Vulmon Recent Vulnerabilities Research Posts Trends Blog About Contact
9.8
CVSSv3

CVE-2019-13962

Published: 18/07/2019 Updated: 07/11/2023
CVSS v2 Base Score: 7.5 | Impact Score: 6.4 | Exploitability Score: 10
CVSS v3 Base Score: 9.8 | Impact Score: 5.9 | Exploitability Score: 3.9
VMScore: 668
Vector: AV:N/AC:L/Au:N/C:P/I:P/A:P
Subscribe to Videolan

Vulnerability Summary

lavc_CopyPicture in modules/codec/avcodec/video.c in VideoLAN VLC media player up to and including 3.0.7 has a heap-based buffer over-read because it does not properly validate the width and height.

Vulnerability Trend

Vulnerable Product Search on Vulmon Subscribe to Product

videolan vlc media player

opensuse leap 15.0

opensuse leap 15.1

opensuse backports sle 15.0

debian debian linux 9.0

debian debian linux 10.0

canonical ubuntu linux 18.04

canonical ubuntu linux 19.04

Vendor Advisories

Ubuntu Security Notice: vlc vulnerabilities
Several security issues were fixed in VLC ...
Debian Security Advisories: DSA-4504-1 vlc -- security update
Multiple security issues were discovered in the VLC media player, which could result in the execution of arbitrary code or denial of service if a malformed file/stream is processed For the oldstable distribution (stretch), these problems have been fixed in version 308-0+deb9u1 For the stable distribution (buster), these problems have been fixed ...

Recent Articles

Stuff like sophisticated government spyware is scary and all – but don't forget, a single .wmv file can pwn you via VLC
The Register • Shaun Nichols in San Francisco • 21 Aug 2019

Keep your media player, like other apps, up to date: 13 security flaws fixed Dodgy vids can hijack PCs via VLC security flaw, US, Germany warn. Software's makers not app-y with that claim

VideoLAN has issued an update to address a baker's dozen of CVE-listed security vulnerabilities in its widely used VLC player software. The VLC update includes patches to clear up flaws that range in impact from denial of service (read: application crashes) to remote code execution (i.e. malware installation). Users and admins can get fixes for all of the vulnerabilities by updating VLC to version 3.0.8 or later. So far, no attacks exploiting these holes have been reported in the wild. "While th...

Read more...

References

CWE-125https://trac.videolan.org/vlc/ticket/22240http://www.securityfocus.com/bid/109306http://lists.opensuse.org/opensuse-security-announce/2019-08/msg00005.htmlhttp://lists.opensuse.org/opensuse-security-announce/2019-08/msg00040.htmlhttp://lists.opensuse.org/opensuse-security-announce/2019-08/msg00037.htmlhttps://www.debian.org/security/2019/dsa-4504https://seclists.org/bugtraq/2019/Aug/36http://lists.opensuse.org/opensuse-security-announce/2019-08/msg00081.htmlhttps://security.gentoo.org/glsa/201909-02https://usn.ubuntu.com/4131-1/http://lists.opensuse.org/opensuse-security-announce/2020-04/msg00036.htmlhttp://lists.opensuse.org/opensuse-security-announce/2020-04/msg00046.htmlhttp://git.videolan.org/?p=vlc/vlc-3.0.git%3Ba=commit%3Bh=2b4f9d0b0e0861f262c90e9b9b94e7d53b864509https://usn.ubuntu.com/4131-1/https://nvd.nist.gov
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-4644unprivilegedCVE-2024-3494CVE-2024-22460CVE-2024-26026CVE-2024-23473firewallCVE-2024-28889XML external entity
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started

Vulmon Search

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

About

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Products

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Connect

Twitter Reddit Linkedin Facebook