The Vigil@nce team watches public vulnerabilities impacting your computers, and then offers security solutions, a database and tools to fix them.

Computer vulnerabilities of VLC

vulnerability announce CVE-2017-8311

VLC: buffer overflow via ParseJSS Double Increment

Synthesis of the vulnerability

An attacker can generate a buffer overflow via ParseJSS() Double Increment of VLC, in order to trigger a denial of service, and possibly to run code.
Impacted products: Debian, VLC.
Severity: 3/4.
Consequences: user access/rights, denial of service on client.
Provenance: document.
Creation date: 24/05/2017.
Revision date: 05/03/2018.
Identifiers: CVE-2017-8311, DSA-3899-1, VIGILANCE-VUL-22812.

Description of the vulnerability

An attacker can generate a buffer overflow via ParseJSS() Double Increment of VLC, in order to trigger a denial of service, and possibly to run code.
Full Vigil@nce bulletin... (Free trial)

vulnerability CVE-2017-17670

VideoLAN VLC: use after free via MP4

Synthesis of the vulnerability

An attacker can force the usage of a freed memory area via MP4 of VideoLAN VLC, in order to trigger a denial of service, and possibly to run code.
Impacted products: Debian, VLC.
Severity: 2/4.
Consequences: user access/rights, denial of service on service, denial of service on client.
Provenance: document.
Creation date: 15/12/2017.
Identifiers: CVE-2017-17670, DSA-4203-1, VIGILANCE-VUL-24780.

Description of the vulnerability

An attacker can force the usage of a freed memory area via MP4 of VideoLAN VLC, in order to trigger a denial of service, and possibly to run code.
Full Vigil@nce bulletin... (Free trial)

vulnerability CVE-2017-10699

VideoLAN VLC: buffer overflow

Synthesis of the vulnerability

An attacker can generate a buffer overflow of VideoLAN VLC, in order to trigger a denial of service, and possibly to run code.
Impacted products: Debian, VLC.
Severity: 2/4.
Consequences: user access/rights, denial of service on service, denial of service on client.
Provenance: document.
Creation date: 03/07/2017.
Identifiers: 18467, CVE-2017-10699, DSA-4045-1, VIGILANCE-VUL-23120.

Description of the vulnerability

An attacker can generate a buffer overflow of VideoLAN VLC, in order to trigger a denial of service, and possibly to run code.
Full Vigil@nce bulletin... (Free trial)

computer vulnerability note CVE-2017-9300

VideoLAN VLC: memory corruption via libflac_plugin.dll

Synthesis of the vulnerability

An attacker can generate a memory corruption via libflac_plugin.dll of VideoLAN VLC, in order to trigger a denial of service, and possibly to run code.
Impacted products: Debian, openSUSE Leap, VLC.
Severity: 2/4.
Consequences: user access/rights, denial of service on client.
Provenance: document.
Creation date: 30/05/2017.
Identifiers: CVE-2017-9300, DSA-4045-1, openSUSE-SU-2017:2595-1, openSUSE-SU-2017:2597-1, VIGILANCE-VUL-22859.

Description of the vulnerability

An attacker can generate a memory corruption via libflac_plugin.dll of VideoLAN VLC, in order to trigger a denial of service, and possibly to run code.
Full Vigil@nce bulletin... (Free trial)

computer vulnerability bulletin CVE-2017-9301

VideoLAN VLC: out-of-bounds memory reading via libmpgatofixed32_plugin.dll

Synthesis of the vulnerability

An attacker can force a read at an invalid address via libmpgatofixed32_plugin.dll of VideoLAN VLC, in order to trigger a denial of service, or to obtain sensitive information.
Impacted products: VLC.
Severity: 1/4.
Consequences: data reading, denial of service on client.
Provenance: document.
Creation date: 30/05/2017.
Identifiers: CVE-2017-9301, VIGILANCE-VUL-22858.

