Shodan
Vulnerabilities
Vulnerable Software
Videolan:  Security Vulnerabilities
CVE-2019-14438
A heap-based buffer over-read in xiph_PackHeaders() in modules/demux/xiph.h in VideoLAN VLC media player 3.0.7.1 allows remote attackers to trigger a heap-based buffer over-read via a crafted .ogg file.
CVSS Score
7.8
EPSS Score
0.003
Published
2019-08-29
CVE-2019-14498
A divide-by-zero error exists in the Control function of demux/caf.c in VideoLAN VLC media player 3.0.7.1. As a result, an FPE can be triggered via a crafted CAF file.
CVSS Score
7.8
EPSS Score
0.003
Published
2019-08-29
CVE-2019-14535
A divide-by-zero error exists in the SeekIndex function of demux/asf/asf.c in VideoLAN VLC media player 3.0.7.1. As a result, an FPE can be triggered via a crafted WMV file.
CVSS Score
7.8
EPSS Score
0.003
Published
2019-08-29
CVE-2019-5459
An Integer underflow in VLC Media Player versions < 3.0.7 leads to an out-of-band read.
CVSS Score
7.1
EPSS Score
0.009
Published
2019-07-30
CVE-2019-5460
Double Free in VLC versions <= 3.0.6 leads to a crash.
CVSS Score
5.5
EPSS Score
0.007
Published
2019-07-30
CVE-2019-13962
lavc_CopyPicture in modules/codec/avcodec/video.c in VideoLAN VLC media player through 3.0.7 has a heap-based buffer over-read because it does not properly validate the width and height.
CVSS Score
9.8
EPSS Score
0.019
Published
2019-07-18
CVE-2019-13615
libebml before 1.3.6, as used in the MKV module in VideoLAN VLC Media Player binaries before 3.0.3, has a heap-based buffer over-read in EbmlElement::FindNextElement.
CVSS Score
5.5
EPSS Score
0.003
Published
2019-07-16
CVE-2019-13602
An Integer Underflow in MP4_EIA608_Convert() in modules/demux/mp4/mp4.c in VideoLAN VLC media player through 3.0.7.1 allows remote attackers to cause a denial of service (heap-based buffer overflow and crash) or possibly have unspecified other impact via a crafted .mp4 file.
CVSS Score
7.8
EPSS Score
0.005
Published
2019-07-14
CVE-2019-12874
An issue was discovered in zlib_decompress_extra in modules/demux/mkv/util.cpp in VideoLAN VLC media player 3.x through 3.0.7. The Matroska demuxer, while parsing a malformed MKV file type, has a double free.
CVSS Score
9.8
EPSS Score
0.025
Published
2019-06-18
CVE-2019-5439
A Buffer Overflow in VLC Media Player < 3.0.7 causes a crash which can possibly be further developed into a remote code execution exploit.
CVSS Score
6.5
EPSS Score
0.158
Published
2019-06-13


Products
Pricing
Contact Us

Shodan ® - All rights reserved