Bugzilla – Bug 1100966
VUL-0: CVE-2018-11529: vlc: use after free vulnerability via crafted MKV files
Last modified: 2019-07-11 12:52:52 UTC
CVE-2018-11529 VideoLAN VLC media player 2.2.x is prone to a use after free vulnerability which an attacker can leverage to execute arbitrary code via crafted MKV files. Failed exploit attempts will likely result in denial of service conditions. References: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2018-11529 http://www.cvedetails.com/cve/CVE-2018-11529/ http://seclists.org/fulldisclosure/2018/Jul/28
This is automated batch bugzilla cleanup. The openSUSE 42.3 changed to end-of-life (EOL [1]) status. As such it is no longer maintained, which means that it will not receive any further security or bug fix updates. As a result we are closing this bug. If you can reproduce this bug against a currently maintained version of openSUSE (At this moment openSUSE Leap 15.1, 15.0 and Tumbleweed) please feel free to reopen this bug against that version (!you must update the "Version" component in the bug fields, do not just reopen please), or alternatively create a new ticket. Thank you for reporting this bug and we are sorry it could not be fixed during the lifetime of the release. [1] https://en.opensuse.org/Lifetime
15.0 and later have vlc 3 -> ok