pkg:Debian/vlc

All known vulnerabilities

• CRITICAL9.8CVE-2023-47359vlc - security update
  from 0, < 3.0.20-0+deb11u1
• CRITICAL9.8CVE-2023-47359vlc - security update
  from 0, < 3.0.20-0+deb10u1
• CRITICAL9.8CVE-2023-47359vlc - security update
  from 0, < 3.0.20-0+deb11u1
• CRITICAL9.8An exploitable code execution vulnerability exists in the label-parsing functionality of Videolabs libmicrodns 0.1.0.
  from 0, < 3.0.8-4
• CRITICAL9.8lavc_CopyPicture in modules/codec/avcodec/video.c in VideoLAN VLC media player through 3.0.7 has a heap-based buffer over-read because it d…
  from 0, < 3.0.8-1
• CRITICAL9.8vlc - security update
  from 0, < 3.0.7-1
• CRITICAL9.8vlc - security update
  from 0, < 3.0.7-0+deb9u1
• CRITICAL9.8vlc - security update
  from 0, < 2.2.6-3
• CRITICAL9.8vlc - security update
  from 0, < 2.2.7-1~deb8u1
• CRITICAL9.8VideoLAN VLC media player before 2.1.5 allows remote attackers to execute arbitrary code or cause a denial of service.
  from 0, < 2.1.5-1
• CRITICAL9.8vlc - security update
  from 0, < 2.2.4-1~deb8u1
• CRITICAL9.8vlc - security update
  from 0, < 2.2.3-2
• CRITICAL9.1vlc - security update
  from 0, < 3.0.6-0+deb9u1
• CRITICAL9.1vlc - security update
  from 0, < 3.0.4-4
• HIGH8.8The vlc_demux_chained_Delete function in input/demux_chained.c in VideoLAN VLC media player 3.0.1 allows remote attackers to cause a denial…
  from 0, < 3.0.2-1
• HIGH8.8vlc - security update
  from 0, < 3.0.2-0+deb9u1
• HIGH8.8vlc - security update
  from 0, < 3.0.0~rc2-1
• HIGH8.0vlc - security update
  from 0, < 3.0.21-0+deb11u1
• HIGH8.0vlc - security update
  from 0, < 3.0.21-0+deb11u1
• HIGH8.0vlc - security update
  from 0, < 3.0.3-1-1
• HIGH8.0vlc - security update
  from 0, < 3.0.3-1-0+deb9u1
• HIGH7.8vlc - security update
  from 0, < 3.0.18-0+deb11u1
• HIGH7.8vlc - security update
  from 0, < 3.0.18-0+deb11u1
• HIGH7.8vlc - security update
  from 0, < 3.0.17.4-0+deb10u2
• HIGH7.8vlc - security update
  from 0, < 3.0.12-0+deb9u1
• HIGH7.8vlc - security update
  from 0, < 3.0.12-0+deb10u1
• HIGH7.8vlc - security update
  from 0, < 3.0.12-1
• HIGH7.8vlc - security update
  from 0, < 3.0.11-0+deb9u1
• HIGH7.8vlc - security update
  from 0, < 3.0.11-1
• HIGH7.8vlc - security update
  from 0, < 3.0.9.2-1
• HIGH7.8vlc - security update
  from 0, < 3.0.10-0+deb9u1
• HIGH7.8The rtp_packetize_xiph_config function in modules/stream_out/rtpfmt.c in VideoLAN VLC media player before 2.1.6 uses a stack-allocation app…
  from 0, < 2.2.0~rc2-2
• HIGH7.8Integer overflow in the Encode function in modules/codec/schroedinger.c in VideoLAN VLC media player before 2.1.6 and 2.2.x before 2.2.1 al…
  from 0, < 2.2.0~rc2-2
• HIGH7.8The MP4_ReadBox_String function in modules/demux/mp4/libmp4.c in VideoLAN VLC media player before 2.1.6 allows remote attackers to trigger…
  from 0, < 2.2.0~rc2-2
• HIGH7.8The MP4_ReadBox_String function in modules/demux/mp4/libmp4.c in VideoLAN VLC media player before 2.1.6 performs an incorrect cast operatio…
  from 0, < 2.2.0~rc2-2
• HIGH7.8vlc - security update
  from 0, < 2.2.0~rc2-2
• HIGH7.8vlc - security update
  from 0, < 2.0.3-5+deb7u2
• HIGH7.8A vulnerability in mkv::event_thread_t in VideoLAN VLC media player 3.0.7.1 allows remote attackers to trigger a heap-based buffer overflow…
  from 0, < 3.0.8-1
• HIGH7.8The mkv::virtual_segment_c::seek method of demux/mkv/virtual_segment.cpp in VideoLAN VLC media player 3.0.7.1 has a use-after-free.
