CVE-2015-5949

VideoLAN VLC media player <2.2.1 - RCE/DoS

Title source: llm
STIX 2.1

Description

VideoLAN VLC media player 2.2.1 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a crafted 3GP file, which triggers the freeing of arbitrary pointers.

References (9)

Core 9
Core References
Third Party Advisory vendor-advisory x_refsource_debian
http://www.debian.org/security/2015/dsa-3342
Third Party Advisory vendor-advisory x_refsource_gentoo
https://security.gentoo.org/glsa/201603-08
Mailing List mailing-list x_refsource_mlist
http://www.openwall.com/lists/oss-security/2015/08/20/8
Third Party Advisory, VDB Entry mailing-list x_refsource_bugtraq
http://www.securityfocus.com/archive/1/536287/100/0/threaded
US Government Resource x_refsource_misc
https://www.ocert.org/advisories/ocert-2015-009.html
Mailing List mailing-list x_refsource_mlist
http://www.openwall.com/lists/oss-security/2015/08/20/3

Scores

EPSS 0.1334
EPSS Percentile 95.9%

Details

CWE
CWE-119
Status published
Products (1)
videolan/vlc_media_player < 2.2.1
Published Aug 25, 2015
Tracked Since Feb 18, 2026