Login Sign Up

CVE-2014-6440

9.8 CRITICAL
Remote Code Execution Denial of Service

📋 TL;DR

CVE-2014-6440 is a heap-based buffer overflow vulnerability in VideoLAN VLC media player's transcode module. It allows remote attackers to execute arbitrary code or cause denial of service by tricking users into opening specially crafted media files. All users running vulnerable VLC versions are affected.

💻 Affected Systems

Products:
  • VideoLAN VLC media player
Versions: All versions before 2.1.5
Operating Systems: Windows, Linux, macOS, BSD, Solaris
Default Config Vulnerable: ⚠️ Yes
Notes: Vulnerability exists in the transcode module which is enabled by default. Exploitation requires user interaction to open malicious media files.

📦 What is this software?

Vlc by Videolan

View all CVEs affecting Vlc →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Remote code execution with full system compromise, allowing attackers to install malware, steal data, or create persistent backdoors.

🟠

Likely Case

Application crash (denial of service) or limited code execution in the context of the current user.

🟢

If Mitigated

No impact if patched version is installed or if vulnerable version is not used to open untrusted media files.

🌐 Internet-Facing: MEDIUM
🏢 Internal Only: MEDIUM

🎯 Exploit Status

Public PoC: ⚠️ Yes
Weaponized: LIKELY
Unauthenticated Exploit: ⚠️ Yes
Complexity: MEDIUM

Exploit requires user to open malicious media file. Public proof-of-concept code exists demonstrating the heap overflow.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: 2.1.5 and later

Vendor Advisory: http://www.videolan.org/developers/vlc-branch/NEWS

Restart Required: Yes

Instructions:

1. Download VLC 2.1.5 or later from videolan.org. 2. Uninstall old VLC version. 3. Install new version. 4. Restart system if VLC was running during update.

🔧 Temporary Workarounds

Disable transcode module

all

Remove or disable the vulnerable transcode module to prevent exploitation

On Linux: rm /usr/lib/vlc/plugins/codec/libtranscode_plugin.so
On Windows: Delete transcode_plugin.dll from VLC plugins folder

Restrict file associations

all

Prevent VLC from automatically opening media files

On Windows: Control Panel > Default Programs > Set Associations
On Linux: Update mimeapps.list to remove VLC associations

🧯 If You Can't Patch

  • Block execution of VLC player via application whitelisting
  • Implement network segmentation to limit damage if exploitation occurs

🔍 How to Verify

Check if Vulnerable:

Check VLC version: Open VLC, go to Help > About (Windows/Linux) or VLC > About VLC (macOS)

Check Version:

vlc --version | head -1 (Linux/macOS) or check Help > About on Windows

Verify Fix Applied:

Verify version is 2.1.5 or higher using the same About dialog

📡 Detection & Monitoring

Log Indicators:

  • VLC crash logs with transcode module references
  • Application error events in Windows Event Viewer

Network Indicators:

  • Unusual outbound connections from VLC process
  • Downloads of media files from suspicious sources

SIEM Query:

process_name:"vlc.exe" AND (event_type:"crash" OR event_type:"application_error")

📊 Metadata

CVE ID: CVE-2014-6440
CVSS v3 Score: 9.8 (CRITICAL)
CVSS Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
CWE: CWE-119
Published: March 28, 2017
Last Updated: April 20, 2025

🔗 References

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2014-6440, you might also want to check these:

CVE-2024-23613 10.0

A critical buffer overflow vulnerability in Symantec Deployment Solution 7.9 allows remote, unauthen...

Same vulnerability type (CWE-119)
CVE-2024-23615 10.0

A critical buffer overflow vulnerability in Symantec Messaging Gateway allows remote unauthenticated...

Same vulnerability type (CWE-119)
CVE-2016-8352 10.0

A stack-based buffer overflow vulnerability in Schneider Electric ConneXium firewalls allows remote ...

Same vulnerability type (CWE-119)