Public exploit available
Public proof-of-concept or exploit code exists (ExploitDB / Metasploit / Nuclei).

CVE-2014-3441 — Improper Restriction of Operations within the Bounds of a Memory Buffer in VLC Media Player

CWE-119 — Improper Restriction of Operations within the Bounds of a Memory Buffer5 documents5 sources
Severity
4.3MEDIUMNVD
EPSS
8.0%
top 7.91%
CISA KEV
Not in KEV
Exploit
PoC available
Public exploit / PoC exists
Affected products
1
Videolan VLC Media Player
Timeline
PublishedMay 14
Latest updateMay 17

Description

codec\libpng_plugin.dll in VideoLAN VLC Media Player 2.1.3 allows remote attackers to cause a denial of service (crash) via a crafted .png file, as demonstrated by a png in a .wave file.

CVSS vector

AV:N/AC:M/C:N/I:N/A:PExploitability: 8.6 | Impact: 2.9

Affected Packages1 packages

🔴Vulnerability Details

2
GHSA
GHSA-5w4x-p949-wjm4: codec\libpng_plugin↗2022-05-17
â–¶
CVEList
CVE-2014-3441: codec\libpng_plugin↗2014-05-14
â–¶

💥Exploits & PoCs

1
Exploit-DB
VideoLAN VLC Media Player 2.1.3 - '.wav' File Memory Corruption↗2014-05-09
â–¶

📋Vendor Advisories

1
Debian
CVE-2014-3441: vlc - codec\libpng_plugin.dll in VideoLAN VLC Media Player 2.1.3 allows remote attacke...↗2014
â–¶
CVE-2014-3441 — Videolan VLC Media Player vulnerability | cvebase