CVE-2014-9630: Buffer Overflow
First published: Fri Jan 24 2020(Updated: )
The rtp_packetize_xiph_config function in modules/stream_out/rtpfmt.c in VideoLAN VLC media player before 2.1.6 uses a stack-allocation approach with a size determined by arbitrary input data, which allows remote attackers to cause a denial of service (memory corruption) or possibly have unspecified other impact via a crafted length value.
Credit: cve@mitre.org
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Videolan Vlc Media Player | <2.1.6 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
Frequently Asked Questions
What is CVE-2014-9630?
CVE-2014-9630 is a vulnerability in VideoLAN VLC media player before 2.1.6 that allows remote attackers to cause a denial of service (memory corruption) or possibly have unspecified impact.
How severe is CVE-2014-9630?
CVE-2014-9630 has a severity rating of 7.8, which is considered high.
How can CVE-2014-9630 be fixed?
To fix CVE-2014-9630, it is recommended to update VideoLAN VLC media player to version 2.1.6 or later.
What is CWE-119?
CWE-119 is a vulnerability type related to memory corruption.
Where can I find more information about CVE-2014-9630?
More information about CVE-2014-9630 can be found at the following references: [1](http://openwall.com/lists/oss-security/2015/01/20/5), [2](https://github.com/videolan/vlc/commit/204291467724867b79735c0ee3aeb0dbc2200f97), [3](https://www.videolan.org/security/sa1501.html).
- collector/nvd-index
- vendor/videolan
- canonical/videolan vlc media player