Unrated severityNVD Advisory· Published Jun 18, 2019· Updated Aug 4, 2024

CVE-2019-12874

Description

An issue was discovered in zlib_decompress_extra in modules/demux/mkv/util.cpp in VideoLAN VLC media player 3.x through 3.0.7. The Matroska demuxer, while parsing a malformed MKV file type, has a double free.

Affected products

VideoLAN/VLC media playerdescription
osv-coords6 versions
pkg:rpm/opensuse/libaom&distro=openSUSE%20Leap%2015.0 pkg:rpm/opensuse/vlc&distro=openSUSE%20Leap%2015.0 pkg:rpm/opensuse/vlc&distro=openSUSE%20Leap%2015.1 pkg:rpm/suse/libaom&distro=SUSE%20Package%20Hub%2015 pkg:rpm/suse/vlc&distro=SUSE%20Package%20Hub%2015 pkg:rpm/suse/vlc&distro=SUSE%20Package%20Hub%2015%20SP1
< 1.0.0-lp150.2.1+ 5 more
- (no CPE)range: < 1.0.0-lp150.2.1
- (no CPE)range: < 3.0.7.1-lp150.8.1
- (no CPE)range: < 3.0.7.1-lp151.6.3.1
- (no CPE)range: < 1.0.0-bp150.2.1
- (no CPE)range: < 3.0.7.1-bp150.2.6.1
- (no CPE)range: < 3.0.7.1-bp151.5.3.3

Patches

No patches discovered yet.

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

References

lists.opensuse.org/opensuse-security-announce/2019-08/msg00005.htmlmitrevendor-advisoryx_refsource_SUSE
lists.opensuse.org/opensuse-security-announce/2019-08/msg00037.htmlmitrevendor-advisoryx_refsource_SUSE
lists.opensuse.org/opensuse-security-announce/2019-08/msg00040.htmlmitrevendor-advisoryx_refsource_SUSE
lists.opensuse.org/opensuse-security-announce/2019-08/msg00081.htmlmitrevendor-advisoryx_refsource_SUSE
security.gentoo.org/glsa/201908-23mitrevendor-advisoryx_refsource_GENTOO
usn.ubuntu.com/4074-1/mitrevendor-advisoryx_refsource_UBUNTU
git.videolan.orgmitrex_refsource_MISC
www.securityfocus.com/bid/108882mitrevdb-entryx_refsource_BID

News mentions

No linked articles in our index yet.

cvss	0.000
epss	0.001
exploit	0.000
kev	0.000
patch	0.000
ransomware	0.000