ID CVE-2018-19857
Summary The CAF demuxer in modules/demux/caf.c in VideoLAN VLC media player 3.0.4 may read memory from an uninitialized pointer when processing magic cookies in CAF files, because a ReadKukiChunk() cast converts a return value to an unsigned int even if that value is negative. This could result in a denial of service and/or a potential infoleak.
References
Vulnerable Configurations
  • VideoLAN VLC Media Player 3.0.4
    cpe:2.3:a:videolan:vlc_media_player:3.0.4
  • Debian Linux 9.0
    cpe:2.3:o:debian:debian_linux:9.0
CVSS
Base: 6.4
Impact:
Exploitability:
CWE CWE-824
CAPEC
nessus via4
NASL family Debian Local Security Checks
NASL id DEBIAN_DSA-4366.NASL
description An integer underflow was discovered in the CAF demuxer of the VLC media player.
last seen 2019-02-21
modified 2019-01-14
plugin id 121135
published 2019-01-14
reporter Tenable
source https://www.tenable.com/plugins/index.php?view=single&id=121135
title Debian DSA-4366-1 : vlc - security update
refmap via4
bid 106130
debian DSA-4366
misc
Last major update 05-12-2018 - 06:29
Published 05-12-2018 - 06:29
Last modified 21-03-2019 - 14:23
Back to Top