CVE-2019-18278 — VLC Media Player vulnerability

3 documents3 sources

Severity

7.8HIGHNVD

EPSS

0.1%

top 66.68%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Videolan VLC Media Player

Timeline

PublishedOct 23

Latest updateMay 24

Description

When executing VideoLAN VLC media player 3.0.8 with libqt on Windows, Data from a Faulting Address controls Code Flow starting at libqt_plugin!vlc_entry_license__3_0_0f+0x00000000003b9aba. NOTE: the VideoLAN security team indicates that they have not been contacted, and have no way of reproducing this issue.

CVSS vector

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:HExploitability: 1.8 | Impact: 5.9

Affected Packages1 packages

▶NVDvideolan/vlc_media_player3.0.8

🔴Vulnerability Details

GHSA

GHSA-f24q-c9pm-2vq6: When executing VideoLAN VLC media player 3↗2022-05-24

▶

CVEList

CVE-2019-18278: When executing VideoLAN VLC media player 3↗2019-10-23

▶