Security Advisory

CVE-2014-9625

CVE vulnerability detail — eXtreme Datacenter Security Operations

Published 2020-01-24 21:57:29

Last updated 2024-08-06 13:47:41

Assigner mitre

State PUBLISHED

Description

The GetUpdateFile function in misc/update.c in the Updater in VideoLAN VLC media player before 2.1.6 performs an incorrect cast operation from a 64-bit integer to a 32-bit integer, which allows remote attackers to conduct buffer overflow attacks and execute arbitrary code via a crafted update status file, aka an "integer truncation" vulnerability.

← Browse all CVEs View on cve.org ↗