The Vigil@nce team watches public vulnerabilities impacting your computers, and then offers security solutions, a database and tools to fix them.

Computer vulnerabilities of VideoLAN VLC

vulnerability announce CVE-2019-13615

VideoLAN VLC: buffer overflow via demux_sys_t-FreeUnused

Synthesis of the vulnerability

An attacker can trigger a buffer overflow via demux_sys_t::FreeUnused() of VideoLAN VLC, in order to trigger a denial of service, and possibly to run code.
Impacted products: Ubuntu, VLC.
Severity: 2/4.
Consequences: user access/rights, denial of service on service, denial of service on client.
Provenance: document.
Creation date: 17/07/2019.
Revision date: 24/07/2019.
Identifiers: CVE-2019-13615, USN-4073-1, VIGILANCE-VUL-29802.

Description of the vulnerability

An attacker can trigger a buffer overflow via demux_sys_t::FreeUnused() of VideoLAN VLC, in order to trigger a denial of service, and possibly to run code.
Full Vigil@nce bulletin... (Free trial)

vulnerability announce CVE-2019-13962

VideoLAN VLC: out-of-bounds memory reading via lavc_CopyPicture

Synthesis of the vulnerability

An attacker can force a read at an invalid address via lavc_CopyPicture() of VideoLAN VLC, in order to trigger a denial of service, or to obtain sensitive information.
Impacted products: Debian, openSUSE Leap, SLES, Ubuntu, VLC.
Severity: 2/4.
Consequences: data reading, denial of service on client.
Provenance: document.
Creation date: 19/07/2019.
Identifiers: CVE-2019-13962, DSA-4504-1, openSUSE-SU-2019:1840-1, openSUSE-SU-2019:1897-1, openSUSE-SU-2019:1909-1, openSUSE-SU-2019:2015-1, USN-4131-1, VIGILANCE-VUL-29832.

Description of the vulnerability

An attacker can force a read at an invalid address via lavc_CopyPicture() of VideoLAN VLC, in order to trigger a denial of service, or to obtain sensitive information.
Full Vigil@nce bulletin... (Free trial)

vulnerability alert CVE-2019-13602

VideoLAN VLC: memory corruption via MP4_EIA608_Convert

Synthesis of the vulnerability

An attacker can trigger a memory corruption via MP4_EIA608_Convert() of VideoLAN VLC, in order to trigger a denial of service, and possibly to run code.
Impacted products: Debian, openSUSE Leap, SLES, Ubuntu, VLC.
Severity: 2/4.
Consequences: user access/rights, denial of service on service, denial of service on client.
Provenance: document.
Creation date: 15/07/2019.
Identifiers: CVE-2019-13602, DSA-4504-1, openSUSE-SU-2019:1840-1, openSUSE-SU-2019:1897-1, openSUSE-SU-2019:1909-1, openSUSE-SU-2019:2015-1, USN-4074-1, VIGILANCE-VUL-29771.

Description of the vulnerability

An attacker can trigger a memory corruption via MP4_EIA608_Convert() of VideoLAN VLC, in order to trigger a denial of service, and possibly to run code.
Full Vigil@nce bulletin... (Free trial)

computer vulnerability announce CVE-2019-12874

VideoLAN VLC: use after free via zlib_decompress_extra

Synthesis of the vulnerability

An attacker can force the usage of a freed memory area via zlib_decompress_extra() of VideoLAN VLC, in order to trigger a denial of service, and possibly to run code.
Impacted products: openSUSE Leap, SLES, Ubuntu, VLC.
Severity: 2/4.
Consequences: user access/rights, denial of service on service, denial of service on client.
Provenance: document.
Creation date: 19/06/2019.
Identifiers: CERTFR-2019-AVI-291, CVE-2019-12874, openSUSE-SU-2019:1840-1, openSUSE-SU-2019:1897-1, openSUSE-SU-2019:1909-1, openSUSE-SU-2019:2015-1, USN-4074-1, VideoLAN-SA-1901, VIGILANCE-VUL-29567.

Description of the vulnerability

An attacker can force the usage of a freed memory area via zlib_decompress_extra() of VideoLAN VLC, in order to trigger a denial of service, and possibly to run code.
Full Vigil@nce bulletin... (Free trial)

computer vulnerability alert CVE-2018-19857

VLC: integer overflow via ReadKukiChunk

Synthesis of the vulnerability

An attacker can generate an integer overflow via ReadKukiChunk() of VLC, in order to trigger a denial of service, and possibly to run code.
Impacted products: Debian, openSUSE Leap, SLES, Ubuntu, VLC.
Severity: 2/4.
Consequences: user access/rights, denial of service on service, denial of service on client.
Provenance: document.
Creation date: 06/12/2018.
Identifiers: CVE-2018-19857, DSA-4366-1, openSUSE-SU-2019:1840-1, openSUSE-SU-2019:1897-1, openSUSE-SU-2019:1909-1, openSUSE-SU-2019:2015-1, USN-4074-1, VIGILANCE-VUL-27966.

