CVE-2018-11516
Description
The vlc_demux_chained_Delete function in input/demux_chained.c in VideoLAN VLC media player 3.0.1 allows remote attackers to cause a denial of service (heap corruption and application crash) or possibly have unspecified other impact via a crafted .swf file.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected products
2- Range: =3.0.1
Patches
Vulnerability mechanics
Root cause
"A heap use-after-free vulnerability exists in the SWF demuxer."
Attack vector
A remote attacker can craft a malicious SWF file. When this file is opened by a user with an affected version of VLC media player, it triggers a heap use-after-free vulnerability in the Demux() function. This can lead to a denial of service through application crash or potentially arbitrary code execution [ref_id=1].
Affected code
The vulnerability lies within the Demux() function in the SWF demuxer, located in demux/avformat/demux.c. The advisory also mentions the vlc_demux_chained_Delete function in input/demux_chained.c as being involved [ref_id=1].
What the fix does
VLC media player version 3.0.2 addresses the heap use-after-free issue in the SWF demuxer. The advisory does not provide specific details on the code changes, but updating to version 3.0.2 resolves the vulnerability [ref_id=1].
Preconditions
- inputThe user must open a specially crafted SWF file or stream.
Generated on Jun 2, 2026. Inputs: CWE entries + fix-commit diffs from this CVE's patches. Citations validated against bundle.
References
4- code610.blogspot.com/2018/05/make-free-vlc.htmlmitrex_refsource_MISC
- www.securityfocus.com/bid/104293mitrevdb-entryx_refsource_BID
- www.securitytracker.com/id/1041312mitrevdb-entryx_refsource_SECTRACK
- www.videolan.org/security/sa1801.htmlmitrex_refsource_CONFIRM
News mentions
0No linked articles in our index yet.