Use-After-Free Vulnerability in VLC Media Player by VideoLAN
CVE-2019-14778

7.8HIGH

Key Information:

Vendor
Videolan
Status
Vlc Media Player
Vendor
CVE Published:
29 August 2019

Summary

A use-after-free vulnerability exists in the mkv::virtual_segment_c::seek method of the VLC Media Player, specifically in the file demux/mkv/virtual_segment.cpp. This issue can potentially allow an attacker to execute arbitrary code, impacting the application's stability and the user's system integrity. Users are advised to update to the latest version to mitigate the risk associated with this vulnerability.

References

http://git.videolan.org/?p=vlc.git&a=search&h=refs/heads/...
x_refsource_CONFIRM
https://www.debian.org/security/2019/dsa-4504
vendor-advisoryx_refsource_DEBIAN
https://seclists.org/bugtraq/2019/Aug/36
mailing-listx_refsource_BUGTRAQ

CVSS V3.1

Score:
7.8
Severity:
HIGH
Confidentiality:
High
Integrity:
High
Availability:
High
Attack Vector:
Local
Attack Complexity:
Low
Privileges Required:
None
User Interaction:
Required
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.