PT-2019-4897 · Videolan+3 · Vlc Media Player+3

Published

2019-04-29

Updated

2024-06-15

CVE-2019-13962

CVSS v2.0

Critical

Vector

AV:N/AC:L/Au:N/C:C/I:C/A:C

Name of the Vulnerable Software and Affected Versions VideoLAN VLC media player versions through 3.0.7

Description The issue is related to a heap-based buffer over-read in the lavc CopyPicture function, located in modules/codec/avcodec/video.c, due to improper validation of the width and height. This could allow a remote attacker to impact the confidentiality, integrity, and availability of protected information.

Recommendations For versions through 3.0.7, consider updating to a version that addresses this issue, as the current version does not properly validate the width and height, leading to a heap-based buffer over-read. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

Exploit

Out of bounds Read

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-125

Related Identifiers

ALT-PU-2019-2067

ALT-PU-2019-2509

BDU:2020-01491

CVE-2019-13962

DSA-4504-1

MGASA-2019-0233

OPENSUSE-SU-2019:1840-1

OPENSUSE-SU-2019:1897-1

OPENSUSE-SU-2019:1909-1

OPENSUSE-SU-2019:2015-1

OPENSUSE-SU-2019_1840-1

OPENSUSE-SU-2019_1909-1

OPENSUSE-SU-2020:0545-1

OPENSUSE-SU-2020:0562-1

OPENSUSE-SU-2020_0545-1

OPENSUSE-SU-2024:11502-1

USN-4131-1

Affected Products

Alt Linux

Suse

Ubuntu

Vlc Media Player

PT-2019-4897 · Videolan+3 · Vlc Media Player+3

CVE-2019-13962

Weakness Enumeration

Related Identifiers

Affected Products

References · 148