cve,link,title,description,vendor,products,score,severity,epss,cisa,cisa_published,article,ransomware,exploited,exploited_date,poc,trended,trended_no_1,trended_no_1_date,published,trended_score
CVE-2025-25467,https://securityvulnerability.io/vulnerability/CVE-2025-25467,Memory Management Vulnerability in libx264 Affects VideoLAN,"A significant memory management vulnerability in the libx264 component of VideoLAN allows attackers to exploit insufficient tracking and releasing of allocated memory. This vulnerability can be triggered through a specially crafted AAC file, leading to potential arbitrary code execution. It highlights the importance of secure memory management practices to mitigate such risks.",VideoLAN,libx264,9.8,CRITICAL,0.0004299999854993075,false,,false,false,false,,false,false,false,,2025-02-18T00:00:00.000Z,0
CVE-2024-1580,https://securityvulnerability.io/vulnerability/CVE-2024-1580,Memory Corruption in dav1d AV1 Decoder Due to Integer Overflow,"An integer overflow vulnerability present in the dav1d AV1 decoder can arise when decoding videos with large frame sizes, potentially resulting in memory corruption within the decoder. This flaw poses a significant risk as it may disrupt normal operations of the affected software and compromise system integrity. Users are strongly advised to upgrade to versions beyond 1.4.0 to mitigate the risks associated with this vulnerability.",Videolan,Dav1d,8.8,HIGH,0.0028800000436604023,false,,true,false,true,2024-03-26T20:42:26.000Z,,true,false,,2024-02-19T10:34:55.113Z,3420
CVE-2023-46814,https://securityvulnerability.io/vulnerability/CVE-2023-46814,Binary Hijacking Vulnerability in VideoLAN VLC Media Player,"A binary hijacking vulnerability found in VideoLAN VLC Media Player prior to version 3.0.19 for Windows allows standard users to execute arbitrary code with elevated SYSTEM privileges. This occurs due to the uninstaller executing code from a user-writable directory, creating a significant security risk. Users of affected versions should consider upgrading to the latest version to mitigate this risk.",Videolan,Vlc Media Player,7.8,HIGH,0.0004199999966658652,false,,false,false,false,,,false,false,,2023-11-22T05:15:00.000Z,0
CVE-2023-47359,https://securityvulnerability.io/vulnerability/CVE-2023-47359,Heap-Based Buffer Overflow in VLC Media Player by VideoLAN,"Prior to version 3.0.20, VLC Media Player by VideoLAN contains an improper offset read that can trigger a heap-based buffer overflow in the GetPacket() function. This flaw can lead to memory corruption, potentially allowing attackers to exploit the vulnerability for malicious purposes. Users are encouraged to update to the latest version to mitigate this risk.",Videolan,Vlc Media Player,9.8,CRITICAL,0.0016400000313296914,false,,false,false,false,,,false,false,,2023-11-07T00:00:00.000Z,0
CVE-2023-47360,https://securityvulnerability.io/vulnerability/CVE-2023-47360,Integer Underflow in VLC Media Player by Videolan,Videolan VLC Media Player prior to version 3.0.20 is susceptible to an integer underflow vulnerability that could potentially lead to processing errors related to packet lengths. Exploiting this flaw may allow an attacker to manipulate media streams in ways that could compromise application stability or expose sensitive data.,Videolan,Vlc Media Player,7.5,HIGH,0.0006600000197067857,false,,false,false,false,,,false,false,,2023-11-07T00:00:00.000Z,0
CVE-2022-41325,https://securityvulnerability.io/vulnerability/CVE-2022-41325,Integer Overflow Vulnerability in VNC Module of VideoLAN VLC Media Player,"The VNC module in VideoLAN VLC Media Player contains an integer overflow flaw that can be exploited when a user is deceived into loading a malicious playlist or connecting to an untrusted VNC server. This condition could potentially lead to application crashes or, under certain circumstances, remote code execution. Users of affected versions, particularly those prior to 3.0.17.4, are advised to remain vigilant and update their software to mitigate risk.",Videolan,Vlc Media Player,7.8,HIGH,0.001769999973475933,false,,false,false,false,,,false,false,,2022-12-06T00:00:00.000Z,0
