cve,link,title,description,vendor,products,score,severity,epss,cisa,article,ransomware,exploited,poc,trended,trended_no_1,published,trended_score CVE-2024-1580,https://securityvulnerability.io/vulnerability/CVE-2024-1580,Memory Corruption in dav1d AV1 Decoder Due to Integer Overflow,"An integer overflow vulnerability present in the dav1d AV1 decoder can arise when decoding videos with large frame sizes, potentially resulting in memory corruption within the decoder. This flaw poses a significant risk as it may disrupt normal operations of the affected software and compromise system integrity. Users are strongly advised to upgrade to versions beyond 1.4.0 to mitigate the risks associated with this vulnerability.",Videolan,Dav1d,5.9,MEDIUM,0.0004600000102072954,false,true,false,true,,true,false,2024-02-19T10:34:55.113Z,3420 CVE-2023-46814,https://securityvulnerability.io/vulnerability/CVE-2023-46814,Binary Hijacking Vulnerability in VideoLAN VLC Media Player,"A binary hijacking vulnerability found in VideoLAN VLC Media Player prior to version 3.0.19 for Windows allows standard users to execute arbitrary code with elevated SYSTEM privileges. This occurs due to the uninstaller executing code from a user-writable directory, creating a significant security risk. Users of affected versions should consider upgrading to the latest version to mitigate this risk.",Videolan,Vlc Media Player,7.8,HIGH,0.0004199999966658652,false,false,false,false,,false,false,2023-11-22T05:15:00.000Z,0 CVE-2023-47360,https://securityvulnerability.io/vulnerability/CVE-2023-47360,Integer Underflow in VLC Media Player by Videolan,Videolan VLC Media Player prior to version 3.0.20 is susceptible to an integer underflow vulnerability that could potentially lead to processing errors related to packet lengths. Exploiting this flaw may allow an attacker to manipulate media streams in ways that could compromise application stability or expose sensitive data.,Videolan,Vlc Media Player,7.5,HIGH,0.0006600000197067857,false,false,false,false,,false,false,2023-11-07T00:00:00.000Z,0 CVE-2023-47359,https://securityvulnerability.io/vulnerability/CVE-2023-47359,Heap-Based Buffer Overflow in VLC Media Player by VideoLAN,"Prior to version 3.0.20, VLC Media Player by VideoLAN contains an improper offset read that can trigger a heap-based buffer overflow in the GetPacket() function. This flaw can lead to memory corruption, potentially allowing attackers to exploit the vulnerability for malicious purposes. Users are encouraged to update to the latest version to mitigate this risk.",Videolan,Vlc Media Player,9.8,CRITICAL,0.0016400000313296914,false,false,false,false,,false,false,2023-11-07T00:00:00.000Z,0 CVE-2023-32570,https://securityvulnerability.io/vulnerability/CVE-2023-32570,,"VideoLAN dav1d before 1.2.0 has a thread_task.c race condition that can lead to an application crash, related to dav1d_decode_frame_exit.",Videolan,Dav1d,5.9,MEDIUM,0.0018899999558925629,false,false,false,false,,false,false,2023-05-10T05:15:00.000Z,0 CVE-2022-41325,https://securityvulnerability.io/vulnerability/CVE-2022-41325,,"An integer overflow in the VNC module in VideoLAN VLC Media Player through 3.0.17.4 allows attackers, by tricking a user into opening a crafted playlist or connecting to a rogue VNC server, to crash VLC or execute code under some conditions.",Videolan,Vlc Media Player,7.8,HIGH,0.001769999973475933,false,false,false,false,,false,false,2022-12-06T00:00:00.000Z,0 CVE-2021-25804,https://securityvulnerability.io/vulnerability/CVE-2021-25804,,"A NULL-pointer dereference in ""Open"" in avi.c of VideoLAN VLC Media Player 3.0.11 can a denial of service (DOS) in the application.",Videolan,Vlc Media Player,7.5,HIGH,0.0010300000431016088,false,false,false,true,true,false,false,2021-07-26T16:26:59.000Z,0 CVE-2021-25803,https://securityvulnerability.io/vulnerability/CVE-2021-25803,,A buffer overflow