CVE-2018-11529
HIGHDebian Linux < 2.2.8 - Use After Free
Title source: ruleDescription
VideoLAN VLC media player 2.2.x is prone to a use after free vulnerability which an attacker can leverage to execute arbitrary code via crafted MKV files. Failed exploit attempts will likely result in denial of service conditions.
Exploits (2)
exploitdb
WORKING POC
VERIFIED
by Metasploit · rubylocalwindows
https://www.exploit-db.com/exploits/45626
metasploit
WORKING POC
GREAT
by Eugene Ng - GovTech, Winston Ho - GovTech · rubypocwin
https://github.com/rapid7/metasploit-framework/blob/master/modules/exploits/windows/fileformat/vlc_mkv.rb
References (4)
Scores
CVSS v3
8.0
EPSS
0.7382
EPSS Percentile
98.8%
Attack Vector
ADJACENT_NETWORK
CVSS:3.0/AV:A/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
Details
CWE
CWE-416
Status
published
Products (2)
debian/debian_linux
9.0
videolan/vlc_media_player
< 2.2.8
Published
Jul 11, 2018
Tracked Since
Feb 18, 2026