  from 0, < 3.0.8-1
• HIGH7.8The Control function of demux/mkv/mkv.cpp in VideoLAN VLC media player 3.0.7.1 has a use-after-free.
  from 0, < 3.0.8-1
• HIGH7.8A heap-based buffer over-read exists in DemuxInit() in demux/asf/asf.c in VideoLAN VLC media player 3.0.7.1 via a crafted .mkv file.
  from 0, < 3.0.8-1
• HIGH7.8The Control function of demux/asf/asf.c in VideoLAN VLC media player 3.0.7.1 has a use-after-free.
  from 0, < 3.0.8-1
• HIGH7.8A divide-by-zero error exists in the SeekIndex function of demux/asf/asf.c in VideoLAN VLC media player 3.0.7.1.
  from 0, < 3.0.8-1
• HIGH7.8A divide-by-zero error exists in the Control function of demux/caf.c in VideoLAN VLC media player 3.0.7.1.
  from 0, < 3.0.8-1
• HIGH7.8A heap-based buffer over-read in xiph_PackHeaders() in modules/demux/xiph.h in VideoLAN VLC media player 3.0.7.1 allows remote attackers to…
  from 0, < 3.0.8-1
• HIGH7.8The xiph_SplitHeaders function in modules/demux/xiph.h in VideoLAN VLC media player 3.0.7.1 does not check array bounds properly.
  from 0, < 3.0.8-1
• HIGH7.8vlc - security update
  from 0, < 3.0.8-0+deb9u1
• HIGH7.8vlc - security update
  from 0, < 3.0.7.1-2
• HIGH7.8plugins\audio_filter\libmpgatofixed32_plugin.dll in VideoLAN VLC media player 2.2.4 allows remote attackers to cause a denial of service (i…
  from 0, < 2.2.5.1-1
• HIGH7.8plugins\codec\libflac_plugin.dll in VideoLAN VLC media player 2.2.4 allows remote attackers to cause a denial of service (heap corruption a…
  from 0, < 2.2.6-3
• HIGH7.8Potential heap based buffer overflow in ParseJSS in VideoLAN VLC before 2.2.5 due to skipping NULL terminator in an input string allows att…
  from 0, < 2.2.5-1
• HIGH7.5Videolan VLC prior to version 3.0.20 contains an Integer underflow that leads to an incorrect packet length.
  from 0, < 3.0.20-0+deb11u1
• HIGH7.5A NULL-pointer dereference in "Open" in avi.c of VideoLAN VLC Media Player 3.0.11 can a denial of service (DOS) in the application.
  from 0, < 3.0.12-1
• HIGH7.5An exploitable denial-of-service vulnerability exists in the resource allocation handling of Videolabs libmicrodns 0.1.0.
  from 0, < 3.0.8-4
• HIGH7.5An exploitable denial-of-service vulnerability exists in the resource allocation handling of Videolabs libmicrodns 0.1.0.
