CVE-2014-9626
First published: Fri Jan 24 2020(Updated: )
Integer underflow in the MP4_ReadBox_String function in modules/demux/mp4/libmp4.c in VideoLAN VLC media player before 2.1.6 allows remote attackers to cause a denial of service or possibly have unspecified other impact via a box size less than 7.
Credit: cve@mitre.org
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Videolan Vlc Media Player | <2.1.6 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
Frequently Asked Questions
What is CVE-2014-9626?
CVE-2014-9626 is a vulnerability in VideoLAN VLC media player before version 2.1.6 that allows remote attackers to cause a denial of service or possibly have other unspecified impact via a box size less than 7.
How severe is CVE-2014-9626?
CVE-2014-9626 has a severity rating of 7.8, which is considered high.
How can I fix CVE-2014-9626?
To fix CVE-2014-9626, upgrade VideoLAN VLC media player to version 2.1.6 or higher.
Where can I find more information about CVE-2014-9626?
You can find more information about CVE-2014-9626 at the following references: [1] http://openwall.com/lists/oss-security/2015/01/20/5 [2] https://github.com/videolan/vlc/commit/2e7c7091a61aa5d07e7997b393d821e91f593c39 [3] https://www.videolan.org/security/sa1501.html
What is the CWE ID for CVE-2014-9626?
The CWE ID for CVE-2014-9626 is 191.
- collector/nvd-index
- vendor/videolan
- product/vlc media player
- canonical/videolan vlc media player