CVE-2019-5460

moderate-risk
Published 2019-07-30

Double Free in VLC versions <= 3.0.6 leads to a crash.

Do I need to act?

-
0.93% chance of exploitation
EPSS score — low exploit probability
-
Not on CISA KEV list
No confirmed active exploitation reported to CISA
?
Patch status unknown
Check vendor advisories for fix availability and mitigation guidance
5
CVSS 5.5/10 Medium
LOCAL / LOW complexity

Affected Products (5)

Affected Vendors

Videolan Opensuse

References (10)

Mailing List http://lists.opensuse.org/opensuse-security-announce/2019-08/msg00005.html
Mailing List http://lists.opensuse.org/opensuse-security-announce/2019-08/msg00037.html
Mailing List http://lists.opensuse.org/opensuse-security-announce/2019-08/msg00040.html
Mailing List http://lists.opensuse.org/opensuse-security-announce/2019-08/msg00081.html
Exploit https://hackerone.com/reports/503208
Mailing List http://lists.opensuse.org/opensuse-security-announce/2019-08/msg00005.html
Mailing List http://lists.opensuse.org/opensuse-security-announce/2019-08/msg00037.html
Mailing List http://lists.opensuse.org/opensuse-security-announce/2019-08/msg00040.html
Mailing List http://lists.opensuse.org/opensuse-security-announce/2019-08/msg00081.html
Exploit https://hackerone.com/reports/503208
33
/ 100
moderate-risk
Severity 18/34 · Moderate
Exploitability 3/34 · Minimal
Exposure 12/34 · Low