Commit 83b90983 authored by Hugo Beauzée-Luyssen's avatar Hugo Beauzée-Luyssen


parent bdbdde40
......@@ -16,6 +16,14 @@ for underlying third party libraries.
Please refer to the concerned third parties as appropriate.
<dd>Heap use after free in avformat demuxer
<a href="sa1801.html">Details</a>
$title = "VideoLAN Security Advisory 1801";
$lang = "en";
$menu = array( "vlc" );
$body_color = "red";
<div id="fullwidth">
<h1>Security Advisory 1801</h1>
Summary : Heap use after free during SWF file playback
Date : July 2018
Affected versions : VLC media player 3.0.0 and 3.0.1
ID : VideoLAN-SA-1801
CVE reference : CVE-2018-11516
<p>A remote user can create a specially crafted swf file that, when loaded by the target user, will trigger a heap use after free in Demux() (demux/avformat/demux.c)</p>
<p>If successful, a malicious third party could trigger either a crash of VLC or an arbitratry code execution with the privileges of the target user.</p>
<h2>Threat mitigation</h2>
<p>Exploitation of those issues requires the user to explicitly open a specially crafted file or stream.</p>
<p>ASLR and DEP help reduce exposure, but may be bypassed.</p>
<p>The user should refrain from opening files from untrusted third parties
or accessing untrusted remote sites (or disable the VLC browser plugins),
until the patch is applied.
<p>VLC media player <b>3.0.2</b> addresses the issue.
<dt>The VideoLAN project</dt>
<dd><a href="//"></a>
<dt>VLC official GIT repository</dt>
<dd><a href=""></a>
<?php footer('$Id$'); ?>
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment