CVE Vulnerabilities

CVE-2014-9627

Incorrect Type Conversion or Cast

Published: Jan 24, 2020 | Modified: Jan 29, 2020
CVSS 3.x
7.8
HIGH
Source:
NVD
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
CVSS 2.x
6.8 MEDIUM
AV:N/AC:M/Au:N/C:P/I:P/A:P
RedHat/V2
RedHat/V3
Ubuntu
MEDIUM

The MP4_ReadBox_String function in modules/demux/mp4/libmp4.c in VideoLAN VLC media player before 2.1.6 performs an incorrect cast operation from a 64-bit integer to a 32-bit integer, which allows remote attackers to cause a denial of service or possibly have unspecified other impact via a large box size.

Weakness

The product does not correctly convert an object, resource, or structure from one type to a different type.

Affected Software

Name Vendor Start Version End Version
Vlc_media_player Videolan * 2.1.6 (excluding)
Vlc Ubuntu lucid *
Vlc Ubuntu precise *
Vlc Ubuntu trusty *
Vlc Ubuntu upstream *
Vlc Ubuntu utopic *

References