[email protected]CVE-2015-5949

HistoryAug 25, 2015 - 5:59 p.m.

CVE-2015-5949

2015-08-2517:59:00

CWE-119

[email protected]

web.nvd.nist.gov

cve-2015-5949

videolan

vlc media player

denial of service

arbitrary code execution

3gp file

nvd

9.3 High

AI Score

Confidence

High

6.8 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:M/Au:N/C:P/I:P/A:P

0.192 Low

EPSS

Percentile

96.2%

JSON

VideoLAN VLC media player 2.2.1 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a crafted 3GP file, which triggers the freeing of arbitrary pointers.

CPENameOperatorVersion
videolan:vlc_media_playervideolan vlc media playerle2.2.1

CPE	Name	Operator	Version
videolan:vlc_media_player	videolan vlc media player	le	2.2.1

References

lists.opensuse.org/opensuse-security-announce/2016-02/msg00040.html

packetstormsecurity.com/files/133266/VLC-2.2.1-Arbitrary-Pointer-Dereference.html

www.debian.org/security/2015/dsa-3342

www.openwall.com/lists/oss-security/2015/08/20/3

www.openwall.com/lists/oss-security/2015/08/20/8

www.securityfocus.com/archive/1/536287/100/0/threaded

git.videolan.org/?p=vlc/vlc-2.2.git%3Ba=commitdiff%3Bh=ce91452460a75d7424b165c4dc8db98114c3cbd9%3Bhp=9e12195d3e4316278af1fa4bcb6a705ff27456fd

security.gentoo.org/glsa/201603-08

www.ocert.org/advisories/ocert-2015-009.html

9.3 High

AI Score

Confidence

High

6.8 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:M/Au:N/C:P/I:P/A:P

0.192 Low

EPSS

Percentile

96.2%

JSON

Related for CVE-2015-5949

nessus5 openvas9 suse1 freebsd1 securityvulns2 debian1 mageia2 prion1 ubuntucve1 debiancve1 gentoo1