Use-After-Free Vulnerability in VideoLAN VLC Media Player
CVE-2019-14777

7.8HIGH

Key Information:

Vendor
Videolan
Status
Vlc Media Player
Vendor
CVE Published:
29 August 2019

Summary

The VLC Media Player, specifically version 3.0.7.1, has a vulnerability in its Control function located in demux/mkv/mkv.cpp that can lead to a use-after-free condition. This vulnerability allows an attacker to potentially execute arbitrary code or crash the application, thereby compromising the security of systems running this version. Users are strongly recommended to update their VLC Media Player to mitigate this risk. Security patches addressing this issue have been issued by VideoLAN and various Linux distributions.

References

http://git.videolan.org/?p=vlc.git&a=search&h=refs/heads/...
x_refsource_CONFIRM
https://www.debian.org/security/2019/dsa-4504
vendor-advisoryx_refsource_DEBIAN
https://seclists.org/bugtraq/2019/Aug/36
mailing-listx_refsource_BUGTRAQ

CVSS V3.1

Score:
7.8
Severity:
HIGH
Confidentiality:
High
Integrity:
High
Availability:
High
Attack Vector:
Local
Attack Complexity:
Low
Privileges Required:
None
User Interaction:
Required
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.