Public exploit available
Public proof-of-concept or exploit code exists (ExploitDB / Metasploit / Nuclei).

CVE-2018-11529Use After Free in VLC Media Player

CWE-416Use After Free9 documents7 sources
Severity
8.0HIGHNVD
OSV9.8
EPSS
73.8%
top 1.18%
CISA KEV
Not in KEV
Exploit
PoC available
Public exploit / PoC exists
Affected products
2
Videolan VLC Media PlayerDebian Linux
Timeline
PublishedJul 11
Latest updateMay 14

Description

VideoLAN VLC media player 2.2.x is prone to a use after free vulnerability which an attacker can leverage to execute arbitrary code via crafted MKV files. Failed exploit attempts will likely result in denial of service conditions.

CVSS vector

CVSS:3.0/AV:A/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:HExploitability: 2.1 | Impact: 5.9

Affected Packages3 packages

Debianvideolan/vlc_media_player< 3.0.3-1-1+3
Ubuntuvideolan/vlc_media_player< 2.1.6-0ubuntu14.04.5+esm1+1

Also affects: Debian Linux 9.0

🔴Vulnerability Details

4
GHSA
GHSA-j4p7-jwxh-8774: VideoLAN VLC media player 22022-05-14
OSV
vlc vulnerabilities2021-03-15
CVEList
CVE-2018-11529: VideoLAN VLC media player 22018-07-11
OSV
CVE-2018-11529: VideoLAN VLC media player 22018-07-11

💥Exploits & PoCs

2
Exploit-DB
VLC Media Player - MKV Use-After-Free (Metasploit)2018-10-16
Exploit-DB
VLC media player 2.2.8 - Arbitrary Code Execution (PoC)2018-07-05

📋Vendor Advisories

2
Ubuntu
VLC vulnerabilities2021-03-15
Debian
CVE-2018-11529: vlc - VideoLAN VLC media player 2.2.x is prone to a use after free vulnerability which...2018
CVE-2018-11529 — Use After Free in VLC Media Player | cvebase