CVE-2014-9629

Integer overflow in the Encode function in modules/codec/schroedinger.c in VideoLAN VLC media player before 2.1.6 and 2.2.x before 2.2.1 allows remote attackers to conduct buffer overflow attacks and execute arbitrary code via a crafted length value.

Published: Jan 24, 2020
Updated: Apr 13, 2023
CVE: CVE-2014-9629
Severity: High
Exploit:

CVSS v3:

Severity: High
Score: 7.8
AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

CVSS v2:

Severity: Medium
Score: 6.8
AV:N/AC:M/Au:N/C:P/I:P/A:P

CWEs:

CWE-120

Affected Software
References

Software	From	Fixed in
videolan / vlc_media_player	-	2.1.6
videolan / vlc_media_player	2.2.0	2.2.1

http://openwall.com/lists/oss-security/2015/01/20/5
https://github.com/videolan/vlc/commit/9bb0353a5c63a7f8c6fc853faa3df4b4df1f5eb5
https://www.videolan.org/security/sa1501.html

Vulnerability Database

289,784

CVE-2014-9629