Videolan: >> Vlc Media Player >> 2.2.1 Security Vulnerabilities
Heap out-of-bound read in ParseJSS in VideoLAN VLC before 2.2.5 due to missing check of string termination allows attackers to read data beyond allocated memory and potentially crash the process via a crafted subtitles file.
CVSS Score
5.5
EPSS Score
0.003
Published
2017-05-23
Buffer overflow in the DecodeAdpcmImaQT function in modules/codec/adpcm.c in VideoLAN VLC media player before 2.2.4 allows remote attackers to cause a denial of service (crash) or possibly execute arbitrary code via a crafted QuickTime IMA file.
CVSS Score
9.8
EPSS Score
0.27
Published
2016-06-08
VideoLAN VLC media player 2.2.1 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a crafted 3GP file, which triggers the freeing of arbitrary pointers.
CVSS Score
6.8
EPSS Score
0.07
Published
2015-08-25
Page 3