CVE-2020-13428

CVSS v3.1

7.8

High

Vector

AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

Name of the Vulnerable Software and Affected Versions VLC media player versions prior to 3.0.11

Description A heap-based buffer overflow in the hxxx AnnexB to xVC function allows remote attackers to cause a denial of service (application crash) or execute arbitrary code via a crafted H.264 Annex-B video file. The vulnerability can be exploited by playing a specially crafted video file, potentially allowing an attacker to execute arbitrary code on the affected system with the privileges of the user running VLC.

Recommendations For versions prior to 3.0.11, update to version 3.0.11 or later to resolve the issue. As a temporary workaround, consider avoiding the playback of H.264 Annex-B video files until the update is applied.

Fix

RCE

DoS

Memory Corruption

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-787

Related Identifiers

ALT-PU-2020-2237

ALT-PU-2020-2248

BDU:2020-03597

CVE-2020-13428

DSA-4704-1

MGASA-2020-0272

OPENSUSE-SU-2021:0076-1

OPENSUSE-SU-2021:0091-1

OPENSUSE-SU-2021:0121-1

OPENSUSE-SU-2021:0122-1

OPENSUSE-SU-2021_0076-1

OPENSUSE-SU-2021_0091-1

OPENSUSE-SU-2024:11502-1

USN-6180-1

Affected Products

Alt Linux

Linuxmint

Suse

Ubuntu

Vlc Media Player

CVE-2020-13428

Weakness Enumeration

Related Identifiers

Affected Products

References · 69