Home

CVE-2019-14778

Description

The mkv::virtual_segment_c::seek method of demux/mkv/virtual_segment.cpp in VideoLAN VLC media player 3.0.7.1 has a use-after-free.

Risk Information

Base Score
7.8
MODERATE
Vector
CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
EPSS Score
Exploitation Probability
0.298

Associated Vulnerability

VulnerabilityOS Platform
Multiple Vulnerabilities are affected in VLC Media Player (MSI) (x64) 3.0.7.1Windows
Multiple Vulnerabilities are affected in VLC media player (MSI) 3.0.7.1Windows
vlc security update(DSA-4504-1) vlc_3.0.8-0+deb9u1_i386.debLinux
vlc security update(DSA-4504-1) vlc_3.0.8-0+deb9u1_amd64.debLinux
vlc security update(DSA-4504-1) vlc_3.0.8-0+deb10u1_amd64.debLinux
multimedia player and streamer (USN-4131-1) vlc_3.0.8-0ubuntu18.04.1_i386.debLinux
multimedia player and streamer (USN-4131-1) vlc_3.0.8-0ubuntu18.04.1_amd64.debLinux
multimedia player and streamer (USN-4131-1) vlc_3.0.8-0ubuntu19.04.1_i386.debLinux
multimedia player and streamer (USN-4131-1) vlc_3.0.8-0ubuntu19.04.1_amd64.debLinux

Patch Details

Click to see the patches provided by ManageEngine for this CVE
Patch IDPatch Description
PATCH-334048VLC media player (MSI) (x64) (3.0.20.0)
PATCH-334050VLC media player (MSI) (3.0.20.0)

References

https://nvd.nist.gov/vuln/detail/CVE-2023-1234
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-1234