vulnerability in the vlc_input_attachment_New component of VideoLAN VLC Media Player 3.0.11 allows attackers to cause an out-of-bounds read via a crafted .avi file.,Videolan,Vlc Media Player,7.1,HIGH,0.0007399999885819852,false,false,false,false,,false,false,2021-07-26T16:26:58.000Z,0 CVE-2021-25802,https://securityvulnerability.io/vulnerability/CVE-2021-25802,,A buffer overflow vulnerability in the AVI_ExtractSubtitle component of VideoLAN VLC Media Player 3.0.11 allows attackers to cause an out-of-bounds read via a crafted .avi file.,Videolan,Vlc Media Player,7.1,HIGH,0.0007399999885819852,false,false,false,false,,false,false,2021-07-26T16:26:57.000Z,0 CVE-2021-25801,https://securityvulnerability.io/vulnerability/CVE-2021-25801,,A buffer overflow vulnerability in the __Parse_indx component of VideoLAN VLC Media Player 3.0.11 allows attackers to cause an out-of-bounds read via a crafted .avi file.,Videolan,Vlc Media Player,7.1,HIGH,0.0007399999885819852,false,false,false,true,true,false,false,2021-07-26T16:26:55.000Z,0 CVE-2020-26664,https://securityvulnerability.io/vulnerability/CVE-2020-26664,,A vulnerability in EbmlTypeDispatcher::send in VideoLAN VLC media player 3.0.11 allows attackers to trigger a heap-based buffer overflow via a crafted .mkv file.,Videolan,Vlc Media Player,7.8,HIGH,0.0020099999383091927,false,false,false,false,,false,false,2021-01-08T17:40:41.000Z,0 CVE-2020-13428,https://securityvulnerability.io/vulnerability/CVE-2020-13428,,A heap-based buffer overflow in the hxxx_AnnexB_to_xVC function in modules/packetizer/hxxx_nal.c in VideoLAN VLC media player before 3.0.11 for macOS/iOS allows remote attackers to cause a denial of service (application crash) or execute arbitrary code via a crafted H.264 Annex-B video (.avi for example) file.,Videolan,Vlc Media Player,7.8,HIGH,0.005530000198632479,false,false,false,false,,false,false,2020-06-08T18:13:04.000Z,0 CVE-2019-19721,https://securityvulnerability.io/vulnerability/CVE-2019-19721,,An off-by-one error in the DecodeBlock function in codec/sdl_image.c in VideoLAN VLC media player before 3.0.9 allows remote attackers to cause a denial of service (memory corruption) via a crafted image file. NOTE: this may be related to the SDL_Image product.,Videolan,Vlc Media Player,7.8,HIGH,0.0035200000274926424,false,false,false,false,,false,false,2020-05-15T17:28:23.000Z,0 CVE-2013-3564,https://securityvulnerability.io/vulnerability/CVE-2013-3564,,The web interface in VideoLAN VLC media player before 2.0.7 has no access control which allows remote attackers to view directory listings via the 'dir' command or issue other commands without authenticating.,Videolan,Vlc Media Player,5.3,MEDIUM,0.0012600000482052565,false,false,false,false,,false,false,2020-02-06T21:49:22.000Z,0 CVE-2013-3565,https://securityvulnerability.io/vulnerability/CVE-2013-3565,,"Multiple cross-site scripting (XSS) vulnerabilities in the HTTP Interface in VideoLAN VLC Media Player before 2.0.7 allow remote attackers to inject arbitrary web script or HTML via the (1) command parameter to requests/vlm_cmd.xml, (2) dir parameter to requests/browse.xml, or (3) URI in a request, which is returned in an error message through share/lua/intf/http.lua.",Videolan,Vlc Media Player,6.1,MEDIUM,0.004490000195801258,false,false,false,false,,false,false,2020-01-31T21:39:19.000Z,0 CVE-2014-9625,https://securityvulnerability.io/vulnerability/CVE-2014-9625,,"The GetUpdateFile function in misc/update.c in the Updater in VideoLAN VLC media player before 2.1.6 performs an incorrect cast operation from a 64-bit integer to a 32-bit integer, which allows remote attackers to conduct buffer overflow attacks and execute arbitrary code via a crafted update status file, aka an ""integer truncation"" vulnerability.",Videolan,Vlc Media Player,7.8,HIGH,0.005810000002384186,false,false,false,false,,false,false,2020-01-24T21:57:29.000Z,0 