A project and a non-profit organization, composed of volunteers, developing and promoting free, open-source multimedia solutions.
DONATE (why?)
Past security advisories
Note well: The VideoLAN project does not issue security advisories for underlying third party libraries. Please refer to the concerned third parties as appropriate.
2013
- VideoLAN-SA-1302 (CVE-xxxx-xxxx)
- Overflow in ASF Demuxer Details
- VideoLAN-SA-1301 (CVE-xxxx-xxxx)
- Overflow in subtitles decoder Details
- VideoLAN-SA-1203 (CVE-2012-5470)
- Overflow in PNG decoder Details
- VideoLAN-SA-1202 (CVE-2012-1776)
- Heap overflows in Real RTPS protocol Details
- VideoLAN-SA-1201 (CVE-2012-1775)
- Stack overflow in MMS protocol Details
- VideoLAN-SA-1108 (CVE-2012-0023)
- Heap corruption in TiVo demuxer. Details
- VideoLAN-SA-1107 (CVE-2011-3333)
- NULL dereference in HTTP and RTSP server. Details
- VideoLAN-SA-1106 (CVE-2011-2588)
- Heap buffer overflow in AVI demuxer. Details
- VideoLAN-SA-1105 (CVE-2011-2587)
- Heap buffer overflow in RealMedia demuxer. Details
- VideoLAN-SA-1104 (CVE-2011-2194)
- Integer overflow in XSPF demuxer. Details
- VideoLAN-SA-1103 (CVE-2011-1684)
- Heap corruption in MP4 demuxer. Details
- VideoLAN-SA-1102 (CVE-2011-0531)
- Insufficient input validation in MKV demuxer. Details
- VideoLAN-SA-1101 (CVE-2011-0021)
- Heap corruption in CDG codec. Details
- VideoLAN-SA-1007 (CVE-2010-3907)
- Buffer overflow in Real Media demuxer. Details
- VideoLAN-SA-1006
- Stack smashing in SMB/CIFS access. Details
- VideoLAN-SA-1005 (CVE-2010-3124)
- DLL preloading vulnerability. Details
- VideoLAN-SA-1004 (CVE-2010-2937)
- Insufficient input validation VLC TagLib plugin. Details
- VideoLAN-SA-1003 (CVE-2010-1441..5)
- Multiple vulnerabilities in VLC. Details
- VideoLAN-SA-1002
- Buffer overflow in ancient VLC media player Details
- VideoLAN-SA-1001
- Clam AntiVirus input validation error Details
- VideoLAN-SA-0901
- Stack overflows in VLC demuxers. Details
- VideoLAN-SA-0811 (CVE-2008-5276)
- Buffer overflows in VLC Real demuxers. Details
- VideoLAN-SA-0810 (CVE-2008-5032, CVE-2008-5036)
- Multiple overflows in VLC demuxers. Details
- VideoLAN-SA-0809 (CVE-2008-4654, CVE-2008-4686)
- Buffer overflow in VLC TiVo demuxer. Details
- VideoLAN-SA-0807 (CVE-2008-3732, CVE-2008-3794)
- Multiple overflows in VLC demuxers. Details
- VideoLAN-SA-0806 (CVE-2008-2430)
- Arbitrary code execution through potential heap-overflows in VLC's WAV demuxer. Details
- VideoLAN-SA-0805 (CVE-2008-2147)
- Arbitrary code execution through rogue VLC plugins in the current directory. Details
- VideoLAN-SA-0804 (CVE-2007-6683)
- Arbitrary file overwrite and other abuses through M3U parser and browsers plugins. Details
- VideoLAN-SA-0803 (CVE-2008-0073, CVE-2008-1489, CVE-2008-1768, CVE-2008-1769)
- Arbitrary memory overwrite vulnerabilities in multiple modules: Real RTSP demuxer, Real Media demuxer, MP4 demuxer, Cinepak decoder. Details
- VideoLAN-SA-0802, CORE-2008-0130 (CVE-2008-0984)
- Arbitrary memory overwrite vulnerability in the MP4 demuxer. Details
- VideoLAN-SA-0801 (CVE-2007-6681, CVE-2007-6682, CVE-2008-0295, CVE-2008-0296)
- Format string vulnerability in the Web interface. Stack-based buffer overflow in the Subtitles demuxer. String buffer overflows in the Real RTSP demuxer. Details
- VideoLAN-SA-0703, CORE-2007-1004 (CVE-2007-6262)
- Recursive plugin release vulnerability in the Active X plugin. Details
- VideoLAN-SA-0702 (CVE-2007-3316)
- Format string injection in Vorbis, Theora, SAP and CDDA plugins. Details
- VideoLAN-SA-0701, MOAB-02-01-2007 (CVE-2007-0017)
- URL format string injection in CDDA and VCDX plugins. Details
