pkg:Debian/vlc
163 total CVEsCRITICAL14HIGH50MEDIUM14
✅ Check your installed version
All known vulnerabilities
- from 0, < 3.0.20-0+deb11u1
- from 0, < 3.0.20-0+deb10u1
- from 0, < 3.0.20-0+deb11u1
- CRITICAL9.8CVE-2020-6072An exploitable code execution vulnerability exists in the label-parsing functionality of Videolabs libmicrodns 0.1.0.from 0, < 3.0.8-4
- CRITICAL9.8CVE-2019-13962lavc_CopyPicture in modules/codec/avcodec/video.c in VideoLAN VLC media player through 3.0.7 has a heap-based buffer over-read because it d…from 0, < 3.0.8-1
- from 0, < 3.0.7-1
- from 0, < 3.0.7-0+deb9u1
- from 0, < 2.2.6-3
- from 0, < 2.2.7-1~deb8u1
- CRITICAL9.8CVE-2014-6440VideoLAN VLC media player before 2.1.5 allows remote attackers to execute arbitrary code or cause a denial of service.from 0, < 2.1.5-1
- from 0, < 2.2.4-1~deb8u1
- from 0, < 2.2.3-2
- from 0, < 3.0.6-0+deb9u1
- from 0, < 3.0.4-4
- HIGH8.8CVE-2018-11516The vlc_demux_chained_Delete function in input/demux_chained.c in VideoLAN VLC media player 3.0.1 allows remote attackers to cause a denial…from 0, < 3.0.2-1
- from 0, < 3.0.2-0+deb9u1
- from 0, < 3.0.0~rc2-1
- from 0, < 3.0.21-0+deb11u1
- from 0, < 3.0.21-0+deb11u1
- from 0, < 3.0.3-1-1
- from 0, < 3.0.3-1-0+deb9u1
- from 0, < 3.0.18-0+deb11u1
- from 0, < 3.0.18-0+deb11u1
- from 0, < 3.0.17.4-0+deb10u2
- from 0, < 3.0.12-0+deb9u1
- from 0, < 3.0.12-0+deb10u1
- from 0, < 3.0.12-1
- from 0, < 3.0.11-0+deb9u1
- from 0, < 3.0.11-1
- from 0, < 3.0.9.2-1
- from 0, < 3.0.10-0+deb9u1
- HIGH7.8CVE-2014-9630The rtp_packetize_xiph_config function in modules/stream_out/rtpfmt.c in VideoLAN VLC media player before 2.1.6 uses a stack-allocation app…from 0, < 2.2.0~rc2-2
- HIGH7.8CVE-2014-9629Integer overflow in the Encode function in modules/codec/schroedinger.c in VideoLAN VLC media player before 2.1.6 and 2.2.x before 2.2.1 al…from 0, < 2.2.0~rc2-2
- HIGH7.8CVE-2014-9628The MP4_ReadBox_String function in modules/demux/mp4/libmp4.c in VideoLAN VLC media player before 2.1.6 allows remote attackers to trigger…from 0, < 2.2.0~rc2-2
- HIGH7.8CVE-2014-9627The MP4_ReadBox_String function in modules/demux/mp4/libmp4.c in VideoLAN VLC media player before 2.1.6 performs an incorrect cast operatio…from 0, < 2.2.0~rc2-2
- from 0, < 2.2.0~rc2-2
- from 0, < 2.0.3-5+deb7u2
- HIGH7.8CVE-2019-14970A vulnerability in mkv::event_thread_t in VideoLAN VLC media player 3.0.7.1 allows remote attackers to trigger a heap-based buffer overflow…from 0, < 3.0.8-1
- HIGH7.8CVE-2019-14778The mkv::virtual_segment_c::seek method of demux/mkv/virtual_segment.cpp in VideoLAN VLC media player 3.0.7.1 has a use-after-free.from 0, < 3.0.8-1
- HIGH7.8CVE-2019-14777The Control function of demux/mkv/mkv.cpp in VideoLAN VLC media player 3.0.7.1 has a use-after-free.from 0, < 3.0.8-1
- HIGH7.8CVE-2019-14776A heap-based buffer over-read exists in DemuxInit() in demux/asf/asf.c in VideoLAN VLC media player 3.0.7.1 via a crafted .mkv file.from 0, < 3.0.8-1
- HIGH7.8CVE-2019-14533The Control function of demux/asf/asf.c in VideoLAN VLC media player 3.0.7.1 has a use-after-free.from 0, < 3.0.8-1
- HIGH7.8CVE-2019-14535A divide-by-zero error exists in the SeekIndex function of demux/asf/asf.c in VideoLAN VLC media player 3.0.7.1.from 0, < 3.0.8-1