CVE-2014-9626,https://securityvulnerability.io/vulnerability/CVE-2014-9626,,Integer underflow in the MP4_ReadBox_String function in modules/demux/mp4/libmp4.c in VideoLAN VLC media player before 2.1.6 allows remote attackers to cause a denial of service or possibly have unspecified other impact via a box size less than 7.,Videolan,Vlc Media Player,7.8,HIGH,0.002529999939724803,false,false,false,false,,false,false,2020-01-24T21:57:25.000Z,0 CVE-2014-9627,https://securityvulnerability.io/vulnerability/CVE-2014-9627,,"The MP4_ReadBox_String function in modules/demux/mp4/libmp4.c in VideoLAN VLC media player before 2.1.6 performs an incorrect cast operation from a 64-bit integer to a 32-bit integer, which allows remote attackers to cause a denial of service or possibly have unspecified other impact via a large box size.",Videolan,Vlc Media Player,7.8,HIGH,0.002529999939724803,false,false,false,false,,false,false,2020-01-24T21:57:23.000Z,0 CVE-2014-9628,https://securityvulnerability.io/vulnerability/CVE-2014-9628,,"The MP4_ReadBox_String function in modules/demux/mp4/libmp4.c in VideoLAN VLC media player before 2.1.6 allows remote attackers to trigger an unintended zero-size malloc and conduct buffer overflow attacks, and consequently execute arbitrary code, via a box size of 7.",Videolan,Vlc Media Player,7.8,HIGH,0.00547999981790781,false,false,false,false,,false,false,2020-01-24T21:57:20.000Z,0 CVE-2014-9629,https://securityvulnerability.io/vulnerability/CVE-2014-9629,,Integer overflow in the Encode function in modules/codec/schroedinger.c in VideoLAN VLC media player before 2.1.6 and 2.2.x before 2.2.1 allows remote attackers to conduct buffer overflow attacks and execute arbitrary code via a crafted length value.,Videolan,Vlc Media Player,7.8,HIGH,0.0052999998442828655,false,false,false,false,,false,false,2020-01-24T21:57:17.000Z,0 CVE-2014-9630,https://securityvulnerability.io/vulnerability/CVE-2014-9630,,"The rtp_packetize_xiph_config function in modules/stream_out/rtpfmt.c in VideoLAN VLC media player before 2.1.6 uses a stack-allocation approach with a size determined by arbitrary input data, which allows remote attackers to cause a denial of service (memory corruption) or possibly have unspecified other impact via a crafted length value.",Videolan,Vlc Media Player,7.8,HIGH,0.0023499999660998583,false,false,false,false,,false,false,2020-01-24T21:57:14.000Z,0 CVE-2019-18278,https://securityvulnerability.io/vulnerability/CVE-2019-18278,,"When executing VideoLAN VLC media player 3.0.8 with libqt on Windows, Data from a Faulting Address controls Code Flow starting at libqt_plugin!vlc_entry_license__3_0_0f+0x00000000003b9aba. NOTE: the VideoLAN security team indicates that they have not been contacted, and have no way of reproducing this issue.",Videolan,Vlc Media Player,7.8,HIGH,0.0004799999878741801,false,false,false,false,,false,false,2019-10-23T13:22:26.000Z,0 CVE-2019-14970,https://securityvulnerability.io/vulnerability/CVE-2019-14970,,A vulnerability in mkv::event_thread_t in VideoLAN VLC media player 3.0.7.1 allows remote attackers to trigger a heap-based buffer overflow via a crafted .mkv file.,Videolan,Vlc Media Player,7.8,HIGH,0.002959999954327941,false,false,false,false,,false,false,2019-08-29T18:55:11.000Z,0 CVE-2019-14777,https://securityvulnerability.io/vulnerability/CVE-2019-14777,,The Control function of demux/mkv/mkv.cpp in VideoLAN VLC media player 3.0.7.1 has a use-after-free.,Videolan,Vlc Media Player,7.8,HIGH,0.003060000017285347,false,false,false,false,,false,false,2019-08-29T18:53:08.000Z,0 CVE-2019-14778,https://securityvulnerability.io/vulnerability/CVE-2019-14778,,The mkv::virtual_segment_c::seek method of demux/mkv/virtual_segment.cpp in VideoLAN VLC media player 3.0.7.1 has a use-after-free.,Videolan,Vlc Media Player,7.8,HIGH,0.003060000017285347,false,false,false,false,,false,false,2019-08-29T18:47:41.000Z,0