ByteOS Network

NVD Vulnerability Details :

CVE-2018-11529

Analyzed

Source-cve@mitre.org

Published At-11 Jul, 2018 | 16:29

Updated At-21 Mar, 2019 | 20:10

VideoLAN VLC media player 2.2.x is prone to a use after free vulnerability which an attacker can leverage to execute arbitrary code via crafted MKV files. Failed exploit attempts will likely result in denial of service conditions.

Date Added	Due Date	Vulnerability Name	Required Action
	N/A

Metrics

Type	Version	Base score	Base severity	Vector
Primary	3.0	8.0	HIGH	CVSS:3.0/AV:A/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
Primary	2.0	6.8	MEDIUM	AV:N/AC:M/Au:N/C:P/I:P/A:P

CPE Matches

Debian GNU/Linux

>>debian_linux>>9.0

cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*

VideoLAN

>>vlc_media_player>>Versions up to 2.2.8(inclusive)

cpe:2.3:a:videolan:vlc_media_player:*:*:*:*:*:*:*:*

Weaknesses

CWE ID	Type	Source
CWE-416	Primary	nvd@nist.gov

References

Hyperlink	Source	Resource
http://seclists.org/fulldisclosure/2018/Jul/28	cve@mitre.org	Exploit Mailing List Third Party Advisory
http://www.securitytracker.com/id/1041311	cve@mitre.org	Third Party Advisory VDB Entry
https://www.debian.org/security/2018/dsa-4251	cve@mitre.org	Third Party Advisory
https://www.exploit-db.com/exploits/45626/	cve@mitre.org	Exploit Third Party Advisory VDB Entry

CISA Catalog

Metrics

CPE Matches

Weaknesses

Evaluator Description

Evaluator Impact

Evaluator Solution

Vendor Statements

References

Change History