CVE-2018-11516Use After Free in VLC Media Player

CWE-416Use After FreeCWE-787Out-of-bounds Write5 documents5 sources
Severity
8.8HIGHNVD
EPSS
0.6%
top 30.48%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
1
Videolan VLC Media Player
Timeline
PublishedMay 28
Latest updateMay 13

Description

The vlc_demux_chained_Delete function in input/demux_chained.c in VideoLAN VLC media player 3.0.1 allows remote attackers to cause a denial of service (heap corruption and application crash) or possibly have unspecified other impact via a crafted .swf file.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:HExploitability: 2.8 | Impact: 5.9

Affected Packages2 packages

Debianvideolan/vlc_media_player< 3.0.2-1+3
NVDvideolan/vlc_media_player3.0.0, 3.0.1+1

🔴Vulnerability Details

3
GHSA
GHSA-wcvh-q8pm-3q7q: The vlc_demux_chained_Delete function in input/demux_chained2022-05-13
OSV
CVE-2018-11516: The vlc_demux_chained_Delete function in input/demux_chained2018-05-28
CVEList
CVE-2018-11516: The vlc_demux_chained_Delete function in input/demux_chained2018-05-28

📋Vendor Advisories

1
Debian
CVE-2018-11516: vlc - The vlc_demux_chained_Delete function in input/demux_chained.c in VideoLAN VLC m...2018
CVE-2018-11516 — Use After Free in VLC Media Player | cvebase