本ページは videolan vlc に影響する公開済み CVE(NVD の CPE 経由で関連付け)を列挙します。各行に深刻度指標・概要・公開日が含まれます。
| CVE | 概要 | ソース | CVSS 最大値 | EPSS(%) | 公開 | 更新 |
|---|---|---|---|---|---|---|
| CVE-2026-26227 | VideoLAN VLC for Android prior to version 3.7.0 contains an authentication bypass in the Remote Access Server feature due to missing or insufficient rate limiting on one-time password (OTP) verification. The Remote Access Server uses a 4-digit OTP and does not enforce effective throttling or lockout within the OTP validity window, allowing an attacker with network reachability to the server to repeatedly attempt OTP verification until a valid user_session cookie is issued. Successful exploitatio | [email protected] | 6.3 | 0.30% | 2026-02-26 | 2026-06-17 |
| CVE-2026-26228 | VideoLAN VLC for Android prior to version 3.7.0 contains a path traversal vulnerability in the Remote Access Server routing for the authenticated endpoint GET /download. The file query parameter is concatenated into a filesystem path under the configured download directory without canonicalization or directory containment checks, allowing an authenticated attacker with network reachability to the Remote Access Server to request files outside the intended directory. The impact is bounded by the A | [email protected] | 2.3 | 0.27% | 2026-02-26 | 2026-06-17 |
| CVE-2014-6440 | VideoLAN VLC media player before 2.1.5 allows remote attackers to execute arbitrary code or cause a denial of service. | [email protected] | 9.8 | 4.98% | 2017-03-28 | 2026-06-16 |
| CVE-2008-2147 | Untrusted search path vulnerability in VideoLAN VLC before 0.9.0 allows local users to execute arbitrary code via a malicious library under the modules/ or plugins/ subdirectories of the current working directory. | [email protected] | 4.6 | 0.42% | 2008-05-12 | 2026-06-16 |
| CVE-2008-1769 | VLC before 0.8.6f allow remote attackers to cause a denial of service (crash) via a crafted Cinepak file that triggers an out-of-bounds array access and memory corruption. | [email protected] | 6.8 | 7.16% | 2008-04-25 | 2026-06-16 |
| CVE-2008-1768 | Multiple integer overflows in VLC before 0.8.6f allow remote attackers to cause a denial of service (crash) via the (1) MP4 demuxer, (2) Real demuxer, and (3) Cinepak codec, which triggers a buffer overflow. | [email protected] | 6.8 | 2.71% | 2008-04-25 | 2026-06-16 |
| CVE-2008-1881 | Stack-based buffer overflow in the ParseSSA function (modules/demux/subtitle.c) in VLC 0.8.6e allows remote attackers to execute arbitrary code via a long subtitle in an SSA file. NOTE: this issue is due to an incomplete fix for CVE-2007-6681. | [email protected] | 6.8 | 11.78% | 2008-04-17 | 2026-06-16 |
| CVE-2008-1489 | Integer overflow in the MP4_ReadBox_rdrf function in libmp4.c for VLC 0.8.6e allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a crafted MP4 RDRF box that triggers a heap-based buffer overflow, a different vulnerability than CVE-2008-0984. | [email protected] | 6.8 | 11.87% | 2008-03-24 | 2026-06-16 |
| CVE-2007-6684 | The RTSP module in VideoLAN VLC 0.8.6d allows remote attackers to cause a denial of service (crash) via a request without a Transport parameter, which triggers a NULL pointer dereference. | [email protected] | 5.0 | 2.23% | 2008-01-16 | 2026-06-16 |
| CVE-2007-6683 | The browser plugin in VideoLAN VLC 0.8.6d allows remote attackers to overwrite arbitrary files via (1) the :demuxdump-file option in a filename in a playlist, or (2) a EXTVLCOPT statement in an MP3 file, possibly an argument injection vulnerability. | [email protected] | 5.0 | 2.78% | 2008-01-16 | 2026-06-16 |
| CVE-2007-6682 | Format string vulnerability in the httpd_FileCallBack function (network/httpd.c) in VideoLAN VLC 0.8.6d allows remote attackers to execute arbitrary code via format string specifiers in the Connection parameter. | [email protected] | 7.5 | 15.14% | 2008-01-16 | 2026-06-16 |
| CVE-2007-6681 | Stack-based buffer overflow in modules/demux/subtitle.c in VideoLAN VLC 0.8.6d allows remote attackers to execute arbitrary code via a long subtitle in a (1) MicroDvd, (2) SSA, and (3) Vplayer file. | [email protected] | 7.5 | 17.36% | 2008-01-16 | 2026-06-16 |