Search for vulnerabilities
Vulnerability details: VCID-xv7m-w469-aaac
Vulnerability ID VCID-xv7m-w469-aaac
Aliases CVE-2018-11529
Summary VideoLAN VLC media player 2.2.x is prone to a use after free vulnerability which an attacker can leverage to execute arbitrary code via crafted MKV files. Failed exploit attempts will likely result in denial of service conditions.
Status Published
Exploitability 2.0
Weighted Severity 8.0
Risk 10.0
Affected and Fixed Packages Package Details
Weaknesses (1)
CWE-416 Use After Free
System Score Found at
generic_textual Medium http://people.canonical.com/~ubuntu-security/cve/2018/CVE-2018-11529.html
epss 0.74419 https://api.first.org/data/v1/epss?cve=CVE-2018-11529
epss 0.74516 https://api.first.org/data/v1/epss?cve=CVE-2018-11529
epss 0.74516 https://api.first.org/data/v1/epss?cve=CVE-2018-11529
epss 0.74516 https://api.first.org/data/v1/epss?cve=CVE-2018-11529
epss 0.74516 https://api.first.org/data/v1/epss?cve=CVE-2018-11529
epss 0.75018 https://api.first.org/data/v1/epss?cve=CVE-2018-11529
epss 0.75018 https://api.first.org/data/v1/epss?cve=CVE-2018-11529
epss 0.75018 https://api.first.org/data/v1/epss?cve=CVE-2018-11529
epss 0.75018 https://api.first.org/data/v1/epss?cve=CVE-2018-11529
epss 0.75018 https://api.first.org/data/v1/epss?cve=CVE-2018-11529
epss 0.75018 https://api.first.org/data/v1/epss?cve=CVE-2018-11529
epss 0.75018 https://api.first.org/data/v1/epss?cve=CVE-2018-11529
epss 0.75018 https://api.first.org/data/v1/epss?cve=CVE-2018-11529
epss 0.75018 https://api.first.org/data/v1/epss?cve=CVE-2018-11529
epss 0.75018 https://api.first.org/data/v1/epss?cve=CVE-2018-11529
epss 0.75018 https://api.first.org/data/v1/epss?cve=CVE-2018-11529
epss 0.75018 https://api.first.org/data/v1/epss?cve=CVE-2018-11529
epss 0.75018 https://api.first.org/data/v1/epss?cve=CVE-2018-11529
epss 0.75018 https://api.first.org/data/v1/epss?cve=CVE-2018-11529
epss 0.75018 https://api.first.org/data/v1/epss?cve=CVE-2018-11529
epss 0.75266 https://api.first.org/data/v1/epss?cve=CVE-2018-11529
epss 0.75266 https://api.first.org/data/v1/epss?cve=CVE-2018-11529
epss 0.75266 https://api.first.org/data/v1/epss?cve=CVE-2018-11529
epss 0.75266 https://api.first.org/data/v1/epss?cve=CVE-2018-11529
epss 0.75266 https://api.first.org/data/v1/epss?cve=CVE-2018-11529
epss 0.75266 https://api.first.org/data/v1/epss?cve=CVE-2018-11529
epss 0.75266 https://api.first.org/data/v1/epss?cve=CVE-2018-11529
epss 0.75266 https://api.first.org/data/v1/epss?cve=CVE-2018-11529
epss 0.75266 https://api.first.org/data/v1/epss?cve=CVE-2018-11529
epss 0.75266 https://api.first.org/data/v1/epss?cve=CVE-2018-11529
epss 0.75266 https://api.first.org/data/v1/epss?cve=CVE-2018-11529
epss 0.75266 https://api.first.org/data/v1/epss?cve=CVE-2018-11529
epss 0.75266 https://api.first.org/data/v1/epss?cve=CVE-2018-11529
epss 0.75266 https://api.first.org/data/v1/epss?cve=CVE-2018-11529
epss 0.80373 https://api.first.org/data/v1/epss?cve=CVE-2018-11529
epss 0.84976 https://api.first.org/data/v1/epss?cve=CVE-2018-11529
epss 0.84976 https://api.first.org/data/v1/epss?cve=CVE-2018-11529
epss 0.84976 https://api.first.org/data/v1/epss?cve=CVE-2018-11529
epss 0.84976 https://api.first.org/data/v1/epss?cve=CVE-2018-11529
epss 0.84976 https://api.first.org/data/v1/epss?cve=CVE-2018-11529
epss 0.84976 https://api.first.org/data/v1/epss?cve=CVE-2018-11529
epss 0.84976 https://api.first.org/data/v1/epss?cve=CVE-2018-11529
epss 0.84976 https://api.first.org/data/v1/epss?cve=CVE-2018-11529
epss 0.84976 https://api.first.org/data/v1/epss?cve=CVE-2018-11529
epss 0.84976 https://api.first.org/data/v1/epss?cve=CVE-2018-11529
