Videolan: >> Vlc Media Player Security Vulnerabilities
The SHAddToRecentDocs function in VideoLAN VLC media player 2.0.4 and earlier might allow user-assisted attackers to cause a denial of service (crash) via a crafted file name that triggers an incorrect string-length calculation when the file is added to VLC. NOTE: it is not clear whether this issue crosses privilege boundaries or whether it can be exploited without user interaction.
CVSS Score
4.3
EPSS Score
0.003
Published
2013-07-10
Double free vulnerability in the get_chunk_header function in modules/demux/ty.c in VideoLAN VLC media player 0.9.0 through 1.1.12 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a crafted TiVo (TY) file.
CVSS Score
9.3
EPSS Score
0.092
Published
2012-10-30
libpng_plugin in VideoLAN VLC media player 2.0.3 allows remote attackers to cause a denial of service (application crash) via a crafted PNG file.
CVSS Score
4.3
EPSS Score
0.143
Published
2012-10-26
Heap-based buffer overflow in the Ogg_DecodePacket function in the OGG demuxer (modules/demux/ogg.c) in VideoLAN VLC media player before 2.0.2 allows remote attackers to cause a denial of service (application crash) and possibly execute arbitrary code via a crafted OGG file.
CVSS Score
6.8
EPSS Score
0.039
Published
2012-07-12
VideoLAN VLC media player 2.0.1 allows remote attackers to cause a denial of service (divide-by-zero error and application crash) via a crafted MP4 file.
CVSS Score
4.3
EPSS Score
0.068
Published
2012-04-19
Stack-based buffer overflow in VideoLAN VLC media player before 2.0.1 allows remote attackers to execute arbitrary code via a crafted MMS:// stream.
CVSS Score
9.3
EPSS Score
0.623
Published
2012-03-19
Multiple heap-based buffer overflows in VideoLAN VLC media player before 2.0.1 allow remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a crafted Real RTSP stream.
CVSS Score
9.3
EPSS Score
0.041
Published
2012-03-19
VLC media player 1.1.11 allows remote attackers to cause a denial of service (crash) via a long string in an amr file.
CVSS Score
4.3
EPSS Score
0.214
Published
2012-01-20
Heap-based buffer overflow in the DemuxAudioSipr function in real.c in the RealMedia demuxer in VideoLAN VLC media player 1.1.x before 1.1.11 allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a crafted Real Media file.
CVSS Score
6.8
EPSS Score
0.032
Published
2011-07-27
Heap-based buffer overflow in the AVI_ChunkRead_strf function in libavi.c in the AVI demuxer in VideoLAN VLC media player before 1.1.11 allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a crafted AVI media file.
CVSS Score
6.8
EPSS Score
0.032
Published
2011-07-27