Information on source package vlc

Available versions

ReleaseVersion
jessie (security)2.2.7-1~deb8u1
stretch (security)3.0.6-0+deb9u1
buster3.0.6-1
sid3.0.6-1

Open issues

BugjessiestretchbustersidDescription
CVE-2018-19857vulnerablefixedfixedfixedThe CAF demuxer in modules/demux/caf.c in VideoLAN VLC media player 3. ...
CVE-2018-11529vulnerablefixedfixedfixedVideoLAN VLC media player 2.2.x is prone to a use after free vulnerabi ...
CVE-2017-17670vulnerablefixedfixedfixedIn VideoLAN VLC media player through 2.2.8, there is a type conversion ...

Resolved issues

BugDescription
CVE-2018-11516The vlc_demux_chained_Delete function in input/demux_chained.c in Vide ...
CVE-2017-9301plugins\audio_filter\libmpgatofixed32_plugin.dll in VideoLAN VLC media ...
CVE-2017-9300plugins\codec\libflac_plugin.dll in VideoLAN VLC media player 2.2.4 al ...
CVE-2017-8313Heap out-of-bound read in ParseJSS in VideoLAN VLC before 2.2.5 due to ...
CVE-2017-8312Heap out-of-bound read in ParseJSS in VideoLAN VLC due to missing chec ...
CVE-2017-8311Potential heap based buffer overflow in ParseJSS in VideoLAN VLC befor ...
CVE-2017-8310Heap out-of-bound read in CreateHtmlSubtitle in VideoLAN VLC 2.2.x due ...
CVE-2017-10699avcodec 2.2.x, as used in VideoLAN VLC media player 2.2.7-x before 201 ...
CVE-2016-5108Buffer overflow in the DecodeAdpcmImaQT function in modules/codec/adpc ...
CVE-2016-3941Buffer overflow in the AStreamPeekStream function in input/stream.c in ...
CVE-2015-5949VideoLAN VLC media player 2.2.1 allows remote attackers to cause a den ...
CVE-2014-9743Cross-site scripting (XSS) vulnerability in the httpd_HtmlError functi ...
CVE-2014-9630Invalid memory access in rtp code
CVE-2014-9629integer overflow with resultant buffer overflow
CVE-2014-9628attacker-triggered zero-size malloc with resultant buffer overflow
CVE-2014-9627integer truncation on 32-bit platforms
CVE-2014-9626integer underflow
CVE-2014-9625Buffer overflow in updater
CVE-2014-6440VideoLAN VLC media player before 2.1.5 allows remote attackers to exec ...
CVE-2014-3441codec\libpng_plugin.dll in VideoLAN VLC Media Player 2.1.3 allows remo ...
CVE-2014-1684The ASF_ReadObject_file_properties function in modules/demux/asf/libas ...
CVE-2013-7340VideoLAN VLC Media Player before 2.0.7 allows remote attackers to caus ...
CVE-2013-6934The parseRTSPRequestString function in Live Networks Live555 Streaming ...
CVE-2013-6933The parseRTSPRequestString function in Live Networks Live555 Streaming ...
CVE-2013-6283VideoLAN VLC Media Player 2.0.8 and earlier allows remote attackers to ...
CVE-2013-4388Buffer overflow in the mp4a packetizer (modules/packetizer/mpeg4audio. ...
CVE-2013-3565XSS in HTTP Interface
CVE-2013-3245** DISPUTED ** plugins/demux/libmkv_plugin.dll in VideoLAN VLC Media P ...
CVE-2013-1954The ASF Demuxer (modules/demux/asf/asf.c) in VideoLAN VLC media player ...
CVE-2013-1868Multiple buffer overflows in VideoLAN VLC media player 2.0.4 and earli ...
CVE-2012-5855The SHAddToRecentDocs function in VideoLAN VLC media player 2.0.4 and ...
CVE-2012-5470libpng_plugin in VideoLAN VLC media player 2.0.3 allows remote attacke ...
CVE-2012-3377Heap-based buffer overflow in the Ogg_DecodePacket function in the OGG ...
CVE-2012-2396VideoLAN VLC media player 2.0.1 allows remote attackers to cause a den ...
CVE-2012-1776Multiple heap-based buffer overflows in VideoLAN VLC media player befo ...
