CVE-2018-11529

HIGH

VideoLAN VLC media player 2.2.x is prone to a use after free vulnerability which an attacker can leverage to execute arbitrary code via crafted MKV files. Failed exploit attempts will likely result in denial of service conditions.

CVSS v3.1 Score

8.0
HIGH
CVSS:3.0/AV:A/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
Attack Vector
ADJACENT_NETWORK
Complexity
LOW
Privileges
NONE
User Interaction
REQUIRED
Scope
UNCHANGED
Confidentiality
HIGH
Integrity
HIGH
Availability
HIGH
Published: 7/11/2018Modified: 11/21/2024

Related Intelligence (1)

CRITICALSupply Chain

ABB Ability Camera Connect

<p><a href="https://github.com/cisagov/CSAF/blob/develop/csaf_files/OT/white/2026/icsa-26-146-05.json"><strong>View CSAF</strong></a></p> <h2>Summary</h2> <p><strong>ABB is aware of public reports of vulnerabilities in a 3rd party component VLC media player Version 2.2.4 which was delivered together with the installation package of Camera Connect Version 1.5.0.14 and below. An update is available

CVE-2024-46461CVE-2023-47360
CISA Advisories

References (8)

http://seclists.org/fulldisclosure/2018/Jul/28ExploitMailing Listhttp://www.securitytracker.com/id/1041311Third Party AdvisoryVDB Entryhttps://www.debian.org/security/2018/dsa-4251Third Party Advisoryhttps://www.exploit-db.com/exploits/45626/ExploitThird Party Advisoryhttp://seclists.org/fulldisclosure/2018/Jul/28ExploitMailing Listhttp://www.securitytracker.com/id/1041311Third Party AdvisoryVDB Entryhttps://www.debian.org/security/2018/dsa-4251Third Party Advisoryhttps://www.exploit-db.com/exploits/45626/ExploitThird Party Advisory