  from 0, < 3.0.8-4
• HIGH7.5An exploitable denial-of-service vulnerability exists in the message-parsing functionality of Videolabs libmicrodns 0.1.0.
  from 0, < 3.0.8-4
• HIGH7.5An exploitable denial-of-service vulnerability exists in the message-parsing functionality of Videolabs libmicrodns 0.1.0.
  from 0, < 3.0.8-4
• HIGH7.5An exploitable denial-of-service vulnerability exists in the TXT record-parsing functionality of Videolabs libmicrodns 0.1.0.
  from 0, < 3.0.8-4
• HIGH7.5An exploitable denial-of-service vulnerability exists in the resource record-parsing functionality of Videolabs libmicrodns 0.1.0.
  from 0, < 3.0.8-4
• HIGH7.1A buffer overflow vulnerability in the vlc_input_attachment_New component of VideoLAN VLC Media Player 3.0.11 allows attackers to cause an…
  from 0, < 3.0.12-1
• HIGH7.1A buffer overflow vulnerability in the AVI_ExtractSubtitle component of VideoLAN VLC Media Player 3.0.11 allows attackers to cause an out-o…
  from 0, < 3.0.12-1
• HIGH7.1vlc - security update
  from 0, < 3.0.12-1
• HIGH7.1vlc - security update
  from 0, < 3.0.11-0+deb9u2
• HIGH7.1An Integer underflow in VLC Media Player versions < 3.0.7 leads to an out-of-band read.
  from 0, < 3.0.7-1
• MEDIUM6.5A Buffer Overflow in VLC Media Player < 3.0.7 causes a crash which can possibly be further developed into a remote code execution exploit.
  from 0, < 3.0.7-1
• MEDIUM6.3plugins/demux/libmkv_plugin.dll in VideoLAN VLC Media Player 2.0.7, and possibly other versions, allows remote attackers to cause a denial…
  from 0, < 2.0.7-1
• MEDIUM6.1Multiple cross-site scripting (XSS) vulnerabilities in the HTTP Interface in VideoLAN VLC Media Player before 2.0.7 allow remote attackers…
  from 0, < 2.0.7-1
• MEDIUM5.5In VideoLAN VLC media player 3.0.7.1, there is a NULL pointer dereference at the function SeekPercent of demux/asf/asf.c that will lead to…
  from 0, < 3.0.8-1
• MEDIUM5.5Double Free in VLC versions <= 3.0.6 leads to a crash.
  from 0, < 3.0.7-1
• MEDIUM5.5Heap out-of-bound read in ParseJSS in VideoLAN VLC before 2.2.5 due to missing check of string termination allows attackers to read data be…
  from 0, < 2.2.5-1
• MEDIUM5.5Heap out-of-bound read in ParseJSS in VideoLAN VLC due to missing check of string length allows attackers to read heap uninitialized data v…
  from 0, < 2.2.6-1~deb9u1
• MEDIUM5.5vlc - security update
  from 0, < 2.2.6-1~deb8u1
• MEDIUM5.5vlc - security update
  from 0, < 2.2.5.1-1~deb9u1
• MEDIUM5.5Buffer overflow in the AStreamPeekStream function in input/stream.c in VideoLAN VLC media player before 2.2.0 allows remote attackers to ca…
  from 0, < 2.2.0-1
• MEDIUM5.3The web interface in VideoLAN VLC media player before 2.0.7 has no access control which allows remote attackers to view directory listings…
  from 0, < 2.0.7-1
• MEDIUM4.8vlc - security update
  from 0, < 3.0.22-0+deb12u1
• MEDIUM4.8vlc - security update
  from 0, < 3.0.23-0+deb11u1
• MEDIUM4.8vlc - security update
  from 0, < 3.0.23-0+deb11u1
• —vlc - security update
  from 0, < 2.2.0~rc2-2+deb8u1
• —vlc - security update
  from 0, < 2.2.1-3
• —Cross-site scripting (XSS) vulnerability in the httpd_HtmlError function in network/httpd.c in the web interface in VideoLAN VLC Media Play…
  from 0, < 2.2.0~rc2-1
• —Multiple stack-based buffer overflows in VideoLAN VLC media player before 1.0.2 allow remote attackers to execute arbitrary code via (1) a…
  from 0, < 1.1.3-1
• —mplayer - arbitrary code execution
  from 0, < 1.0.1-1
• —mplayer - arbitrary code execution
  from 0, < 0.8.6.h-4+lenny2.3
• —Heap-based buffer overflow in VideoLAN VLC media player before 1.0.6 allows remote attackers to cause a denial of service (application cras…
  from 0, < 1.0.6-1
• —The ZIP archive decompressor in VideoLAN VLC media player before 1.0.6 allows remote attackers to cause a denial of service (invalid memory…
  from 0, < 1.0.6-1
• —The parse_track_node function in modules/demux/playlist/xspf.c in the XSPF playlist parser in VideoLAN VLC media player before 1.0.6 allows…
  from 0, < 1.0.6-1
• —VideoLAN VLC media player before 1.0.6 allows remote attackers to cause a denial of service (invalid memory access and application crash) o…
  from 0, < 1.0.6-1
• —Multiple heap-based buffer overflows in VideoLAN VLC media player before 1.0.6 allow remote attackers to cause a denial of service (applica…
  from 0, < 1.0.6-1
• —VideoLAN VLC Media Player before 2.0.7 allows remote attackers to cause a denial of service (memory consumption) via a crafted playlist fil…
  from 0, < 2.2.0~rc2-1
• —The ASF_ReadObject_file_properties function in modules/demux/asf/libasf.c in the ASF Demuxer in VideoLAN VLC Media Player before 2.1.3 allo…
  from 0, < 2.1.4-1
• —liblivemedia - security update
  from 0, < 2.0.3-5+deb7u2
• —liblivemedia - security update
  from 0, < 2.1.4-1
• —VideoLAN VLC Media Player 2.0.8 and earlier allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary cod…
  from 0, < 2.1.0-2
• —Buffer overflow in the mp4a packetizer (modules/packetizer/mpeg4audio.c) in VideoLAN VLC Media Player before 2.0.8 allows remote attackers…
  from 0, < 2.1.0-1
• —The ASF Demuxer (modules/demux/asf/asf.c) in VideoLAN VLC media player 2.0.5 and earlier allows remote attackers to cause a denial of servi…
  from 0, < 2.0.6-1
• —vlc - security update
  from 0, < 2.0.5-1
• —vlc - security update
  from 0, < 2.0.3-5+deb7u1
• —Double free vulnerability in the get_chunk_header function in modules/demux/ty.c in VideoLAN VLC media player 0.9.0 through 1.1.12 allows r…
  from 0, < 1.1.13-1
• —libpng_plugin in VideoLAN VLC media player 2.0.3 allows remote attackers to cause a denial of service (application crash) via a crafted PNG…
  from 0, < 2.0.4-1
• —Heap-based buffer overflow in the Ogg_DecodePacket function in the OGG demuxer (modules/demux/ogg.c) in VideoLAN VLC media player before 2.…
  from 0, < 2.0.2-1
• —Multiple heap-based buffer overflows in VideoLAN VLC media player before 2.0.1 allow remote attackers to cause a denial of service (applica…
  from 0, < 2.0.1-1
• —Stack-based buffer overflow in VideoLAN VLC media player before 2.0.1 allows remote attackers to execute arbitrary code via a crafted MMS:/…
