Videolan Videolan

  1. Vendors
  2. Videolan

Don't miss out!

Thousands of developers use stack.watch to stay informed.
Get an email whenever new security vulnerabilities are reported in any Videolan product.

RSS Feeds for Videolan security vulnerabilities

Create a CVE RSS feed including security vulnerabilities found in Videolan products with stack.watch. Just hit watch, then grab your custom RSS feed url.

Products by Videolan Sorted by Most Security Vulnerabilities since 2018

Videolan Vlc Media Player34 vulnerabilities

Videolan Dav1d2 vulnerabilities

Videolan Vlc For Mobile1 vulnerability

By the Year

In 2025 there have been 0 vulnerabilities in Videolan. Last year, in 2024 Videolan had 2 security vulnerabilities published. Right now, Videolan is on track to have less security vulnerabilities in 2025 than it did last year.




Year Vulnerabilities Average Score
2025 0 0.00
2024 2 8.30
2023 3 7.73
2022 1 7.80
2021 5 7.32
2020 2 7.80
2019 17 7.51
2018 4 8.13

It may take a day or so for new Videolan vulnerabilities to show up in the stats or in the list of recent security vulnerabilities. Additionally vulnerabilities may be tagged under a different product or component name.

Recent Videolan Security Vulnerabilities

CVE Date Vulnerability Products
CVE-2018-9341 Nov 19, 2024
VLC Media Player: Out-of-Bounds Write in impeg2d_mc_fullx_fully Function In impeg2d_mc_fullx_fully of impeg2d_mc.c there is a possible out of bound write due to missing bounds check. This could lead to remote arbitrary code execution with no additional execution privileges needed. User interaction is needed for exploitation.
Vlc Media Player
CVE-2024-1580 Feb 19, 2024
AV1 Integer Overrun in dav1d decoder pre1.4.0 An integer overflow in dav1d AV1 decoder that can occur when decoding videos with large frame size. This can lead to memory corruption within the AV1 decoder. We recommend upgrading past version 1.4.0 of dav1d.
Dav1d
CVE-2023-47359 Nov 07, 2023
VLC Packet Parser Heap Overflow before 3.0.20 (CVE-2023-47359) Videolan VLC prior to version 3.0.20 contains an incorrect offset read that leads to a Heap-Based Buffer Overflow in function GetPacket() and results in a memory corruption.
Vlc Media Player
CVE-2023-47360 Nov 07, 2023
VLC Media Player <3.0.20 Integer Underflow in Packet Length Videolan VLC prior to version 3.0.20 contains an Integer underflow that leads to an incorrect packet length.
Vlc Media Player
CVE-2023-32570 May 10, 2023
dav1d <1.2.0 Thread_Task Race -> Crash (dav1d_decode_frame_exit) VideoLAN dav1d before 1.2.0 has a thread_task.c race condition that can lead to an application crash, related to dav1d_decode_frame_exit.
Dav1d
CVE-2022-41325 Dec 06, 2022
An integer overflow in the VNC module in VideoLAN VLC Media Player through 3.0.17.4 An integer overflow in the VNC module in VideoLAN VLC Media Player through 3.0.17.4 allows attackers, by tricking a user into opening a crafted playlist or connecting to a rogue VNC server, to crash VLC or execute code under some conditions.
Vlc Media Player
CVE-2021-25801 Jul 26, 2021
A buffer overflow vulnerability in the __Parse_indx component of VideoLAN VLC Media Player 3.0.11 A buffer overflow vulnerability in the __Parse_indx component of VideoLAN VLC Media Player 3.0.11 allows attackers to cause an out-of-bounds read via a crafted .avi file.
Vlc Media Player
CVE-2021-25803 Jul 26, 2021
A buffer overflow vulnerability in the vlc_input_attachment_New component of VideoLAN VLC Media Player 3.0.11 A buffer overflow vulnerability in the vlc_input_attachment_New component of VideoLAN VLC Media Player 3.0.11 allows attackers to cause an out-of-bounds read via a crafted .avi file.
Vlc Media Player
CVE-2021-25804 Jul 26, 2021
A NULL-pointer dereference in "Open" in avi.c of VideoLAN VLC Media Player 3.0.11 A NULL-pointer dereference in "Open" in avi.c of VideoLAN VLC Media Player 3.0.11 can a denial of service (DOS) in the application.
Vlc Media Player
CVE-2021-25802 Jul 26, 2021
A buffer overflow vulnerability in the AVI_ExtractSubtitle component of VideoLAN VLC Media Player 3.0.11 A buffer overflow vulnerability in the AVI_ExtractSubtitle component of VideoLAN VLC Media Player 3.0.11 allows attackers to cause an out-of-bounds read via a crafted .avi file.
Vlc Media Player
Built by Foundeo Inc., with data from the National Vulnerability Database (NVD). Privacy Policy. Use of this site is governed by the Legal Terms
Disclaimer
CONTENT ON THIS WEBSITE IS PROVIDED ON AN "AS IS" BASIS AND DOES NOT IMPLY ANY KIND OF GUARANTEE OR WARRANTY, INCLUDING THE WARRANTIES OF MERCHANTABILITY OR FITNESS FOR A PARTICULAR USE. YOUR USE OF THE INFORMATION ON THE DOCUMENT OR MATERIALS LINKED FROM THE DOCUMENT IS AT YOUR OWN RISK. Always check with your vendor for the most up to date, and accurate information.