Vulnerabilities > CVE-2018-11516 - Use After Free vulnerability in Videolan VLC Media Player 3.0.0/3.0.1
Attack vector
NETWORK Attack complexity
LOW Privileges required
NONE Confidentiality impact
HIGH Integrity impact
HIGH Availability impact
HIGH Summary
The vlc_demux_chained_Delete function in input/demux_chained.c in VideoLAN VLC media player 3.0.1 allows remote attackers to cause a denial of service (heap corruption and application crash) or possibly have unspecified other impact via a crafted .swf file.
Vulnerable Configurations
Part | Description | Count |
---|---|---|
Application | 2 |
Common Weakness Enumeration (CWE)
Nessus
NASL family | Windows |
NASL id | VLC_3_0_2.NASL |
description | The version of VLC media player installed on the remote host is earlier than 3.0.2. It is, therefore, affected by a heap use-after-free vulnerability which could result in a remote code execution. |
last seen | 2020-04-30 |
modified | 2018-08-03 |
plugin id | 111518 |
published | 2018-08-03 |
reporter | This script is Copyright (C) 2018-2020 and is owned by Tenable, Inc. or an Affiliate thereof. |
source | https://www.tenable.com/plugins/nessus/111518 |
title | VLC 3.0.x < 3.0.2 Heap Use-After-Free / Remote Code Execution Vulnerability |
code |
|
References
- http://code610.blogspot.com/2018/05/make-free-vlc.html
- http://code610.blogspot.com/2018/05/make-free-vlc.html
- http://www.securityfocus.com/bid/104293
- http://www.securityfocus.com/bid/104293
- http://www.securitytracker.com/id/1041312
- http://www.securitytracker.com/id/1041312
- http://www.videolan.org/security/sa1801.html
- http://www.videolan.org/security/sa1801.html