CVE-2014-6440

moderate-risk
Published 2017-03-28

VideoLAN VLC media player before 2.1.5 allows remote attackers to execute arbitrary code or cause a denial of service.

Do I need to act?

~
5.3% chance of exploitation in next 30 days
EPSS score — moderate exploit probability
-
Not on CISA KEV list
No confirmed active exploitation reported to CISA
?
Patch status unknown
Check vendor advisories for fix availability and mitigation guidance
9
CVSS 9.8/10 Critical
NETWORK / LOW complexity

Affected Products (1)

Vlc

Affected Vendors

Videolan

References (10)

Exploit http://billblough.net/blog/2015/03/04/cve-2014-6440-heap-overflow-in-vlc-transco...
Patch http://seclists.org/oss-sec/2015/q1/751
Third Party Advisory http://www.securityfocus.com/bid/72950
Release Notes http://www.videolan.org/developers/vlc-branch/NEWS
Third Party Advisory https://security.gentoo.org/glsa/201603-08
Exploit http://billblough.net/blog/2015/03/04/cve-2014-6440-heap-overflow-in-vlc-transco...
Patch http://seclists.org/oss-sec/2015/q1/751
Third Party Advisory http://www.securityfocus.com/bid/72950
Release Notes http://www.videolan.org/developers/vlc-branch/NEWS
Third Party Advisory https://security.gentoo.org/glsa/201603-08
45
/ 100
moderate-risk
Severity 32/34 · Critical
Exploitability 8/34 · Low
Exposure 5/34 · Minimal