Search CVE reports
41 – 50 of 150 results
CVE-2019-5459
Medium priorityAn Integer underflow in VLC Media Player versions < 3.0.7 leads to an out-of-band read.
2 affected packages
faad2, vlc
Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS | 16.04 LTS |
---|---|---|---|---|---|
faad2 | Needs evaluation | Needs evaluation | Needs evaluation | Needs evaluation | Needs evaluation |
vlc | Not affected | Not affected | Not affected | Not affected | Not affected |
CVE-2019-13962
Low prioritySome fixes available 2 of 3
lavc_CopyPicture in modules/codec/avcodec/video.c in VideoLAN VLC media player through 3.0.7 has a heap-based buffer over-read because it does not properly validate the width and height.
1 affected package
vlc
Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS | 16.04 LTS |
---|---|---|---|---|---|
vlc | Not affected | Not affected | Not affected | Fixed | Vulnerable |
CVE-2019-13615
Low prioritySome fixes available 2 of 3
libebml before 1.3.6, as used in the MKV module in VideoLAN VLC Media Player binaries before 3.0.3, has a heap-based buffer over-read in EbmlElement::FindNextElement.
2 affected packages
libebml, vlc
Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS | 16.04 LTS |
---|---|---|---|---|---|
libebml | — | — | — | Fixed | Fixed |
vlc | — | — | — | Not affected | Not affected |
CVE-2019-13602
Medium prioritySome fixes available 2 of 4
An Integer Underflow in MP4_EIA608_Convert() in modules/demux/mp4/mp4.c in VideoLAN VLC media player through 3.0.7.1 allows remote attackers to cause a denial of service (heap-based buffer overflow and crash) or possibly...
1 affected package
vlc
Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS | 16.04 LTS |
---|---|---|---|---|---|
vlc | Not affected | Not affected | Not affected | Fixed | Vulnerable |
CVE-2019-12874
Medium prioritySome fixes available 2 of 4
An issue was discovered in zlib_decompress_extra in modules/demux/mkv/util.cpp in VideoLAN VLC media player 3.x through 3.0.7. The Matroska demuxer, while parsing a malformed MKV file type, has a double free.
1 affected package
vlc
Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS | 16.04 LTS |
---|---|---|---|---|---|
vlc | Not affected | Not affected | Not affected | Fixed | Vulnerable |
CVE-2019-5439
Medium prioritySome fixes available 2 of 4
A Buffer Overflow in VLC Media Player < 3.0.7 causes a crash which can possibly be further developed into a remote code execution exploit.
1 affected package
vlc
Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS | 16.04 LTS |
---|---|---|---|---|---|
vlc | Not affected | Not affected | Not affected | Fixed | Vulnerable |
CVE-2018-19857
Medium prioritySome fixes available 1 of 3
The CAF demuxer in modules/demux/caf.c in VideoLAN VLC media player 3.0.4 may read memory from an uninitialized pointer when processing magic cookies in CAF files, because a ReadKukiChunk() cast converts a return value to...
1 affected package
vlc
Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS | 16.04 LTS |
---|---|---|---|---|---|
vlc | Not affected | Not affected | Not affected | Fixed | Vulnerable |
CVE-2018-18829
Medium priorityThere exists a NULL pointer dereference in ff_vc1_parse_frame_header_adv in vc1.c in Libav 12.3, which allows attackers to cause a denial-of-service through a crafted aac file.
5 affected packages
ffmpeg, gst-libav1.0, libav, qtwebengine-opensource-src, vlc
Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS | 16.04 LTS |
---|---|---|---|---|---|
ffmpeg | Not affected | Not affected | Not affected | Not affected | Not affected |
gst-libav1.0 | Needs evaluation | Needs evaluation | Needs evaluation | Needs evaluation | Needs evaluation |
libav | Not in release | Not in release | Not in release | Not in release | Not in release |
qtwebengine-opensource-src | Needs evaluation | Needs evaluation | Needs evaluation | Needs evaluation | Not in release |
vlc | Needs evaluation | Needs evaluation | Needs evaluation | Needs evaluation | Needs evaluation |
CVE-2018-18828
Medium priorityThere exists a heap-based buffer overflow in vc1_decode_i_block_adv in vc1_block.c in Libav 12.3, which allows attackers to cause a denial-of-service via a crafted aac file.
5 affected packages
ffmpeg, gst-libav1.0, libav, qtwebengine-opensource-src, vlc
Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS | 16.04 LTS |
---|---|---|---|---|---|
ffmpeg | Not affected | Not affected | Not affected | Not affected | Not affected |
gst-libav1.0 | Needs evaluation | Needs evaluation | Needs evaluation | Needs evaluation | Needs evaluation |
libav | Not in release | Not in release | Not in release | Not in release | Not in release |
qtwebengine-opensource-src | Needs evaluation | Needs evaluation | Needs evaluation | Needs evaluation | Not in release |
vlc | Needs evaluation | Needs evaluation | Needs evaluation | Needs evaluation | Needs evaluation |
CVE-2018-18827
Medium priorityThere exists a heap-based buffer over-read in ff_vc1_pred_dc in vc1_block.c in Libav 12.3, which allows attackers to cause a denial-of-service via a crafted aac file.
5 affected packages
ffmpeg, gst-libav1.0, libav, qtwebengine-opensource-src, vlc
Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS | 16.04 LTS |
---|---|---|---|---|---|
ffmpeg | Not affected | Not affected | Not affected | Not affected | Not affected |
gst-libav1.0 | Needs evaluation | Needs evaluation | Needs evaluation | Needs evaluation | Needs evaluation |
libav | Not in release | Not in release | Not in release | Not in release | Not in release |
qtwebengine-opensource-src | Needs evaluation | Needs evaluation | Needs evaluation | Needs evaluation | Not in release |
vlc | Needs evaluation | Needs evaluation | Needs evaluation | Needs evaluation | Needs evaluation |