CVE-2018-19937

A local, authenticated attacker can bypass the passcode in the VideoLAN VLC media player app before 3.1.5 for iOS by opening a URL and turning the phone.
Configurations

Configuration 1 (hide)

cpe:2.3:a:videolan:vlc_for_mobile:*:*:*:*:*:iphone_os:*:*

History

21 Nov 2024, 03:58

Type Values Removed Values Added
References () https://github.com/videolan/vlc-ios/pull/178/commits/d84d7c0a94eb7fba202d2c5fc3739276d2d3986f - Patch, Third Party Advisory () https://github.com/videolan/vlc-ios/pull/178/commits/d84d7c0a94eb7fba202d2c5fc3739276d2d3986f - Patch, Third Party Advisory
References () https://itunes.apple.com/ms/app/vlc-for-mobile/id650377962?mt=8 - Product, Third Party Advisory () https://itunes.apple.com/ms/app/vlc-for-mobile/id650377962?mt=8 - Product, Third Party Advisory

Information

Published : 2018-12-31 16:29

Updated : 2024-11-21 03:58


NVD link : CVE-2018-19937

Mitre link : CVE-2018-19937

CVE.ORG link : CVE-2018-19937


JSON object : View

Products Affected

videolan

  • vlc_for_mobile
CWE
CWE-287

Improper Authentication