CVE-2017-9301Out-of-bounds Read in VLC Media Player

CWE-125Out-of-bounds Read5 documents5 sources
Severity
7.8HIGHNVD
EPSS
0.4%
top 37.96%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
1
Videolan VLC Media Player
Timeline
PublishedMay 29
Latest updateMay 17

Description

plugins\audio_filter\libmpgatofixed32_plugin.dll in VideoLAN VLC media player 2.2.4 allows remote attackers to cause a denial of service (invalid read and application crash) or possibly have unspecified other impact via a crafted file.

CVSS vector

CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:HExploitability: 1.8 | Impact: 5.9

Affected Packages2 packages

Debianvideolan/vlc_media_player< 2.2.5.1-1+3

🔴Vulnerability Details

3
GHSA
GHSA-mppr-fqv2-rw5g: plugins\audio_filter\libmpgatofixed32_plugin2022-05-17
CVEList
CVE-2017-9301: plugins\audio_filter\libmpgatofixed32_plugin2017-05-29
OSV
CVE-2017-9301: plugins\audio_filter\libmpgatofixed32_plugin2017-05-29

📋Vendor Advisories

1
Debian
CVE-2017-9301: vlc - plugins\audio_filter\libmpgatofixed32_plugin.dll in VideoLAN VLC media player 2....2017
CVE-2017-9301 — Out-of-bounds Read in VLC Media Player | cvebase