Candidate: CVE-2018-11529
PublicDate: 2018-07-11 16:29:00 UTC
References:
 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-11529
 http://seclists.org/fulldisclosure/2018/Jul/28
Description:
 VideoLAN VLC media player 2.2.x is prone to a use after free vulnerability
 which an attacker can leverage to execute arbitrary code via crafted MKV
 files. Failed exploit attempts will likely result in denial of service
 conditions.
Ubuntu-Description:
 It was discovered that VLC mishandled certain crafted MKV files. An attacker
 could use this vulnerability to cause a denial of service (crash) or possibly
 execute arbitrary code.
Notes:
Bugs:
Priority: medium
Discovered-by:
Assigned-to: mikesalvatore
CVSS:
 nvd: CVSS:3.0/AV:A/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H [8.0 HIGH]


Patches_vlc:
upstream_vlc: released (3.0.3-1-1)
precise/esm_vlc: DNE
trusty_vlc: ignored (reached end-of-life)
trusty/esm_vlc: DNE (trusty was needed)
xenial_vlc: ignored (end of standard support, was needed)
artful_vlc: ignored (reached end-of-life)
bionic_vlc: not-affected (3.0.3-1-1ubuntu1)
cosmic_vlc: not-affected (3.0.3-1-1ubuntu1)
disco_vlc: not-affected (3.0.3-1-1ubuntu1)
eoan_vlc: not-affected (3.0.3-1-1ubuntu1)
focal_vlc: not-affected (3.0.3-1-1ubuntu1)
groovy_vlc: not-affected (3.0.3-1-1ubuntu1)
hirsute_vlc: not-affected (3.0.3-1-1ubuntu1)
impish_vlc: not-affected (3.0.3-1-1ubuntu1)
jammy_vlc: not-affected (3.0.3-1-1ubuntu1)
devel_vlc: not-affected (3.0.3-1-1ubuntu1)