PT-2018-10632 · Videolan+1 · Vlc Media Player+1
Code16
·
Publicado
2018-02-10
·
Atualizado
2023-03-03
·
CVE-2018-11516
CVSS v3.1
8.8
Alta
| Vetor | AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H |
Name of the Vulnerable Software and Affected Versions
VideoLAN VLC media player version 3.0.1
Description
The issue allows remote attackers to cause a denial of service, resulting in heap corruption and application crash, or possibly have other unspecified impacts. This can be achieved via a crafted .swf file. The
vlc demux chained Delete function in input/demux chained.c is the vulnerable component.Recommendations
For VideoLAN VLC media player version 3.0.1, consider disabling the
vlc demux chained Delete function as a temporary workaround until a patch is available. Restrict access to handling .swf files to minimize the risk of exploitation.Exploit
Correção
DoS
Use After Free
Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾
Enumeração de Fraquezas
Identificadores relacionados
Produtos afetados
Alt Linux
Vlc Media Player