The Vigil@nce team watches public vulnerabilities impacting your computers, and then offers security solutions, a database and tools to fix them.

Computer vulnerabilities of VideoLAN VLC

computer vulnerability alert CVE-2018-19857

VLC: integer overflow via ReadKukiChunk

Synthesis of the vulnerability

An attacker can generate an integer overflow via ReadKukiChunk() of VLC, in order to trigger a denial of service, and possibly to run code.
Impacted products: Debian, VLC.
Severity: 2/4.
Consequences: user access/rights, denial of service on service, denial of service on client.
Provenance: document.
Creation date: 06/12/2018.
Identifiers: CVE-2018-19857, DSA-4366-1, VIGILANCE-VUL-27966.

Description of the vulnerability

An attacker can generate an integer overflow via ReadKukiChunk() of VLC, in order to trigger a denial of service, and possibly to run code.
Full Vigil@nce bulletin... (Free trial)

vulnerability note CVE-2018-11529

VLC: use after free via MKV

Synthesis of the vulnerability

An attacker can force the usage of a freed memory area via MKV of VLC, in order to trigger a denial of service, and possibly to run code.
Impacted products: Debian, VLC.
Severity: 3/4.
Consequences: user access/rights, denial of service on client.
Provenance: document.
Creation date: 11/07/2018.
Identifiers: CVE-2018-11529, DSA-4251-1, VIGILANCE-VUL-26684.

Description of the vulnerability

An attacker can force the usage of a freed memory area via MKV of VLC, in order to trigger a denial of service, and possibly to run code.
Full Vigil@nce bulletin... (Free trial)

computer vulnerability announce CVE-2018-11516

VideoLAN VLC: memory corruption via vlc_demux_chained_Delete

Synthesis of the vulnerability

An attacker can generate a memory corruption via vlc_demux_chained_Delete() of VideoLAN VLC, in order to trigger a denial of service, and possibly to run code.
Impacted products: VLC.
Severity: 2/4.
Consequences: user access/rights, denial of service on service, denial of service on client.
Provenance: document.
Creation date: 29/05/2018.
Identifiers: CERTFR-2018-AVI-323, CVE-2018-11516, VIGILANCE-VUL-26257.

Description of the vulnerability

An attacker can generate a memory corruption via vlc_demux_chained_Delete() of VideoLAN VLC, in order to trigger a denial of service, and possibly to run code.
Full Vigil@nce bulletin... (Free trial)

vulnerability announce CVE-2017-8311

VLC: buffer overflow via ParseJSS Double Increment

Synthesis of the vulnerability

An attacker can generate a buffer overflow via ParseJSS() Double Increment of VLC, in order to trigger a denial of service, and possibly to run code.
Impacted products: Debian, VLC.
Severity: 3/4.
Consequences: user access/rights, denial of service on client.
Provenance: document.
Creation date: 24/05/2017.
Revision date: 05/03/2018.
Identifiers: CVE-2017-8311, DSA-3899-1, VIGILANCE-VUL-22812.

Description of the vulnerability

An attacker can generate a buffer overflow via ParseJSS() Double Increment of VLC, in order to trigger a denial of service, and possibly to run code.
Full Vigil@nce bulletin... (Free trial)

vulnerability CVE-2017-17670

VideoLAN VLC: use after free via MP4

Synthesis of the vulnerability

An attacker can force the usage of a freed memory area via MP4 of VideoLAN VLC, in order to trigger a denial of service, and possibly to run code.
Impacted products: Debian, VLC.
Severity: 2/4.
Consequences: user access/rights, denial of service on service, denial of service on client.
Provenance: document.
Creation date: 15/12/2017.
Identifiers: CVE-2017-17670, DSA-4203-1, VIGILANCE-VUL-24780.

