FreeBSD VuXML: Documenting security issues in FreeBSD and the FreeBSD Ports Collection

vlc -- Use after free vulnerability

Affected packages
vlc <= 2.2.8_6,4
vlc-qt4 <= 2.2.8_6,4

Details

VuXML ID dc57ad48-ecbb-439b-a4d0-5869be47684e
Discovery 2018-06-06
Entry 2018-07-21

Mitre reports:

VideoLAN VLC media player 2.2.x is prone to a use after free vulnerability which an attacker can leverage to execute arbitrary code via crafted MKV files. Failed exploit attempts will likely result in denial of service conditions.

[source]

References

CVE Name CVE-2018-11529
URL http://seclists.org/fulldisclosure/2018/Jul/28
URL https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-11529
URL https://github.com/rapid7/metasploit-framework/pull/10335
URL https://github.com/videolan/vlc-3.0/commit/c472668ff873cfe29281822b4548715fb7bb0368
URL https://github.com/videolan/vlc-3.0/commit/d2dadb37e7acc25ae08df71e563855d6e17b5b42

Copyright © 2003-2005 Jacques Vidrine and contributors.
Please see the source of this document for full copyright information.