CVE-2014-9629

Integer overflow in the Encode function in modules/codec/schroedinger.c in VideoLAN VLC media player before 2.1.6 and 2.2.x before 2.2.1 allows remote attackers to conduct buffer overflow attacks and execute arbitrary code via a crafted length value.
Configurations

Configuration 1 (hide)

OR cpe:2.3:a:videolan:vlc_media_player:*:*:*:*:*:*:*:*
cpe:2.3:a:videolan:vlc_media_player:*:*:*:*:*:*:*:*

History

21 Nov 2024, 02:21

Type Values Removed Values Added
References () http://openwall.com/lists/oss-security/2015/01/20/5 - Mailing List, Third Party Advisory () http://openwall.com/lists/oss-security/2015/01/20/5 - Mailing List, Third Party Advisory
References () https://github.com/videolan/vlc/commit/9bb0353a5c63a7f8c6fc853faa3df4b4df1f5eb5 - Patch, Third Party Advisory () https://github.com/videolan/vlc/commit/9bb0353a5c63a7f8c6fc853faa3df4b4df1f5eb5 - Patch, Third Party Advisory
References () https://www.videolan.org/security/sa1501.html - Third Party Advisory, Vendor Advisory () https://www.videolan.org/security/sa1501.html - Third Party Advisory, Vendor Advisory

Information

Published : 2020-01-24 22:15

Updated : 2024-11-21 02:21


NVD link : CVE-2014-9629

Mitre link : CVE-2014-9629

CVE.ORG link : CVE-2014-9629


JSON object : View

Products Affected

videolan

  • vlc_media_player
CWE
CWE-120

Buffer Copy without Checking Size of Input ('Classic Buffer Overflow')