Videolan: >> Vlc Media Player >> 3.0.4 Security Vulnerabilities
An issue was discovered in zlib_decompress_extra in modules/demux/mkv/util.cpp in VideoLAN VLC media player 3.x through 3.0.7. The Matroska demuxer, while parsing a malformed MKV file type, has a double free.
CVSS Score
9.8
EPSS Score
0.025
Published
2019-06-18
A Buffer Overflow in VLC Media Player < 3.0.7 causes a crash which can possibly be further developed into a remote code execution exploit.
CVSS Score
6.5
EPSS Score
0.158
Published
2019-06-13
The CAF demuxer in modules/demux/caf.c in VideoLAN VLC media player 3.0.4 may read memory from an uninitialized pointer when processing magic cookies in CAF files, because a ReadKukiChunk() cast converts a return value to an unsigned int even if that value is negative. This could result in a denial of service and/or a potential infoleak.
CVSS Score
9.1
EPSS Score
0.015
Published
2018-12-05
Page 2