vlc

Link package | bugs open | bugs closed | Wiki | GitHub | web search
Description Multi-platform MPEG, VCD/DVD, and DivX player
Version 3.0.8-1 [extra]

Resolved

Group Affected Fixed Severity Status Ticket
AVG-1008 3.0.7.1-2 Medium Not affected
AVG-998 3.0.6-13 3.0.7.1-1 Critical Fixed
AVG-755 3.0.3-1 3.0.3.r1-1 High Fixed
AVG-533 2.2.6-5 2.2.7-1 Critical Fixed
AVG-283 2.2.4-9 2.2.6-1 High Fixed FS#54194
Issue Group Severity Remote Type Description
CVE-2019-13615 AVG-1008 Medium Yes Information disclosure
Not an issue in vlc, the issue was in libebml and was fixed in 1.3.6.
CVE-2019-12874 AVG-998 Critical Yes Arbitrary code execution
VideoLAN VLC media player 3.0.6 and earlier has a double-free in the zlib_decompress_extra function of the Matroska demuxer in modules/demux/mkv/util.cpp.
CVE-2019-5439 AVG-998 Critical Yes Arbitrary code execution
VideoLAN VLC media player 3.0.6 and earlier has a out-of-bounds write has been found in the ReadFrame function of the AVI decoder.
CVE-2018-11529 AVG-755 High No Arbitrary code execution
VideoLAN VLC media player 2.2.x before 3.0.3-1 is prone to a use after free vulnerability which an attacker can leverage to execute arbitrary code via...
CVE-2017-10699 AVG-533 Critical Yes Arbitrary code execution
It was discovered that avcodec 2.2.x, as used in VideoLAN VLC media player before 2.2.7, allows out-of-bounds heap memory write due to calling memcpy() with...
CVE-2017-9300 AVG-533 High Yes Arbitrary code execution
It was discovered that plugins\codec\libflac_plugin.so in VideoLAN VLC media player before 2.2.7 allows remote attackers to cause a heap corruption and...
CVE-2017-8312 AVG-283 Medium No Denial of service
Heap out-of-bound read in ParseJSS in VideoLAN VLC due to missing check of string length allows attackers to read heap uninitialized data via a crafted...
CVE-2017-8311 AVG-283 High No Arbitrary code execution
Potential heap based buffer overflow in ParseJSS in VideoLAN VLC before 2.2.5 due to skipping NULL terminator in an input string allows attackers to execute...
CVE-2017-8310 AVG-283 Medium No Denial of service
Heap out-of-bound read in CreateHtmlSubtitle in VideoLAN VLC 2.2.x due to missing check of string termination allows attackers to read data beyond allocated...

Advisories

Date Advisory Group Severity Description
25 Jun 2019 ASA-201906-22 AVG-998 Critical arbitrary code execution
07 Dec 2017 ASA-201712-4 AVG-533 Critical arbitrary code execution
01 Jun 2017 ASA-201706-1 AVG-283 High multiple issues