Search for vulnerabilities
Vulnerability details: VCID-gfs8-ag36-aaab
Vulnerability ID VCID-gfs8-ag36-aaab
Aliases CVE-2019-19721
Summary An off-by-one error in the DecodeBlock function in codec/sdl_image.c in VideoLAN VLC media player before 3.0.9 allows remote attackers to cause a denial of service (memory corruption) via a crafted image file. NOTE: this may be related to the SDL_Image product.
Status Published
Exploitability 0.5
Weighted Severity 7.0
Risk 3.5
Affected and Fixed Packages Package Details
Weaknesses (2)
CWE-787 Out-of-bounds Write
CWE-193 Off-by-one Error
System Score Found at
generic_textual Low http://hg.libsdl.org/SDL_image/
generic_textual Low http://people.canonical.com/~ubuntu-security/cve/2019/CVE-2019-19721.html
epss 0.00352 https://api.first.org/data/v1/epss?cve=CVE-2019-19721
epss 0.00352 https://api.first.org/data/v1/epss?cve=CVE-2019-19721
epss 0.00352 https://api.first.org/data/v1/epss?cve=CVE-2019-19721
epss 0.00352 https://api.first.org/data/v1/epss?cve=CVE-2019-19721
epss 0.00431 https://api.first.org/data/v1/epss?cve=CVE-2019-19721
epss 0.00431 https://api.first.org/data/v1/epss?cve=CVE-2019-19721
epss 0.00431 https://api.first.org/data/v1/epss?cve=CVE-2019-19721
epss 0.00431 https://api.first.org/data/v1/epss?cve=CVE-2019-19721
epss 0.00431 https://api.first.org/data/v1/epss?cve=CVE-2019-19721
epss 0.00431 https://api.first.org/data/v1/epss?cve=CVE-2019-19721
epss 0.00431 https://api.first.org/data/v1/epss?cve=CVE-2019-19721
epss 0.00431 https://api.first.org/data/v1/epss?cve=CVE-2019-19721
epss 0.00431 https://api.first.org/data/v1/epss?cve=CVE-2019-19721
epss 0.00431 https://api.first.org/data/v1/epss?cve=CVE-2019-19721
epss 0.00431 https://api.first.org/data/v1/epss?cve=CVE-2019-19721
epss 0.00431 https://api.first.org/data/v1/epss?cve=CVE-2019-19721
epss 0.01273 https://api.first.org/data/v1/epss?cve=CVE-2019-19721
epss 0.01303 https://api.first.org/data/v1/epss?cve=CVE-2019-19721
epss 0.01303 https://api.first.org/data/v1/epss?cve=CVE-2019-19721
epss 0.01303 https://api.first.org/data/v1/epss?cve=CVE-2019-19721
epss 0.01303 https://api.first.org/data/v1/epss?cve=CVE-2019-19721
epss 0.01303 https://api.first.org/data/v1/epss?cve=CVE-2019-19721
epss 0.01303 https://api.first.org/data/v1/epss?cve=CVE-2019-19721
epss 0.01303 https://api.first.org/data/v1/epss?cve=CVE-2019-19721
epss 0.01303 https://api.first.org/data/v1/epss?cve=CVE-2019-19721
epss 0.01303 https://api.first.org/data/v1/epss?cve=CVE-2019-19721
epss 0.01303 https://api.first.org/data/v1/epss?cve=CVE-2019-19721
epss 0.01303 https://api.first.org/data/v1/epss?cve=CVE-2019-19721
epss 0.01303 https://api.first.org/data/v1/epss?cve=CVE-2019-19721
epss 0.01303 https://api.first.org/data/v1/epss?cve=CVE-2019-19721
epss 0.01303 https://api.first.org/data/v1/epss?cve=CVE-2019-19721
epss 0.01303 https://api.first.org/data/v1/epss?cve=CVE-2019-19721
epss 0.01303 https://api.first.org/data/v1/epss?cve=CVE-2019-19721
epss 0.01303 https://api.first.org/data/v1/epss?cve=CVE-2019-19721
epss 0.01303 https://api.first.org/data/v1/epss?cve=CVE-2019-19721
epss 0.01303 https://api.first.org/data/v1/epss?cve=CVE-2019-19721
epss 0.01303 https://api.first.org/data/v1/epss?cve=CVE-2019-19721
epss 0.01303 https://api.first.org/data/v1/epss?cve=CVE-2019-19721
epss 0.01303 https://api.first.org/data/v1/epss?cve=CVE-2019-19721
epss 0.01303 https://api.first.org/data/v1/epss?cve=CVE-2019-19721
epss 0.01303 https://api.first.org/data/v1/epss?cve=CVE-2019-19721
epss 0.01303 https://api.first.org/data/v1/epss?cve=CVE-2019-19721
epss 0.01303 https://api.first.org/data/v1/epss?cve=CVE-2019-19721
epss 0.01303 https://api.first.org/data/v1/epss?cve=CVE-2019-19721
epss 0.01303 https://api.first.org/data/v1/epss?cve=CVE-2019-19721
epss 0.01303 https://api.first.org/data/v1/epss?cve=CVE-2019-19721
epss 0.01303 https://api.first.org/data/v1/epss?cve=CVE-2019-19721
epss 0.01303 https://api.first.org/data/v1/epss?cve=CVE-2019-19721
epss 0.01303 https://api.first.org/data/v1/epss?cve=CVE-2019-19721
epss 0.01303 https://api.first.org/data/v1/epss?cve=CVE-2019-19721
epss 0.01303 https://api.first.org/data/v1/epss?cve=CVE-2019-19721
epss 0.01303 https://api.first.org/data/v1/epss?cve=CVE-2019-19721
epss 0.01303 https://api.first.org/data/v1/epss?cve=CVE-2019-19721
epss 0.01303 https://api.first.org/data/v1/epss?cve=CVE-2019-19721
epss 0.01303 https://api.first.org/data/v1/epss?cve=CVE-2019-19721
epss 0.01303 https://api.first.org/data/v1/epss?cve=CVE-2019-19721
