rpm package
suse/vlc&distro=SUSE Package Hub 15 SP1
pkg:rpm/suse/vlc&distro=SUSE%20Package%20Hub%2015%20SP1
Vulnerabilities (19)
| CVE | Sev | CVSS | KEV | Affected versions | Fixed in | Published | Description |
|---|---|---|---|---|---|---|---|
| CVE-2020-26664 | — | < 3.0.11.1-bp151.5.12.1 | 3.0.11.1-bp151.5.12.1 | Jan 8, 2021 | A vulnerability in EbmlTypeDispatcher::send in VideoLAN VLC media player 3.0.11 allows attackers to trigger a heap-based buffer overflow via a crafted .mkv file. | ||
| CVE-2020-13428 | — | < 3.0.11.1-bp151.5.12.1 | 3.0.11.1-bp151.5.12.1 | Jun 8, 2020 | A heap-based buffer overflow in the hxxx_AnnexB_to_xVC function in modules/packetizer/hxxx_nal.c in VideoLAN VLC media player before 3.0.11 for macOS/iOS allows remote attackers to cause a denial of service (application crash) or execute arbitrary code via a crafted H.264 Annex-B | ||
| CVE-2019-14970 | — | < 3.0.9.2-bp151.5.6.1 | 3.0.9.2-bp151.5.6.1 | Aug 29, 2019 | A vulnerability in mkv::event_thread_t in VideoLAN VLC media player 3.0.7.1 allows remote attackers to trigger a heap-based buffer overflow via a crafted .mkv file. | ||
| CVE-2019-14777 | — | < 3.0.9.2-bp151.5.6.1 | 3.0.9.2-bp151.5.6.1 | Aug 29, 2019 | The Control function of demux/mkv/mkv.cpp in VideoLAN VLC media player 3.0.7.1 has a use-after-free. | ||
| CVE-2019-14778 | — | < 3.0.9.2-bp151.5.6.1 | 3.0.9.2-bp151.5.6.1 | Aug 29, 2019 | The mkv::virtual_segment_c::seek method of demux/mkv/virtual_segment.cpp in VideoLAN VLC media player 3.0.7.1 has a use-after-free. | ||
| CVE-2019-14776 | — | < 3.0.9.2-bp151.5.6.1 | 3.0.9.2-bp151.5.6.1 | Aug 29, 2019 | A heap-based buffer over-read exists in DemuxInit() in demux/asf/asf.c in VideoLAN VLC media player 3.0.7.1 via a crafted .mkv file. | ||
| CVE-2019-14533 | — | < 3.0.9.2-bp151.5.6.1 | 3.0.9.2-bp151.5.6.1 | Aug 29, 2019 | The Control function of demux/asf/asf.c in VideoLAN VLC media player 3.0.7.1 has a use-after-free. | ||
| CVE-2019-14534 | — | < 3.0.9.2-bp151.5.6.1 | 3.0.9.2-bp151.5.6.1 | Aug 29, 2019 | In VideoLAN VLC media player 3.0.7.1, there is a NULL pointer dereference at the function SeekPercent of demux/asf/asf.c that will lead to a denial of service attack. | ||
| CVE-2019-14535 | — | < 3.0.9.2-bp151.5.6.1 | 3.0.9.2-bp151.5.6.1 | Aug 29, 2019 | A divide-by-zero error exists in the SeekIndex function of demux/asf/asf.c in VideoLAN VLC media player 3.0.7.1. As a result, an FPE can be triggered via a crafted WMV file. | ||
| CVE-2019-14498 | — | < 3.0.9.2-bp151.5.6.1 | 3.0.9.2-bp151.5.6.1 | Aug 29, 2019 | A divide-by-zero error exists in the Control function of demux/caf.c in VideoLAN VLC media player 3.0.7.1. As a result, an FPE can be triggered via a crafted CAF file. | ||
| CVE-2019-14438 | — | < 3.0.9.2-bp151.5.6.1 | 3.0.9.2-bp151.5.6.1 | Aug 29, 2019 | A heap-based buffer over-read in xiph_PackHeaders() in modules/demux/xiph.h in VideoLAN VLC media player 3.0.7.1 allows remote attackers to trigger a heap-based buffer over-read via a crafted .ogg file. | ||
| CVE-2019-14437 | — | < 3.0.9.2-bp151.5.6.1 | 3.0.9.2-bp151.5.6.1 | Aug 29, 2019 | The xiph_SplitHeaders function in modules/demux/xiph.h in VideoLAN VLC media player 3.0.7.1 does not check array bounds properly. As a result, a heap-based buffer over-read can be triggered via a crafted .ogg file. | ||
