Action not permitted
Modal body text goes here.
Modal Title
Modal Body
CVE-2019-5439 (GCVE-0-2019-5439)
Vulnerability from cvelistv5
Published
2019-06-13 15:38
Modified
2024-08-04 19:54
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- CWE-120 - Classic Buffer Overflow ()
Summary
A Buffer Overflow in VLC Media Player < 3.0.7 causes a crash which can possibly be further developed into a remote code execution exploit.
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| n/a | VLC Media Player |
Version: Fixed in 3.0.7 |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T19:54:53.470Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://hackerone.com/reports/484398"
},
{
"name": "108769",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/108769"
},
{
"name": "USN-4074-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU",
"x_transferred"
],
"url": "https://usn.ubuntu.com/4074-1/"
},
{
"name": "openSUSE-SU-2019:1840",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2019-08/msg00005.html"
},
{
"name": "openSUSE-SU-2019:1909",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2019-08/msg00040.html"
},
{
"name": "openSUSE-SU-2019:1897",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2019-08/msg00037.html"
},
{
"name": "GLSA-201908-23",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO",
"x_transferred"
],
"url": "https://security.gentoo.org/glsa/201908-23"
},
{
"name": "openSUSE-SU-2019:2015",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2019-08/msg00081.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "VLC Media Player",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "Fixed in 3.0.7"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "A Buffer Overflow in VLC Media Player \u003c 3.0.7 causes a crash which can possibly be further developed into a remote code execution exploit."
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-120",
"description": "Classic Buffer Overflow (CWE-120)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2019-08-26T20:06:12",
"orgId": "36234546-b8fa-4601-9d6f-f4e334aa8ea1",
"shortName": "hackerone"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://hackerone.com/reports/484398"
},
{
"name": "108769",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/108769"
},
{
"name": "USN-4074-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU"
],
"url": "https://usn.ubuntu.com/4074-1/"
},
{
"name": "openSUSE-SU-2019:1840",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2019-08/msg00005.html"
},
{
"name": "openSUSE-SU-2019:1909",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2019-08/msg00040.html"
},
{
"name": "openSUSE-SU-2019:1897",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2019-08/msg00037.html"
},
{
"name": "GLSA-201908-23",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO"
],
"url": "https://security.gentoo.org/glsa/201908-23"
},
{
"name": "openSUSE-SU-2019:2015",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2019-08/msg00081.html"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "support@hackerone.com",
"ID": "CVE-2019-5439",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "VLC Media Player",
"version": {
"version_data": [
{
"version_value": "Fixed in 3.0.7"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "A Buffer Overflow in VLC Media Player \u003c 3.0.7 causes a crash which can possibly be further developed into a remote code execution exploit."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Classic Buffer Overflow (CWE-120)"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://hackerone.com/reports/484398",
"refsource": "MISC",
"url": "https://hackerone.com/reports/484398"
},
{
"name": "108769",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/108769"
},
{
"name": "USN-4074-1",
"refsource": "UBUNTU",
"url": "https://usn.ubuntu.com/4074-1/"
},
{
"name": "openSUSE-SU-2019:1840",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2019-08/msg00005.html"
},
{
"name": "openSUSE-SU-2019:1909",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2019-08/msg00040.html"
},
{
"name": "openSUSE-SU-2019:1897",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2019-08/msg00037.html"
},
{
"name": "GLSA-201908-23",
"refsource": "GENTOO",
"url": "https://security.gentoo.org/glsa/201908-23"
},
{
"name": "openSUSE-SU-2019:2015",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2019-08/msg00081.html"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "36234546-b8fa-4601-9d6f-f4e334aa8ea1",
"assignerShortName": "hackerone",
"cveId": "CVE-2019-5439",