epss 0.85119 https://api.first.org/data/v1/epss?cve=CVE-2018-11529
epss 0.85119 https://api.first.org/data/v1/epss?cve=CVE-2018-11529
epss 0.85119 https://api.first.org/data/v1/epss?cve=CVE-2018-11529
generic_textual Medium https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-11529
generic_textual Medium http://seclists.org/fulldisclosure/2018/Jul/28
cvssv2 6.8 https://nvd.nist.gov/vuln/detail/CVE-2018-11529
cvssv3 8.0 https://nvd.nist.gov/vuln/detail/CVE-2018-11529
archlinux High https://security.archlinux.org/AVG-755
Reference id Reference type URL
http://people.canonical.com/~ubuntu-security/cve/2018/CVE-2018-11529.html
https://api.first.org/data/v1/epss?cve=CVE-2018-11529
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-11529
http://seclists.org/fulldisclosure/2018/Jul/28
https://www.debian.org/security/2018/dsa-4251
https://www.exploit-db.com/exploits/45626/
http://www.securitytracker.com/id/1041311
AVG-755 https://security.archlinux.org/AVG-755
cpe:2.3:a:videolan:vlc_media_player:*:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:videolan:vlc_media_player:*:*:*:*:*:*:*:*
cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*
CVE-2018-11529 Exploit https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/windows/local/45626.rb
CVE-2018-11529 https://nvd.nist.gov/vuln/detail/CVE-2018-11529
CVE-2018-11529 Exploit https://raw.githubusercontent.com/rapid7/metasploit-framework/fb689da24c9de2ccda6707c6cfe0d053a4844dfd/modules/exploits/windows/fileformat/vlc_mkv.rb
USN-USN-4805-1 https://usn.ubuntu.com/USN-4805-1/
Data source Exploit-DB
Date added Oct. 16, 2018
Description VLC Media Player - MKV Use-After-Free (Metasploit)
Ransomware campaign use Known
Source publication date Oct. 16, 2018
Exploit type local
Platform windows
Source update date Oct. 18, 2018
Source URL https://raw.githubusercontent.com/rapid7/metasploit-framework/fb689da24c9de2ccda6707c6cfe0d053a4844dfd/modules/exploits/windows/fileformat/vlc_mkv.rb
Data source Metasploit
Description This module exploits a use after free vulnerability in VideoLAN VLC =< 2.2.8. The vulnerability exists in the parsing of MKV files and affects both 32 bits and 64 bits. In order to exploit this, this module will generate two files: The first .mkv file contains the main vulnerability and heap spray, the second .mkv file is required in order to take the vulnerable code path and should be placed under the same directory as the .mkv file. This module has been tested against VLC v2.2.8. Tested with payloads windows/exec, windows/x64/exec, windows/shell/reverse_tcp, windows/x64/shell/reverse_tcp. Meterpreter payloads if used can cause the application to crash instead.
Note 
{}
Ransomware campaign use Unknown
Source publication date May 24, 2018
Platform Windows
Source URL https://github.com/rapid7/metasploit-framework/tree/master/modules/exploits/windows/fileformat/vlc_mkv.rb
Vector: AV:N/AC:M/Au:N/C:P/I:P/A:P Found at https://nvd.nist.gov/vuln/detail/CVE-2018-11529
Exploitability (E) Access Vector (AV) Access Complexity (AC) Authentication (Au) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

high

functional

unproven

proof_of_concept

not_defined

local

adjacent_network

network

high

medium

low

multiple

single

none

none

partial

complete

none

partial

complete

none

partial

complete
Vector: CVSS:3.0/AV:A/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H Found at https://nvd.nist.gov/vuln/detail/CVE-2018-11529
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Exploit Prediction Scoring System (EPSS)
Percentile 0.98756
EPSS Score 0.74419
Published At April 27, 2025, 12:55 p.m.
Date Actor Action Source VulnerableCode Version
There are no relevant records.