CVE-2015-5949 — Improper Restriction of Operations within the Bounds of a Memory Buffer in VLC Media Player

CWE-119 — Improper Restriction of Operations within the Bounds of a Memory Buffer5 documents5 sources

Severity

6.8MEDIUMNVD

EPSS

7.4%

top 8.22%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Videolan VLC Media Player

Timeline

PublishedAug 25

Latest updateMay 14

Description

VideoLAN VLC media player 2.2.1 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a crafted 3GP file, which triggers the freeing of arbitrary pointers.

CVSS vector

AV:N/AC:M/C:P/I:P/A:PExploitability: 8.6 | Impact: 6.4

Affected Packages2 packages

▶Debianvideolan/vlc_media_player< 2.2.1-3+3

▶NVDvideolan/vlc_media_player2.2.1

🔴Vulnerability Details

GHSA

GHSA-jvqc-5hhq-rvwf: VideoLAN VLC media player 2↗2022-05-14

▶

CVEList

CVE-2015-5949: VideoLAN VLC media player 2↗2015-08-25

▶

OSV

CVE-2015-5949: VideoLAN VLC media player 2↗2015-08-25

▶

📋Vendor Advisories

Debian

CVE-2015-5949: vlc - VideoLAN VLC media player 2.2.1 allows remote attackers to cause a denial of ser...↗2015

▶