"datePublished": "2019-06-13T15:38:36",
"dateReserved": "2019-01-04T00:00:00",
"dateUpdated": "2024-08-04T19:54:53.470Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1",
"vulnerability-lookup:meta": {
"nvd": "{\"cve\":{\"id\":\"CVE-2019-5439\",\"sourceIdentifier\":\"support@hackerone.com\",\"published\":\"2019-06-13T16:29:01.733\",\"lastModified\":\"2024-11-21T04:44:56.310\",\"vulnStatus\":\"Modified\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"A Buffer Overflow in VLC Media Player \u003c 3.0.7 causes a crash which can possibly be further developed into a remote code execution exploit.\"},{\"lang\":\"es\",\"value\":\"Una desbordamiento en el buffer en VLC Media Player Player \u003c 3.0.7 causa un bloqueo el cual, puede ser posiblemente m\u00e1s desarrollado hacia una explotaci\u00f3n en la ejecuci\u00f3n del c\u00f3digo remoto\"}],\"metrics\":{\"cvssMetricV30\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"3.0\",\"vectorString\":\"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H\",\"baseScore\":6.5,\"baseSeverity\":\"MEDIUM\",\"attackVector\":\"NETWORK\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"NONE\",\"userInteraction\":\"REQUIRED\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"NONE\",\"integrityImpact\":\"NONE\",\"availabilityImpact\":\"HIGH\"},\"exploitabilityScore\":2.8,\"impactScore\":3.6}],\"cvssMetricV2\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"2.0\",\"vectorString\":\"AV:N/AC:M/Au:N/C:N/I:N/A:P\",\"baseScore\":4.3,\"accessVector\":\"NETWORK\",\"accessComplexity\":\"MEDIUM\",\"authentication\":\"NONE\",\"confidentialityImpact\":\"NONE\",\"integrityImpact\":\"NONE\",\"availabilityImpact\":\"PARTIAL\"},\"baseSeverity\":\"MEDIUM\",\"exploitabilityScore\":8.6,\"impactScore\":2.9,\"acInsufInfo\":false,\"obtainAllPrivilege\":false,\"obtainUserPrivilege\":false,\"obtainOtherPrivilege\":false,\"userInteractionRequired\":true}]},\"weaknesses\":[{\"source\":\"support@hackerone.com\",\"type\":\"Secondary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-120\"}]},{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-119\"}]}],\"configurations\":[{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:videolan:vlc_media_player:*:*:*:*:*:*:*:*\",\"versionEndExcluding\":\"3.0.7\",\"matchCriteriaId\":\"288A8608-A671-415D-9BEC-C85098C8C51B\"}]}]}],\"references\":[{\"url\":\"http://lists.opensuse.org/opensuse-security-announce/2019-08/msg00005.html\",\"source\":\"support@hackerone.com\"},{\"url\":\"http://lists.opensuse.org/opensuse-security-announce/2019-08/msg00037.html\",\"source\":\"support@hackerone.com\"},{\"url\":\"http://lists.opensuse.org/opensuse-security-announce/2019-08/msg00040.html\",\"source\":\"support@hackerone.com\"},{\"url\":\"http://lists.opensuse.org/opensuse-security-announce/2019-08/msg00081.html\",\"source\":\"support@hackerone.com\"},{\"url\":\"http://www.securityfocus.com/bid/108769\",\"source\":\"support@hackerone.com\"},{\"url\":\"https://hackerone.com/reports/484398\",\"source\":\"support@hackerone.com\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"https://security.gentoo.org/glsa/201908-23\",\"source\":\"support@hackerone.com\"},{\"url\":\"https://usn.ubuntu.com/4074-1/\",\"source\":\"support@hackerone.com\"},{\"url\":\"http://lists.opensuse.org/opensuse-security-announce/2019-08/msg00005.html\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://lists.opensuse.org/opensuse-security-announce/2019-08/msg00037.html\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://lists.opensuse.org/opensuse-security-announce/2019-08/msg00040.html\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://lists.opensuse.org/opensuse-security-announce/2019-08/msg00081.html\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://www.securityfocus.com/bid/108769\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"https://hackerone.com/reports/484398\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"https://security.gentoo.org/glsa/201908-23\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"https://usn.ubuntu.com/4074-1/\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"}]}}"
}
}
opensuse-su-2019:1909-1
Vulnerability from csaf_opensuse
Published
2019-08-15 09:44
Modified
2019-08-15 09:44
Summary
Security update for vlc
Notes
Title of the patch
Security update for vlc
Description of the patch
This update for vlc to version 3.0.7.1 fixes the following issues:
Security issues fixed:
- CVE-2019-5439: Fixed a buffer overflow (bsc#1138354).
- CVE-2019-5459: Fixed an integer underflow (bsc#1143549).
