cve,link,title,description,vendor,products,score,severity,epss,cisa,cisa_published,article,ransomware,exploited,exploited_date,poc,trended,trended_no_1,trended_no_1_date,published,trended_score
CVE-2025-25467,https://securityvulnerability.io/vulnerability/CVE-2025-25467,Memory Management Vulnerability in libx264 Affects VideoLAN,"A significant memory management vulnerability in the libx264 component of VideoLAN allows attackers to exploit insufficient tracking and releasing of allocated memory. This vulnerability can be triggered through a specially crafted AAC file, leading to potential arbitrary code execution. It highlights the importance of secure memory management practices to mitigate such risks.",VideoLAN,libx264,9.8,CRITICAL,0.0004299999854993075,false,,false,false,false,,false,false,false,,2025-02-18T00:00:00.000Z,0
CVE-2024-46461,https://securityvulnerability.io/vulnerability/CVE-2024-46461,Denial of Service Vulnerability in VLC Media Player by VideoLAN,"VLC Media Player versions 3.0.20 and earlier are susceptible to a denial of service attack stemming from an integer overflow vulnerability. This flaw can be exploited through a maliciously crafted MMS stream, potentially leading to a heap-based overflow. If successfully executed, an attacker could crash the application or achieve arbitrary code execution under the privileges of the user running VLC, posing significant risks to user systems.",VideoLAN,VLC Media Player,,,0.0004299999854993075,false,,false,false,false,,,false,false,,2024-09-25T15:15:00.000Z,0
CVE-2024-31578,https://securityvulnerability.io/vulnerability/CVE-2024-31578,Heap Use-After-Free Vulnerability in FFmpeg by VideoLAN,"A vulnerability was identified in FFmpeg version n6.1.1, which could lead to a heap use-after-free condition in the av_hwframe_ctx_init function. This issue may allow attackers to exploit the faulty memory management, potentially leading to unexpected behavior during video processing, denial of service, or arbitrary code execution.",VideoLAN,FFmpeg,,,0.00044999999227002263,false,,false,false,false,,,false,false,,2024-04-17T00:00:00.000Z,0
CVE-2024-31582,https://securityvulnerability.io/vulnerability/CVE-2024-31582,Heap Buffer Overflow Vulnerability in FFmpeg by VideoLAN,"The FFmpeg library version n6.1 has a vulnerability in the draw_block_rectangle function, leading to a heap buffer overflow. This flaw can be exploited by attackers through specially crafted input, which may result in undefined behavior or a Denial of Service (DoS). Developers and users of the affected versions should be aware of this risk and look into mitigations, as the exploitation scenarios could impact system stability and reliability.",VideoLAN,FFmpeg,,,0.0004400000034365803,false,,false,false,false,,,false,false,,2024-04-17T00:00:00.000Z,0
CVE-2024-31581,https://securityvulnerability.io/vulnerability/CVE-2024-31581,Improper Validation Vulnerability in FFmpeg by VideoLAN,"An improper validation found in FFmpeg's libavcodec can lead to undefined behavior during the processing of data. This vulnerability arises from insufficient checks on array indexes, potentially allowing attackers to exploit this flaw. The issue was identified in the cbs_h266_syntax_template.c file, where certain inputs can bypass validation checks, leading to unpredictable application behavior.",VideoLAN,FFmpeg,,,0.0004400000034365803,false,,false,false,false,,,false,false,,2024-04-17T00:00:00.000Z,0
CVE-2024-1580,https://securityvulnerability.io/vulnerability/CVE-2024-1580,Memory Corruption in dav1d AV1 Decoder Due to Integer Overflow,"An integer overflow vulnerability present in the dav1d AV1 decoder can arise when decoding videos with large frame sizes, potentially resulting in memory corruption within the decoder. This flaw poses a significant risk as it may disrupt normal operations of the affected software and compromise system integrity. Users are strongly advised to upgrade to versions beyond 1.4.0 to mitigate the risks associated with this vulnerability.",Videolan,Dav1d,8.8,HIGH,0.0028800000436604023,false,,true,false,true,2024-03-26T20:42:26.000Z,,true,false,,2024-02-19T10:34:55.113Z,3420
