CVE-2018-11529

VideoLAN VLC media player 2.2.x is prone to a use after free vulnerability which an attacker can leverage to execute arbitrary code via…

mitre·CWE-416·Published 2018-07-11

CVSS

—

EPSS

0.39

KEV

Exploits

Vendor statements (1)

debian.org

cve.orgen

230 chars

VideoLAN VLC media player 2.2.x is prone to a use after free vulnerability which an attacker can leverage to execute arbitrary code via crafted MKV files. Failed exploit attempts will likely result in denial of service conditions.

NVDes

329 chars

VideoLAN VLC media player en versiones 2.2.x es propenso a una vulnerabilidad de uso de memoria previamente liberada, que podría ser aprovechada por un atacante para ejecutar código arbitrario mediante archivos MKV manipulados. Los intentos de explotación fallidos podrían resultar en condiciones de denegación de servicio (DoS).

CVSS metrics across sources

Version	Type	Source	Base	Exp	Impact	Vector
2.0	Primary	NVD	6.8	8.6	6.4	AV:N/AC:M/Au:N/C:P/I:P/A:P
3.0	Primary	NVD	8.0	2.1	5.9	CVSS:3.0/AV:A/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H