user/vlc: CVE-2020-13428: hxxx_AnnexB_to_xVC heap-based buffer overflow
Bugzilla ID | 303 |
Alias(es) | CVE-2020-13428 |
Reporter | Max Rees (sroracle) |
Assignee | Max Rees (sroracle) |
Reported | 2020-06-11 18:55:58 -0500 |
Modified | 2020-07-07 18:27:37 -0500 |
Status | RESOLVED FIXED |
Version | 1.0-RC1 |
Hardware | Adélie Linux / All |
Importance | --- / major |
Package(s) | user/vlc |
URL | https://nvd.nist.gov/vuln/detail/CVE-2020-13428 |
Description
A heap-based buffer overflow in the hxxx_AnnexB_to_xVC function in
modules/packetizer/hxxx_nal.c in VideoLAN VLC media player before
3.0.11 allows remote attackers to cause a denial of service
(application crash) or execute arbitrary code via a crafted H.264
Annex-B video (.avi for example) file.
Fixed in >= 3.0.11
https://github.com/videolan/vlc-3.0/commit/d5c43c21c747ff30ed19fcca745dea3481c733e0