VideoLAN VLC Media Player 3.0.7.1 WMV File demux/asf/asf.c SeekIndex denial of service – Digitalmunition




Exploit/Advisories Cybersecurity study of the dark web exposes vulnerability to machine identities -- ScienceDaily

Published on August 30th, 2019 📆 | 4764 Views ⚑

0

VideoLAN VLC Media Player 3.0.7.1 WMV File demux/asf/asf.c SeekIndex denial of service

CVSS Meta Temp ScoreCurrent Exploit Price (≈)
4.1$0-$5k

A vulnerability was found in VideoLAN VLC Media Player 3.0.7.1 (Multimedia Player Software) and classified as problematic. Affected by this issue is the function SeekIndex of the file demux/asf/asf.c of the component WMV File Handler. The manipulation with an unknown input leads to a denial of service vulnerability (Divide-by-Zero). Using CWE to declare the problem leads to CWE-369. Impacted is availability.

The weakness was published 08/29/2019 as mailinglist post (Bugtraq). The advisory is shared for download at seclists.org. This vulnerability is handled as CVE-2019-14535 since 08/02/2019. The attack may be launched remotely. No form of authentication is required for exploitation. There are known technical details, but no exploit is available.

Applying a patch is able to eliminate this problem. The bugfix is ready for download at git.videolan.org.

Similar entries are available at 141075, 141076, 141077 and 141078.

Type

Vendor

Name

VulDB Meta Base Score: 4.3
VulDB Meta Temp Score: 4.1

VulDB Base Score: 4.3
VulDB Temp Score: 4.1
VulDB Vector: 🔒
VulDB Reliability: 🔍

AVACAuCIA
🔍🔍🔍🔍🔍🔍
🔍🔍🔍🔍🔍🔍
🔍🔍🔍🔍🔍🔍
VectorComplexityAuthenticationConfidentialityIntegrityAvailability
unlockunlockunlockunlockunlockunlock
unlockunlockunlockunlockunlockunlock
unlockunlockunlockunlockunlockunlock


VulDB Base Score: 🔒
VulDB Temp Score: 🔒
VulDB Reliability: 🔍
Class: Denial of service / Divide-by-Zero (CWE-369)
Local: No
Remote: Yes

Availability: 🔒
Status: Not defined

Price Prediction: 🔍
Current Price Estimation: 🔒

Threat Intelligenceinfoedit

Threat: 🔍
Adversaries: 🔍
Geopolitics: 🔍
Economy: 🔍
Predictions: 🔍
Remediation: 🔍Recommended: Patch
Status: 🔍

0-Day Time: 🔒

Patch: git.videolan.org

08/02/2019 CVE assigned
08/29/2019 +27 days Advisory disclosed
08/30/2019 +1 days VulDB entry created
08/30/2019 +0 days VulDB last updateVendor: videolan.org

Advisory: seclists.org
Confirmation: 🔒

CVE: CVE-2019-14535 (🔒)
See also: 🔒

Created: 08/30/2019 07:06 AM
Complete: 🔍

Comments

No comments yet. Please log in to comment.

Use the official API to access entries easily!

https://vuldb.com/?id.141080

Tagged with:



Leave a Reply