Description of the vulnerability

An attacker can generate an integer overflow via ReadKukiChunk() of VLC, in order to trigger a denial of service, and possibly to run code.
Full Vigil@nce bulletin... (Free trial)

vulnerability note CVE-2018-11529

VLC: use after free via MKV

Synthesis of the vulnerability

An attacker can force the usage of a freed memory area via MKV of VLC, in order to trigger a denial of service, and possibly to run code.
Impacted products: Debian, VLC.
Severity: 3/4.
Consequences: user access/rights, denial of service on client.
Provenance: document.
Creation date: 11/07/2018.
Identifiers: CVE-2018-11529, DSA-4251-1, VIGILANCE-VUL-26684.

Description of the vulnerability

An attacker can force the usage of a freed memory area via MKV of VLC, in order to trigger a denial of service, and possibly to run code.
Full Vigil@nce bulletin... (Free trial)

computer vulnerability announce CVE-2018-11516

VideoLAN VLC: memory corruption via vlc_demux_chained_Delete

Synthesis of the vulnerability

An attacker can generate a memory corruption via vlc_demux_chained_Delete() of VideoLAN VLC, in order to trigger a denial of service, and possibly to run code.
Impacted products: VLC.
Severity: 2/4.
Consequences: user access/rights, denial of service on service, denial of service on client.
Provenance: document.
Creation date: 29/05/2018.
Identifiers: CERTFR-2018-AVI-323, CVE-2018-11516, VIGILANCE-VUL-26257.

Description of the vulnerability

An attacker can generate a memory corruption via vlc_demux_chained_Delete() of VideoLAN VLC, in order to trigger a denial of service, and possibly to run code.
Full Vigil@nce bulletin... (Free trial)

vulnerability announce CVE-2017-8311

VLC: buffer overflow via ParseJSS Double Increment

Synthesis of the vulnerability

An attacker can generate a buffer overflow via ParseJSS() Double Increment of VLC, in order to trigger a denial of service, and possibly to run code.
Impacted products: Debian, VLC.
Severity: 3/4.
Consequences: user access/rights, denial of service on client.
Provenance: document.
Creation date: 24/05/2017.
Revision date: 05/03/2018.
Identifiers: CVE-2017-8311, DSA-3899-1, VIGILANCE-VUL-22812.

Description of the vulnerability

An attacker can generate a buffer overflow via ParseJSS() Double Increment of VLC, in order to trigger a denial of service, and possibly to run code.
Full Vigil@nce bulletin... (Free trial)

vulnerability CVE-2017-17670

VideoLAN VLC: use after free via MP4

Synthesis of the vulnerability

An attacker can force the usage of a freed memory area via MP4 of VideoLAN VLC, in order to trigger a denial of service, and possibly to run code.
Impacted products: Debian, VLC.
Severity: 2/4.
Consequences: user access/rights, denial of service on service, denial of service on client.
Provenance: document.
Creation date: 15/12/2017.
Identifiers: CVE-2017-17670, DSA-4203-1, VIGILANCE-VUL-24780.

Description of the vulnerability

An attacker can force the usage of a freed memory area via MP4 of VideoLAN VLC, in order to trigger a denial of service, and possibly to run code.
Full Vigil@nce bulletin... (Free trial)

vulnerability CVE-2017-10699

VideoLAN VLC: buffer overflow

Synthesis of the vulnerability

An attacker can generate a buffer overflow of VideoLAN VLC, in order to trigger a denial of service, and possibly to run code.
Impacted products: Debian, VLC.
Severity: 2/4.
Consequences: user access/rights, denial of service on service, denial of service on client.
Provenance: document.
Creation date: 03/07/2017.
Identifiers: 18467, CVE-2017-10699, DSA-4045-1, VIGILANCE-VUL-23120.

Description of the vulnerability

An attacker can generate a buffer overflow of VideoLAN VLC, in order to trigger a denial of service, and possibly to run code.
Full Vigil@nce bulletin... (Free trial)
Our database contains other pages. You can request a free trial to read them.

Display information about VideoLAN VLC: