Information on source package vlc

Available versions

ReleaseVersion
jessie2.2.7-1~deb8u1
stretch3.0.21-0+deb9u1
stretch (security)3.0.12-0+deb9u1
buster3.0.21-0+deb10u1
buster (security)3.0.20-0+deb10u1
bullseye3.0.21-0+deb11u1
bookworm3.0.21-0+deb12u1
trixie3.0.21-2
sid3.0.21-2

Open issues

BugjessiestretchbusterbullseyebookwormtrixiesidDescription
TEMP-0000000-BCCC32vulnerablefixedfixedfixedfixedfixedfixedvlc issues fixed in 3.0.13
CVE-2024-46461vulnerablefixedfixedfixedfixedfixedfixedVLC media player 3.0.20 and earlier is vulnerable to denial of service ...
CVE-2023-47360vulnerablefixedfixedfixedfixedfixedfixedVideolan VLC prior to version 3.0.20 contains an Integer underflow tha ...
CVE-2023-47359vulnerablefixedfixedfixedfixedfixedfixedVideolan VLC prior to version 3.0.20 contains an incorrect offset read ...
CVE-2022-41325vulnerablefixedfixedfixedfixedfixedfixedAn integer overflow in the VNC module in VideoLAN VLC Media Player thr ...
CVE-2021-25804vulnerablefixedfixedfixedfixedfixedfixedA NULL-pointer dereference in "Open" in avi.c of VideoLAN VLC Media Pl ...
CVE-2021-25803vulnerablefixedfixedfixedfixedfixedfixedA buffer overflow vulnerability in the vlc_input_attachment_New compon ...
CVE-2021-25802vulnerablefixedfixedfixedfixedfixedfixedA buffer overflow vulnerability in the AVI_ExtractSubtitle component o ...
CVE-2021-25801vulnerablefixedfixedfixedfixedfixedfixedA buffer overflow vulnerability in the __Parse_indx component of Video ...
CVE-2020-26664vulnerablefixedfixedfixedfixedfixedfixedA vulnerability in EbmlTypeDispatcher::send in VideoLAN VLC media play ...
CVE-2020-13428vulnerablefixedfixedfixedfixedfixedfixedA heap-based buffer overflow in the hxxx_AnnexB_to_xVC function in mod ...
CVE-2020-6080vulnerablefixedfixedfixedfixedfixedfixedAn exploitable denial-of-service vulnerability exists in the resource ...
CVE-2020-6079vulnerablefixedfixedfixedfixedfixedfixedAn exploitable denial-of-service vulnerability exists in the resource ...
CVE-2020-6078vulnerablefixedfixedfixedfixedfixedfixedAn exploitable denial-of-service vulnerability exists in the message-p ...
CVE-2020-6077vulnerablefixedfixedfixedfixedfixedfixedAn exploitable denial-of-service vulnerability exists in the message-p ...
CVE-2020-6073vulnerablefixedfixedfixedfixedfixedfixedAn exploitable denial-of-service vulnerability exists in the TXT recor ...
CVE-2020-6072vulnerablefixedfixedfixedfixedfixedfixedAn exploitable code execution vulnerability exists in the label-parsin ...
CVE-2020-6071vulnerablefixedfixedfixedfixedfixedfixedAn exploitable denial-of-service vulnerability exists in the resource ...
CVE-2019-19721vulnerablefixedfixedfixedfixedfixedfixedAn off-by-one error in the DecodeBlock function in codec/sdl_image.c i ...
CVE-2019-14970vulnerablefixedfixedfixedfixedfixedfixedA vulnerability in mkv::event_thread_t in VideoLAN VLC media player 3. ...
CVE-2019-14778vulnerablefixedfixedfixedfixedfixedfixedThe mkv::virtual_segment_c::seek method of demux/mkv/virtual_segment.c ...
CVE-2019-14777vulnerablefixedfixedfixedfixedfixedfixedThe Control function of demux/mkv/mkv.cpp in VideoLAN VLC media player ...
CVE-2019-14776vulnerablefixedfixedfixedfixedfixedfixedA heap-based buffer over-read exists in DemuxInit() in demux/asf/asf.c ...
CVE-2019-14535vulnerablefixedfixedfixedfixedfixedfixedA divide-by-zero error exists in the SeekIndex function of demux/asf/a ...
CVE-2019-14534vulnerablefixedfixedfixedfixedfixedfixedIn VideoLAN VLC media player 3.0.7.1, there is a NULL pointer derefere ...
CVE-2019-14533vulnerablefixedfixedfixedfixedfixedfixedThe Control function of demux/asf/asf.c in VideoLAN VLC media player 3 ...
CVE-2019-14498vulnerablefixedfixedfixedfixedfixedfixedA divide-by-zero error exists in the Control function of demux/caf.c i ...
CVE-2019-14438vulnerablefixedfixedfixedfixedfixedfixedA heap-based buffer over-read in xiph_PackHeaders() in modules/demux/x ...
CVE-2019-14437vulnerablefixedfixedfixedfixedfixedfixedThe xiph_SplitHeaders function in modules/demux/xiph.h in VideoLAN VLC ...
CVE-2019-13962vulnerablefixedfixedfixedfixedfixedfixedlavc_CopyPicture in modules/codec/avcodec/video.c in VideoLAN VLC medi ...
CVE-2019-13602vulnerablefixedfixedfixedfixedfixedfixedAn Integer Underflow in MP4_EIA608_Convert() in modules/demux/mp4/mp4. ...
CVE-2019-12874vulnerablefixedfixedfixedfixedfixedfixedAn issue was discovered in zlib_decompress_extra in modules/demux/mkv/ ...
CVE-2019-5460vulnerablefixedfixedfixedfixedfixedfixedDouble Free in VLC versions <= 3.0.6 leads to a crash.
CVE-2019-5459vulnerablefixedfixedfixedfixedfixedfixedAn Integer underflow in VLC Media Player versions < 3.0.7 leads to an ...
CVE-2019-5439vulnerablefixedfixedfixedfixedfixedfixedA Buffer Overflow in VLC Media Player < 3.0.7 causes a crash which can ...
CVE-2018-19857vulnerablefixedfixedfixedfixedfixedfixedThe CAF demuxer in modules/demux/caf.c in VideoLAN VLC media player 3. ...
CVE-2018-11529vulnerablefixedfixedfixedfixedfixedfixedVideoLAN VLC media player 2.2.x is prone to a use after free vulnerabi ...
CVE-2017-17670vulnerablefixedfixedfixedfixedfixedfixedIn VideoLAN VLC media player through 2.2.8, there is a type conversion ...

Resolved issues

BugDescription
CVE-2023-46814A binary hijacking vulnerability exists within the VideoLAN VLC media ...
CVE-2018-11516The vlc_demux_chained_Delete function in input/demux_chained.c in Vide ...
CVE-2017-10699avcodec 2.2.x, as used in VideoLAN VLC media player 2.2.7-x before 201 ...
CVE-2017-9301plugins\audio_filter\libmpgatofixed32_plugin.dll in VideoLAN VLC media ...
CVE-2017-9300plugins\codec\libflac_plugin.dll in VideoLAN VLC media player 2.2.4 al ...
CVE-2017-8313Heap out-of-bound read in ParseJSS in VideoLAN VLC before 2.2.5 due to ...
CVE-2017-8312Heap out-of-bound read in ParseJSS in VideoLAN VLC due to missing chec ...
CVE-2017-8311Potential heap based buffer overflow in ParseJSS in VideoLAN VLC befor ...
CVE-2017-8310Heap out-of-bound read in CreateHtmlSubtitle in VideoLAN VLC 2.2.x due ...
CVE-2016-5108Buffer overflow in the DecodeAdpcmImaQT function in modules/codec/adpc ...
CVE-2016-3941Buffer overflow in the AStreamPeekStream function in input/stream.c in ...
CVE-2015-5949VideoLAN VLC media player 2.2.1 allows remote attackers to cause a den ...
CVE-2014-9743Cross-site scripting (XSS) vulnerability in the httpd_HtmlError functi ...
CVE-2014-9630The rtp_packetize_xiph_config function in modules/stream_out/rtpfmt.c ...
CVE-2014-9629Integer overflow in the Encode function in modules/codec/schroedinger. ...
CVE-2014-9628The MP4_ReadBox_String function in modules/demux/mp4/libmp4.c in Video ...
CVE-2014-9627The MP4_ReadBox_String function in modules/demux/mp4/libmp4.c in Video ...
CVE-2014-9626Integer underflow in the MP4_ReadBox_String function in modules/demux/ ...
CVE-2014-9625The GetUpdateFile function in misc/update.c in the Updater in VideoLAN ...
CVE-2014-6440VideoLAN VLC media player before 2.1.5 allows remote attackers to exec ...
CVE-2014-3441codec\libpng_plugin.dll in VideoLAN VLC Media Player 2.1.3 allows remo ...
CVE-2014-1684The ASF_ReadObject_file_properties function in modules/demux/asf/libas ...
CVE-2013-7340VideoLAN VLC Media Player before 2.0.7 allows remote attackers to caus ...
CVE-2013-6934The parseRTSPRequestString function in Live Networks Live555 Streaming ...
CVE-2013-6933The parseRTSPRequestString function in Live Networks Live555 Streaming ...
CVE-2013-6283VideoLAN VLC Media Player 2.0.8 and earlier allows remote attackers to ...
CVE-2013-4388Buffer overflow in the mp4a packetizer (modules/packetizer/mpeg4audio. ...
CVE-2013-3565Multiple cross-site scripting (XSS) vulnerabilities in the HTTP Interf ...
CVE-2013-3564The web interface in VideoLAN VLC media player before 2.0.7 has no acc ...
CVE-2013-3245plugins/demux/libmkv_plugin.dll in VideoLAN VLC Media Player 2.0.7, an ...
CVE-2013-1954The ASF Demuxer (modules/demux/asf/asf.c) in VideoLAN VLC media player ...
CVE-2013-1868Multiple buffer overflows in VideoLAN VLC media player 2.0.4 and earli ...
CVE-2012-5855The SHAddToRecentDocs function in VideoLAN VLC media player 2.0.4 and ...
CVE-2012-5470libpng_plugin in VideoLAN VLC media player 2.0.3 allows remote attacke ...
CVE-2012-3377Heap-based buffer overflow in the Ogg_DecodePacket function in the OGG ...
CVE-2012-2396VideoLAN VLC media player 2.0.1 allows remote attackers to cause a den ...
CVE-2012-1776Multiple heap-based buffer overflows in VideoLAN VLC media player befo ...
CVE-2012-1775Stack-based buffer overflow in VideoLAN VLC media player before 2.0.1 ...
CVE-2012-0904VLC media player 1.1.11 allows remote attackers to cause a denial of s ...
CVE-2012-0023Double free vulnerability in the get_chunk_header function in modules/ ...
CVE-2011-3623Multiple stack-based buffer overflows in VideoLAN VLC media player bef ...
CVE-2011-2588Heap-based buffer overflow in the AVI_ChunkRead_strf function in libav ...
CVE-2011-2587Heap-based buffer overflow in the DemuxAudioSipr function in real.c in ...
CVE-2011-2194Integer overflow in the XSPF playlist parser in VideoLAN VLC media pla ...
CVE-2011-1684Heap-based buffer overflow in the MP4_ReadBox_skcr function in libmp4. ...
CVE-2011-1087Buffer overflow in VideoLAN VLC media player 1.0.5 allows user-assiste ...
CVE-2011-0531demux/mkv/mkv.hpp in the MKV demuxer plugin in VideoLAN VLC media play ...
CVE-2011-0522The StripTags function in (1) the USF decoder (modules/codec/subtitles ...
CVE-2011-0021Multiple heap-based buffer overflows in cdg.c in the CDG decoder in Vi ...
CVE-2010-3907Multiple integer overflows in real.c in the Real demuxer plugin in Vid ...
CVE-2010-3276libdirectx_plugin.dll in VideoLAN VLC Media Player before 1.1.8 allows ...
CVE-2010-3275libdirectx_plugin.dll in VideoLAN VLC Media Player before 1.1.8 allows ...
CVE-2010-3124Untrusted search path vulnerability in bin/winvlc.c in VLC Media Playe ...
CVE-2010-2937The ReadMetaFromId3v2 function in taglib.cpp in the TagLib plugin in V ...
CVE-2010-2062Integer underflow in the real_get_rdt_chunk function in real.c, as use ...
CVE-2010-1445Heap-based buffer overflow in VideoLAN VLC media player before 1.0.6 a ...
CVE-2010-1444The ZIP archive decompressor in VideoLAN VLC media player before 1.0.6 ...
CVE-2010-1443The parse_track_node function in modules/demux/playlist/xspf.c in the ...
CVE-2010-1442VideoLAN VLC media player before 1.0.6 allows remote attackers to caus ...
CVE-2010-1441Multiple heap-based buffer overflows in VideoLAN VLC media player befo ...
CVE-2010-0364Stack-based buffer overflow in VideoLAN VLC Media Player 0.8.6 allows ...
CVE-2009-2484Stack-based buffer overflow in the Win32AddConnection function in modu ...
CVE-2009-1274Integer overflow in the qt_error parse_trak_atom function in demuxers/ ...
CVE-2009-1045requests/status.xml in VLC 0.9.8a allows remote attackers to cause a d ...
CVE-2009-0698Integer overflow in the 4xm demuxer (demuxers/demux_4xm.c) in xine-lib ...
CVE-2008-5276Integer overflow in the ReadRealIndex function in real.c in the Real d ...
CVE-2008-5248xine-lib before 1.1.15 allows remote attackers to cause a denial of se ...
CVE-2008-5246Multiple heap-based buffer overflows in xine-lib before 1.1.15 allow r ...
CVE-2008-5235Heap-based buffer overflow in the demux_real_send_chunk function in sr ...
CVE-2008-5233xine-lib 1.1.12, and other versions before 1.1.15, does not check for ...
CVE-2008-5036Stack-based buffer overflow in VideoLAN VLC media player 0.9.x before ...
CVE-2008-5032Stack-based buffer overflow in VideoLAN VLC media player 0.5.0 through ...
CVE-2008-4686Multiple integer overflows in ty.c in the TY demux plugin (aka the TiV ...
CVE-2008-4654Stack-based buffer overflow in the parse_master function in the Ty dem ...
CVE-2008-4558Array index error in VLC media player 0.9.2 allows remote attackers to ...
CVE-2008-3794Integer signedness error in the mms_ReceiveCommand function in modules ...
CVE-2008-3732Integer overflow in the Open function in modules/demux/tta.c in VLC Me ...
CVE-2008-2430Integer overflow in the Open function in modules/demux/wav.c in VLC Me ...
CVE-2008-2147Untrusted search path vulnerability in VideoLAN VLC before 0.9.0 allow ...
CVE-2008-1881Stack-based buffer overflow in the ParseSSA function (modules/demux/su ...
CVE-2008-1769VLC before 0.8.6f allow remote attackers to cause a denial of service ...
CVE-2008-1768Multiple integer overflows in VLC before 0.8.6f allow remote attackers ...
CVE-2008-1489Integer overflow in the MP4_ReadBox_rdrf function in libmp4.c for VLC ...
CVE-2008-0984The MP4 demuxer (mp4.c) for VLC media player 0.8.6d and earlier, as us ...
CVE-2008-0296Heap-based buffer overflow in the libaccess_realrtsp plugin in VideoLA ...
CVE-2008-0295Heap-based buffer overflow in modules/access/rtsp/real_sdpplin.c in th ...
CVE-2008-0073Array index error in the sdpplin_parse function in input/libreal/sdppl ...
CVE-2007-6684The RTSP module in VideoLAN VLC 0.8.6d allows remote attackers to caus ...
CVE-2007-6683The browser plugin in VideoLAN VLC 0.8.6d allows remote attackers to o ...
CVE-2007-6682Format string vulnerability in the httpd_FileCallBack function (networ ...
CVE-2007-6681Stack-based buffer overflow in modules/demux/subtitle.c in VideoLAN VL ...
CVE-2007-6262A certain ActiveX control in axvlc.dll in VideoLAN VLC 0.8.6 before 0. ...
CVE-2007-3468input.c in VideoLAN VLC Media Player before 0.8.6c allows remote attac ...
CVE-2007-3467Integer overflow in the __status_Update function in stats.c VideoLAN V ...
CVE-2007-3316Multiple format string vulnerabilities in plugins in VideoLAN VLC Medi ...
CVE-2007-0256VideoLAN VLC 0.8.6a allows remote attackers to cause a denial of servi ...
CVE-2007-0017Multiple format string vulnerabilities in (1) the cdio_log_handler fun ...
CVE-2006-1664Buffer overflow in xine_list_delete_current in libxine 1.14 and earlie ...
CVE-2005-4048Heap-based buffer overflow in the avcodec_default_get_buffer function ...
CVE-2004-1476Stack-based buffer overflow in the VideoCD (VCD) code in xine-lib 1-rc ...
CVE-2004-1475Multiple stack-based buffer overflows in xine-lib 1-rc2 through 1-rc5 ...
CVE-2004-1455Stack-based buffer overflow in Xine-lib-rc5 in xine-lib 1_rc5-r2 and e ...
CVE-2004-1300Buffer overflow in the open_aiff_file function in demux_aiff.c for xin ...