  from 0, < 2.0.1-1
• —Heap-based buffer overflow in the AVI_ChunkRead_strf function in libavi.c in the AVI demuxer in VideoLAN VLC media player before 1.1.11 all…
  from 0, < 1.1.11-1
• —Heap-based buffer overflow in the DemuxAudioSipr function in real.c in the RealMedia demuxer in VideoLAN VLC media player 1.1.x before 1.1.…
  from 0, < 1.1.11-1
• —vlc - buffer overflow
  from 0, < 1.1.10-1
• —vlc - buffer overflow
  from 0, < 1.1.3-1squeeze6
• —vlc - heap-based buffer overflow
  from 0, < 1.1.8-3
• —vlc - heap-based buffer overflow
  from 0, < 1.1.3-1squeeze5
• —Buffer overflow in VideoLAN VLC media player 1.0.5 allows user-assisted remote attackers to cause a denial of service (memory corruption an…
  from 0, < 1.1.10-1
• —libdirectx_plugin.dll in VideoLAN VLC Media Player before 1.1.8 allows remote attackers to execute arbitrary code via a crafted width in an…
  from 0, < 1.1.8-1
• —vlc - missing input sanitising
  from 0, < 1.1.3-1squeeze4
• —vlc - missing input sanitising
  from 0, < 1.1.8-1
• —vlc - missing input sanitising
  from 0, < 1.1.7-1
• —vlc - missing input sanitising
  from 0, < 1.1.3-1squeeze3
• —The StripTags function in (1) the USF decoder (modules/codec/subtitles/subsdec.c) and (2) the Text decoder (modules/codec/subtitles/subsusf…
  from 0, < 1.1.3-1squeeze2
• —Multiple heap-based buffer overflows in cdg.c in the CDG decoder in VideoLAN VLC Media Player before 1.1.6 allow remote attackers to cause…
  from 0, < 1.1.3-1squeeze2
• —Multiple integer overflows in real.c in the Real demuxer plugin in VideoLAN VLC Media Player before 1.1.6 allow remote attackers to cause a…
  from 0, < 1.1.3-1squeeze1
• —The ReadMetaFromId3v2 function in taglib.cpp in the TagLib plugin in VideoLAN VLC media player 0.9.0 through 1.1.2 does not properly proces…
  from 0, < 1.1.3-1
• —Stack-based buffer overflow in VideoLAN VLC Media Player 0.8.6 allows user-assisted remote attackers to execute arbitrary code via an ogg f…
  from 0, < 0.8.6.c-4.1
• —requests/status.xml in VLC 0.9.8a allows remote attackers to cause a denial of service (stack consumption and crash) via a long input argum…
  from 0, < 0.9.9a-1
• —Integer overflow in the ReadRealIndex function in real.c in the Real demuxer plugin in VideoLAN VLC media player 0.9.0 through 0.9.7 allows…
  from 0, < 0.9.8a-1
• —Stack-based buffer overflow in VideoLAN VLC media player 0.9.x before 0.9.6 might allow user-assisted attackers to execute arbitrary code v…
  from 0, < 1.0.3-1
• —vlc - buffer overflows
  from 0, < 0.8.6.h-5
• —vlc - buffer overflows
  from 0, < 0.8.6.h-4+lenny2
• —vlc - integer overflows
  from 0, < 0.8.6.h-4+lenny1
• —vlc - integer overflows
  from 0, < 0.8.6.h-4.1
• —Stack-based buffer overflow in the parse_master function in the Ty demux plugin (modules/demux/ty.c) in VLC Media Player 0.9.0 through 0.9.…
  from 0, < 1.0.3-1
• —Array index error in VLC media player 0.9.2 allows remote attackers to overwrite arbitrary memory and execute arbitrary code via an XSPF pl…
  from 0, < 0.9.3-1
• —Integer signedness error in the mms_ReceiveCommand function in modules/access/mms/mmstu.c in VLC Media Player 0.8.6i allows remote attacker…