- HIGH7.8CVE-2019-14498A divide-by-zero error exists in the Control function of demux/caf.c in VideoLAN VLC media player 3.0.7.1.from 0, < 3.0.8-1
- HIGH7.8CVE-2019-14438A heap-based buffer over-read in xiph_PackHeaders() in modules/demux/xiph.h in VideoLAN VLC media player 3.0.7.1 allows remote attackers to…from 0, < 3.0.8-1
- HIGH7.8CVE-2019-14437The xiph_SplitHeaders function in modules/demux/xiph.h in VideoLAN VLC media player 3.0.7.1 does not check array bounds properly.from 0, < 3.0.8-1
- from 0, < 3.0.8-0+deb9u1
- from 0, < 3.0.7.1-2
- HIGH7.8CVE-2017-9301plugins\audio_filter\libmpgatofixed32_plugin.dll in VideoLAN VLC media player 2.2.4 allows remote attackers to cause a denial of service (i…from 0, < 2.2.5.1-1
- HIGH7.8CVE-2017-9300plugins\codec\libflac_plugin.dll in VideoLAN VLC media player 2.2.4 allows remote attackers to cause a denial of service (heap corruption a…from 0, < 2.2.6-3
- HIGH7.8CVE-2017-8311Potential heap based buffer overflow in ParseJSS in VideoLAN VLC before 2.2.5 due to skipping NULL terminator in an input string allows att…from 0, < 2.2.5-1
- HIGH7.5CVE-2023-47360Videolan VLC prior to version 3.0.20 contains an Integer underflow that leads to an incorrect packet length.from 0, < 3.0.20-0+deb11u1
- HIGH7.5CVE-2021-25804A NULL-pointer dereference in "Open" in avi.c of VideoLAN VLC Media Player 3.0.11 can a denial of service (DOS) in the application.from 0, < 3.0.12-1
- HIGH7.5CVE-2020-6080An exploitable denial-of-service vulnerability exists in the resource allocation handling of Videolabs libmicrodns 0.1.0.from 0, < 3.0.8-4
- HIGH7.5CVE-2020-6079An exploitable denial-of-service vulnerability exists in the resource allocation handling of Videolabs libmicrodns 0.1.0.from 0, < 3.0.8-4
- HIGH7.5CVE-2020-6078An exploitable denial-of-service vulnerability exists in the message-parsing functionality of Videolabs libmicrodns 0.1.0.from 0, < 3.0.8-4
- HIGH7.5CVE-2020-6077An exploitable denial-of-service vulnerability exists in the message-parsing functionality of Videolabs libmicrodns 0.1.0.from 0, < 3.0.8-4
- HIGH7.5CVE-2020-6073An exploitable denial-of-service vulnerability exists in the TXT record-parsing functionality of Videolabs libmicrodns 0.1.0.from 0, < 3.0.8-4
- HIGH7.5CVE-2020-6071An exploitable denial-of-service vulnerability exists in the resource record-parsing functionality of Videolabs libmicrodns 0.1.0.from 0, < 3.0.8-4
- HIGH7.1CVE-2021-25803A buffer overflow vulnerability in the vlc_input_attachment_New component of VideoLAN VLC Media Player 3.0.11 allows attackers to cause an…from 0, < 3.0.12-1
- HIGH7.1CVE-2021-25802A buffer overflow vulnerability in the AVI_ExtractSubtitle component of VideoLAN VLC Media Player 3.0.11 allows attackers to cause an out-o…from 0, < 3.0.12-1
- from 0, < 3.0.12-1
- from 0, < 3.0.11-0+deb9u2
- HIGH7.1CVE-2019-5459An Integer underflow in VLC Media Player versions < 3.0.7 leads to an out-of-band read.from 0, < 3.0.7-1
- MEDIUM6.5CVE-2019-5439A Buffer Overflow in VLC Media Player < 3.0.7 causes a crash which can possibly be further developed into a remote code execution exploit.from 0, < 3.0.7-1
- MEDIUM6.3CVE-2013-3245plugins/demux/libmkv_plugin.dll in VideoLAN VLC Media Player 2.0.7, and possibly other versions, allows remote attackers to cause a denial…from 0, < 2.0.7-1
