CVE-2020-13428: user/vlc: hxxx_AnnexB_to_xVC heap-based buffer overflow
| Bugzilla ID | 303 |
| Alias(es) | CVE-2020-13428 |
| Reporter | Max Rees (sroracle) |
| Assignee | Max Rees (sroracle) |
| Reported | 2020-06-11 18:55:58 -0500 |
| Modified | 2020-07-07 18:27:37 -0500 |
| Status | RESOLVED FIXED |
| Version | 1.0-RC1 |
| Hardware | Adélie Linux / All |
| Importance | --- / major |
| Package(s) | user/vlc |
| URL | https://nvd.nist.gov/vuln/detail/CVE-2020-13428 |
Description
A heap-based buffer overflow in the hxxx_AnnexB_to_xVC function in
modules/packetizer/hxxx_nal.c in VideoLAN VLC media player before
3.0.11 allows remote attackers to cause a denial of service
(application crash) or execute arbitrary code via a crafted H.264
Annex-B video (.avi for example) file.
Fixed in >= 3.0.11
https://github.com/videolan/vlc-3.0/commit/d5c43c21c747ff30ed19fcca745dea3481c733e0