CVE search results

61 – 70 of 153 results

Detailed view

Sort by:

CVE-2017-8311

Medium priority

Some fixes available 3 of 4

Potential heap based buffer overflow in ParseJSS in VideoLAN VLC before 2.2.5 due to skipping NULL terminator in an input string allows attackers to execute arbitrary code via a crafted subtitles file.

1 affected package

vlc

Package	24.04 LTS	22.04 LTS	20.04 LTS	18.04 LTS
vlc	—	—	—	—

CVE-2017-8310

Medium priority

Some fixes available 3 of 4

Heap out-of-bound read in CreateHtmlSubtitle in VideoLAN VLC 2.2.x due to missing check of string termination allows attackers to read data beyond allocated memory and potentially crash the process (causing a denial of service)...

1 affected package

vlc

Package	24.04 LTS	22.04 LTS	20.04 LTS	18.04 LTS
vlc	—	—	—	—

CVE-2017-17670

Medium priority

Vulnerable

In VideoLAN VLC media player through 2.2.8, there is a type conversion vulnerability in modules/demux/mp4/libmp4.c in the MP4 demux module leading to a invalid free, because the type of a box may be changed between a...

1 affected package

vlc

Package	24.04 LTS	22.04 LTS	20.04 LTS	18.04 LTS
vlc	Not affected	Not affected	Not affected	Not affected

CVE-2017-17081

Low priority

Some fixes available 1 of 28

The gmc_mmx function in libavcodec/x86/mpegvideodsp.c in FFmpeg 2.3 and 3.4 does not properly validate widths and heights, which allows remote attackers to cause a denial of service (integer signedness error and out-of-array read)...

6 affected packages

chromium-browser, ffmpeg, qtwebengine-opensource-src, gst-libav1.0, oxide-qt, vlc

Package	24.04 LTS	22.04 LTS	20.04 LTS	18.04 LTS
chromium-browser	Not affected	Not affected	Not in release	Not affected
ffmpeg	Not affected	Not affected	Not affected	Not affected
qtwebengine-opensource-src	Needs evaluation	Needs evaluation	Needs evaluation	Needs evaluation
gst-libav1.0	Not affected	Not affected	Not affected	Not affected
oxide-qt	Not in release	Not in release	Not in release	Not in release
vlc	Not affected	Not affected	Not affected	Not affected

CVE-2017-10699

Medium priority

Some fixes available 3 of 4

avcodec 2.2.x, as used in VideoLAN VLC media player 2.2.7-x before 2017-06-29, allows out-of-bounds heap memory write due to calling memcpy() with a wrong size, leading to a denial of service (application crash) or possibly code execution.

1 affected package

vlc

Package	24.04 LTS	22.04 LTS	20.04 LTS	18.04 LTS
vlc	—	—	—	Not affected

CVE-2016-5637

Medium priority

Needs evaluation

The restore_tqb_pixels function in libbpg 0.9.5 through 0.9.7 mishandles the transquant_bypass_enable_flag value, which allows remote attackers to execute arbitrary code or cause a denial of service (out-of-bounds write) via a...

5 affected packages

chromium-browser, ffmpeg, oxide-qt, vlc, gst-libav1.0

Package	24.04 LTS	22.04 LTS	20.04 LTS	18.04 LTS
chromium-browser	Not affected	Not affected	Not in release	Not affected
ffmpeg	Not affected	Not affected	Not affected	Not affected
oxide-qt	Not in release	Not in release	Not in release	Not in release
vlc	Not affected	Not affected	Not affected	Not affected
gst-libav1.0	Needs evaluation	Needs evaluation	Needs evaluation	Needs evaluation

CVE-2016-5108

Medium priority

Some fixes available 2 of 5

Buffer overflow in the DecodeAdpcmImaQT function in modules/codec/adpcm.c in VideoLAN VLC media player before 2.2.4 allows remote attackers to cause a denial of service (crash) or possibly execute arbitrary code via a crafted...

1 affected package

vlc

Package	24.04 LTS	22.04 LTS	20.04 LTS	18.04 LTS
vlc	—	—	—	—

CVE-2016-3941

Medium priority

Some fixes available 1 of 2

Buffer overflow in the AStreamPeekStream function in input/stream.c in VideoLAN VLC media player before 2.2.0 allows remote attackers to cause a denial of service (crash) via a crafted wav file, related to "seek across EOF."

1 affected package

vlc

Package	24.04 LTS	22.04 LTS	20.04 LTS	18.04 LTS
vlc	—	—	—	—

CVE-2015-5949

Medium priority

Ignored

VideoLAN VLC media player 2.2.1 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a crafted 3GP file, which triggers the freeing of arbitrary pointers.

1 affected package

vlc

Package	24.04 LTS	22.04 LTS	20.04 LTS	18.04 LTS
vlc	—	—	—	—

CVE-2015-1208

Medium priority

Ignored

Integer underflow in the mov_read_default function in libavformat/mov.c in FFmpeg before 2.4.6 allows remote attackers to obtain sensitive information from heap and/or stack memory via a crafted MP4 file.

4 affected packages

ffmpeg, libav, mplayer, vlc

Package	24.04 LTS	22.04 LTS	20.04 LTS	18.04 LTS
ffmpeg	—	—	—	Not affected
libav	—	—	—	Not in release
mplayer	—	—	—	Not affected
vlc	—	—	—	Not affected

Export to JSON

Results by page:

Search CVE reports