CVE-2013-1868
vlc - security update
EPSS 50.7%
Description
Multiple buffer overflows in VideoLAN VLC media player 2.0.4 and earlier allow remote attackers to cause a denial of service (crash) and execute arbitrary code via vectors related to the (1) freetype renderer and (2) HTML subtitle parser.
How to fix CVE-2013-1868
To remediate CVE-2013-1868, upgrade the affected package to a fixed version below.
- Debian/vlc—upgrade to 2.0.5-1 or later
- Debian/vlc—upgrade to 2.0.3-5+deb7u1 or later
Is CVE-2013-1868 being exploited?
Likely — EPSS is 50.7%, placing CVE-2013-1868 in the top tier of vulnerabilities by exploitation probability. Prioritise patching.
Affected packages (2)
- from 0, < 2.0.5-1
- from 0, < 2.0.3-5+deb7u1