VideoLAN, a project and a non-profit organization.

Security contacts


Please note that signed emails are welcome, and responsible disclosure is appreciated.

Past security advisories

Please note: The VideoLAN project does not issue security advisories for underlying third party libraries. Please refer to the concerned third parties as appropriate.


Heap use after free in avformat demuxer Details


Buffer Overflow in Processing QuickTime IMA Files Details


Multiple heap and buffer overflows Details


VideoLAN-SA-1302 (CVE-2013-1954)
Overflow in ASF Demuxer Details
Overflow in subtitles decoder Details


VideoLAN-SA-1203 (CVE-2012-5470)
Overflow in PNG decoder Details
VideoLAN-SA-1202 (CVE-2012-1776)
Heap overflows in Real RTPS protocol Details
VideoLAN-SA-1201 (CVE-2012-1775)
Stack overflow in MMS protocol Details


VideoLAN-SA-1108 (CVE-2012-0023)
Heap corruption in TiVo demuxer. Details
VideoLAN-SA-1107 (CVE-2011-3333)
NULL dereference in HTTP and RTSP server. Details
VideoLAN-SA-1106 (CVE-2011-2588)
Heap buffer overflow in AVI demuxer. Details
VideoLAN-SA-1105 (CVE-2011-2587)
Heap buffer overflow in RealMedia demuxer. Details
VideoLAN-SA-1104 (CVE-2011-2194)
Integer overflow in XSPF demuxer. Details
VideoLAN-SA-1103 (CVE-2011-1684)
Heap corruption in MP4 demuxer. Details
VideoLAN-SA-1102 (CVE-2011-0531)
Insufficient input validation in MKV demuxer. Details
VideoLAN-SA-1101 (CVE-2011-0021)
Heap corruption in CDG codec. Details


VideoLAN-SA-1007 (CVE-2010-3907)
Buffer overflow in Real Media demuxer. Details
Stack smashing in SMB/CIFS access. Details
VideoLAN-SA-1005 (CVE-2010-3124)
DLL preloading vulnerability. Details
VideoLAN-SA-1004 (CVE-2010-2937)
Insufficient input validation VLC TagLib plugin. Details
VideoLAN-SA-1003 (CVE-2010-1441..5)
Multiple vulnerabilities in VLC. Details
Buffer overflow in ancient VLC media player Details
Clam AntiVirus input validation error Details


Stack overflows in VLC demuxers. Details


VideoLAN-SA-0811 (CVE-2008-5276)
Buffer overflows in VLC Real demuxers. Details
VideoLAN-SA-0810 (CVE-2008-5032, CVE-2008-5036)
Multiple overflows in VLC demuxers. Details
VideoLAN-SA-0809 (CVE-2008-4654, CVE-2008-4686)
Buffer overflow in VLC TiVo demuxer. Details
VideoLAN-SA-0807 (CVE-2008-3732, CVE-2008-3794)
Multiple overflows in VLC demuxers. Details
VideoLAN-SA-0806 (CVE-2008-2430)
Arbitrary code execution through potential heap-overflows in VLC's WAV demuxer. Details
VideoLAN-SA-0805 (CVE-2008-2147)
Arbitrary code execution through rogue VLC plugins in the current directory. Details
VideoLAN-SA-0804 (CVE-2007-6683)
Arbitrary file overwrite and other abuses through M3U parser and browsers plugins. Details
VideoLAN-SA-0803 (CVE-2008-0073, CVE-2008-1489, CVE-2008-1768, CVE-2008-1769)
Arbitrary memory overwrite vulnerabilities in multiple modules: Real RTSP demuxer, Real Media demuxer, MP4 demuxer, Cinepak decoder. Details
VideoLAN-SA-0802, CORE-2008-0130 (CVE-2008-0984)
Arbitrary memory overwrite vulnerability in the MP4 demuxer. Details
VideoLAN-SA-0801 (CVE-2007-6681, CVE-2007-6682, CVE-2008-0295, CVE-2008-0296)
Format string vulnerability in the Web interface. Stack-based buffer overflow in the Subtitles demuxer. String buffer overflows in the Real RTSP demuxer. Details


VideoLAN-SA-0703, CORE-2007-1004 (CVE-2007-6262)
Recursive plugin release vulnerability in the Active X plugin. Details
VideoLAN-SA-0702 (CVE-2007-3316)
Format string injection in Vorbis, Theora, SAP and CDDA plugins. Details
VideoLAN-SA-0701, MOAB-02-01-2007 (CVE-2007-0017)
URL format string injection in CDDA and VCDX plugins. Details