Denial of Service Vulnerability in VideoLAN VLC Media Player
CVE-2014-9627

7.8HIGH

Key Information:

Vendor
Videolan
Status
Vlc Media Player
Vendor
CVE Published:
24 January 2020

Summary

The vulnerability arises from the MP4_ReadBox_String function in the VLC media player, where an improper cast from a 64-bit integer to a 32-bit integer can lead to denial of service. Attackers could exploit this flaw by manipulating the size of box data, potentially causing the application to crash or behave unexpectedly. Keeping VLC Media Player updated is essential to protect against such risks.

References

http://openwall.com/lists/oss-security/2015/01/20/5
x_refsource_MISC
https://github.com/videolan/vlc/commit/2e7c7091a61aa5d07e...
x_refsource_MISC
https://www.videolan.org/security/sa1501.html
x_refsource_CONFIRM

CVSS V3.1

Score:
7.8
Severity:
HIGH
Confidentiality:
High
Integrity:
High
Availability:
High
Attack Vector:
Local
Attack Complexity:
Low
Privileges Required:
None
User Interaction:
Required
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.