Search for packages
| purl | pkg:deb/ubuntu/vlc@3.0.3-1-1ubuntu1 |
| Vulnerability | Summary | Fixed by |
|---|---|---|
|
VCID-1y4k-7ebw-aaaq
Aliases: CVE-2013-3564 |
The web interface in VideoLAN VLC media player before 2.0.7 has no access control which allows remote attackers to view directory listings via the 'dir' command or issue other commands without authenticating. |
Affected by 12 other vulnerabilities. |
|
VCID-2k38-fqkr-aaae
Aliases: CVE-2019-14534 |
In VideoLAN VLC media player 3.0.7.1, there is a NULL pointer dereference at the function SeekPercent of demux/asf/asf.c that will lead to a denial of service attack. |
Affected by 1 other vulnerability. |
|
VCID-4ezg-edcb-aaam
Aliases: CVE-2019-5439 |
A Buffer Overflow in VLC Media Player < 3.0.7 causes a crash which can possibly be further developed into a remote code execution exploit. |
Affected by 16 other vulnerabilities. Affected by 16 other vulnerabilities. |
|
VCID-8tp2-d742-aaab
Aliases: CVE-2019-14777 |
The Control function of demux/mkv/mkv.cpp in VideoLAN VLC media player 3.0.7.1 has a use-after-free. |
Affected by 1 other vulnerability. |
|
VCID-ag4r-e16c-aaaq
Aliases: CVE-2019-12874 |
An issue was discovered in zlib_decompress_extra in modules/demux/mkv/util.cpp in VideoLAN VLC media player 3.x through 3.0.7. The Matroska demuxer, while parsing a malformed MKV file type, has a double free. |
Affected by 13 other vulnerabilities. |
|
VCID-b91u-sqbs-aaaf
Aliases: CVE-2019-14533 |
The Control function of demux/asf/asf.c in VideoLAN VLC media player 3.0.7.1 has a use-after-free. |
Affected by 1 other vulnerability. |
|
VCID-d5ps-9n98-aaak
Aliases: CVE-2019-14970 |
A vulnerability in mkv::event_thread_t in VideoLAN VLC media player 3.0.7.1 allows remote attackers to trigger a heap-based buffer overflow via a crafted .mkv file. |
Affected by 1 other vulnerability. |
|
VCID-dewf-nac3-aaaq
Aliases: CVE-2017-17670 |
In VideoLAN VLC media player through 2.2.8, there is a type conversion vulnerability in modules/demux/mp4/libmp4.c in the MP4 demux module leading to a invalid free, because the type of a box may be changed between a read operation and a free operation. |
Affected by 17 other vulnerabilities. |
|
VCID-dz1k-nr3t-aaag
Aliases: CVE-2019-14438 |
A heap-based buffer over-read in xiph_PackHeaders() in modules/demux/xiph.h in VideoLAN VLC media player 3.0.7.1 allows remote attackers to trigger a heap-based buffer over-read via a crafted .ogg file. |
Affected by 1 other vulnerability. |
|
VCID-e43m-9cbb-aaag
Aliases: CVE-2019-13962 |
lavc_CopyPicture in modules/codec/avcodec/video.c in VideoLAN VLC media player through 3.0.7 has a heap-based buffer over-read because it does not properly validate the width and height. |
Affected by 1 other vulnerability. |
|
VCID-g3em-5bjx-aaae
Aliases: CVE-2019-14776 |
A heap-based buffer over-read exists in DemuxInit() in demux/asf/asf.c in VideoLAN VLC media player 3.0.7.1 via a crafted .mkv file. |
Affected by 1 other vulnerability. |
|
VCID-gfs8-ag36-aaab
Aliases: CVE-2019-19721 |
An off-by-one error in the DecodeBlock function in codec/sdl_image.c in VideoLAN VLC media player before 3.0.9 allows remote attackers to cause a denial of service (memory corruption) via a crafted image file. NOTE: this may be related to the SDL_Image product. |
Affected by 0 other vulnerabilities. |
|
VCID-jm87-cnqc-aaak
Aliases: CVE-2019-14498 |
A divide-by-zero error exists in the Control function of demux/caf.c in VideoLAN VLC media player 3.0.7.1. As a result, an FPE can be triggered via a crafted CAF file. |
Affected by 1 other vulnerability. |
|
VCID-q1ru-5x11-aaak
Aliases: CVE-2019-14778 |
The mkv::virtual_segment_c::seek method of demux/mkv/virtual_segment.cpp in VideoLAN VLC media player 3.0.7.1 has a use-after-free. |
Affected by 1 other vulnerability. |
|
VCID-rz81-dept-aaam
Aliases: CVE-2019-14535 |
A divide-by-zero error exists in the SeekIndex function of demux/asf/asf.c in VideoLAN VLC media player 3.0.7.1. As a result, an FPE can be triggered via a crafted WMV file. |
Affected by 1 other vulnerability. |
|
VCID-tb2t-q824-aaaa
Aliases: CVE-2019-13602 |
An Integer Underflow in MP4_EIA608_Convert() in modules/demux/mp4/mp4.c in VideoLAN VLC media player through 3.0.7.1 allows remote attackers to cause a denial of service (heap-based buffer overflow and crash) or possibly have unspecified other impact via a crafted .mp4 file. |
Affected by 13 other vulnerabilities. |
|
VCID-tsaq-gajd-aaaq
Aliases: CVE-2018-19857 |
The CAF demuxer in modules/demux/caf.c in VideoLAN VLC media player 3.0.4 may read memory from an uninitialized pointer when processing magic cookies in CAF files, because a ReadKukiChunk() cast converts a return value to an unsigned int even if that value is negative. This could result in a denial of service and/or a potential infoleak. |
Affected by 13 other vulnerabilities. |
|
VCID-xfgh-cj1c-aaam
Aliases: CVE-2019-14437 |
The xiph_SplitHeaders function in modules/demux/xiph.h in VideoLAN VLC media player 3.0.7.1 does not check array bounds properly. As a result, a heap-based buffer over-read can be triggered via a crafted .ogg file. |
Affected by 1 other vulnerability. |
| Vulnerability | Summary | Aliases |
|---|---|---|
| VCID-ewjn-4fvc-aaam | plugins\audio_filter\libmpgatofixed32_plugin.dll in VideoLAN VLC media player 2.2.4 allows remote attackers to cause a denial of service (invalid read and application crash) or possibly have unspecified other impact via a crafted file. |
CVE-2017-9301
|
| VCID-xv7m-w469-aaac | VideoLAN VLC media player 2.2.x is prone to a use after free vulnerability which an attacker can leverage to execute arbitrary code via crafted MKV files. Failed exploit attempts will likely result in denial of service conditions. |
CVE-2018-11529
|
| Date | Actor | Action | Vulnerability | Source | VulnerableCode Version |
|---|