| CVE-2019-5460 | — | < 3.0.7.1-bp151.5.3.3 | 3.0.7.1-bp151.5.3.3 | Jul 30, 2019 | Double Free in VLC versions <= 3.0.6 leads to a crash. | ||
| CVE-2019-5459 | — | < 3.0.7.1-bp151.5.3.3 | 3.0.7.1-bp151.5.3.3 | Jul 30, 2019 | An Integer underflow in VLC Media Player versions < 3.0.7 leads to an out-of-band read. | ||
| CVE-2019-13962 | — | < 3.0.7.1-bp151.5.3.3 | 3.0.7.1-bp151.5.3.3 | Jul 18, 2019 | lavc_CopyPicture in modules/codec/avcodec/video.c in VideoLAN VLC media player through 3.0.7 has a heap-based buffer over-read because it does not properly validate the width and height. | ||
| CVE-2019-13602 | — | < 3.0.7.1-bp151.5.3.3 | 3.0.7.1-bp151.5.3.3 | Jul 14, 2019 | An Integer Underflow in MP4_EIA608_Convert() in modules/demux/mp4/mp4.c in VideoLAN VLC media player through 3.0.7.1 allows remote attackers to cause a denial of service (heap-based buffer overflow and crash) or possibly have unspecified other impact via a crafted .mp4 file. | ||
| CVE-2019-12874 | — | < 3.0.7.1-bp151.5.3.3 | 3.0.7.1-bp151.5.3.3 | Jun 18, 2019 | An issue was discovered in zlib_decompress_extra in modules/demux/mkv/util.cpp in VideoLAN VLC media player 3.x through 3.0.7. The Matroska demuxer, while parsing a malformed MKV file type, has a double free. | ||
| CVE-2019-5439 | — | < 3.0.7.1-bp151.5.3.3 | 3.0.7.1-bp151.5.3.3 | Jun 13, 2019 | A Buffer Overflow in VLC Media Player < 3.0.7 causes a crash which can possibly be further developed into a remote code execution exploit. | ||
| CVE-2018-19857 | — | < 3.0.7.1-bp151.5.3.3 | 3.0.7.1-bp151.5.3.3 | Dec 5, 2018 | The CAF demuxer in modules/demux/caf.c in VideoLAN VLC media player 3.0.4 may read memory from an uninitialized pointer when processing magic cookies in CAF files, because a ReadKukiChunk() cast converts a return value to an unsigned int even if that value is negative. This could |
- CVE-2020-26664Jan 8, 2021affected < 3.0.11.1-bp151.5.12.1fixed 3.0.11.1-bp151.5.12.1
A vulnerability in EbmlTypeDispatcher::send in VideoLAN VLC media player 3.0.11 allows attackers to trigger a heap-based buffer overflow via a crafted .mkv file.
- CVE-2020-13428Jun 8, 2020affected < 3.0.11.1-bp151.5.12.1fixed 3.0.11.1-bp151.5.12.1
A heap-based buffer overflow in the hxxx_AnnexB_to_xVC function in modules/packetizer/hxxx_nal.c in VideoLAN VLC media player before 3.0.11 for macOS/iOS allows remote attackers to cause a denial of service (application crash) or execute arbitrary code via a crafted H.264 Annex-B
- CVE-2019-14970Aug 29, 2019affected < 3.0.9.2-bp151.5.6.1fixed 3.0.9.2-bp151.5.6.1
A vulnerability in mkv::event_thread_t in VideoLAN VLC media player 3.0.7.1 allows remote attackers to trigger a heap-based buffer overflow via a crafted .mkv file.
- CVE-2019-14777Aug 29, 2019affected < 3.0.9.2-bp151.5.6.1fixed 3.0.9.2-bp151.5.6.1
The Control function of demux/mkv/mkv.cpp in VideoLAN VLC media player 3.0.7.1 has a use-after-free.
- CVE-2019-14778Aug 29, 2019affected < 3.0.9.2-bp151.5.6.1fixed 3.0.9.2-bp151.5.6.1
The mkv::virtual_segment_c::seek method of demux/mkv/virtual_segment.cpp in VideoLAN VLC media player 3.0.7.1 has a use-after-free.
- CVE-2019-14776Aug 29, 2019affected < 3.0.9.2-bp151.5.6.1fixed 3.0.9.2-bp151.5.6.1
A heap-based buffer over-read exists in DemuxInit() in demux/asf/asf.c in VideoLAN VLC media player 3.0.7.1 via a crafted .mkv file.
