Home

CVE-2019-14535

Description

A divide-by-zero error exists in the SeekIndex function of demux/asf/asf.c in VideoLAN VLC media player 3.0.7.1. As a result, an FPE can be triggered via a crafted WMV file.

Risk Information

Base Score
7.8
MODERATE
Vector
CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
EPSS Score
Exploitation Probability
0.265

Associated Vulnerability

VulnerabilityOS Platform
Multiple Vulnerabilities are affected in VLC Media Player (MSI) (x64) 3.0.7.1Windows
Multiple Vulnerabilities are affected in VLC media player (MSI) 3.0.7.1Windows
vlc security update(DSA-4504-1) vlc_3.0.8-0+deb9u1_i386.debLinux
vlc security update(DSA-4504-1) vlc_3.0.8-0+deb9u1_amd64.debLinux
vlc security update(DSA-4504-1) vlc_3.0.8-0+deb10u1_amd64.debLinux
multimedia player and streamer (USN-4131-1) vlc_3.0.8-0ubuntu18.04.1_i386.debLinux
multimedia player and streamer (USN-4131-1) vlc_3.0.8-0ubuntu18.04.1_amd64.debLinux
multimedia player and streamer (USN-4131-1) vlc_3.0.8-0ubuntu19.04.1_i386.debLinux
multimedia player and streamer (USN-4131-1) vlc_3.0.8-0ubuntu19.04.1_amd64.debLinux

Patch Details

Click to see the patches provided by ManageEngine for this CVE
Patch IDPatch Description
PATCH-334048VLC media player (MSI) (x64) (3.0.20.0)
PATCH-334050VLC media player (MSI) (3.0.20.0)

References

https://nvd.nist.gov/vuln/detail/CVE-2023-1234
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-1234