PT-2018-10632 · Videolan+1 · Vlc Media Player+1

Code16

Published

2018-02-10

Updated

2023-03-03

CVE-2018-11516

CVSS v3.1

8.8

High

Vector

AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

Name of the Vulnerable Software and Affected Versions VideoLAN VLC media player version 3.0.1

Description The issue allows remote attackers to cause a denial of service, resulting in heap corruption and application crash, or possibly have other unspecified impacts. This can be achieved via a crafted .swf file. The vlc demux chained Delete function in input/demux chained.c is the vulnerable component.

Recommendations For VideoLAN VLC media player version 3.0.1, consider disabling the vlc demux chained Delete function as a temporary workaround until a patch is available. Restrict access to handling .swf files to minimize the risk of exploitation.

Exploit

Fix

DoS

Use After Free

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-416

Related Identifiers

ALT-PU-2018-1168

ALT-PU-2018-1930

CVE-2018-11516

Affected Products

Alt Linux

Vlc Media Player

PT-2018-10632 · Videolan+1 · Vlc Media Player+1

CVE-2018-11516

Weakness Enumeration

Related Identifiers

Affected Products

References · 18