Vulnerability Description
VideoLAN VLC media player 2.2.x is prone to a use after free vulnerability which an attacker can leverage to execute arbitrary code via crafted MKV files. Failed exploit attempts will likely result in denial of service conditions.
CVSS Score
HIGH
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Debian | Debian Linux | 9.0 |
| Videolan | Vlc Media Player | <= 2.2.8 |
Related Weaknesses (CWE)
References
- http://seclists.org/fulldisclosure/2018/Jul/28ExploitMailing ListThird Party Advisory
- http://www.securitytracker.com/id/1041311Third Party AdvisoryVDB Entry
- https://www.debian.org/security/2018/dsa-4251Third Party Advisory
- https://www.exploit-db.com/exploits/45626/ExploitThird Party AdvisoryVDB Entry
- http://seclists.org/fulldisclosure/2018/Jul/28ExploitMailing ListThird Party Advisory
- http://www.securitytracker.com/id/1041311Third Party AdvisoryVDB Entry
- https://www.debian.org/security/2018/dsa-4251Third Party Advisory
- https://www.exploit-db.com/exploits/45626/ExploitThird Party AdvisoryVDB Entry
FAQ
What is CVE-2018-11529?
CVE-2018-11529 is a vulnerability with a CVSS score of 8.0 (HIGH). VideoLAN VLC media player 2.2.x is prone to a use after free vulnerability which an attacker can leverage to execute arbitrary code via crafted MKV files. Failed exploit attempts will likely result in...
How severe is CVE-2018-11529?
CVE-2018-11529 has been rated HIGH with a CVSS base score of 8.0/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2018-11529?
Check the references section above for vendor advisories and patch information. Affected products include: Debian Debian Linux, Videolan Vlc Media Player.