CVE-2021-25804,https://securityvulnerability.io/vulnerability/CVE-2021-25804,Denial of Service Vulnerability in VLC Media Player by VideoLAN,"A NULL-pointer dereference issue exists in the 'Open' function within 'avi.c' of VLC Media Player version 3.0.11. This vulnerability can lead to a denial of service, causing the application to crash unexpectedly when the affected function is invoked. Users of VLC Media Player are advised to update to the latest version to mitigate potential service disruptions.",Videolan,Vlc Media Player,7.5,HIGH,0.0010300000431016088,false,,false,false,true,2022-05-23T20:58:56.000Z,true,false,false,,2021-07-26T16:26:59.000Z,0
CVE-2021-25803,https://securityvulnerability.io/vulnerability/CVE-2021-25803,Buffer Overflow Vulnerability in VideoLAN VLC Media Player,"A buffer overflow vulnerability exists in the vlc_input_attachment_New component of VideoLAN VLC Media Player 3.0.11. It allows attackers to exploit the software by executing a crafted .avi file, which can lead to an out-of-bounds read. This could enable an attacker to access sensitive information or disrupt application functionality.",Videolan,Vlc Media Player,7.1,HIGH,0.0007399999885819852,false,,false,false,false,,,false,false,,2021-07-26T16:26:58.000Z,0
CVE-2021-25802,https://securityvulnerability.io/vulnerability/CVE-2021-25802,Buffer Overflow Vulnerability in VideoLAN VLC Media Player,A buffer overflow vulnerability exists in the AVI_ExtractSubtitle component of VideoLAN's VLC Media Player version 3.0.11. This flaw can be exploited by attackers to perform an out-of-bounds read by using a specially crafted .avi file. Such exploitation may lead to unexpected behavior or potential data leaks. Users are urged to update to the latest version to mitigate risks associated with this vulnerability.,Videolan,Vlc Media Player,7.1,HIGH,0.0007399999885819852,false,,false,false,false,,,false,false,,2021-07-26T16:26:57.000Z,0
CVE-2021-25801,https://securityvulnerability.io/vulnerability/CVE-2021-25801,Buffer Overflow Vulnerability in VideoLAN VLC Media Player,"A buffer overflow vulnerability exists in the __Parse_indx component of VideoLAN's VLC Media Player (version 3.0.11). This flaw allows attackers to exploit vulnerabilities in crafted .avi files, enabling potential out-of-bounds reads. Attackers can leverage this vulnerability to manipulate or disrupt media playback, posing security risks to users. Users are encouraged to update their VLC Media Player to mitigate any associated risks.",Videolan,Vlc Media Player,7.1,HIGH,0.0007399999885819852,false,,false,false,true,2022-04-21T20:41:18.000Z,true,false,false,,2021-07-26T16:26:55.000Z,0
CVE-2020-26664,https://securityvulnerability.io/vulnerability/CVE-2020-26664,Heap-based Buffer Overflow in VideoLAN VLC Media Player,"A vulnerability exists within the EbmlTypeDispatcher::send function of VLC Media Player, specifically in version 3.0.11. Malicious actors can exploit this vulnerability by crafting a specially designed .mkv file, leading to a heap-based buffer overflow. This condition can allow them to execute arbitrary code, posing significant risks to the integrity of user systems. Users of VLC Media Player are advised to apply necessary updates to mitigate the impact of this vulnerability.",Videolan,Vlc Media Player,7.8,HIGH,0.0020099999383091927,false,,false,false,false,,,false,false,,2021-01-08T17:40:41.000Z,0
CVE-2020-13428,https://securityvulnerability.io/vulnerability/CVE-2020-13428,Heap-Based Buffer Overflow Vulnerability in VideoLAN VLC Media Player,"A vulnerability exists in the hxxx_AnnexB_to_xVC function located within the modules/packetizer/hxxx_nal.c file of VideoLAN's VLC media player, specifically affecting versions prior to 3.0.11 on macOS and iOS platforms. This vulnerability can be exploited by remote attackers through specially crafted H.264 Annex-B video files, such as those with an .avi extension. Successful exploitation may lead to application crashes or could potentially allow attackers to execute arbitrary code on the affected systems.",Videolan,Vlc Media Player,7.8,HIGH,0.005530000198632479,false,,false,false,false,,,false,false,,2020-06-08T18:13:04.000Z,0
CVE-2019-19721,https://securityvulnerability.io/vulnerability/CVE-2019-19721,Off-by-One Error in VideoLAN VLC Media Player Affecting Image Handling,"An off-by-one error exists in the DecodeBlock function within the codec/sdl_image.c file of VideoLAN's VLC media player, versions prior to 3.0.9. This flaw allows malicious actors to exploit crafted image files to trigger memory corruption, leading to potential denial of service. Users of affected versions are advised to update their software to mitigate risks associated with this vulnerability.",Videolan,Vlc Media Player,7.8,HIGH,0.0035200000274926424,false,,false,false,false,,,false,false,,2020-05-15T17:28:23.000Z,0