- MEDIUM6.1CVE-2013-3565Multiple cross-site scripting (XSS) vulnerabilities in the HTTP Interface in VideoLAN VLC Media Player before 2.0.7 allow remote attackers…from 0, < 2.0.7-1
- MEDIUM5.5CVE-2019-14534In VideoLAN VLC media player 3.0.7.1, there is a NULL pointer dereference at the function SeekPercent of demux/asf/asf.c that will lead to…from 0, < 3.0.8-1
- from 0, < 3.0.7-1
- MEDIUM5.5CVE-2017-8313Heap out-of-bound read in ParseJSS in VideoLAN VLC before 2.2.5 due to missing check of string termination allows attackers to read data be…from 0, < 2.2.5-1
- MEDIUM5.5CVE-2017-8312Heap out-of-bound read in ParseJSS in VideoLAN VLC due to missing check of string length allows attackers to read heap uninitialized data v…from 0, < 2.2.6-1~deb9u1
- from 0, < 2.2.6-1~deb8u1
- from 0, < 2.2.5.1-1~deb9u1
- MEDIUM5.5CVE-2016-3941Buffer overflow in the AStreamPeekStream function in input/stream.c in VideoLAN VLC media player before 2.2.0 allows remote attackers to ca…from 0, < 2.2.0-1
- MEDIUM5.3CVE-2013-3564The web interface in VideoLAN VLC media player before 2.0.7 has no access control which allows remote attackers to view directory listings…from 0, < 2.0.7-1
- from 0, < 3.0.22-0+deb12u1
- from 0, < 3.0.23-0+deb11u1
- from 0, < 3.0.23-0+deb11u1
- from 0, < 2.2.0~rc2-2+deb8u1
- from 0, < 2.2.1-3
- —CVE-2014-9743Cross-site scripting (XSS) vulnerability in the httpd_HtmlError function in network/httpd.c in the web interface in VideoLAN VLC Media Play…from 0, < 2.2.0~rc2-1
- —CVE-2011-3623Multiple stack-based buffer overflows in VideoLAN VLC media player before 1.0.2 allow remote attackers to execute arbitrary code via (1) a…from 0, < 1.1.3-1
- from 0, < 1.0.1-1
- from 0, < 0.8.6.h-4+lenny2.3
- —CVE-2010-1445Heap-based buffer overflow in VideoLAN VLC media player before 1.0.6 allows remote attackers to cause a denial of service (application cras…from 0, < 1.0.6-1
- —CVE-2010-1444The ZIP archive decompressor in VideoLAN VLC media player before 1.0.6 allows remote attackers to cause a denial of service (invalid memory…from 0, < 1.0.6-1
- —CVE-2010-1443The parse_track_node function in modules/demux/playlist/xspf.c in the XSPF playlist parser in VideoLAN VLC media player before 1.0.6 allows…from 0, < 1.0.6-1
- —CVE-2010-1442VideoLAN VLC media player before 1.0.6 allows remote attackers to cause a denial of service (invalid memory access and application crash) o…from 0, < 1.0.6-1
- —CVE-2010-1441Multiple heap-based buffer overflows in VideoLAN VLC media player before 1.0.6 allow remote attackers to cause a denial of service (applica…from 0, < 1.0.6-1
- —CVE-2013-7340VideoLAN VLC Media Player before 2.0.7 allows remote attackers to cause a denial of service (memory consumption) via a crafted playlist fil…from 0, < 2.2.0~rc2-1
- —CVE-2014-1684The ASF_ReadObject_file_properties function in modules/demux/asf/libasf.c in the ASF Demuxer in VideoLAN VLC Media Player before 2.1.3 allo…from 0, < 2.1.4-1
- from 0, < 2.0.3-5+deb7u2
- from 0, < 2.1.4-1
- —CVE-2013-6283VideoLAN VLC Media Player 2.0.8 and earlier allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary cod…from 0, < 2.1.0-2
- —CVE-2013-4388Buffer overflow in the mp4a packetizer (modules/packetizer/mpeg4audio.c) in VideoLAN VLC Media Player before 2.0.8 allows remote attackers…from 0, < 2.1.0-1
