CVE-2018-19857

The CAF demuxer in modules/demux/caf.c in VideoLAN VLC media player 3.0.4 may read memory from an uninitialized pointer when processing magic cookies in CAF files, because a ReadKukiChunk() cast converts a return value to an unsigned int even if that value is negative. This could result in a denial of service and/or a potential infoleak.
Configurations

Configuration 1

cpe:2.3:a:videolan:vlc_media_player:3.0.4:*:*:*:*:*:*:*
cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*

Information

Published : 2018-12-05 11:29

Updated : 2019-07-25 05:15


NVD link : CVE-2018-19857

Mitre link : CVE-2018-19857

Products Affected
No products.
CWE
CWE-824

Access of Uninitialized Pointer