CVE-2019-14534 — NULL Pointer Dereference in VLC Media Player

CWE-476 — NULL Pointer Dereference6 documents6 sources

Severity

5.5MEDIUMNVD

EPSS

0.3%

top 42.92%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Videolan VLC Media Player Debian Linux

Timeline

PublishedAug 29

Latest updateMay 24

Description

In VideoLAN VLC media player 3.0.7.1, there is a NULL pointer dereference at the function SeekPercent of demux/asf/asf.c that will lead to a denial of service attack.

CVSS vector

CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:HExploitability: 1.8 | Impact: 3.6

Affected Packages2 packages

▶Debianvideolan/vlc_media_player< 3.0.8-1+3

▶NVDvideolan/vlc_media_player3.0.7.1

Also affects: Debian Linux 10.0, 9.0

Patches

Patch: git.videolan.org ↗Patch: www.videolan.org ↗Patch: git.videolan.org ↗

🔴Vulnerability Details

GHSA

GHSA-3hmq-m636-vcvh: In VideoLAN VLC media player 3↗2022-05-24

▶

OSV

CVE-2019-14534: In VideoLAN VLC media player 3↗2019-08-29

▶

CVEList

CVE-2019-14534: In VideoLAN VLC media player 3↗2019-08-29

▶

📋Vendor Advisories

Ubuntu

VLC vulnerabilities↗2019-09-11

▶

Debian

CVE-2019-14534: vlc - In VideoLAN VLC media player 3.0.7.1, there is a NULL pointer dereference at the...↗2019

▶