CVE-2014-9628
Published
CVSS v3
7.8
HIGH
CVSS v2
6.8
MEDIUM
Affected
1
PROJECT
Description
The MP4_ReadBox_String function in modules/demux/mp4/libmp4.c in VideoLAN VLC media player before 2.1.6 allows remote attackers to trigger an unintended zero-size malloc and conduct buffer overflow attacks, and consequently execute arbitrary code, via a box size of 7.
VLC media player - plays everything, runs anywhere. Code here: https://code.videolan.org/videolan/vlc
GitHub