What is CVE-2018-11529?

CVE-2018-11529 is a vulnerability in N/a. Published 2018-07-11.

Is CVE-2018-11529 known to be exploited?

2 public proof-of-concept repositories are indexed. Not currently listed in the CISA KEV catalog.

Vulnerability in N/a

CVE-2018-11529

VideoLAN VLC media player 2.2.x is prone to a use after free vulnerability which an attacker can leverage to execute arbitrary code via crafted MKV files. Failed exploit attempts will likely result in denial of service conditions.

EPSS: 0.738 (98.8th percentile) — read the EPSS interpretation.

Affected products

N/a — versions n/a

Public proof-of-concept exploits

rapid7/metasploit-framework
ARPSyndicate/cvemon

References

1041311 (vdb-entry, x_refsource_SECTRACK)
20180710 VLC media player 2.2.8 Arbitrary Code Execution PoC (mailing-list, x_refsource_FULLDISC)
45626 (exploit, x_refsource_EXPLOIT-DB)
DSA-4251 (vendor-advisory, x_refsource_DEBIAN)

Frequently asked questions

What is CVE-2018-11529?: CVE-2018-11529 is a vulnerability in N/a. Published 2018-07-11.
Is CVE-2018-11529 known to be exploited?: 2 public proof-of-concept repositories are indexed. Not currently listed in the CISA KEV catalog.