Intrusion Prevention



This indicates an attack attempt against a Null Pointer Dereference vulnerability in VLC which is a cross-platform media player.
The vulnerability is due to insufficient validation on the value of the 'size' field in atom 'trun' when parsing "traf" atoms. A remote attacker may be able to exploit this to cause a denial of service condition on the affected system.

Affected Products

VLC media player 2.2.1
Prior versions may be affected too


Denial of Service: Remote attackers can crash vulnerable systems.

Recommended Actions

Upgrade to the latest version which can be downloaded from