CVE-2012-1775Stack-based buffer overflow in VideoLAN VLC media player before 2.0.1 ...
CVE-2012-0904VLC media player 1.1.11 allows remote attackers to cause a denial of s ...
CVE-2012-0023Double free vulnerability in the get_chunk_header function in modules/ ...
CVE-2011-3623Multiple stack-based buffer overflows in VideoLAN VLC media player bef ...
CVE-2011-2588Heap-based buffer overflow in the AVI_ChunkRead_strf function in libav ...
CVE-2011-2587Heap-based buffer overflow in the DemuxAudioSipr function in real.c in ...
CVE-2011-2194Integer overflow in the XSPF playlist parser in VideoLAN VLC media pla ...
CVE-2011-1684Heap-based buffer overflow in the MP4_ReadBox_skcr function in libmp4. ...
CVE-2011-1087Buffer overflow in VideoLAN VLC media player 1.0.5 allows user-assiste ...
CVE-2011-0531demux/mkv/mkv.hpp in the MKV demuxer plugin in VideoLAN VLC media play ...
CVE-2011-0522The StripTags function in (1) the USF decoder (modules/codec/subtitles ...
CVE-2011-0021Multiple heap-based buffer overflows in cdg.c in the CDG decoder in Vi ...
CVE-2010-3907Multiple integer overflows in real.c in the Real demuxer plugin in Vid ...
CVE-2010-3276libdirectx_plugin.dll in VideoLAN VLC Media Player before 1.1.8 allows ...
CVE-2010-3275libdirectx_plugin.dll in VideoLAN VLC Media Player before 1.1.8 allows ...
CVE-2010-3124Untrusted search path vulnerability in bin/winvlc.c in VLC Media Playe ...
CVE-2010-2937The ReadMetaFromId3v2 function in taglib.cpp in the TagLib plugin in V ...
CVE-2010-2062Integer underflow in the real_get_rdt_chunk function in real.c, as use ...
CVE-2010-1445Heap-based buffer overflow in VideoLAN VLC media player before 1.0.6 a ...
CVE-2010-1444The ZIP archive decompressor in VideoLAN VLC media player before 1.0.6 ...
CVE-2010-1443The parse_track_node function in modules/demux/playlist/xspf.c in the ...
CVE-2010-1442VideoLAN VLC media player before 1.0.6 allows remote attackers to caus ...
CVE-2010-1441Multiple heap-based buffer overflows in VideoLAN VLC media player befo ...
CVE-2010-0364Stack-based buffer overflow in VideoLAN VLC Media Player 0.8.6 allows ...
CVE-2009-2484Stack-based buffer overflow in the Win32AddConnection function in modu ...
CVE-2009-1274Integer overflow in the qt_error parse_trak_atom function in demuxers/ ...
CVE-2009-1045requests/status.xml in VLC 0.9.8a allows remote attackers to cause a d ...
CVE-2009-0698Integer overflow in the 4xm demuxer (demuxers/demux_4xm.c) in xine-lib ...
CVE-2008-5276Integer overflow in the ReadRealIndex function in real.c in the Real d ...
CVE-2008-5248xine-lib before 1.1.15 allows remote attackers to cause a denial of se ...
CVE-2008-5246Multiple heap-based buffer overflows in xine-lib before 1.1.15 allow r ...
CVE-2008-5235Heap-based buffer overflow in the demux_real_send_chunk function in sr ...
CVE-2008-5233xine-lib 1.1.12, and other versions before 1.1.15, does not check for ...
CVE-2008-5036Stack-based buffer overflow in VideoLAN VLC media player 0.9.x before ...
CVE-2008-5032Stack-based buffer overflow in VideoLAN VLC media player 0.5.0 through ...
CVE-2008-4686Multiple integer overflows in ty.c in the TY demux plugin (aka the TiV ...
CVE-2008-4654Stack-based buffer overflow in the parse_master function in the Ty dem ...
CVE-2008-4558Array index error in VLC media player 0.9.2 allows remote attackers to ...
