Candidate: CVE-2018-11516
PublicDate: 2018-05-28 16:29:00 UTC
References:
 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-11516
 http://code610.blogspot.com/2018/05/make-free-vlc.html
Description:
 The vlc_demux_chained_Delete function in input/demux_chained.c in VideoLAN
 VLC media player 3.0.1 allows remote attackers to cause a denial of service
 (heap corruption and application crash) or possibly have unspecified other
 impact via a crafted .swf file.
Ubuntu-Description:
Notes:
 debian> Only affects 3.x
Bugs:
Priority: medium
Discovered-by:
Assigned-to: mikesalvatore
CVSS:
 nvd: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H [8.8 HIGH]


Patches_vlc:
upstream_vlc: released (3.0.2-1)
precise/esm_vlc: DNE
trusty_vlc: not-affected (code not present)
trusty/esm_vlc: DNE (trusty was not-affected [code not present])
xenial_vlc: not-affected (code not present)
artful_vlc: ignored (reached end-of-life)
bionic_vlc: not-affected (3.0.2-1)
cosmic_vlc: not-affected (3.0.2-1)
devel_vlc: not-affected (3.0.2-1)