CyberSec.Space Logo
返回 CVE 浏览器

CVE-2019-12874

CRITICAL
9.8
CVSS Severity Score
EPSS Score0.1350%
EPSS Percentile20.56th
Published2019年6月18日
Last Modified2024年11月21日

Vulnerability Description

An issue was discovered in zlib_decompress_extra in modules/demux/mkv/util.cpp in VideoLAN VLC media player 3.x through 3.0.7. The Matroska demuxer, while parsing a malformed MKV file type, has a double free.

Affected Platforms (CPE)

📦
Videolan

Vlc Media Player

>= 3.0.0 and <= 3.0.7

References & Advisories

🔗 http://git.videolan.org/?p=vlc.git%3Ba=commit%3Bh=81023659c7de5ac2637b4a879195efef50846102
🔗 http://lists.opensuse.org/opensuse-security-announce/2019-08/msg00005.html
🔗 http://lists.opensuse.org/opensuse-security-announce/2019-08/msg00037.html
🔗 http://lists.opensuse.org/opensuse-security-announce/2019-08/msg00040.html
🔗 http://lists.opensuse.org/opensuse-security-announce/2019-08/msg00081.html
🔗 http://www.securityfocus.com/bid/108882
🔗 https://security.gentoo.org/glsa/201908-23
🔗 https://usn.ubuntu.com/4074-1/

相关漏洞威胁

CVE-2008-029610.0

Heap-based buffer overflow in the libaccess_realrtsp plugin in VideoLAN VLC Media Player 0.8.6d and earlier on Windows might allow...

CVE-2014-64409.8

VideoLAN VLC media player before 2.1.5 allows remote attackers to execute arbitrary code or cause a denial of service.

CVE-2019-139629.8

lavc_CopyPicture in modules/codec/avcodec/video.c in VideoLAN VLC media player through 3.0.7 has a heap-based buffer over-read bec...

CVE-2016-51089.8

Buffer overflow in the DecodeAdpcmImaQT function in modules/codec/adpcm.c in VideoLAN VLC media player before 2.2.4 allows remote ...