CVE-2023-46814,https://securityvulnerability.io/vulnerability/CVE-2023-46814,Binary Hijacking Vulnerability in VideoLAN VLC Media Player,"A binary hijacking vulnerability found in VideoLAN VLC Media Player prior to version 3.0.19 for Windows allows standard users to execute arbitrary code with elevated SYSTEM privileges. This occurs due to the uninstaller executing code from a user-writable directory, creating a significant security risk. Users of affected versions should consider upgrading to the latest version to mitigate this risk.",Videolan,Vlc Media Player,7.8,HIGH,0.0004199999966658652,false,,false,false,false,,,false,false,,2023-11-22T05:15:00.000Z,0
CVE-2023-47359,https://securityvulnerability.io/vulnerability/CVE-2023-47359,Heap-Based Buffer Overflow in VLC Media Player by VideoLAN,"Prior to version 3.0.20, VLC Media Player by VideoLAN contains an improper offset read that can trigger a heap-based buffer overflow in the GetPacket() function. This flaw can lead to memory corruption, potentially allowing attackers to exploit the vulnerability for malicious purposes. Users are encouraged to update to the latest version to mitigate this risk.",Videolan,Vlc Media Player,9.8,CRITICAL,0.0016400000313296914,false,,false,false,false,,,false,false,,2023-11-07T00:00:00.000Z,0
CVE-2023-47360,https://securityvulnerability.io/vulnerability/CVE-2023-47360,Integer Underflow in VLC Media Player by Videolan,Videolan VLC Media Player prior to version 3.0.20 is susceptible to an integer underflow vulnerability that could potentially lead to processing errors related to packet lengths. Exploiting this flaw may allow an attacker to manipulate media streams in ways that could compromise application stability or expose sensitive data.,Videolan,Vlc Media Player,7.5,HIGH,0.0006600000197067857,false,,false,false,false,,,false,false,,2023-11-07T00:00:00.000Z,0
CVE-2023-32570,https://securityvulnerability.io/vulnerability/CVE-2023-32570,Race Condition in VideoLAN's Dav1d Library Could Cause Application Crashes,"A race condition vulnerability in the VideoLAN dav1d library prior to version 1.2.0 can lead to an unexpected application crash. This issue, specifically found in the thread_task.c file, relates to the dav1d_decode_frame_exit function. When multiple threads attempt to access shared resources concurrently, it may result in inconsistent states that compromise application stability. It's crucial for users to upgrade to version 1.2.0 or later to mitigate this risk and ensure reliable functionality.",Videolan,Dav1d,5.9,MEDIUM,0.0018899999558925629,false,,false,false,false,,,false,false,,2023-05-10T05:15:00.000Z,0
CVE-2022-41325,https://securityvulnerability.io/vulnerability/CVE-2022-41325,Integer Overflow Vulnerability in VNC Module of VideoLAN VLC Media Player,"The VNC module in VideoLAN VLC Media Player contains an integer overflow flaw that can be exploited when a user is deceived into loading a malicious playlist or connecting to an untrusted VNC server. This condition could potentially lead to application crashes or, under certain circumstances, remote code execution. Users of affected versions, particularly those prior to 3.0.17.4, are advised to remain vigilant and update their software to mitigate risk.",Videolan,Vlc Media Player,7.8,HIGH,0.001769999973475933,false,,false,false,false,,,false,false,,2022-12-06T00:00:00.000Z,0
CVE-2021-25804,https://securityvulnerability.io/vulnerability/CVE-2021-25804,Denial of Service Vulnerability in VLC Media Player by VideoLAN,"A NULL-pointer dereference issue exists in the 'Open' function within 'avi.c' of VLC Media Player version 3.0.11. This vulnerability can lead to a denial of service, causing the application to crash unexpectedly when the affected function is invoked. Users of VLC Media Player are advised to update to the latest version to mitigate potential service disruptions.",Videolan,Vlc Media Player,7.5,HIGH,0.0010300000431016088,false,,false,false,true,2022-05-23T20:58:56.000Z,true,false,false,,2021-07-26T16:26:59.000Z,0
CVE-2021-25803,https://securityvulnerability.io/vulnerability/CVE-2021-25803,Buffer Overflow Vulnerability in VideoLAN VLC Media Player,"A buffer overflow vulnerability exists in the vlc_input_attachment_New component of VideoLAN VLC Media Player 3.0.11. It allows attackers to exploit the software by executing a crafted .avi file, which can lead to an out-of-bounds read. This could enable an attacker to access sensitive information or disrupt application functionality.",Videolan,Vlc Media Player,7.1,HIGH,0.0007399999885819852,false,,false,false,false,,,false,false,,2021-07-26T16:26:58.000Z,0