CVE-2014-9625,https://securityvulnerability.io/vulnerability/CVE-2014-9625,Buffer Overflow Vulnerability in VideoLAN VLC Media Player,"A flaw exists in the GetUpdateFile function within the Updater component of VideoLAN's VLC media player prior to version 2.1.6, which improperly casts a 64-bit integer to a 32-bit integer. This integer truncation vulnerability can be exploited by attackers to trigger buffer overflow attacks. By crafting a malicious update status file, attackers could execute arbitrary code in the context of the application, posing a significant security risk for users of affected versions.",Videolan,Vlc Media Player,7.8,HIGH,0.006909999996423721,false,,false,false,false,,,false,false,,2020-01-24T21:57:29.000Z,0
CVE-2014-9626,https://securityvulnerability.io/vulnerability/CVE-2014-9626,Integer Underflow Vulnerability in VLC Media Player by VideoLAN,"An integer underflow vulnerability exists in the MP4_ReadBox_String function within the VLC Media Player, specifically in the demux module. An attacker could exploit this vulnerability by providing a crafted MP4 file with a box size less than 7, which may lead to denial of service conditions. The potentially exploitable flaw could also result in other unspecified impacts, affecting the functionality and stability of the player, particularly prior to version 2.1.6. Users are advised to update their VLC Media Player to the latest version to mitigate risks.",Videolan,Vlc Media Player,7.8,HIGH,0.003010000102221966,false,,false,false,false,,,false,false,,2020-01-24T21:57:25.000Z,0
CVE-2014-9627,https://securityvulnerability.io/vulnerability/CVE-2014-9627,Denial of Service Vulnerability in VideoLAN VLC Media Player,"The vulnerability arises from the MP4_ReadBox_String function in the VLC media player, where an improper cast from a 64-bit integer to a 32-bit integer can lead to denial of service. Attackers could exploit this flaw by manipulating the size of box data, potentially causing the application to crash or behave unexpectedly. Keeping VLC Media Player updated is essential to protect against such risks.",Videolan,Vlc Media Player,7.8,HIGH,0.003010000102221966,false,,false,false,false,,,false,false,,2020-01-24T21:57:23.000Z,0
CVE-2014-9628,https://securityvulnerability.io/vulnerability/CVE-2014-9628,Buffer Overflow Vulnerability in VideoLAN VLC Media Player,"A buffer overflow vulnerability exists in the MP4_ReadBox_String function within the VideoLAN VLC Media Player prior to version 2.1.6. This flaw allows attackers to exploit crafted MP4 files, potentially triggering an unintended zero-size memory allocation, leading to buffer overflow attacks. Successful exploitation could permit malicious actors to execute arbitrary code on the target system, posing a significant security risk.",Videolan,Vlc Media Player,7.8,HIGH,0.006519999820739031,false,,false,false,false,,,false,false,,2020-01-24T21:57:20.000Z,0
CVE-2014-9629,https://securityvulnerability.io/vulnerability/CVE-2014-9629,Integer Overflow Vulnerability in VideoLAN VLC Media Player,"The VLC Media Player contains an integer overflow vulnerability within the Encode function located in modules/codec/schroedinger.c. This flaw allows remote attackers to exploit crafted input length values, resulting in buffer overflow attacks. Consequently, this can lead to arbitrary code execution on the victim's system, posing a serious security risk for users of affected VLC versions.",Videolan,Vlc Media Player,7.8,HIGH,0.006300000008195639,false,,false,false,false,,,false,false,,2020-01-24T21:57:17.000Z,0
CVE-2014-9630,https://securityvulnerability.io/vulnerability/CVE-2014-9630,Denial of Service Vulnerability in VideoLAN VLC Media Player,"The rtp_packetize_xiph_config function in the VLC media player prior to version 2.1.6 uses stack allocation driven by user-controlled input. This flaw can be exploited by remote attackers who craft malicious length values, potentially leading to memory corruption and denial of service. Protect your systems by ensuring your software is updated to mitigate risks associated with this vulnerability.",Videolan,Vlc Media Player,7.8,HIGH,0.00279999990016222,false,,false,false,false,,,false,false,,2020-01-24T21:57:14.000Z,0