Security announcements

DSA / DLADescription
ELA-1194-1vlc - security update
DSA-5707-1vlc - security update
DLA-3679-1vlc - security update
ELA-1016-1vlc - security update
DSA-5545-1vlc - security update
DSA-5297-1vlc - security update
DLA-3216-1vlc - security update
ELA-749-1vlc - security update
ELA-665-1vlc - security update
DSA-5165-1vlc - security update
DLA-3050-1vlc - security update
DLA-2728-1vlc - security update
DSA-4834-1vlc - security update
DSA-4704-1vlc - security update
DSA-4671-1vlc - security update
DSA-4504-1vlc - security update
DSA-4459-1vlc - security update
DSA-4366-1vlc - security update
DSA-4251-1vlc - security update
DSA-4203-1vlc - security update
DSA-4045-1vlc - security update
DSA-3899-1vlc - security update
DSA-3598-1vlc - security update
DSA-3342-1vlc - security update
DSA-3156-1liblivemedia - security update
DSA-3150-1vlc - security update
DSA-2973-1vlc - security update
DSA-2257-1vlc - buffer overflow
DSA-2218-1vlc - heap-based buffer overflow
DSA-2211-1vlc - missing input sanitising
DSA-2159-1vlc - missing input sanitising
DSA-2043-1vlc - arbitrary code execution
DSA-1819-1vlc - several vulnerabilities
DSA-1543-1vlc - several vulnerabilities
DSA-1332-1vlc
DSA-1252-1vlc
DSA-1004-1vlc - buffer overflow

Search for package or bug name: Reporting problems