videolan/vlc

videolan/vlc

www.videolan.org

Releases132

Frequency1 month 4 weeks

Last Release 5 months ago

Stars18.6K

VLC media player - plays everything, runs anywhere. Code here: https://code.videolan.org/videolan/vlc

Log in to subscribe

CVE History

CVE	Published	CVSS v3	CVSS v2
CVE-2020-13428 ↗	Jun 8, 2020Monday, 8 June 2020, 19:15	7.8 HIGH	6.8 MEDIUM
A heap-based buffer overflow in the hxxx_AnnexB_to_xVC function in modules/packetizer/hxxx_nal.c in VideoLAN VLC media player before 3.0.11 for macOS/iOS allows remote attackers to cause a denial of service (application crash) or execute arbitrary code via a crafted H.264 Annex-B video (.avi for example) file.
CVE-2014-9625 ↗	Jan 24, 2020Friday, 24 January 2020, 22:15	7.8 HIGH	6.8 MEDIUM
The GetUpdateFile function in misc/update.c in the Updater in VideoLAN VLC media player before 2.1.6 performs an incorrect cast operation from a 64-bit integer to a 32-bit integer, which allows remote attackers to conduct buffer overflow attacks and execute arbitrary code via a crafted update status file, aka an "integer truncation" vulnerability.
CVE-2014-9626 ↗	Jan 24, 2020Friday, 24 January 2020, 22:15	7.8 HIGH	6.8 MEDIUM
Integer underflow in the MP4_ReadBox_String function in modules/demux/mp4/libmp4.c in VideoLAN VLC media player before 2.1.6 allows remote attackers to cause a denial of service or possibly have unspecified other impact via a box size less than 7.
CVE-2014-9627 ↗	Jan 24, 2020Friday, 24 January 2020, 22:15	7.8 HIGH	6.8 MEDIUM
The MP4_ReadBox_String function in modules/demux/mp4/libmp4.c in VideoLAN VLC media player before 2.1.6 performs an incorrect cast operation from a 64-bit integer to a 32-bit integer, which allows remote attackers to cause a denial of service or possibly have unspecified other impact via a large box size.
CVE-2014-9628 ↗	Jan 24, 2020Friday, 24 January 2020, 22:15	7.8 HIGH	6.8 MEDIUM
The MP4_ReadBox_String function in modules/demux/mp4/libmp4.c in VideoLAN VLC media player before 2.1.6 allows remote attackers to trigger an unintended zero-size malloc and conduct buffer overflow attacks, and consequently execute arbitrary code, via a box size of 7.
CVE-2014-9629 ↗	Jan 24, 2020Friday, 24 January 2020, 22:15	7.8 HIGH	6.8 MEDIUM
Integer overflow in the Encode function in modules/codec/schroedinger.c in VideoLAN VLC media player before 2.1.6 and 2.2.x before 2.2.1 allows remote attackers to conduct buffer overflow attacks and execute arbitrary code via a crafted length value.
CVE-2014-9630 ↗	Jan 24, 2020Friday, 24 January 2020, 22:15	7.8 HIGH	6.8 MEDIUM
The rtp_packetize_xiph_config function in modules/stream_out/rtpfmt.c in VideoLAN VLC media player before 2.1.6 uses a stack-allocation approach with a size determined by arbitrary input data, which allows remote attackers to cause a denial of service (memory corruption) or possibly have unspecified other impact via a crafted length value.