- —CVE-2013-1954The ASF Demuxer (modules/demux/asf/asf.c) in VideoLAN VLC media player 2.0.5 and earlier allows remote attackers to cause a denial of servi…from 0, < 2.0.6-1
- from 0, < 2.0.5-1
- from 0, < 2.0.3-5+deb7u1
- —CVE-2012-0023Double free vulnerability in the get_chunk_header function in modules/demux/ty.c in VideoLAN VLC media player 0.9.0 through 1.1.12 allows r…from 0, < 1.1.13-1
- —CVE-2012-5470libpng_plugin in VideoLAN VLC media player 2.0.3 allows remote attackers to cause a denial of service (application crash) via a crafted PNG…from 0, < 2.0.4-1
- —CVE-2012-3377Heap-based buffer overflow in the Ogg_DecodePacket function in the OGG demuxer (modules/demux/ogg.c) in VideoLAN VLC media player before 2.…from 0, < 2.0.2-1
- —CVE-2012-1776Multiple heap-based buffer overflows in VideoLAN VLC media player before 2.0.1 allow remote attackers to cause a denial of service (applica…from 0, < 2.0.1-1
- —CVE-2012-1775Stack-based buffer overflow in VideoLAN VLC media player before 2.0.1 allows remote attackers to execute arbitrary code via a crafted MMS:/…from 0, < 2.0.1-1
- —CVE-2011-2588Heap-based buffer overflow in the AVI_ChunkRead_strf function in libavi.c in the AVI demuxer in VideoLAN VLC media player before 1.1.11 all…from 0, < 1.1.11-1
- —CVE-2011-2587Heap-based buffer overflow in the DemuxAudioSipr function in real.c in the RealMedia demuxer in VideoLAN VLC media player 1.1.x before 1.1.…from 0, < 1.1.11-1
- from 0, < 1.1.10-1
- from 0, < 1.1.3-1squeeze6
- from 0, < 1.1.8-3
- from 0, < 1.1.3-1squeeze5
- —CVE-2011-1087Buffer overflow in VideoLAN VLC media player 1.0.5 allows user-assisted remote attackers to cause a denial of service (memory corruption an…from 0, < 1.1.10-1
- —CVE-2010-3276libdirectx_plugin.dll in VideoLAN VLC Media Player before 1.1.8 allows remote attackers to execute arbitrary code via a crafted width in an…from 0, < 1.1.8-1
- from 0, < 1.1.3-1squeeze4
- from 0, < 1.1.8-1
- from 0, < 1.1.7-1
- from 0, < 1.1.3-1squeeze3
- —CVE-2011-0522The StripTags function in (1) the USF decoder (modules/codec/subtitles/subsdec.c) and (2) the Text decoder (modules/codec/subtitles/subsusf…from 0, < 1.1.3-1squeeze2
- —CVE-2011-0021Multiple heap-based buffer overflows in cdg.c in the CDG decoder in VideoLAN VLC Media Player before 1.1.6 allow remote attackers to cause…from 0, < 1.1.3-1squeeze2
- —CVE-2010-3907Multiple integer overflows in real.c in the Real demuxer plugin in VideoLAN VLC Media Player before 1.1.6 allow remote attackers to cause a…from 0, < 1.1.3-1squeeze1
- —CVE-2010-2937The ReadMetaFromId3v2 function in taglib.cpp in the TagLib plugin in VideoLAN VLC media player 0.9.0 through 1.1.2 does not properly proces…from 0, < 1.1.3-1
- —CVE-2010-0364Stack-based buffer overflow in VideoLAN VLC Media Player 0.8.6 allows user-assisted remote attackers to execute arbitrary code via an ogg f…from 0, < 0.8.6.c-4.1
- —CVE-2009-1045requests/status.xml in VLC 0.9.8a allows remote attackers to cause a denial of service (stack consumption and crash) via a long input argum…from 0, < 0.9.9a-1
- —CVE-2008-5276Integer overflow in the ReadRealIndex function in real.c in the Real demuxer plugin in VideoLAN VLC media player 0.9.0 through 0.9.7 allows…from 0, < 0.9.8a-1
