• VideoLAN Project
• VLC media player
• Software Projects
• Doc/Support
• Wiki
• Forum
• Developers

• developers
• VLC
• VLS
• x264
• libdca
• libdvdcss
• libbluray
• libdvbpsi
• libdvbcsa
• Translations
• trac

• Documentation
• Wiki
• Support

• VideoLAN
• VLC media player
• Documentation
• Support

• Home
• News
• Organisation
• Team
• Contribute
• Partners
• Events
• Goodies

• overview
• vlc
• x264
• dvblast
• multicat
• vlma

• Download
• Features
• Screenshots
• Streaming
• Skins

• Overview
• Download
• Documentation
• Screenshots

• Overview
• FAQ
• Mailing lists

Security contacts

These are the current security contacts for the VideoLAN project:

Rémi Denis-Courmont

rem at videolan dot org

pub   1024D/DD6D12BD 2004-01-09
      Key fingerprint = 9480 5833 53E3 34D2 F03F  E80C C3EC 6DBE DD6D 12BD

Christophe Mutricy

xtophe at videolan dot org

pub   1024D/AC3E0879 2006-03-01
      Key fingerprint = 2303 8592 A6B1 A39D 7B22  D2D3 FD21 BC3B AC3E 0879

Past security advisories

2010

VideoLAN-SA-1003 (CVE-2010-1441..5)

Multiple vulnerabilities in VLC. Details

VideoLAN-SA-1002

Buffer overflow in ancient VLC media player Details

VideoLAN-SA-1001

Clam AntiVirus input validation error Details

2009

VideoLAN-SA-0901

Stack overflows in VLC demuxers. Details

2008

VideoLAN-SA-0811 (CVE-2008-5276)

Buffer overflows in VLC Real demuxers. Details

VideoLAN-SA-0810 (CVE-2008-5032, CVE-2008-5036)

Multiple overflows in VLC demuxers. Details

VideoLAN-SA-0809 (CVE-2008-4654, CVE-2008-4686)

Buffer overflow in VLC TiVo demuxer. Details

VideoLAN-SA-0807 (CVE-2008-3732, CVE-2008-3794)

Multiple overflows in VLC demuxers. Details

VideoLAN-SA-0806 (CVE-2008-2430)

Arbitrary code execution through potential heap-overflows in VLC's WAV demuxer. Details

VideoLAN-SA-0805 (CVE-2008-2147)

Arbitrary code execution through rogue VLC plugins in the current directory. Details

VideoLAN-SA-0804 (CVE-2007-6683)

Arbitrary file overwrite and other abuses through M3U parser and browsers plugins. Details

VideoLAN-SA-0803 (CVE-2008-0073, CVE-2008-1489, CVE-2008-1768, CVE-2008-1769)

Arbitrary memory overwrite vulnerabilities in multiple modules: Real RTSP demuxer, Real Media demuxer, MP4 demuxer, Cinepak decoder. Details

VideoLAN-SA-0802, CORE-2008-0130 (CVE-2008-0984)

Arbitrary memory overwrite vulnerability in the MP4 demuxer. Details

VideoLAN-SA-0801 (CVE-2007-6681, CVE-2007-6682, CVE-2008-0295, CVE-2008-0296)

Format string vulnerability in the Web interface. Stack-based buffer overflow in the Subtitles demuxer. String buffer overflows in the Real RTSP demuxer. Details

2007

VideoLAN-SA-0703, CORE-2007-1004 (CVE-2007-6262)

Recursive plugin release vulnerability in the Active X plugin. Details

VideoLAN-SA-0702 (CVE-2007-3316)

Format string injection in Vorbis, Theora, SAP and CDDA plugins. Details

VideoLAN-SA-0701, MOAB-02-01-2007 (CVE-2007-0017)

URL format string injection in CDDA and VCDX plugins. Details