Description
The ASF_ReadObject_file_properties function in modules/demux/asf/libasf.c in the ASF Demuxer in VideoLAN VLC Media Player before 2.1.3 allows remote attackers to cause a denial of service (divide-by-zero error and crash) via a zero minimum and maximum data packet size in an ASF file.
Exploits (1)
References (4)
Core 4
Core References
Patch x_refsource_confirm
http://git.videolan.org/gitweb.cgi/vlc.git/?p=vlc.git%3Ba=commitdiff%3Bh=98787d0843612271e99d62bee0dfd8197f0cf404
Exploit x_refsource_confirm
https://trac.videolan.org/vlc/ticket/10482
Exploit x_refsource_misc
http://www.elsherei.com/?p=269
Third Party Advisory vendor-advisory
x_refsource_gentoo
https://security.gentoo.org/glsa/201603-08
Scores
EPSS
0.1275
EPSS Percentile
94.0%
Details
CWE
CWE-189
Status
published
Products (37)
videolan/vlc_media_player
1.0.0
videolan/vlc_media_player
1.0.1
videolan/vlc_media_player
1.0.2
videolan/vlc_media_player
1.0.3
videolan/vlc_media_player
1.0.4
videolan/vlc_media_player
1.0.5
videolan/vlc_media_player
1.0.6
videolan/vlc_media_player
1.1.0
videolan/vlc_media_player
1.1.1
videolan/vlc_media_player
1.1.2
... and 27 more
Published
Mar 03, 2014
Tracked Since
Feb 18, 2026