CVE-2018-11529
vlc - security update
8.0
HIGH
CVSS 3.1
EPSS 73.8%
Description
VideoLAN VLC media player 2.2.x is prone to a use after free vulnerability which an attacker can leverage to execute arbitrary code via crafted MKV files. Failed exploit attempts will likely result in denial of service conditions.
How to fix CVE-2018-11529
To remediate CVE-2018-11529, upgrade the affected package to a fixed version below.
- Debian/vlc—upgrade to 3.0.3-1-1 or later
- —upgrade to 3.0.3-1-0+deb9u1 or later
Is CVE-2018-11529 being exploited?
Likely — EPSS is 73.8%, placing CVE-2018-11529 in the top tier of vulnerabilities by exploitation probability. Prioritise patching.
Affected packages (2)
- from 0, < 3.0.3-1-1
- from 0, < 3.0.3-1-0+deb9u1
CVSS scores
| Source | Version | Severity | Vector |
|---|---|---|---|
| osv | CVSS 3.1 | HIGH8.0 | CVSS:3.0/AV:A/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H |