PT-2019-3290 · Videolan+3 · Vlc Media Player+3

Publicado

2019-06-11

·

Atualizado

2019-08-26

·

CVE-2019-12874

CVSS v3.1

9.8

Crítica

VetorAV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Name of the Vulnerable Software and Affected Versions VideoLAN VLC media player versions 3.x through 3.0.7
Description The issue is related to the Matroska demuxer in the VideoLAN VLC media player, which has a double free error when parsing a malformed MKV file type. This can be exploited by a remote attacker to access confidential data, compromise data integrity, and cause a denial of service.
Recommendations For VideoLAN VLC media player versions 3.x through 3.0.7, consider updating to a version that fixes the issue in the zlib decompress extra function as soon as it becomes available. As a temporary workaround, avoid using the Matroska demuxer to parse potentially malformed MKV files until a patch is available.

Correção

Double Free

Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾
dbugs@ptsecurity.com

Enumeração de Fraquezas

CWE-415

Identificadores relacionados

ALT-PU-2019-2067
ALT-PU-2019-2509
BDU:2019-03342
CVE-2019-12874
DSA-4459-1
OPENSUSE-SU-2019:1840-1
OPENSUSE-SU-2019:1897-1
OPENSUSE-SU-2019:1909-1
OPENSUSE-SU-2019:2015-1
OPENSUSE-SU-2019_1840-1
OPENSUSE-SU-2019_1909-1
USN-4074-1

Produtos afetados

Alt Linux
Suse
Ubuntu
Vlc Media Player