epss 0.01303 https://api.first.org/data/v1/epss?cve=CVE-2019-19721
epss 0.01303 https://api.first.org/data/v1/epss?cve=CVE-2019-19721
epss 0.01303 https://api.first.org/data/v1/epss?cve=CVE-2019-19721
epss 0.01303 https://api.first.org/data/v1/epss?cve=CVE-2019-19721
epss 0.01303 https://api.first.org/data/v1/epss?cve=CVE-2019-19721
epss 0.01303 https://api.first.org/data/v1/epss?cve=CVE-2019-19721
epss 0.01303 https://api.first.org/data/v1/epss?cve=CVE-2019-19721
epss 0.01303 https://api.first.org/data/v1/epss?cve=CVE-2019-19721
epss 0.01303 https://api.first.org/data/v1/epss?cve=CVE-2019-19721
epss 0.01303 https://api.first.org/data/v1/epss?cve=CVE-2019-19721
epss 0.01303 https://api.first.org/data/v1/epss?cve=CVE-2019-19721
epss 0.01303 https://api.first.org/data/v1/epss?cve=CVE-2019-19721
epss 0.01303 https://api.first.org/data/v1/epss?cve=CVE-2019-19721
epss 0.01303 https://api.first.org/data/v1/epss?cve=CVE-2019-19721
epss 0.01303 https://api.first.org/data/v1/epss?cve=CVE-2019-19721
epss 0.01303 https://api.first.org/data/v1/epss?cve=CVE-2019-19721
epss 0.01303 https://api.first.org/data/v1/epss?cve=CVE-2019-19721
epss 0.01303 https://api.first.org/data/v1/epss?cve=CVE-2019-19721
epss 0.01303 https://api.first.org/data/v1/epss?cve=CVE-2019-19721
epss 0.01303 https://api.first.org/data/v1/epss?cve=CVE-2019-19721
epss 0.01303 https://api.first.org/data/v1/epss?cve=CVE-2019-19721
epss 0.01303 https://api.first.org/data/v1/epss?cve=CVE-2019-19721
epss 0.01303 https://api.first.org/data/v1/epss?cve=CVE-2019-19721
epss 0.01303 https://api.first.org/data/v1/epss?cve=CVE-2019-19721
epss 0.01303 https://api.first.org/data/v1/epss?cve=CVE-2019-19721
epss 0.01303 https://api.first.org/data/v1/epss?cve=CVE-2019-19721
epss 0.01303 https://api.first.org/data/v1/epss?cve=CVE-2019-19721
generic_textual Low https://bugs.gentoo.org/721940
generic_textual Low https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-19721
generic_textual Low https://git.videolan.org/?p=vlc/vlc-3.0.git;a=commit;h=72afe7ebd8305bf4f5360293b8621cde52ec506b
cvssv2 6.8 https://nvd.nist.gov/vuln/detail/CVE-2019-19721
cvssv3 7.8 https://nvd.nist.gov/vuln/detail/CVE-2019-19721
cvssv3.1 7.8 https://nvd.nist.gov/vuln/detail/CVE-2019-19721
archlinux Medium https://security.archlinux.org/AVG-1145
generic_textual Low https://www.videolan.org/security/
Reference id Reference type URL
http://hg.libsdl.org/SDL_image/
http://people.canonical.com/~ubuntu-security/cve/2019/CVE-2019-19721.html
https://api.first.org/data/v1/epss?cve=CVE-2019-19721
https://bugs.gentoo.org/721940
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-19721
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-6071
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-6072
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-6073
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-6077
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-6078
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-6079
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-6080
https://git.videolan.org/?p=vlc/vlc-3.0.git%3Ba=commit%3Bh=72afe7ebd8305bf4f5360293b8621cde52ec506b
https://git.videolan.org/?p=vlc/vlc-3.0.git;a=commit;h=72afe7ebd8305bf4f5360293b8621cde52ec506b
https://www.videolan.org/security/
AVG-1145 https://security.archlinux.org/AVG-1145
cpe:2.3:a:videolan:vlc_media_player:*:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:videolan:vlc_media_player:*:*:*:*:*:*:*:*
CVE-2019-19721 https://nvd.nist.gov/vuln/detail/CVE-2019-19721
GLSA-202005-11 https://security.gentoo.org/glsa/202005-11
USN-6180-1 https://usn.ubuntu.com/6180-1/
No exploits are available.
Vector: AV:N/AC:M/Au:N/C:P/I:P/A:P Found at https://nvd.nist.gov/vuln/detail/CVE-2019-19721
Exploitability (E) Access Vector (AV) Access Complexity (AC) Authentication (Au) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

high

functional

unproven

proof_of_concept

not_defined

local

adjacent_network

network

high

medium

low

multiple

single

none

none

partial

complete

none

partial

complete

none

partial

complete
Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H Found at https://nvd.nist.gov/vuln/detail/CVE-2019-19721
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H Found at https://nvd.nist.gov/vuln/detail/CVE-2019-19721
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Exploit Prediction Scoring System (EPSS)
Percentile 0.71637
EPSS Score 0.00352
Published At Dec. 17, 2024, midnight
Date Actor Action Source VulnerableCode Version
There are no relevant records.