What is CVE-2019-14533?

CVE-2019-14533 is a high-severity software vulnerability (Use-after-free) with a CVSS score of 7.8. The Control function of demux/asf/asf.c in VideoLAN VLC media player 3.0.7.1 has a use-after-free.

Is CVE-2019-14533 being actively exploited?

It is not currently in CISA's KEV catalog. Its EPSS exploitation probability is 1%.

What products does CVE-2019-14533 affect?

Tracked products affected include VLC media player. Check the version you run to see whether it is affected.

How do I fix CVE-2019-14533?

Apply the vendor fix promptly. An official patch or advisory is available. Upgrade affected products to a fixed version.

← All products

CVE-2019-14533

HIGH severity · CVSS 7.8 · Use-after-free

7.8CVSS HIGH

Summary

The Control function of demux/asf/asf.c in VideoLAN VLC media player 3.0.7.1 has a use-after-free.

Impact & exploitability

Attack vectorLocal

Attack complexityLow

Privileges requiredNone

User interactionRequired

Confidentiality impactHigh

Integrity impactHigh

Availability impactHigh

Exploit probability (EPSS)1%

CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

Affected products we track (1)

VLC media player

Recommendation

Apply the vendor fix promptly. Open any affected product above for its exact safe version.

Official patch: http://git.videolan.org/?p=vlc.git&a=search&h=refs/heads/master&st=commit&s=cve-2019 ↗

Additional information

NVD record
http://git.videolan.org/?p=vlc.git&a=search&h=refs/heads/master&st=commit&s=cve-2019Patch
https://www.videolan.org/security/sb-vlc308.htmlPatch
http://lists.opensuse.org/opensuse-security-announce/2020-04/msg00036.html
http://lists.opensuse.org/opensuse-security-announce/2020-04/msg00046.html
https://seclists.org/bugtraq/2019/Aug/36Advisory
https://security.gentoo.org/glsa/201909-02
https://usn.ubuntu.com/4131-1/
https://www.debian.org/security/2019/dsa-4504Advisory