  from 0, < 0.8.6.h-4
• —vlc - several integer overflows
  from 0, < 0.8.6.h-1+lenny1
• —vlc - several integer overflows
  from 0, < 0.8.6.h-2
• —vlc - heap-based buffer overflow
  from 0, < 0.8.6.h-1
• —vlc - heap-based buffer overflow
  from 0, < 0.8.6.e-2.3+lenny1
• —Untrusted search path vulnerability in VideoLAN VLC before 0.9.0 allows local users to execute arbitrary code via a malicious library under…
  from 0, < 0.8.6.e-2.2
• —VLC before 0.8.6f allow remote attackers to cause a denial of service (crash) via a crafted Cinepak file that triggers an out-of-bounds arr…
  from 0, < 0.8.6.e-2.1
• —vlc - multiple vulnerabilities
  from 0, < 0.8.6.e-2.1
• —vlc - multiple vulnerabilities
  from 0, < 0.8.6-svn20061012.debian-5.1+etch3
• —vlc - multiple vulnerabilities
  from 0, < 0.8.6.c-6+lenny4
• —Stack-based buffer overflow in the ParseSSA function (modules/demux/subtitle.c) in VLC 0.8.6e allows remote attackers to execute arbitrary…
  from 0, < 0.8.6.e-2.1
• —Integer overflow in the MP4_ReadBox_rdrf function in libmp4.c for VLC 0.8.6e allows remote attackers to cause a denial of service (crash) a…
  from 0, < 0.8.6.e-1.1
• —xine-lib - multiple vulnerabilities
  from 0, < 0.8.6.c-6+lenny3
• —xine-lib - multiple vulnerabilities
  from 0, < 0.8.6.e-2
• —vlc - arbitrary code execution
  from 0, < 0.8.6.c-6+lenny1
• —vlc - arbitrary code execution
  from 0, < 0.8.6.e-1
• —vlc - multiple vulnerabilities
  from 0, < 0.8.6.c-4.1
• —vlc - several vulnerabilities
  from 0, < 0.8.6-svn20061012.debian-5.1+etch2
• —vlc - multiple vulnerabilities
  from 0, < 0.8.6.c-6+lenny5
• —Format string vulnerability in the httpd_FileCallBack function (network/httpd.c) in VideoLAN VLC 0.8.6d allows remote attackers to execute…
  from 0, < 0.8.6.c-4.1
• —vlc - several vulnerabilities
  from 0, < 0.8.6.c-4.1
• —The RTSP module in VideoLAN VLC 0.8.6d allows remote attackers to cause a denial of service (crash) via a request without a Transport param…
  from 0, < 0.8.6.c-4.1
• —Heap-based buffer overflow in the libaccess_realrtsp plugin in VideoLAN VLC Media Player 0.8.6d and earlier on Windows might allow remote R…
  from 0, < 0.8.6.c-6
• —vlc - buffer overflows
  from 0, < 0.8.6.c-6
• —vlc - buffer overflows
  from 0, < 0.8.6.c-4.1~lenny2
• —Integer overflow in the __status_Update function in stats.c VideoLAN VLC Media Player before 0.8.6c allows remote attackers to cause a deni…
  from 0, < 0.8.6.c-1
• —input.c in VideoLAN VLC Media Player before 0.8.6c allows remote attackers to cause a denial of service (crash) via a crafted WAV file that…
  from 0, < 0.8.6.c.debian-1
• —vlc
  from 0, < 0.8.6.c-1
• —vlc
  from 0, < 0.8.1.svn20050314-1sarge3
• —VideoLAN VLC 0.8.6a allows remote attackers to cause a denial of service (application crash) via a crafted .wmv file.
  from 0, < 0.8.6.c-1
• —vlc
  from 0, < 0.8.1.svn20050314-1sarge2
• —vlc
  from 0, < 0.8.6-svn20061012.debian-1.2
• —ffmpeg - buffer overflow
  from 0, < 0.8.4.debian-2
• —ffmpeg - buffer overflow
  from 0, < 0.8.1.svn20050314-1sarge1