Public exploit available
Public proof-of-concept or exploit code exists (ExploitDB / Metasploit / Nuclei).

CVE-2014-1684 — VLC Media Player vulnerability

CWE-1896 documents6 sources
Severity
4.3MEDIUMNVD
EPSS
12.8%
top 5.98%
CISA KEV
Not in KEV
Exploit
PoC available
Public exploit / PoC exists
Affected products
1
Videolan VLC Media Player
Timeline
PublishedMar 3
Latest updateMay 17

Description

The ASF_ReadObject_file_properties function in modules/demux/asf/libasf.c in the ASF Demuxer in VideoLAN VLC Media Player before 2.1.3 allows remote attackers to cause a denial of service (divide-by-zero error and crash) via a zero minimum and maximum data packet size in an ASF file.

CVSS vector

AV:N/AC:M/C:N/I:N/A:PExploitability: 8.6 | Impact: 2.9

Affected Packages2 packages

â–¶Debianvideolan/vlc_media_player< 2.1.4-1+3
â–¶NVDvideolan/vlc_media_player2.1.2+36

🔴Vulnerability Details

3
GHSA
GHSA-rj27-5g2m-8j6m: The ASF_ReadObject_file_properties function in modules/demux/asf/libasf↗2022-05-17
â–¶
CVEList
CVE-2014-1684: The ASF_ReadObject_file_properties function in modules/demux/asf/libasf↗2014-03-03
â–¶
OSV
CVE-2014-1684: The ASF_ReadObject_file_properties function in modules/demux/asf/libasf↗2014-03-03
â–¶

💥Exploits & PoCs

1
Exploit-DB
VideoLAN VLC Media Player 2.1.2 - '.asf' Crash (PoC)↗2014-02-05
â–¶

📋Vendor Advisories

1
Debian
CVE-2014-1684: vlc - The ASF_ReadObject_file_properties function in modules/demux/asf/libasf.c in the...↗2014
â–¶
CVE-2014-1684 — Videolan VLC Media Player vulnerability | cvebase