- CVE-2019-5460: Fixed a double free (bsc#1143547).
- CVE-2019-12874: Fixed a double free in zlib_decompress_extra in modules/demux/mkv/util.cpp (bsc#1138933).
- CVE-2019-13602: Fixed an integer underflow in mp4 demuxer (boo#1141522).
- CVE-2019-13962: Fixed a heap-based buffer over-read in avcodec (boo#1142161).
Non-security issues fixed:
- Video Output:
* Fix hardware acceleration with some AMD drivers
* Improve direct3d11 HDR support
- Access:
* Improve Blu-ray support
- Audio output:
* Fix pass-through on Android-23
* Fix DirectSound drain
- Demux: Improve MP4 support
- Video Output:
* Fix 12 bits sources playback with Direct3D11
* Fix crash on iOS
* Fix midstream aspect-ratio changes when Windows hardware decoding is on
* Fix HLG display with Direct3D11
- Stream Output: Improve Chromecast support with new ChromeCast apps
- Misc:
* Update Youtube, Dailymotion, Vimeo, Soundcloud scripts
* Work around busy looping when playing an invalid item with loop enabled
- Updated translations.
New package libaom:
* Initial version 1.0.0
* A library for AOMedia Video 1 (AV1), an open, royalty-free video coding format
designed for video transmissions over the Internet.
Patchnames
openSUSE-2019-1909
Terms of use
CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).
{
"document": {
"aggregate_severity": {
"namespace": "https://www.suse.com/support/security/rating/",
"text": "important"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright 2024 SUSE LLC. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "Security update for vlc",
"title": "Title of the patch"
},
{
"category": "description",
"text": "This update for vlc to version 3.0.7.1 fixes the following issues:\n\nSecurity issues fixed:\n\n- CVE-2019-5439: Fixed a buffer overflow (bsc#1138354).\n- CVE-2019-5459: Fixed an integer underflow (bsc#1143549).\n- CVE-2019-5460: Fixed a double free (bsc#1143547).\n- CVE-2019-12874: Fixed a double free in zlib_decompress_extra in modules/demux/mkv/util.cpp (bsc#1138933).\n- CVE-2019-13602: Fixed an integer underflow in mp4 demuxer (boo#1141522).\n- CVE-2019-13962: Fixed a heap-based buffer over-read in avcodec (boo#1142161).\n\nNon-security issues fixed:\n\n- Video Output:\n * Fix hardware acceleration with some AMD drivers\n * Improve direct3d11 HDR support\n- Access:\n * Improve Blu-ray support\n- Audio output:\n * Fix pass-through on Android-23\n * Fix DirectSound drain\n- Demux: Improve MP4 support\n- Video Output:\n * Fix 12 bits sources playback with Direct3D11\n * Fix crash on iOS\n * Fix midstream aspect-ratio changes when Windows hardware decoding is on\n * Fix HLG display with Direct3D11\n- Stream Output: Improve Chromecast support with new ChromeCast apps\n- Misc:\n * Update Youtube, Dailymotion, Vimeo, Soundcloud scripts\n * Work around busy looping when playing an invalid item with loop enabled\n- Updated translations.\n\nNew package libaom:\n * Initial version 1.0.0\n * A library for AOMedia Video 1 (AV1), an open, royalty-free video coding format\n designed for video transmissions over the Internet.\n\n",
"title": "Description of the patch"
},
{
"category": "details",
"text": "openSUSE-2019-1909",
"title": "Patchnames"
},
{
"category": "legal_disclaimer",
"text": "CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).",
"title": "Terms of use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://www.suse.com/support/security/contact/",
"name": "SUSE Product Security Team",
"namespace": "https://www.suse.com/"
},
"references": [
{
