Use-After-Free Vulnerability in VideoLAN VLC Media Player by VideoLAN
CVE-2019-14533

7.8HIGH

Key Information:

Vendor
Videolan
Status
Vlc Media Player
Vendor
CVE Published:
29 August 2019

Summary

The Control function in demux/asf/asf.c of VLC Media Player version 3.0.7.1 contains a use-after-free vulnerability that could be exploited to potentially execute arbitrary code and compromise the system. This vulnerability arises when the application improperly manages memory, resulting in access to freed memory, which may lead to unexpected behaviors. Users are advised to update to the latest version to safeguard against potential exploits.

References

http://git.videolan.org/?p=vlc.git&a=search&h=refs/heads/...
x_refsource_CONFIRM
https://www.debian.org/security/2019/dsa-4504
vendor-advisoryx_refsource_DEBIAN
https://seclists.org/bugtraq/2019/Aug/36
mailing-listx_refsource_BUGTRAQ

CVSS V3.1

Score:
7.8
Severity:
HIGH
Confidentiality:
High
Integrity:
High
Availability:
High
Attack Vector:
Local
Attack Complexity:
Low
Privileges Required:
None
User Interaction:
Required
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.