CVE-2019-18278,https://securityvulnerability.io/vulnerability/CVE-2019-18278,Code Flow Manipulation Vulnerability in VLC Media Player by VideoLAN,"A vulnerability in VLC Media Player 3.0.8 allows for code flow manipulation due to a faulting address when executed with libqt on Windows. This flaw results in potential security risks, as maliciously crafted data may influence program behavior. The VideoLAN security team has noted that they have yet to receive reports or reproduction steps for this issue, highlighting the importance of user awareness and security practices.",Videolan,Vlc Media Player,7.8,HIGH,0.0004799999878741801,false,,false,false,false,,,false,false,,2019-10-23T13:22:26.000Z,0
CVE-2019-14970,https://securityvulnerability.io/vulnerability/CVE-2019-14970,Heap-Based Buffer Overflow in VideoLAN VLC Media Player,"A vulnerability exists in VideoLAN's VLC Media Player 3.0.7.1, where a crafted .mkv file can lead to a heap-based buffer overflow. This flaw allows remote attackers to execute arbitrary code, potentially compromising the affected system. Users are urged to update their VLC installations to mitigate the risk associated with this vulnerability. Several advisories from Debian, Ubuntu, Gentoo, and openSUSE have been published outlining the details and providing guidance for addressing this issue.",Videolan,Vlc Media Player,7.8,HIGH,0.002959999954327941,false,,false,false,false,,,false,false,,2019-08-29T18:55:11.000Z,0
CVE-2019-14777,https://securityvulnerability.io/vulnerability/CVE-2019-14777,Use-After-Free Vulnerability in VideoLAN VLC Media Player,"The VLC Media Player, specifically version 3.0.7.1, has a vulnerability in its Control function located in demux/mkv/mkv.cpp that can lead to a use-after-free condition. This vulnerability allows an attacker to potentially execute arbitrary code or crash the application, thereby compromising the security of systems running this version. Users are strongly recommended to update their VLC Media Player to mitigate this risk. Security patches addressing this issue have been issued by VideoLAN and various Linux distributions.",Videolan,Vlc Media Player,7.8,HIGH,0.003060000017285347,false,,false,false,false,,,false,false,,2019-08-29T18:53:08.000Z,0
CVE-2019-14778,https://securityvulnerability.io/vulnerability/CVE-2019-14778,Use-After-Free Vulnerability in VLC Media Player by VideoLAN,"A use-after-free vulnerability exists in the mkv::virtual_segment_c::seek method of the VLC Media Player, specifically in the file demux/mkv/virtual_segment.cpp. This issue can potentially allow an attacker to execute arbitrary code, impacting the application's stability and the user's system integrity. Users are advised to update to the latest version to mitigate the risk associated with this vulnerability.",Videolan,Vlc Media Player,7.8,HIGH,0.003060000017285347,false,,false,false,false,,,false,false,,2019-08-29T18:47:41.000Z,0
CVE-2019-14776,https://securityvulnerability.io/vulnerability/CVE-2019-14776,Heap-Based Buffer Over-Read in VideoLAN VLC Media Player,"A heap-based buffer over-read vulnerability in the DemuxInit() function of VideoLAN's VLC media player can be exploited by a specially crafted .mkv file. When a user opens such a malformed file, it could lead to unexpected behavior, potentially exposing sensitive data or allowing for execution of arbitrary code. This vulnerability highlights the need for timely updates and vigilance in media file management to safeguard against potential exploits.",Videolan,Vlc Media Player,7.8,HIGH,0.002099999925121665,false,,false,false,false,,,false,false,,2019-08-29T18:45:48.000Z,0
CVE-2019-14533,https://securityvulnerability.io/vulnerability/CVE-2019-14533,Use-After-Free Vulnerability in VideoLAN VLC Media Player by VideoLAN,"The Control function in demux/asf/asf.c of VLC Media Player version 3.0.7.1 contains a use-after-free vulnerability that could be exploited to potentially execute arbitrary code and compromise the system. This vulnerability arises when the application improperly manages memory, resulting in access to freed memory, which may lead to unexpected behaviors. Users are advised to update to the latest version to safeguard against potential exploits.",Videolan,Vlc Media Player,7.8,HIGH,0.003060000017285347,false,,false,false,false,,,false,false,,2019-08-29T18:43:45.000Z,0