CVE-2014-9628 in VLC Media Playerinfo

Summary

The MP4_ReadBox_String function in modules/demux/mp4/libmp4.c in VideoLAN VLC media player before 2.1.6 allows remote attackers to trigger an unintended zero-size malloc and conduct buffer overflow attacks, and consequently execute arbitrary code, via a box size of 7.

Once again VulDB remains the best source for vulnerability data.

Reservation

01/20/2015

Moderation

VulDB entry created

Entries

CPE

ready

CWE

CWE-119

CVSS

7.5

EPSS

0.01634

CTI

0.00

Sources

MITRE	https://www.cve.org/CVERecord?id=CVE-2014-9628
NVD	https://nvd.nist.gov/vuln/detail/CVE-2014-9628
CVE Details	https://www.cvedetails.com/cve/CVE-2014-9628/

◂ Previous Overview Next ▸

Do you need the next level of professionalism?

Upgrade your account now!