Vulnerability Details CVE-2018-19937
A local, authenticated attacker can bypass the passcode in the VideoLAN VLC media player app before 3.1.5 for iOS by opening a URL and turning the phone.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.0
EPSS Ranking 10.9%
CVSS Severity
CVSS v3 Score 6.6
CVSS v2 Score 4.6
References
- https://github.com/videolan/vlc-ios/pull/178/commits/d84d7c0a94eb7fba202d2c5fc3739276d2d3986f
- https://itunes.apple.com/ms/app/vlc-for-mobile/id650377962?mt=8
- https://github.com/videolan/vlc-ios/pull/178/commits/d84d7c0a94eb7fba202d2c5fc3739276d2d3986f
- https://itunes.apple.com/ms/app/vlc-for-mobile/id650377962?mt=8
Products affected by CVE-2018-19937
-
cpe:2.3:a:videolan:vlc_for_mobile:2.7.8
-
cpe:2.3:a:videolan:vlc_for_mobile:2.8.0
-
cpe:2.3:a:videolan:vlc_for_mobile:2.8.1
-
cpe:2.3:a:videolan:vlc_for_mobile:2.8.2
-
cpe:2.3:a:videolan:vlc_for_mobile:2.8.3
-
cpe:2.3:a:videolan:vlc_for_mobile:2.8.4
-
cpe:2.3:a:videolan:vlc_for_mobile:2.8.5
-
cpe:2.3:a:videolan:vlc_for_mobile:2.8.6
-
cpe:2.3:a:videolan:vlc_for_mobile:2.8.7
-
cpe:2.3:a:videolan:vlc_for_mobile:2.8.8
-
cpe:2.3:a:videolan:vlc_for_mobile:2.8.9
-
cpe:2.3:a:videolan:vlc_for_mobile:2.9.0
-
cpe:2.3:a:videolan:vlc_for_mobile:3.0.0
-
cpe:2.3:a:videolan:vlc_for_mobile:3.0.1
-
cpe:2.3:a:videolan:vlc_for_mobile:3.0.2
-
cpe:2.3:a:videolan:vlc_for_mobile:3.0.3
-
cpe:2.3:a:videolan:vlc_for_mobile:3.1.0
-
cpe:2.3:a:videolan:vlc_for_mobile:3.1.1
-
cpe:2.3:a:videolan:vlc_for_mobile:3.1.2
-
cpe:2.3:a:videolan:vlc_for_mobile:3.1.3
-
cpe:2.3:a:videolan:vlc_for_mobile:3.1.4