VulnerableCode Package Details - pkg:deb/ubuntu/vlc@3.0.8-2

Search for packages

Vulnerability	Summary	Fixed by
VCID-gfs8-ag36-aaab Aliases: CVE-2019-19721	An off-by-one error in the DecodeBlock function in codec/sdl_image.c in VideoLAN VLC media player before 3.0.9 allows remote attackers to cause a denial of service (memory corruption) via a crafted image file. NOTE: this may be related to the SDL_Image product.	3.0.9.2-1 Affected by 0 other vulnerabilities.

Vulnerability

Summary

Fixed by

VCID-gfs8-ag36-aaab
Aliases:
CVE-2019-19721

An off-by-one error in the DecodeBlock function in codec/sdl_image.c in VideoLAN VLC media player before 3.0.9 allows remote attackers to cause a denial of service (memory corruption) via a crafted image file. NOTE: this may be related to the SDL_Image product.

3.0.9.2-1
Affected by 0 other vulnerabilities.

Vulnerability	Summary	Aliases
VCID-2k38-fqkr-aaae	In VideoLAN VLC media player 3.0.7.1, there is a NULL pointer dereference at the function SeekPercent of demux/asf/asf.c that will lead to a denial of service attack.	CVE-2019-14534
VCID-8tp2-d742-aaab	The Control function of demux/mkv/mkv.cpp in VideoLAN VLC media player 3.0.7.1 has a use-after-free.	CVE-2019-14777
VCID-b91u-sqbs-aaaf	The Control function of demux/asf/asf.c in VideoLAN VLC media player 3.0.7.1 has a use-after-free.	CVE-2019-14533
VCID-d5ps-9n98-aaak	A vulnerability in mkv::event_thread_t in VideoLAN VLC media player 3.0.7.1 allows remote attackers to trigger a heap-based buffer overflow via a crafted .mkv file.	CVE-2019-14970
VCID-dz1k-nr3t-aaag	A heap-based buffer over-read in xiph_PackHeaders() in modules/demux/xiph.h in VideoLAN VLC media player 3.0.7.1 allows remote attackers to trigger a heap-based buffer over-read via a crafted .ogg file.	CVE-2019-14438
VCID-e43m-9cbb-aaag	lavc_CopyPicture in modules/codec/avcodec/video.c in VideoLAN VLC media player through 3.0.7 has a heap-based buffer over-read because it does not properly validate the width and height.	CVE-2019-13962
VCID-g3em-5bjx-aaae	A heap-based buffer over-read exists in DemuxInit() in demux/asf/asf.c in VideoLAN VLC media player 3.0.7.1 via a crafted .mkv file.	CVE-2019-14776
VCID-jm87-cnqc-aaak	A divide-by-zero error exists in the Control function of demux/caf.c in VideoLAN VLC media player 3.0.7.1. As a result, an FPE can be triggered via a crafted CAF file.	CVE-2019-14498
VCID-q1ru-5x11-aaak	The mkv::virtual_segment_c::seek method of demux/mkv/virtual_segment.cpp in VideoLAN VLC media player 3.0.7.1 has a use-after-free.	CVE-2019-14778
VCID-rz81-dept-aaam	A divide-by-zero error exists in the SeekIndex function of demux/asf/asf.c in VideoLAN VLC media player 3.0.7.1. As a result, an FPE can be triggered via a crafted WMV file.	CVE-2019-14535
VCID-xfgh-cj1c-aaam	The xiph_SplitHeaders function in modules/demux/xiph.h in VideoLAN VLC media player 3.0.7.1 does not check array bounds properly. As a result, a heap-based buffer over-read can be triggered via a crafted .ogg file.	CVE-2019-14437

Vulnerability

Summary

Aliases

VCID-2k38-fqkr-aaae

In VideoLAN VLC media player 3.0.7.1, there is a NULL pointer dereference at the function SeekPercent of demux/asf/asf.c that will lead to a denial of service attack.

CVE-2019-14534

VCID-8tp2-d742-aaab

The Control function of demux/mkv/mkv.cpp in VideoLAN VLC media player 3.0.7.1 has a use-after-free.

CVE-2019-14777

VCID-b91u-sqbs-aaaf

The Control function of demux/asf/asf.c in VideoLAN VLC media player 3.0.7.1 has a use-after-free.

CVE-2019-14533

VCID-d5ps-9n98-aaak

A vulnerability in mkv::event_thread_t in VideoLAN VLC media player 3.0.7.1 allows remote attackers to trigger a heap-based buffer overflow via a crafted .mkv file.

CVE-2019-14970

VCID-dz1k-nr3t-aaag

A heap-based buffer over-read in xiph_PackHeaders() in modules/demux/xiph.h in VideoLAN VLC media player 3.0.7.1 allows remote attackers to trigger a heap-based buffer over-read via a crafted .ogg file.

CVE-2019-14438

VCID-e43m-9cbb-aaag

lavc_CopyPicture in modules/codec/avcodec/video.c in VideoLAN VLC media player through 3.0.7 has a heap-based buffer over-read because it does not properly validate the width and height.

CVE-2019-13962

VCID-g3em-5bjx-aaae

A heap-based buffer over-read exists in DemuxInit() in demux/asf/asf.c in VideoLAN VLC media player 3.0.7.1 via a crafted .mkv file.

CVE-2019-14776

VCID-jm87-cnqc-aaak

A divide-by-zero error exists in the Control function of demux/caf.c in VideoLAN VLC media player 3.0.7.1. As a result, an FPE can be triggered via a crafted CAF file.

CVE-2019-14498

VCID-q1ru-5x11-aaak

The mkv::virtual_segment_c::seek method of demux/mkv/virtual_segment.cpp in VideoLAN VLC media player 3.0.7.1 has a use-after-free.

CVE-2019-14778

VCID-rz81-dept-aaam

A divide-by-zero error exists in the SeekIndex function of demux/asf/asf.c in VideoLAN VLC media player 3.0.7.1. As a result, an FPE can be triggered via a crafted WMV file.

CVE-2019-14535

VCID-xfgh-cj1c-aaam

The xiph_SplitHeaders function in modules/demux/xiph.h in VideoLAN VLC media player 3.0.7.1 does not check array bounds properly. As a result, a heap-based buffer over-read can be triggered via a crafted .ogg file.

CVE-2019-14437

Next non-vulnerable version	3.0.9.2-1
Latest non-vulnerable version	3.0.9.2-1
Risk	3.5