CVE-2008-3794Integer signedness error in the mms_ReceiveCommand function in modules ...
CVE-2008-3732Integer overflow in the Open function in modules/demux/tta.c in VLC Me ...
CVE-2008-2430Integer overflow in the Open function in modules/demux/wav.c in VLC Me ...
CVE-2008-2147Untrusted search path vulnerability in VideoLAN VLC before 0.9.0 allow ...
CVE-2008-1881Stack-based buffer overflow in the ParseSSA function (modules/demux/su ...
CVE-2008-1769VLC before 0.8.6f allow remote attackers to cause a denial of service ...
CVE-2008-1768Multiple integer overflows in VLC before 0.8.6f allow remote attackers ...
CVE-2008-1489Integer overflow in the MP4_ReadBox_rdrf function in libmp4.c for VLC ...
CVE-2008-0984The MP4 demuxer (mp4.c) for VLC media player 0.8.6d and earlier, as us ...
CVE-2008-0296Heap-based buffer overflow in the libaccess_realrtsp plugin in VideoLA ...
CVE-2008-0295Heap-based buffer overflow in modules/access/rtsp/real_sdpplin.c in th ...
CVE-2008-0073Array index error in the sdpplin_parse function in input/libreal/sdppl ...
CVE-2007-6684The RTSP module in VideoLAN VLC 0.8.6d allows remote attackers to caus ...
CVE-2007-6683The browser plugin in VideoLAN VLC 0.8.6d allows remote attackers to o ...
CVE-2007-6682Format string vulnerability in the httpd_FileCallBack function (networ ...
CVE-2007-6681Stack-based buffer overflow in modules/demux/subtitle.c in VideoLAN VL ...
CVE-2007-6262A certain ActiveX control in axvlc.dll in VideoLAN VLC 0.8.6 before 0. ...
CVE-2007-3468input.c in VideoLAN VLC Media Player before 0.8.6c allows remote attac ...
CVE-2007-3467Integer overflow in the __status_Update function in stats.c VideoLAN V ...
CVE-2007-3316Multiple format string vulnerabilities in plugins in VideoLAN VLC Medi ...
CVE-2007-0256VideoLAN VLC 0.8.6a allows remote attackers to cause a denial of servi ...
CVE-2007-0017Multiple format string vulnerabilities in (1) the cdio_log_handler fun ...
CVE-2006-1664Buffer overflow in xine_list_delete_current in libxine 1.14 and earlie ...
CVE-2005-4048Heap-based buffer overflow in the avcodec_default_get_buffer function ...
CVE-2004-1476Stack-based buffer overflow in the VideoCD (VCD) code in xine-lib 1-rc ...
CVE-2004-1475Multiple stack-based buffer overflows in xine-lib 1-rc2 through 1-rc5 ...
CVE-2004-1455Stack-based buffer overflow in Xine-lib-rc5 in xine-lib 1_rc5-r2 and e ...
CVE-2004-1300Buffer overflow in the open_aiff_file function in demux_aiff.c for xin ...

Security announcements

DSA / DLADescription
DSA-4366-1vlc - security update
DSA-4251-1vlc - security update
DSA-4203-1vlc - security update
DSA-4045-1vlc - security update
DSA-4045-1vlc - security update
DSA-3899-1vlc - security update
DSA-3598-1vlc - security update
DSA-3342-1vlc - security update
DSA-3156-1liblivemedia - security update
DSA-3150-1vlc - security update
DSA-2973-1vlc - security update
DSA-2257-1vlc - buffer overflow
DSA-2218-1vlc - heap-based buffer overflow
DSA-2218-1vlc - heap-based buffer overflow
DSA-2211-1vlc - missing input sanitising
DSA-2211-1vlc - missing input sanitising
DSA-2159-1vlc - missing input sanitising
DSA-2043-1vlc - arbitrary code execution
DSA-1819-1vlc - several vulnerabilities
DSA-1543-1vlc - several vulnerabilities
DSA-1332-1vlc
DSA-1332-1vlc
DSA-1252-1vlc
DSA-1252-1vlc
DSA-1004-1vlc - buffer overflow
DSA-1004-1vlc - buffer overflow

Search for package or bug name: Reporting problems