"category": "external",
"summary": "SUSE ratings",
"url": "https://www.suse.com/support/security/rating/"
},
{
"category": "self",
"summary": "URL of this CSAF notice",
"url": "https://ftp.suse.com/pub/projects/security/csaf/opensuse-su-2019_1909-1.json"
},
{
"category": "self",
"summary": "URL for openSUSE-SU-2019:1909-1",
"url": "https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/PV7IWMKNJKPD75QWP2SQJIG5DET23UDW/#PV7IWMKNJKPD75QWP2SQJIG5DET23UDW"
},
{
"category": "self",
"summary": "E-Mail link for openSUSE-SU-2019:1909-1",
"url": "https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/PV7IWMKNJKPD75QWP2SQJIG5DET23UDW/#PV7IWMKNJKPD75QWP2SQJIG5DET23UDW"
},
{
"category": "self",
"summary": "SUSE Bug 1093732",
"url": "https://bugzilla.suse.com/1093732"
},
{
"category": "self",
"summary": "SUSE Bug 1094893",
"url": "https://bugzilla.suse.com/1094893"
},
{
"category": "self",
"summary": "SUSE Bug 1118586",
"url": "https://bugzilla.suse.com/1118586"
},
{
"category": "self",
"summary": "SUSE Bug 1133290",
"url": "https://bugzilla.suse.com/1133290"
},
{
"category": "self",
"summary": "SUSE Bug 1138354",
"url": "https://bugzilla.suse.com/1138354"
},
{
"category": "self",
"summary": "SUSE Bug 1138933",
"url": "https://bugzilla.suse.com/1138933"
},
{
"category": "self",
"summary": "SUSE Bug 1141522",
"url": "https://bugzilla.suse.com/1141522"
},
{
"category": "self",
"summary": "SUSE Bug 1142161",
"url": "https://bugzilla.suse.com/1142161"
},
{
"category": "self",
"summary": "SUSE Bug 1143547",
"url": "https://bugzilla.suse.com/1143547"
},
{
"category": "self",
"summary": "SUSE Bug 1143549",
"url": "https://bugzilla.suse.com/1143549"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2018-19857 page",
"url": "https://www.suse.com/security/cve/CVE-2018-19857/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2019-12874 page",
"url": "https://www.suse.com/security/cve/CVE-2019-12874/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2019-13602 page",
"url": "https://www.suse.com/security/cve/CVE-2019-13602/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2019-13962 page",
"url": "https://www.suse.com/security/cve/CVE-2019-13962/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2019-5439 page",
"url": "https://www.suse.com/security/cve/CVE-2019-5439/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2019-5459 page",
"url": "https://www.suse.com/security/cve/CVE-2019-5459/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2019-5460 page",
"url": "https://www.suse.com/security/cve/CVE-2019-5460/"
}
],
"title": "Security update for vlc",
"tracking": {
"current_release_date": "2019-08-15T09:44:57Z",
"generator": {
"date": "2019-08-15T09:44:57Z",
"engine": {
"name": "cve-database.git:bin/generate-csaf.pl",
"version": "1"
}
},
"id": "openSUSE-SU-2019:1909-1",
"initial_release_date": "2019-08-15T09:44:57Z",
"revision_history": [
{
"date": "2019-08-15T09:44:57Z",
"number": "1",
"summary": "Current version"
}
],
"status": "final",
"version": "1"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_version",
"name": "libaom-devel-doc-1.0.0-lp150.2.1.noarch",
"product": {
"name": "libaom-devel-doc-1.0.0-lp150.2.1.noarch",
"product_id": "libaom-devel-doc-1.0.0-lp150.2.1.noarch"
}
},
{
"category": "product_version",
"name": "vlc-lang-3.0.7.1-lp150.8.1.noarch",
"product": {
"name": "vlc-lang-3.0.7.1-lp150.8.1.noarch",
"product_id": "vlc-lang-3.0.7.1-lp150.8.1.noarch"
}
}
],
"category": "architecture",
"name": "noarch"
},
{
"branches": [
{
