CVE-2019-19721
Description
An off-by-one error in the DecodeBlock function in codec/sdl_image.c in VideoLAN VLC media player before 3.0.9 allows remote attackers to cause a denial of service (memory corruption) via a crafted image file. NOTE: this may be related to the SDL_Image product.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Off-by-one error in VLC media player before 3.0.9's DecodeBlock function allows denial of service via crafted image.
Vulnerability
An off-by-one error in the DecodeBlock function in codec/sdl_image.c in VLC media player before version 3.0.9 [2] leads to memory corruption when processing a crafted image file.
Exploitation
An attacker can cause a denial of service by supplying a specially crafted image file to VLC. No authentication is required; the user only needs to open the malicious file.
Impact
Successful exploitation results in memory corruption, leading to a crash (denial of service). No remote code execution is mentioned in the description or references.
Mitigation
Fixed in VLC media player 3.0.9 (part of VideoLAN-SB-VLC-309) [2]. Users should upgrade to 3.0.9 or later. No workaround documented.
AI Insight generated on May 26, 2026. Synthesized from this CVE's description and the cited reference URLs; citations are validated against the source bundle.
Affected products
1- VideoLAN/VLC media playerdescription
Patches
0No patches discovered yet.
Vulnerability mechanics
AI mechanics synthesis has not run for this CVE yet.
References
4- hg.libsdl.org/SDL_image/mitrex_refsource_MISC
- bugs.gentoo.org/721940mitrex_refsource_MISC
- git.videolan.orgmitrex_refsource_MISC
- www.videolan.org/security/mitrex_refsource_MISC
News mentions
1- ABB Ability Camera ConnectCISA ICS Advisories