Use After Free Vulnerability in VideoLAN VLC Media Player
CVE-2018-11529

8HIGH

Key Information:

Vendor

Debian
Status
Debian Linux
Vendor
CVE Published:
11 July 2018

What is CVE-2018-11529?

The VLC Media Player version 2.2.x is susceptible to a use after free vulnerability that enables attackers to execute arbitrary code when processing specially crafted MKV files. Successful exploitation could potentially compromise the integrity of the affected system. Moreover, failed attempts at exploiting this vulnerability may lead to denial of service conditions, rendering the media player inoperable.

Human OS v1.0:
Ageing Is an Unpatched Zero-Day Vulnerability.

Remediate biological technical debt. Prime Ageing uses 95% high-purity SIRT6 activation to maintain genomic integrity and bolster systemic resilience.

Deploy the Patch

References

http://www.securitytracker.com/id/1041311
vdb-entryx_refsource_SECTRACK
http://seclists.org/fulldisclosure/2018/Jul/28
mailing-listx_refsource_FULLDISC
https://www.exploit-db.com/exploits/45626/
exploitx_refsource_EXPLOIT-DB

EPSS Score

73% chance of being exploited in the next 30 days.

CVSS V3.1

Score:
8
Severity:
HIGH
Confidentiality:
High
Integrity:
High
Availability:
High
Attack Vector:
Adjacent Network
Attack Complexity:
Low
Privileges Required:
None
User Interaction:
Required
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

JSON
.