CyberSec.Space Logo
Back to CVE Browser

CVE-2014-6440

CRITICAL
9.8
CVSS Severity Score
EPSS Score0.0370%
EPSS Percentile27.22th
PublishedMar 28, 2017
Last ModifiedMay 13, 2026

Vulnerability Description

VideoLAN VLC media player before 2.1.5 allows remote attackers to execute arbitrary code or cause a denial of service.

Affected Platforms (CPE)

πŸ“¦
Videolan

Vlc

<= 2.1.4

References & Advisories

πŸ”— http://billblough.net/blog/2015/03/04/cve-2014-6440-heap-overflow-in-vlc-transcode-module/
πŸ”— http://seclists.org/oss-sec/2015/q1/751
πŸ”— http://www.securityfocus.com/bid/72950
πŸ”— http://www.videolan.org/developers/vlc-branch/NEWS
πŸ”— https://security.gentoo.org/glsa/201603-08
πŸ”— http://billblough.net/blog/2015/03/04/cve-2014-6440-heap-overflow-in-vlc-transcode-module/
πŸ”— http://seclists.org/oss-sec/2015/q1/751
πŸ”— http://www.securityfocus.com/bid/72950

Related Vulnerabilities

CVE-2008-029610.0

Heap-based buffer overflow in the libaccess_realrtsp plugin in VideoLAN VLC Media Player 0.8.6d and earlier on Windows might allow...

CVE-2019-139629.8

lavc_CopyPicture in modules/codec/avcodec/video.c in VideoLAN VLC media player through 3.0.7 has a heap-based buffer over-read bec...

CVE-2019-128749.8

An issue was discovered in zlib_decompress_extra in modules/demux/mkv/util.cpp in VideoLAN VLC media player 3.x through 3.0.7. The...

CVE-2016-51089.8

Buffer overflow in the DecodeAdpcmImaQT function in modules/codec/adpcm.c in VideoLAN VLC media player before 2.2.4 allows remote ...