Vulnerability CVE-2019-13962: Information
Description
lavc_CopyPicture in modules/codec/avcodec/video.c in VideoLAN VLC media player through 3.0.7 has a heap-based buffer over-read because it does not properly validate the width and height.
Severity: CRITICAL (9.8) Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Fixed packages
Package name | Branch | Fixed in version | Version from repository | Errata ID | Task # | State |
|---|---|---|---|---|---|---|
| vlc | sisyphus | 3.0.7.1-alt1 | 3.0.21-alt1 | ALT-PU-2019-2067-1 | 232273 | Fixed |
| vlc | p10 | 3.0.7.1-alt1 | 3.0.18-alt3 | ALT-PU-2019-2067-1 | 232273 | Fixed |
| vlc | p9 | 3.0.8-alt1 | 3.0.16-alt1 | ALT-PU-2019-2509-1 | 236357 | Fixed |
| vlc | c10f1 | 3.0.7.1-alt1 | 3.0.20-alt1 | ALT-PU-2019-2067-1 | 232273 | Fixed |
| vlc | c9f2 | 3.0.8-alt1 | 3.0.11-alt1 | ALT-PU-2019-2509-1 | 236357 | Fixed |
| vlc | p11 | 3.0.7.1-alt1 | 3.0.20-alt1 | ALT-PU-2019-2067-1 | 232273 | Fixed |
References to Advisories, Solutions, and Tools
Hyperlink | Resource |
|---|---|
| https://trac.videolan.org/vlc/ticket/22240 |
|
| 109306 |
|
| openSUSE-SU-2019:1840 |
|
| openSUSE-SU-2019:1909 |
|
| openSUSE-SU-2019:1897 |
|
| DSA-4504 |
|
| 20190821 [SECURITY] [DSA 4504-1] vlc security update |
|
| openSUSE-SU-2019:2015 |
|
| GLSA-201909-02 |
|
| USN-4131-1 |
|
| openSUSE-SU-2020:0545 |
|
| openSUSE-SU-2020:0562 |
|
| http://git.videolan.org/?p=vlc/vlc-3.0.git%3Ba=commit%3Bh=2b4f9d0b0e0861f262c90e9b9b94e7d53b864509 |