CyberSec.Space Logo
返回 CVE 瀏覽器

CVE-2019-13962

CRITICAL
9.8
CVSS Severity Score
EPSS Score0.1150%
EPSS Percentile27.73th
Published2019年7月18日
Last Modified2024年11月21日

Vulnerability Description

lavc_CopyPicture in modules/codec/avcodec/video.c in VideoLAN VLC media player through 3.0.7 has a heap-based buffer over-read because it does not properly validate the width and height.

Affected Platforms (CPE)

📦
Videolan

Vlc Media Player

<= 3.0.7
📦
Opensuse

Backports Sle

= 15.0
📦
Opensuse

Backports Sle

= 15.0
💻
Opensuse

Leap

= 15.0
💻
Opensuse

Leap

= 15.1
💻
Debian

Debian Linux

= 9.0
💻
Debian

Debian Linux

= 10.0
💻
Canonical

Ubuntu Linux

= 18.04
💻
Canonical

Ubuntu Linux

= 19.04

References & Advisories

🔗 http://git.videolan.org/?p=vlc/vlc-3.0.git%3Ba=commit%3Bh=2b4f9d0b0e0861f262c90e9b9b94e7d53b864509
🔗 http://lists.opensuse.org/opensuse-security-announce/2019-08/msg00005.html
🔗 http://lists.opensuse.org/opensuse-security-announce/2019-08/msg00037.html
🔗 http://lists.opensuse.org/opensuse-security-announce/2019-08/msg00040.html
🔗 http://lists.opensuse.org/opensuse-security-announce/2019-08/msg00081.html
🔗 http://lists.opensuse.org/opensuse-security-announce/2020-04/msg00036.html
🔗 http://lists.opensuse.org/opensuse-security-announce/2020-04/msg00046.html
🔗 http://www.securityfocus.com/bid/109306

相關漏洞威脅

CVE-2008-029610.0

Heap-based buffer overflow in the libaccess_realrtsp plugin in VideoLAN VLC Media Player 0.8.6d and earlier on Windows might allow...

CVE-2019-128749.8

An issue was discovered in zlib_decompress_extra in modules/demux/mkv/util.cpp in VideoLAN VLC media player 3.x through 3.0.7. The...

CVE-2014-64409.8

VideoLAN VLC media player before 2.1.5 allows remote attackers to execute arbitrary code or cause a denial of service.

CVE-2016-51089.8

Buffer overflow in the DecodeAdpcmImaQT function in modules/codec/adpcm.c in VideoLAN VLC media player before 2.2.4 allows remote ...