High severity7.8NVD Advisory· Published Aug 29, 2019· Updated Jun 17, 2026
CVE-2019-14438
CVE-2019-14438
Description
A heap-based buffer over-read in xiph_PackHeaders() in modules/demux/xiph.h in VideoLAN VLC media player 3.0.7.1 allows remote attackers to trigger a heap-based buffer over-read via a crafted .ogg file.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected products
5- VideoLAN/VLC media playerdescription
- Range: 3.0.7.1
- osv-coords2 versionspkg:rpm/opensuse/vlc&distro=openSUSE%20Leap%2015.1pkg:rpm/suse/vlc&distro=SUSE%20Package%20Hub%2015%20SP1
< 3.0.9.2-lp151.6.6.1+ 1 more
- (no CPE)range: < 3.0.9.2-lp151.6.6.1
- (no CPE)range: < 3.0.9.2-bp151.5.6.1
Patches
Vulnerability mechanics
References
7- www.videolan.org/security/sb-vlc308.htmlnvdPatchVendor Advisory
- seclists.org/bugtraq/2019/Aug/36nvdMailing ListThird Party Advisory
- www.debian.org/security/2019/dsa-4504nvdThird Party Advisory
- lists.opensuse.org/opensuse-security-announce/2020-04/msg00036.htmlnvd
- lists.opensuse.org/opensuse-security-announce/2020-04/msg00046.htmlnvd
- security.gentoo.org/glsa/201909-02nvd
- usn.ubuntu.com/4131-1/nvd
News mentions
0No linked articles in our index yet.