- —CVE-2008-5036Stack-based buffer overflow in VideoLAN VLC media player 0.9.x before 0.9.6 might allow user-assisted attackers to execute arbitrary code v…from 0, < 1.0.3-1
- from 0, < 0.8.6.h-5
- from 0, < 0.8.6.h-4+lenny2
- from 0, < 0.8.6.h-4+lenny1
- from 0, < 0.8.6.h-4.1
- —CVE-2008-4654Stack-based buffer overflow in the parse_master function in the Ty demux plugin (modules/demux/ty.c) in VLC Media Player 0.9.0 through 0.9.…from 0, < 1.0.3-1
- —CVE-2008-4558Array index error in VLC media player 0.9.2 allows remote attackers to overwrite arbitrary memory and execute arbitrary code via an XSPF pl…from 0, < 0.9.3-1
- —CVE-2008-3794Integer signedness error in the mms_ReceiveCommand function in modules/access/mms/mmstu.c in VLC Media Player 0.8.6i allows remote attacker…from 0, < 0.8.6.h-4
- from 0, < 0.8.6.h-1+lenny1
- from 0, < 0.8.6.h-2
- from 0, < 0.8.6.h-1
- from 0, < 0.8.6.e-2.3+lenny1
- —CVE-2008-2147Untrusted search path vulnerability in VideoLAN VLC before 0.9.0 allows local users to execute arbitrary code via a malicious library under…from 0, < 0.8.6.e-2.2
- —CVE-2008-1769VLC before 0.8.6f allow remote attackers to cause a denial of service (crash) via a crafted Cinepak file that triggers an out-of-bounds arr…from 0, < 0.8.6.e-2.1
- from 0, < 0.8.6.e-2.1
- from 0, < 0.8.6-svn20061012.debian-5.1+etch3
- from 0, < 0.8.6.c-6+lenny4
- —CVE-2008-1881Stack-based buffer overflow in the ParseSSA function (modules/demux/subtitle.c) in VLC 0.8.6e allows remote attackers to execute arbitrary…from 0, < 0.8.6.e-2.1
- —CVE-2008-1489Integer overflow in the MP4_ReadBox_rdrf function in libmp4.c for VLC 0.8.6e allows remote attackers to cause a denial of service (crash) a…from 0, < 0.8.6.e-1.1
- from 0, < 0.8.6.c-6+lenny3
- from 0, < 0.8.6.e-2
- from 0, < 0.8.6.c-6+lenny1
- from 0, < 0.8.6.e-1
- from 0, < 0.8.6.c-4.1
- from 0, < 0.8.6-svn20061012.debian-5.1+etch2
- from 0, < 0.8.6.c-6+lenny5
- —CVE-2007-6682Format string vulnerability in the httpd_FileCallBack function (network/httpd.c) in VideoLAN VLC 0.8.6d allows remote attackers to execute…from 0, < 0.8.6.c-4.1
- from 0, < 0.8.6.c-4.1
- —CVE-2007-6684The RTSP module in VideoLAN VLC 0.8.6d allows remote attackers to cause a denial of service (crash) via a request without a Transport param…from 0, < 0.8.6.c-4.1
- —CVE-2008-0296Heap-based buffer overflow in the libaccess_realrtsp plugin in VideoLAN VLC Media Player 0.8.6d and earlier on Windows might allow remote R…from 0, < 0.8.6.c-6
- from 0, < 0.8.6.c-6
- from 0, < 0.8.6.c-4.1~lenny2
- —CVE-2007-3467Integer overflow in the __status_Update function in stats.c VideoLAN VLC Media Player before 0.8.6c allows remote attackers to cause a deni…from 0, < 0.8.6.c-1
- —CVE-2007-3468input.c in VideoLAN VLC Media Player before 0.8.6c allows remote attackers to cause a denial of service (crash) via a crafted WAV file that…from 0, < 0.8.6.c.debian-1
- from 0, < 0.8.6.c-1
- from 0, < 0.8.1.svn20050314-1sarge3
- —CVE-2007-0256VideoLAN VLC 0.8.6a allows remote attackers to cause a denial of service (application crash) via a crafted .wmv file.from 0, < 0.8.6.c-1
- from 0, < 0.8.1.svn20050314-1sarge2
- from 0, < 0.8.6-svn20061012.debian-1.2
- from 0, < 0.8.4.debian-2
- from 0, < 0.8.1.svn20050314-1sarge1