vulnerabilities. Affected by 38 other vulnerabilities. |
|
VCID-t5pk-313d-aaab
Aliases: CVE-2014-9630 |
The rtp_packetize_xiph_config function in modules/stream_out/rtpfmt.c in VideoLAN VLC media player before 2.1.6 uses a stack-allocation approach with a size determined by arbitrary input data, which allows remote attackers to cause a denial of service (memory corruption) or possibly have unspecified other impact via a crafted length value. |
Affected by 31 other vulnerabilities. Affected by 32 other vulnerabilities. |
|
VCID-tb2t-q824-aaaa
Aliases: CVE-2019-13602 |
An Integer Underflow in MP4_EIA608_Convert() in modules/demux/mp4/mp4.c in VideoLAN VLC media player through 3.0.7.1 allows remote attackers to cause a denial of service (heap-based buffer overflow and crash) or possibly have unspecified other impact via a crafted .mp4 file. |
Affected by 13 other vulnerabilities. |
|
VCID-tsaq-gajd-aaaq
Aliases: CVE-2018-19857 |
The CAF demuxer in modules/demux/caf.c in VideoLAN VLC media player 3.0.4 may read memory from an uninitialized pointer when processing magic cookies in CAF files, because a ReadKukiChunk() cast converts a return value to an unsigned int even if that value is negative. This could result in a denial of service and/or a potential infoleak. |
Affected by 13 other vulnerabilities. |
|
VCID-wtpk-k8kr-aaaj
Aliases: CVE-2017-9300 |
plugins\codec\libflac_plugin.dll in VideoLAN VLC media player 2.2.4 allows remote attackers to cause a denial of service (heap corruption and application crash) or possibly have unspecified other impact via a crafted FLAC file. |
Affected by 36 other vulnerabilities. Affected by 22 other vulnerabilities. |
|
VCID-xfgh-cj1c-aaam
Aliases: CVE-2019-14437 |
The xiph_SplitHeaders function in modules/demux/xiph.h in VideoLAN VLC media player 3.0.7.1 does not check array bounds properly. As a result, a heap-based buffer over-read can be triggered via a crafted .ogg file. |
Affected by 1 other vulnerability. |
|
VCID-xv7m-w469-aaac
Aliases: CVE-2018-11529 |
VideoLAN VLC media player 2.2.x is prone to a use after free vulnerability which an attacker can leverage to execute arbitrary code via crafted MKV files. Failed exploit attempts will likely result in denial of service conditions. |
Affected by 18 other vulnerabilities. |
|
VCID-xvwn-dpkx-aaab
Aliases: CVE-2015-5949 |
VideoLAN VLC media player 2.2.1 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a crafted 3GP file, which triggers the freeing of arbitrary pointers. |
Affected by 31 other vulnerabilities. Affected by 28 other vulnerabilities. |
|
VCID-yjxt-vfh5-aaac
Aliases: CVE-2014-9597 |
The picture_pool_Delete function in misc/picture_pool.c in VideoLAN VLC media player 2.1.5 allows remote attackers to execute arbitrary code or cause a denial of service (DEP violation and application crash) via a crafted FLV file. |
Affected by 34 other vulnerabilities. Affected by 31 other vulnerabilities. |
|
VCID-yvuj-dyf9-aaar
Aliases: CVE-2016-3941 |
Buffer overflow in the AStreamPeekStream function in input/stream.c in VideoLAN VLC media player before 2.2.0 allows remote attackers to cause a denial of service (crash) via a crafted wav file, related to "seek across EOF." |
Affected by 34 other vulnerabilities. Affected by 28 other vulnerabilities. |
|
VCID-zqvn-rf3z-aaae
Aliases: CVE-2017-10699 |
avcodec 2.2.x, as used in VideoLAN VLC media player 2.2.7-x before 2017-06-29, allows out-of-bounds heap memory write due to calling memcpy() with a wrong size, leading to a denial of service (application crash) or possibly code execution. |
Affected by 21 other vulnerabilities. |
| Vulnerability | Summary | Aliases |
|---|---|---|
| This package is not known to fix vulnerabilities. | ||
| Date | Actor | Action | Vulnerability | Source | VulnerableCode Version |
|---|