Description of the vulnerability

An attacker can force the usage of a freed memory area via MP4 of VideoLAN VLC, in order to trigger a denial of service, and possibly to run code.
Full Vigil@nce bulletin... (Free trial)

vulnerability CVE-2017-10699

VideoLAN VLC: buffer overflow

Synthesis of the vulnerability

An attacker can generate a buffer overflow of VideoLAN VLC, in order to trigger a denial of service, and possibly to run code.
Impacted products: Debian, VLC.
Severity: 2/4.
Consequences: user access/rights, denial of service on service, denial of service on client.
Provenance: document.
Creation date: 03/07/2017.
Identifiers: 18467, CVE-2017-10699, DSA-4045-1, VIGILANCE-VUL-23120.

Description of the vulnerability

An attacker can generate a buffer overflow of VideoLAN VLC, in order to trigger a denial of service, and possibly to run code.
Full Vigil@nce bulletin... (Free trial)

computer vulnerability note CVE-2017-9300

VideoLAN VLC: memory corruption via libflac_plugin.dll

Synthesis of the vulnerability

An attacker can generate a memory corruption via libflac_plugin.dll of VideoLAN VLC, in order to trigger a denial of service, and possibly to run code.
Impacted products: Debian, openSUSE Leap, VLC.
Severity: 2/4.
Consequences: user access/rights, denial of service on client.
Provenance: document.
Creation date: 30/05/2017.
Identifiers: CVE-2017-9300, DSA-4045-1, openSUSE-SU-2017:2595-1, openSUSE-SU-2017:2597-1, VIGILANCE-VUL-22859.

Description of the vulnerability

An attacker can generate a memory corruption via libflac_plugin.dll of VideoLAN VLC, in order to trigger a denial of service, and possibly to run code.
Full Vigil@nce bulletin... (Free trial)

computer vulnerability bulletin CVE-2017-9301

VideoLAN VLC: out-of-bounds memory reading via libmpgatofixed32_plugin.dll

Synthesis of the vulnerability

An attacker can force a read at an invalid address via libmpgatofixed32_plugin.dll of VideoLAN VLC, in order to trigger a denial of service, or to obtain sensitive information.
Impacted products: VLC.
Severity: 1/4.
Consequences: data reading, denial of service on client.
Provenance: document.
Creation date: 30/05/2017.
Identifiers: CVE-2017-9301, VIGILANCE-VUL-22858.

Description of the vulnerability

An attacker can force a read at an invalid address via libmpgatofixed32_plugin.dll of VideoLAN VLC, in order to trigger a denial of service, or to obtain sensitive information.
Full Vigil@nce bulletin... (Free trial)

vulnerability bulletin CVE-2017-8313

VLC: out-of-bounds memory reading via ParseJSS Read

Synthesis of the vulnerability

An attacker can force a read at an invalid address via ParseJSS() of VLC, in order to trigger a denial of service, or to obtain sensitive information.
Impacted products: Debian, VLC.
Severity: 2/4.
Consequences: data reading, denial of service on client.
Provenance: document.
Creation date: 24/05/2017.
Identifiers: CVE-2017-8313, DSA-3899-1, VIGILANCE-VUL-22813.

Description of the vulnerability

An attacker can force a read at an invalid address via ParseJSS() of VLC, in order to trigger a denial of service, or to obtain sensitive information.
Full Vigil@nce bulletin... (Free trial)

vulnerability alert CVE-2017-8310

VLC: out-of-bounds memory reading via CreateHtmlSubtitle

Synthesis of the vulnerability

An attacker can force a read at an invalid address via CreateHtmlSubtitle() of VLC, in order to trigger a denial of service, or to obtain sensitive information.
Impacted products: Debian, VLC.
Severity: 1/4.
Consequences: data reading, denial of service on client.
Provenance: document.
Creation date: 24/05/2017.
Identifiers: CVE-2017-8310, DSA-3899-1, VIGILANCE-VUL-22811.

Description of the vulnerability

An attacker can force a read at an invalid address via CreateHtmlSubtitle() of VLC, in order to trigger a denial of service, or to obtain sensitive information.
Full Vigil@nce bulletin... (Free trial)
Our database contains other pages. You can request a free trial to read them.

Display information about VideoLAN VLC: