FreeBSD VuXML: Documenting security issues in FreeBSD and the FreeBSD Ports Collection

vlc -- Use after free vulnerability

Affected packages
vlc <= 2.2.8_6,4
vlc-qt4 <= 2.2.8_6,4

Details

VuXML ID dc57ad48-ecbb-439b-a4d0-5869be47684e
Discovery 2018-06-06
Entry 2018-07-21

Mitre reports:

VideoLAN VLC media player 2.2.x is prone to a use after free vulnerability which an attacker can leverage to execute arbitrary code via crafted MKV files. Failed exploit attempts will likely result in denial of service conditions.

References

CVE Name CVE-2018-11529
URL http://seclists.org/fulldisclosure/2018/Jul/28
URL https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-11529
URL https://github.com/rapid7/metasploit-framework/pull/10335
URL https://github.com/videolan/vlc-3.0/commit/c472668ff873cfe29281822b4548715fb7bb0368
URL https://github.com/videolan/vlc-3.0/commit/d2dadb37e7acc25ae08df71e563855d6e17b5b42