Check CVE Id
Check CWE Id
VideoLAN VLC media player 2.2.x is prone to a use after free vulnerability which an attacker can leverage to execute arbitrary code via crafted MKV files. Failed exploit attempts will likely result in denial of service conditions.
See advisories in our WLB2 database:
VLC Media Player 2.2.8 MKV Use-After-Free
VLC Media Player MKV Use-After-Free
(Use After Free)
Vlc media player
CVSS Base Score
A vulnerability in mkv::event_thread_t in VideoLAN VLC media player 184.108.40.206 allows remote attackers to trigger a heap-based buffer overflow via a crafted .mkv file.
The mkv::virtual_segment_c::seek method of demux/mkv/virtual_segment.cpp in VideoLAN VLC media player 220.127.116.11 has a use-after-free.
The Control function of demux/mkv/mkv.cpp in VideoLAN VLC media player 18.104.22.168 has a use-after-free.
A heap-based buffer over-read exists in DemuxInit() in demux/asf/asf.c in VideoLAN VLC media player 22.214.171.124 via a crafted .mkv file.
A divide-by-zero error exists in the SeekIndex function of demux/asf/asf.c in VideoLAN VLC media player 126.96.36.199. As a result, an FPE can be triggered via a crafted WMV file.
In VideoLAN VLC media player 188.8.131.52, there is a NULL pointer dereference at the function SeekPercent of demux/asf/asf.c that will lead to a denial of service attack.
The Control function of demux/asf/asf.c in VideoLAN VLC media player 184.108.40.206 has a use-after-free.
A divide-by-zero error exists in the Control function of demux/caf.c in VideoLAN VLC media player 220.127.116.11. As a result, an FPE can be triggered via a crafted CAF file.
Back to Top