Vulmon Recent Vulnerabilities Research Posts Trends Blog About Contact
7.8
CVSSv3

CVE-2019-14438

Published: 29/08/2019 Updated: 18/08/2020
CVSS v2 Base Score: 6.8 | Impact Score: 6.4 | Exploitability Score: 8.6
CVSS v3 Base Score: 7.8 | Impact Score: 5.9 | Exploitability Score: 1.8
VMScore: 605
Vector: AV:N/AC:M/Au:N/C:P/I:P/A:P
Subscribe to Vlc Media Player

Vulnerability Summary

A heap-based buffer over-read in xiph_PackHeaders() in modules/demux/xiph.h in VideoLAN VLC media player 3.0.7.1 allows remote malicious users to trigger a heap-based buffer over-read via a crafted .ogg file.

Vulnerability Trend

Vulnerable Product Search on Vulmon Subscribe to Product

videolan vlc media player 3.0.7.1

debian debian linux 9.0

debian debian linux 10.0

Vendor Advisories

Ubuntu Security Notice: vlc vulnerabilities
Several security issues were fixed in VLC ...
Debian Security Advisories: DSA-4504-1 vlc -- security update
Multiple security issues were discovered in the VLC media player, which could result in the execution of arbitrary code or denial of service if a malformed file/stream is processed For the oldstable distribution (stretch), these problems have been fixed in version 308-0+deb9u1 For the stable distribution (buster), these problems have been fixed ...

Recent Articles

Stuff like sophisticated government spyware is scary and all – but don't forget, a single .wmv file can pwn you via VLC
The Register • Shaun Nichols in San Francisco • 21 Aug 2019

Keep your media player, like other apps, up to date: 13 security flaws fixed Dodgy vids can hijack PCs via VLC security flaw, US, Germany warn. Software's makers not app-y with that claim

VideoLAN has issued an update to address a baker's dozen of CVE-listed security vulnerabilities in its widely used VLC player software. The VLC update includes patches to clear up flaws that range in impact from denial of service (read: application crashes) to remote code execution (i.e. malware installation). Users and admins can get fixes for all of the vulnerabilities by updating VLC to version 3.0.8 or later. So far, no attacks exploiting these holes have been reported in the wild. "While th...

Read more...

References

CWE-125https://www.videolan.org/security/sb-vlc308.htmlhttps://seclists.org/bugtraq/2019/Aug/36http://git.videolan.org/?p=vlc.git&a=search&h=refs%2Fheads%2Fmaster&st=commit&s=cve-2019https://www.debian.org/security/2019/dsa-4504https://security.gentoo.org/glsa/201909-02https://usn.ubuntu.com/4131-1/http://lists.opensuse.org/opensuse-security-announce/2020-04/msg00036.htmlhttp://lists.opensuse.org/opensuse-security-announce/2020-04/msg00046.htmlhttps://usn.ubuntu.com/4131-1/https://nvd.nist.gov
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-4651CVE-2024-34255elevation of privilegeCVE-2024-25529CVE-2024-4671NULL pointer dereferenceCVE-2024-25527template injectionCVE-2008-0166
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started

Vulmon Search

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

About

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Products

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Connect

Twitter Reddit Linkedin Facebook