CVE-2021-25802,https://securityvulnerability.io/vulnerability/CVE-2021-25802,Buffer Overflow Vulnerability in VideoLAN VLC Media Player,A buffer overflow vulnerability exists in the AVI_ExtractSubtitle component of VideoLAN's VLC Media Player version 3.0.11. This flaw can be exploited by attackers to perform an out-of-bounds read by using a specially crafted .avi file. Such exploitation may lead to unexpected behavior or potential data leaks. Users are urged to update to the latest version to mitigate risks associated with this vulnerability.,Videolan,Vlc Media Player,7.1,HIGH,0.0007399999885819852,false,,false,false,false,,,false,false,,2021-07-26T16:26:57.000Z,0
CVE-2021-25801,https://securityvulnerability.io/vulnerability/CVE-2021-25801,Buffer Overflow Vulnerability in VideoLAN VLC Media Player,"A buffer overflow vulnerability exists in the __Parse_indx component of VideoLAN's VLC Media Player (version 3.0.11). This flaw allows attackers to exploit vulnerabilities in crafted .avi files, enabling potential out-of-bounds reads. Attackers can leverage this vulnerability to manipulate or disrupt media playback, posing security risks to users. Users are encouraged to update their VLC Media Player to mitigate any associated risks.",Videolan,Vlc Media Player,7.1,HIGH,0.0007399999885819852,false,,false,false,true,2022-04-21T20:41:18.000Z,true,false,false,,2021-07-26T16:26:55.000Z,0
CVE-2020-26664,https://securityvulnerability.io/vulnerability/CVE-2020-26664,Heap-based Buffer Overflow in VideoLAN VLC Media Player,"A vulnerability exists within the EbmlTypeDispatcher::send function of VLC Media Player, specifically in version 3.0.11. Malicious actors can exploit this vulnerability by crafting a specially designed .mkv file, leading to a heap-based buffer overflow. This condition can allow them to execute arbitrary code, posing significant risks to the integrity of user systems. Users of VLC Media Player are advised to apply necessary updates to mitigate the impact of this vulnerability.",Videolan,Vlc Media Player,7.8,HIGH,0.0020099999383091927,false,,false,false,false,,,false,false,,2021-01-08T17:40:41.000Z,0
CVE-2020-13428,https://securityvulnerability.io/vulnerability/CVE-2020-13428,Heap-Based Buffer Overflow Vulnerability in VideoLAN VLC Media Player,"A vulnerability exists in the hxxx_AnnexB_to_xVC function located within the modules/packetizer/hxxx_nal.c file of VideoLAN's VLC media player, specifically affecting versions prior to 3.0.11 on macOS and iOS platforms. This vulnerability can be exploited by remote attackers through specially crafted H.264 Annex-B video files, such as those with an .avi extension. Successful exploitation may lead to application crashes or could potentially allow attackers to execute arbitrary code on the affected systems.",Videolan,Vlc Media Player,7.8,HIGH,0.005530000198632479,false,,false,false,false,,,false,false,,2020-06-08T18:13:04.000Z,0
CVE-2019-19721,https://securityvulnerability.io/vulnerability/CVE-2019-19721,Off-by-One Error in VideoLAN VLC Media Player Affecting Image Handling,"An off-by-one error exists in the DecodeBlock function within the codec/sdl_image.c file of VideoLAN's VLC media player, versions prior to 3.0.9. This flaw allows malicious actors to exploit crafted image files to trigger memory corruption, leading to potential denial of service. Users of affected versions are advised to update their software to mitigate risks associated with this vulnerability.",Videolan,Vlc Media Player,7.8,HIGH,0.0035200000274926424,false,,false,false,false,,,false,false,,2020-05-15T17:28:23.000Z,0
CVE-2013-3564,https://securityvulnerability.io/vulnerability/CVE-2013-3564,Remote Command Execution Vulnerability in VLC Media Player by VideoLAN,"The VLC Media Player prior to version 2.0.7 contains a security flaw in its web interface, which lacks proper access controls. This vulnerability enables unauthorized remote attackers to execute commands, such as viewing directory listings, without requiring authentication. The absence of access restrictions can lead to potential information disclosure and unauthorized control over the application, making it critical for users to upgrade to the latest version to mitigate these risks.",Videolan,Vlc Media Player,5.3,MEDIUM,0.0012600000482052565,false,,false,false,false,,,false,false,,2020-02-06T21:49:22.000Z,0
