Uninitialized Pointer Read Vulnerability in VLC Media Player 3.0.4

CVE-2018-19857 · MEDIUM Severity

AV:N/AC:L/AU:N/C:P/I:N/A:P

The CAF demuxer in modules/demux/caf.c in VideoLAN VLC media player 3.0.4 may read memory from an uninitialized pointer when processing magic cookies in CAF files, because a ReadKukiChunk() cast converts a return value to an unsigned int even if that value is negative. This could result in a denial of service and/or a potential infoleak.

Learn more about our Web Application Penetration Testing UK.