user/vlc: multiple vulnerabilities
Bugzilla ID | 182 |
Alias(es) | CVE-2019-13602, CVE-2019-13615, CVE-2019-13962, CVE-2019-14437, CVE-2019-14438, CVE-2019-14498, CVE-2019-14533, CVE-2019-14534, CVE-2019-14535, CVE-2019-14776, CVE-2019-14777, CVE-2019-14778, CVE-2019-14970 |
Reporter | Max Rees (sroracle) |
Assignee | Max Rees (sroracle) |
Reported | 2019-08-16 19:39:57 -0500 |
Modified | 2019-09-28 13:35:01 -0500 |
Status | RESOLVED FIXED |
Version | 1.0-BETA3 |
Hardware | Adélie Linux / All |
Importance | --- / normal |
Description
CVE-2019-13602: https://nvd.nist.gov/vuln/detail/CVE-2019-13602
An Integer Underflow in MP4_EIA608_Convert() in
modules/demux/mp4/mp4.c in VideoLAN VLC media player through 3.0.7.1
allows remote attackers to cause a denial of service (heap-based
buffer overflow and crash) or possibly have unspecified other impact
via a crafted .mp4 file.
CVE-2019-13962: https://nvd.nist.gov/vuln/detail/CVE-2019-13962
lavc_CopyPicture in modules/codec/avcodec/video.c in VideoLAN VLC
media player through 3.0.7 has a heap-based buffer over-read because
it does not properly validate the width and height.