VideoLAN VLC Media Player 3.0.10

CPE Details

VideoLAN VLC Media Player 3.0.10
videolan
vlc_media_player
3.0.10
2020-06-11
12h09 +00:00
2020-06-11
12h09 +00:00
CPE NVD
Alerte pour un CPE
Stay informed of any changes for a specific CPE.
Notifications manage

CPE Name: cpe:2.3:a:videolan:vlc_media_player:3.0.10:*:*:*:*:*:*:*

Informations

Vendor

videolan

Product

vlc_media_player

Version

3.0.10

Related CVE

Open and find in CVE List

CVE ID Published Description Score Severity
CVE-2023-46814 2023-11-21 23h00 +00:00 A binary hijacking vulnerability exists within the VideoLAN VLC media player before 3.0.19 on Windows. The uninstaller attempts to execute code with elevated privileges out of a standard user writable location. Standard users may use this to gain arbitrary code execution as SYSTEM.
7.8
High
CVE-2023-47359 2023-11-06 23h00 +00:00 Videolan VLC prior to version 3.0.20 contains an incorrect offset read that leads to a Heap-Based Buffer Overflow in function GetPacket() and results in a memory corruption.
9.8
Critical
CVE-2023-47360 2023-11-06 23h00 +00:00 Videolan VLC prior to version 3.0.20 contains an Integer underflow that leads to an incorrect packet length.
7.5
High
CVE-2022-41325 2022-12-06 00h00 +00:00 An integer overflow in the VNC module in VideoLAN VLC Media Player through 3.0.17.4 allows attackers, by tricking a user into opening a crafted playlist or connecting to a rogue VNC server, to crash VLC or execute code under some conditions.
7.8
High
CVE-2020-26664 2021-01-08 16h40 +00:00 A vulnerability in EbmlTypeDispatcher::send in VideoLAN VLC media player 3.0.11 allows attackers to trigger a heap-based buffer overflow via a crafted .mkv file.
7.8
High
The information presented on CVE Find originates from several carefully selected reference sources. CVE data is provided by MITRE Corporation and the National Vulnerability Database (NVD). The Known Exploited Vulnerabilities (KEV) catalog is sourced from the Cybersecurity and Infrastructure Security Agency (CISA), while EPSS scores come from FIRST.org. Additionally, data regarding software weaknesses (CWE) and common attack patterns (CAPEC) is maintained by MITRE Corporation, and information on hardware and software configurations (CPE) is provided by the NVD.