VulnerableCode Package Details - pkg:deb/ubuntu/vlc@3.0.8-0ubuntu18.04.1

Search for packages

Package details: pkg:deb/ubuntu/vlc@3.0.8-0ubuntu18.04.1

Essentials
History (0)

purl	pkg:deb/ubuntu/vlc@3.0.8-0ubuntu18.04.1

Next non-vulnerable version	3.0.9.2-1
Latest non-vulnerable version	3.0.9.2-1
Risk	4.4

Vulnerabilities affecting this package (12)

Vulnerability	Summary	Fixed by
VCID-2k38-fqkr-aaae Aliases: CVE-2019-14534	In VideoLAN VLC media player 3.0.7.1, there is a NULL pointer dereference at the function SeekPercent of demux/asf/asf.c that will lead to a denial of service attack.	3.0.8-2 Affected by 1 other vulnerability. This version is affected by these other vulnerabilities: {{ fixed_by_vuln.vulnerability_id }}
VCID-8tp2-d742-aaab Aliases: CVE-2019-14777	The Control function of demux/mkv/mkv.cpp in VideoLAN VLC media player 3.0.7.1 has a use-after-free.	3.0.8-2 Affected by 1 other vulnerability. This version is affected by these other vulnerabilities: {{ fixed_by_vuln.vulnerability_id }}
VCID-b91u-sqbs-aaaf Aliases: CVE-2019-14533	The Control function of demux/asf/asf.c in VideoLAN VLC media player 3.0.7.1 has a use-after-free.	3.0.8-2 Affected by 1 other vulnerability. This version is affected by these other vulnerabilities: {{ fixed_by_vuln.vulnerability_id }}
VCID-d5ps-9n98-aaak Aliases: CVE-2019-14970	A vulnerability in mkv::event_thread_t in VideoLAN VLC media player 3.0.7.1 allows remote attackers to trigger a heap-based buffer overflow via a crafted .mkv file.	3.0.8-2 Affected by 1 other vulnerability. This version is affected by these other vulnerabilities: {{ fixed_by_vuln.vulnerability_id }}
VCID-dz1k-nr3t-aaag Aliases: CVE-2019-14438	A heap-based buffer over-read in xiph_PackHeaders() in modules/demux/xiph.h in VideoLAN VLC media player 3.0.7.1 allows remote attackers to trigger a heap-based buffer over-read via a crafted .ogg file.	3.0.8-2 Affected by 1 other vulnerability. This version is affected by these other vulnerabilities: {{ fixed_by_vuln.vulnerability_id }}
VCID-e43m-9cbb-aaag Aliases: CVE-2019-13962	lavc_CopyPicture in modules/codec/avcodec/video.c in VideoLAN VLC media player through 3.0.7 has a heap-based buffer over-read because it does not properly validate the width and height.	3.0.8-2 Affected by 1 other vulnerability. This version is affected by these other vulnerabilities: {{ fixed_by_vuln.vulnerability_id }}
VCID-g3em-5bjx-aaae Aliases: CVE-2019-14776	A heap-based buffer over-read exists in DemuxInit() in demux/asf/asf.c in VideoLAN VLC media player 3.0.7.1 via a crafted .mkv file.	3.0.8-2 Affected by 1 other vulnerability. This version is affected by these other vulnerabilities: {{ fixed_by_vuln.vulnerability_id }}
VCID-gfs8-ag36-aaab Aliases: CVE-2019-19721	An off-by-one error in the DecodeBlock function in codec/sdl_image.c in VideoLAN VLC media player before 3.0.9 allows remote attackers to cause a denial of service (memory corruption) via a crafted image file. NOTE: this may be related to the SDL_Image product.	3.0.9.2-1 Affected by 0 other vulnerabilities.
VCID-jm87-cnqc-aaak Aliases: CVE-2019-14498	A divide-by-zero error exists in the Control function of demux/caf.c in VideoLAN VLC media player 3.0.7.1. As a result, an FPE can be triggered via a crafted CAF file.	3.0.8-2 Affected by 1 other vulnerability. This version is affected by these other vulnerabilities: {{ fixed_by_vuln.vulnerability_id }}
VCID-q1ru-5x11-aaak Aliases: CVE-2019-14778	The mkv::virtual_segment_c::seek method of demux/mkv/virtual_segment.cpp in VideoLAN VLC media player 3.0.7.1 has a use-after-free.	3.0.8-2 Affected by 1 other vulnerability. This version is affected by these other vulnerabilities: {{ fixed_by_vuln.vulnerability_id }}
VCID-rz81-dept-aaam Aliases: CVE-2019-14535	A divide-by-zero error exists in the SeekIndex function of demux/asf/asf.c in VideoLAN VLC media player 3.0.7.1. As a result, an FPE can be triggered via a crafted WMV file.	3.0.8-2 Affected by 1 other vulnerability. This version is affected by these other vulnerabilities: {{ fixed_by_vuln.vulnerability_id }}
VCID-xfgh-cj1c-aaam Aliases: CVE-2019-14437	The xiph_SplitHeaders function in modules/demux/xiph.h in VideoLAN VLC media player 3.0.7.1 does not check array bounds properly. As a result, a heap-based buffer over-read can be triggered via a crafted .ogg file.	3.0.8-2 Affected by 1 other vulnerability. This version is affected by these other vulnerabilities: {{ fixed_by_vuln.vulnerability_id }}

Vulnerabilities fixed by this package (1)

Vulnerability	Summary	Aliases
VCID-1y4k-7ebw-aaaq	The web interface in VideoLAN VLC media player before 2.0.7 has no access control which allows remote attackers to view directory listings via the 'dir' command or issue other commands without authenticating.	CVE-2013-3564

Date	Actor	Action	Vulnerability	Source	VulnerableCode Version