CVE-2014-6440Improper Restriction of Operations within the Bounds of a Memory Buffer in VLC

CWE-119Improper Restriction of Operations within the Bounds of a Memory Buffer5 documents5 sources
Severity
9.8CRITICALNVD
EPSS
5.3%
top 9.92%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
2
Videolan VLC Media PlayerVideolan VLC
Timeline
PublishedMar 28
Latest updateMay 17

Description

VideoLAN VLC media player before 2.1.5 allows remote attackers to execute arbitrary code or cause a denial of service.

CVSS vector

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:HExploitability: 3.9 | Impact: 5.9

Affected Packages2 packages

Debianvideolan/vlc_media_player< 2.1.5-1+3
NVDvideolan/vlc2.1.4

Patches

Patch: billblough.netPatch: seclists.orgPatch: billblough.net

🔴Vulnerability Details

3
GHSA
GHSA-hgvf-qfh8-3x8f: VideoLAN VLC media player before 22022-05-17
CVEList
CVE-2014-6440: VideoLAN VLC media player before 22017-03-28
OSV
CVE-2014-6440: VideoLAN VLC media player before 22017-03-28

📋Vendor Advisories

1
Debian
CVE-2014-6440: vlc - VideoLAN VLC media player before 2.1.5 allows remote attackers to execute arbitr...2014
CVE-2014-6440 — Videolan VLC vulnerability | cvebase