CVE-2014-9625

The GetUpdateFile function in misc/update.c in the Updater in VideoLAN VLC media player before 2.1.6 performs an incorrect cast operation from a 64-bit integer to a 32-bit integer, which allows remote attackers to conduct buffer overflow attacks and execute arbitrary code via a crafted update status file, aka an "integer truncation" vulnerability.
Advertisement

NeevaHost hosting service

Configurations

Configuration 1 (hide)

cpe:2.3:a:videolan:vlc_media_player:*:*:*:*:*:*:*:*

Information

Published : 2020-01-24 14:15

Updated : 2020-01-29 08:46


NVD link : CVE-2014-9625

Mitre link : CVE-2014-9625


JSON object : View

CWE
CWE-120

Buffer Copy without Checking Size of Input ('Classic Buffer Overflow')

Advertisement

dedicated server usa

Products Affected

videolan

  • vlc_media_player