Description of the vulnerability

An attacker can force a read at an invalid address via libmpgatofixed32_plugin.dll of VideoLAN VLC, in order to trigger a denial of service, or to obtain sensitive information.
Full Vigil@nce bulletin... (Free trial)

vulnerability bulletin CVE-2017-8313

VLC: out-of-bounds memory reading via ParseJSS Read

Synthesis of the vulnerability

An attacker can force a read at an invalid address via ParseJSS() of VLC, in order to trigger a denial of service, or to obtain sensitive information.
Impacted products: Debian, VLC.
Severity: 2/4.
Consequences: data reading, denial of service on client.
Provenance: document.
Creation date: 24/05/2017.
Identifiers: CVE-2017-8313, DSA-3899-1, VIGILANCE-VUL-22813.

Description of the vulnerability

An attacker can force a read at an invalid address via ParseJSS() of VLC, in order to trigger a denial of service, or to obtain sensitive information.
Full Vigil@nce bulletin... (Free trial)

vulnerability alert CVE-2017-8310

VLC: out-of-bounds memory reading via CreateHtmlSubtitle

Synthesis of the vulnerability

An attacker can force a read at an invalid address via CreateHtmlSubtitle() of VLC, in order to trigger a denial of service, or to obtain sensitive information.
Impacted products: Debian, VLC.
Severity: 1/4.
Consequences: data reading, denial of service on client.
Provenance: document.
Creation date: 24/05/2017.
Identifiers: CVE-2017-8310, DSA-3899-1, VIGILANCE-VUL-22811.

Description of the vulnerability

An attacker can force a read at an invalid address via CreateHtmlSubtitle() of VLC, in order to trigger a denial of service, or to obtain sensitive information.
Full Vigil@nce bulletin... (Free trial)

computer vulnerability CVE-2017-8312

VLC: buffer overflow via ParseJSS

Synthesis of the vulnerability

An attacker can generate a buffer overflow via ParseJSS() of VLC, in order to trigger a denial of service, and possibly to run code.
Impacted products: Debian, VLC.
Severity: 3/4.
Consequences: user access/rights, denial of service on service, denial of service on client.
Provenance: document.
Creation date: 23/05/2017.
Identifiers: CPAI-2017-0433, CVE-2017-8312, DSA-3899-1, VIGILANCE-VUL-22805.

Description of the vulnerability

The VLC product displays a video, with its subtitles, such as JSS.

However, if the size of data is greater than the size of the storage array, an overflow occurs in ParseJSS().

An attacker can therefore generate a buffer overflow via ParseJSS() of VLC, in order to trigger a denial of service, and possibly to run code.
Full Vigil@nce bulletin... (Free trial)

vulnerability alert 22081

VLC: code execution via psapi.dll

Synthesis of the vulnerability

An attacker can, on a compromised computer, create the psapi.dll DLL, in order to run code when the user starts VLC.
Impacted products: VLC.
Severity: 1/4.
Consequences: user access/rights.
Provenance: user shell.
Creation date: 10/03/2017.
Identifiers: VIGILANCE-VUL-22081.

Description of the vulnerability

An attacker can, on a compromised computer, create the psapi.dll DLL, in order to run code when the user starts VLC.
Full Vigil@nce bulletin... (Free trial)

vulnerability note 20734

VLC: buffer overflow via EXTM3U

Synthesis of the vulnerability

An attacker can generate a buffer overflow via EXTM3U on VLC, in order to trigger a denial of service, and possibly to run code.
Impacted products: VLC.
Severity: 2/4.
Consequences: user access/rights, denial of service on client.
Provenance: document.
Creation date: 29/09/2016.
Identifiers: VIGILANCE-VUL-20734.

Description of the vulnerability

An attacker can generate a buffer overflow via EXTM3U on VLC, in order to trigger a denial of service, and possibly to run code.
Full Vigil@nce bulletin... (Free trial)
Our database contains other pages. You can request a free trial to read them.

Display information about VLC: