CyberSec.Space Logo
Back to CVE Browser

CVE-2019-13962

CRITICAL
9.8
CVSS Severity Score
EPSS Score0.1150%
EPSS Percentile27.73th
PublishedJul 18, 2019
Last ModifiedNov 21, 2024

Vulnerability Description

lavc_CopyPicture in modules/codec/avcodec/video.c in VideoLAN VLC media player through 3.0.7 has a heap-based buffer over-read because it does not properly validate the width and height.

Affected Platforms (CPE)

πŸ“¦
Videolan

Vlc Media Player

<= 3.0.7
πŸ“¦
Opensuse

Backports Sle

= 15.0
πŸ“¦
Opensuse

Backports Sle

= 15.0
πŸ’»
Opensuse

Leap

= 15.0
πŸ’»
Opensuse

Leap

= 15.1
πŸ’»
Debian

Debian Linux

= 9.0
πŸ’»
Debian

Debian Linux

= 10.0
πŸ’»
Canonical

Ubuntu Linux

= 18.04
πŸ’»
Canonical

Ubuntu Linux

= 19.04

References & Advisories

πŸ”— http://git.videolan.org/?p=vlc/vlc-3.0.git%3Ba=commit%3Bh=2b4f9d0b0e0861f262c90e9b9b94e7d53b864509
πŸ”— http://lists.opensuse.org/opensuse-security-announce/2019-08/msg00005.html
πŸ”— http://lists.opensuse.org/opensuse-security-announce/2019-08/msg00037.html
πŸ”— http://lists.opensuse.org/opensuse-security-announce/2019-08/msg00040.html
πŸ”— http://lists.opensuse.org/opensuse-security-announce/2019-08/msg00081.html
πŸ”— http://lists.opensuse.org/opensuse-security-announce/2020-04/msg00036.html
πŸ”— http://lists.opensuse.org/opensuse-security-announce/2020-04/msg00046.html
πŸ”— http://www.securityfocus.com/bid/109306

Related Vulnerabilities

CVE-2008-029610.0

Heap-based buffer overflow in the libaccess_realrtsp plugin in VideoLAN VLC Media Player 0.8.6d and earlier on Windows might allow...

CVE-2019-128749.8

An issue was discovered in zlib_decompress_extra in modules/demux/mkv/util.cpp in VideoLAN VLC media player 3.x through 3.0.7. The...

CVE-2014-64409.8

VideoLAN VLC media player before 2.1.5 allows remote attackers to execute arbitrary code or cause a denial of service.

CVE-2016-51089.8

Buffer overflow in the DecodeAdpcmImaQT function in modules/codec/adpcm.c in VideoLAN VLC media player before 2.2.4 allows remote ...