VideoLAN, a project and a non-profit organization.

Security contacts

Email: security@[email protected].

Please note that signed emails are welcome, and responsible disclosure is appreciated.

Past security advisories

Please note: The VideoLAN project does not issue security advisories for underlying third party libraries. Please refer to the concerned third parties as appropriate.

2016

VideoLAN-SA-1601
Buffer Overflow in Processing QuickTime IMA Files Details

2015

VideoLAN-SA-1501
Multiple heap and buffer overflows Details

2013

VideoLAN-SA-1302 (CVE-2013-1954)
Overflow in ASF Demuxer Details
VideoLAN-SA-1301
Overflow in subtitles decoder Details

2012

VideoLAN-SA-1203 (CVE-2012-5470)
Overflow in PNG decoder Details
VideoLAN-SA-1202 (CVE-2012-1776)
Heap overflows in Real RTPS protocol Details
VideoLAN-SA-1201 (CVE-2012-1775)
Stack overflow in MMS protocol Details

2011

VideoLAN-SA-1108 (CVE-2012-0023)
Heap corruption in TiVo demuxer. Details
VideoLAN-SA-1107 (CVE-2011-3333)
NULL dereference in HTTP and RTSP server. Details
VideoLAN-SA-1106 (CVE-2011-2588)
Heap buffer overflow in AVI demuxer. Details
VideoLAN-SA-1105 (CVE-2011-2587)
Heap buffer overflow in RealMedia demuxer. Details
VideoLAN-SA-1104 (CVE-2011-2194)
Integer overflow in XSPF demuxer. Details
VideoLAN-SA-1103 (CVE-2011-1684)
Heap corruption in MP4 demuxer. Details
VideoLAN-SA-1102 (CVE-2011-0531)
Insufficient input validation in MKV demuxer. Details
VideoLAN-SA-1101 (CVE-2011-0021)
Heap corruption in CDG codec. Details

2010

VideoLAN-SA-1007 (CVE-2010-3907)
Buffer overflow in Real Media demuxer. Details
VideoLAN-SA-1006
Stack smashing in SMB/CIFS access. Details
VideoLAN-SA-1005 (CVE-2010-3124)
DLL preloading vulnerability. Details
VideoLAN-SA-1004 (CVE-2010-2937)
Insufficient input validation VLC TagLib plugin. Details
VideoLAN-SA-1003 (CVE-2010-1441..5)
Multiple vulnerabilities in VLC. Details
VideoLAN-SA-1002
Buffer overflow in ancient VLC media player Details
VideoLAN-SA-1001
Clam AntiVirus input validation error Details

2009

VideoLAN-SA-0901
Stack overflows in VLC demuxers. Details

2008

VideoLAN-SA-0811 (CVE-2008-5276)
Buffer overflows in VLC Real demuxers. Details
VideoLAN-SA-0810 (CVE-2008-5032, CVE-2008-5036)
Multiple overflows in VLC demuxers. Details
VideoLAN-SA-0809 (CVE-2008-4654, CVE-2008-4686)
Buffer overflow in VLC TiVo demuxer. Details
VideoLAN-SA-0807 (CVE-2008-3732, CVE-2008-3794)
Multiple overflows in VLC demuxers. Details
VideoLAN-SA-0806 (CVE-2008-2430)
Arbitrary code execution through potential heap-overflows in VLC's WAV demuxer. Details
VideoLAN-SA-0805 (CVE-2008-2147)
Arbitrary code execution through rogue VLC plugins in the current directory. Details
VideoLAN-SA-0804 (CVE-2007-6683)
Arbitrary file overwrite and other abuses through M3U parser and browsers plugins. Details
VideoLAN-SA-0803 (CVE-2008-0073, CVE-2008-1489, CVE-2008-1768, CVE-2008-1769)
Arbitrary memory overwrite vulnerabilities in multiple modules: Real RTSP demuxer, Real Media demuxer, MP4 demuxer, Cinepak decoder. Details
VideoLAN-SA-0802, CORE-2008-0130 (CVE-2008-0984)
Arbitrary memory overwrite vulnerability in the MP4 demuxer. Details
VideoLAN-SA-0801 (CVE-2007-6681, CVE-2007-6682, CVE-2008-0295, CVE-2008-0296)
Format string vulnerability in the Web interface. Stack-based buffer overflow in the Subtitles demuxer. String buffer overflows in the Real RTSP demuxer. Details

2007

VideoLAN-SA-0703, CORE-2007-1004 (CVE-2007-6262)
Recursive plugin release vulnerability in the Active X plugin. Details
VideoLAN-SA-0702 (CVE-2007-3316)
Format string injection in Vorbis, Theora, SAP and CDDA plugins. Details
VideoLAN-SA-0701, MOAB-02-01-2007 (CVE-2007-0017)
URL format string injection in CDDA and VCDX plugins. Details