An Integer Underflow in MP4_EIA608_Convert() in modules/demux/mp4/mp4.c in VideoLAN VLC media player up to and including 3.0.7.1 allows remote malicious users to cause a denial of service (heap-based buffer overflow and crash) or possibly have unspecified other impact via a crafted .mp4 file.
Vulnerable Product | Search on Vulmon | Subscribe to Product |
---|---|---|
videolan vlc media player |
||
debian debian linux 9.0 |
||
debian debian linux 10.0 |
||
canonical ubuntu linux 18.04 |
||
canonical ubuntu linux 19.04 |
||
opensuse leap 15.0 |
||
opensuse leap 15.1 |
||
opensuse backports sle 15.0 |
Keep your media player, like other apps, up to date: 13 security flaws fixed Dodgy vids can hijack PCs via VLC security flaw, US, Germany warn. Software's makers not app-y with that claim
VideoLAN has issued an update to address a baker's dozen of CVE-listed security vulnerabilities in its widely used VLC player software. The VLC update includes patches to clear up flaws that range in impact from denial of service (read: application crashes) to remote code execution (i.e. malware installation). Users and admins can get fixes for all of the vulnerabilities by updating VLC to version 3.0.8 or later. So far, no attacks exploiting these holes have been reported in the wild. "While th...