- CVE-2019-14533Aug 29, 2019affected < 3.0.9.2-bp151.5.6.1fixed 3.0.9.2-bp151.5.6.1
The Control function of demux/asf/asf.c in VideoLAN VLC media player 3.0.7.1 has a use-after-free.
- CVE-2019-14534Aug 29, 2019affected < 3.0.9.2-bp151.5.6.1fixed 3.0.9.2-bp151.5.6.1
In VideoLAN VLC media player 3.0.7.1, there is a NULL pointer dereference at the function SeekPercent of demux/asf/asf.c that will lead to a denial of service attack.
- CVE-2019-14535Aug 29, 2019affected < 3.0.9.2-bp151.5.6.1fixed 3.0.9.2-bp151.5.6.1
A divide-by-zero error exists in the SeekIndex function of demux/asf/asf.c in VideoLAN VLC media player 3.0.7.1. As a result, an FPE can be triggered via a crafted WMV file.
- CVE-2019-14498Aug 29, 2019affected < 3.0.9.2-bp151.5.6.1fixed 3.0.9.2-bp151.5.6.1
A divide-by-zero error exists in the Control function of demux/caf.c in VideoLAN VLC media player 3.0.7.1. As a result, an FPE can be triggered via a crafted CAF file.
- CVE-2019-14438Aug 29, 2019affected < 3.0.9.2-bp151.5.6.1fixed 3.0.9.2-bp151.5.6.1
A heap-based buffer over-read in xiph_PackHeaders() in modules/demux/xiph.h in VideoLAN VLC media player 3.0.7.1 allows remote attackers to trigger a heap-based buffer over-read via a crafted .ogg file.
- CVE-2019-14437Aug 29, 2019affected < 3.0.9.2-bp151.5.6.1fixed 3.0.9.2-bp151.5.6.1
The xiph_SplitHeaders function in modules/demux/xiph.h in VideoLAN VLC media player 3.0.7.1 does not check array bounds properly. As a result, a heap-based buffer over-read can be triggered via a crafted .ogg file.
- CVE-2019-5460Jul 30, 2019affected < 3.0.7.1-bp151.5.3.3fixed 3.0.7.1-bp151.5.3.3
Double Free in VLC versions <= 3.0.6 leads to a crash.
- CVE-2019-5459Jul 30, 2019affected < 3.0.7.1-bp151.5.3.3fixed 3.0.7.1-bp151.5.3.3
An Integer underflow in VLC Media Player versions < 3.0.7 leads to an out-of-band read.
- CVE-2019-13962Jul 18, 2019affected < 3.0.7.1-bp151.5.3.3fixed 3.0.7.1-bp151.5.3.3
lavc_CopyPicture in modules/codec/avcodec/video.c in VideoLAN VLC media player through 3.0.7 has a heap-based buffer over-read because it does not properly validate the width and height.
- CVE-2019-13602Jul 14, 2019affected < 3.0.7.1-bp151.5.3.3fixed 3.0.7.1-bp151.5.3.3
An Integer Underflow in MP4_EIA608_Convert() in modules/demux/mp4/mp4.c in VideoLAN VLC media player through 3.0.7.1 allows remote attackers to cause a denial of service (heap-based buffer overflow and crash) or possibly have unspecified other impact via a crafted .mp4 file.
- CVE-2019-12874Jun 18, 2019affected < 3.0.7.1-bp151.5.3.3fixed 3.0.7.1-bp151.5.3.3
An issue was discovered in zlib_decompress_extra in modules/demux/mkv/util.cpp in VideoLAN VLC media player 3.x through 3.0.7. The Matroska demuxer, while parsing a malformed MKV file type, has a double free.
- CVE-2019-5439Jun 13, 2019affected < 3.0.7.1-bp151.5.3.3fixed 3.0.7.1-bp151.5.3.3
A Buffer Overflow in VLC Media Player < 3.0.7 causes a crash which can possibly be further developed into a remote code execution exploit.
- CVE-2018-19857Dec 5, 2018affected < 3.0.7.1-bp151.5.3.3fixed 3.0.7.1-bp151.5.3.3
The CAF demuxer in modules/demux/caf.c in VideoLAN VLC media player 3.0.4 may read memory from an uninitialized pointer when processing magic cookies in CAF files, because a ReadKukiChunk() cast converts a return value to an unsigned int even if that value is negative. This could