CVE-2013-3565,https://securityvulnerability.io/vulnerability/CVE-2013-3565,Multiple Cross-Site Scripting Vulnerabilities in VideoLAN VLC Media Player,"The VLC Media Player contains multiple XSS vulnerabilities in its HTTP interface prior to version 2.0.7. Attackers can exploit these weaknesses by injecting arbitrary web scripts or HTML through specific parameters in requests, including 'command' in requests/vlm_cmd.xml, 'dir' in requests/browse.xml, or a URI in an error message response. This could lead to unauthorized actions being performed in the context of the user's session when interacting with the VLC Media Player.",Videolan,Vlc Media Player,6.1,MEDIUM,0.004209999926388264,false,,false,false,false,,,false,false,,2020-01-31T21:39:19.000Z,0
CVE-2014-9625,https://securityvulnerability.io/vulnerability/CVE-2014-9625,Buffer Overflow Vulnerability in VideoLAN VLC Media Player,"A flaw exists in the GetUpdateFile function within the Updater component of VideoLAN's VLC media player prior to version 2.1.6, which improperly casts a 64-bit integer to a 32-bit integer. This integer truncation vulnerability can be exploited by attackers to trigger buffer overflow attacks. By crafting a malicious update status file, attackers could execute arbitrary code in the context of the application, posing a significant security risk for users of affected versions.",Videolan,Vlc Media Player,7.8,HIGH,0.006909999996423721,false,,false,false,false,,,false,false,,2020-01-24T21:57:29.000Z,0
CVE-2014-9626,https://securityvulnerability.io/vulnerability/CVE-2014-9626,Integer Underflow Vulnerability in VLC Media Player by VideoLAN,"An integer underflow vulnerability exists in the MP4_ReadBox_String function within the VLC Media Player, specifically in the demux module. An attacker could exploit this vulnerability by providing a crafted MP4 file with a box size less than 7, which may lead to denial of service conditions. The potentially exploitable flaw could also result in other unspecified impacts, affecting the functionality and stability of the player, particularly prior to version 2.1.6. Users are advised to update their VLC Media Player to the latest version to mitigate risks.",Videolan,Vlc Media Player,7.8,HIGH,0.003010000102221966,false,,false,false,false,,,false,false,,2020-01-24T21:57:25.000Z,0
CVE-2014-9627,https://securityvulnerability.io/vulnerability/CVE-2014-9627,Denial of Service Vulnerability in VideoLAN VLC Media Player,"The vulnerability arises from the MP4_ReadBox_String function in the VLC media player, where an improper cast from a 64-bit integer to a 32-bit integer can lead to denial of service. Attackers could exploit this flaw by manipulating the size of box data, potentially causing the application to crash or behave unexpectedly. Keeping VLC Media Player updated is essential to protect against such risks.",Videolan,Vlc Media Player,7.8,HIGH,0.003010000102221966,false,,false,false,false,,,false,false,,2020-01-24T21:57:23.000Z,0
CVE-2014-9628,https://securityvulnerability.io/vulnerability/CVE-2014-9628,Buffer Overflow Vulnerability in VideoLAN VLC Media Player,"A buffer overflow vulnerability exists in the MP4_ReadBox_String function within the VideoLAN VLC Media Player prior to version 2.1.6. This flaw allows attackers to exploit crafted MP4 files, potentially triggering an unintended zero-size memory allocation, leading to buffer overflow attacks. Successful exploitation could permit malicious actors to execute arbitrary code on the target system, posing a significant security risk.",Videolan,Vlc Media Player,7.8,HIGH,0.006519999820739031,false,,false,false,false,,,false,false,,2020-01-24T21:57:20.000Z,0
CVE-2014-9629,https://securityvulnerability.io/vulnerability/CVE-2014-9629,Integer Overflow Vulnerability in VideoLAN VLC Media Player,"The VLC Media Player contains an integer overflow vulnerability within the Encode function located in modules/codec/schroedinger.c. This flaw allows remote attackers to exploit crafted input length values, resulting in buffer overflow attacks. Consequently, this can lead to arbitrary code execution on the victim's system, posing a serious security risk for users of affected VLC versions.",Videolan,Vlc Media Player,7.8,HIGH,0.006300000008195639,false,,false,false,false,,,false,false,,2020-01-24T21:57:17.000Z,0