Shodan
Vulnerabilities
Vulnerable Software
Videolan:  >> Vlc Media Player  Security Vulnerabilities
CVE-2019-5459
An Integer underflow in VLC Media Player versions < 3.0.7 leads to an out-of-band read.
CVSS Score
7.1
EPSS Score
0.004
Published
2019-07-30
CVE-2019-5460
Double Free in VLC versions <= 3.0.6 leads to a crash.
CVSS Score
5.5
EPSS Score
0.004
Published
2019-07-30
CVE-2019-13962
lavc_CopyPicture in modules/codec/avcodec/video.c in VideoLAN VLC media player through 3.0.7 has a heap-based buffer over-read because it does not properly validate the width and height.
CVSS Score
9.8
EPSS Score
0.016
Published
2019-07-18
CVE-2019-13615
libebml before 1.3.6, as used in the MKV module in VideoLAN VLC Media Player binaries before 3.0.3, has a heap-based buffer over-read in EbmlElement::FindNextElement.
CVSS Score
5.5
EPSS Score
0.003
Published
2019-07-16
CVE-2019-13602
An Integer Underflow in MP4_EIA608_Convert() in modules/demux/mp4/mp4.c in VideoLAN VLC media player through 3.0.7.1 allows remote attackers to cause a denial of service (heap-based buffer overflow and crash) or possibly have unspecified other impact via a crafted .mp4 file.
CVSS Score
7.8
EPSS Score
0.005
Published
2019-07-14
CVE-2019-12874
An issue was discovered in zlib_decompress_extra in modules/demux/mkv/util.cpp in VideoLAN VLC media player 3.x through 3.0.7. The Matroska demuxer, while parsing a malformed MKV file type, has a double free.
CVSS Score
9.8
EPSS Score
0.025
Published
2019-06-18
CVE-2019-5439
A Buffer Overflow in VLC Media Player < 3.0.7 causes a crash which can possibly be further developed into a remote code execution exploit.
CVSS Score
6.5
EPSS Score
0.045
Published
2019-06-13
CVE-2018-19857
The CAF demuxer in modules/demux/caf.c in VideoLAN VLC media player 3.0.4 may read memory from an uninitialized pointer when processing magic cookies in CAF files, because a ReadKukiChunk() cast converts a return value to an unsigned int even if that value is negative. This could result in a denial of service and/or a potential infoleak.
CVSS Score
9.1
EPSS Score
0.016
Published
2018-12-05
CVE-2018-11529
VideoLAN VLC media player 2.2.x is prone to a use after free vulnerability which an attacker can leverage to execute arbitrary code via crafted MKV files. Failed exploit attempts will likely result in denial of service conditions.
CVSS Score
8.0
EPSS Score
0.745
Published
2018-07-11
CVE-2018-11516
The vlc_demux_chained_Delete function in input/demux_chained.c in VideoLAN VLC media player 3.0.1 allows remote attackers to cause a denial of service (heap corruption and application crash) or possibly have unspecified other impact via a crafted .swf file.
CVSS Score
8.8
EPSS Score
0.006
Published
2018-05-28


Products
Pricing
Contact Us

Shodan ® - All rights reserved