"category": "product_version",
"name": "aom-tools-1.0.0-lp150.2.1.x86_64",
"product": {
"name": "aom-tools-1.0.0-lp150.2.1.x86_64",
"product_id": "aom-tools-1.0.0-lp150.2.1.x86_64"
}
},
{
"category": "product_version",
"name": "libaom-devel-1.0.0-lp150.2.1.x86_64",
"product": {
"name": "libaom-devel-1.0.0-lp150.2.1.x86_64",
"product_id": "libaom-devel-1.0.0-lp150.2.1.x86_64"
}
},
{
"category": "product_version",
"name": "libaom0-1.0.0-lp150.2.1.x86_64",
"product": {
"name": "libaom0-1.0.0-lp150.2.1.x86_64",
"product_id": "libaom0-1.0.0-lp150.2.1.x86_64"
}
},
{
"category": "product_version",
"name": "libvlc5-3.0.7.1-lp150.8.1.x86_64",
"product": {
"name": "libvlc5-3.0.7.1-lp150.8.1.x86_64",
"product_id": "libvlc5-3.0.7.1-lp150.8.1.x86_64"
}
},
{
"category": "product_version",
"name": "libvlccore9-3.0.7.1-lp150.8.1.x86_64",
"product": {
"name": "libvlccore9-3.0.7.1-lp150.8.1.x86_64",
"product_id": "libvlccore9-3.0.7.1-lp150.8.1.x86_64"
}
},
{
"category": "product_version",
"name": "vlc-3.0.7.1-lp150.8.1.x86_64",
"product": {
"name": "vlc-3.0.7.1-lp150.8.1.x86_64",
"product_id": "vlc-3.0.7.1-lp150.8.1.x86_64"
}
},
{
"category": "product_version",
"name": "vlc-codec-gstreamer-3.0.7.1-lp150.8.1.x86_64",
"product": {
"name": "vlc-codec-gstreamer-3.0.7.1-lp150.8.1.x86_64",
"product_id": "vlc-codec-gstreamer-3.0.7.1-lp150.8.1.x86_64"
}
},
{
"category": "product_version",
"name": "vlc-devel-3.0.7.1-lp150.8.1.x86_64",
"product": {
"name": "vlc-devel-3.0.7.1-lp150.8.1.x86_64",
"product_id": "vlc-devel-3.0.7.1-lp150.8.1.x86_64"
}
},
{
"category": "product_version",
"name": "vlc-jack-3.0.7.1-lp150.8.1.x86_64",
"product": {
"name": "vlc-jack-3.0.7.1-lp150.8.1.x86_64",
"product_id": "vlc-jack-3.0.7.1-lp150.8.1.x86_64"
}
},
{
"category": "product_version",
"name": "vlc-noX-3.0.7.1-lp150.8.1.x86_64",
"product": {
"name": "vlc-noX-3.0.7.1-lp150.8.1.x86_64",
"product_id": "vlc-noX-3.0.7.1-lp150.8.1.x86_64"
}
},
{
"category": "product_version",
"name": "vlc-qt-3.0.7.1-lp150.8.1.x86_64",
"product": {
"name": "vlc-qt-3.0.7.1-lp150.8.1.x86_64",
"product_id": "vlc-qt-3.0.7.1-lp150.8.1.x86_64"
}
},
{
"category": "product_version",
"name": "vlc-vdpau-3.0.7.1-lp150.8.1.x86_64",
"product": {
"name": "vlc-vdpau-3.0.7.1-lp150.8.1.x86_64",
"product_id": "vlc-vdpau-3.0.7.1-lp150.8.1.x86_64"
}
}
],
"category": "architecture",
"name": "x86_64"
},
{
"branches": [
{
"category": "product_name",
"name": "openSUSE Leap 15.0",
"product": {
"name": "openSUSE Leap 15.0",
"product_id": "openSUSE Leap 15.0",
"product_identification_helper": {
"cpe": "cpe:/o:opensuse:leap:15.0"
}
}
}
],
"category": "product_family",
"name": "SUSE Linux Enterprise"
}
],
"category": "vendor",
"name": "SUSE"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "aom-tools-1.0.0-lp150.2.1.x86_64 as component of openSUSE Leap 15.0",
"product_id": "openSUSE Leap 15.0:aom-tools-1.0.0-lp150.2.1.x86_64"
},
"product_reference": "aom-tools-1.0.0-lp150.2.1.x86_64",
"relates_to_product_reference": "openSUSE Leap 15.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libaom-devel-1.0.0-lp150.2.1.x86_64 as component of openSUSE Leap 15.0",
"product_id": "openSUSE Leap 15.0:libaom-devel-1.0.0-lp150.2.1.x86_64"
},
"product_reference": "libaom-devel-1.0.0-lp150.2.1.x86_64",
"relates_to_product_reference": "openSUSE Leap 15.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libaom-devel-doc-1.0.0-lp150.2.1.noarch as component of openSUSE Leap 15.0",
"product_id": "openSUSE Leap 15.0:libaom-devel-doc-1.0.0-lp150.2.1.noarch"
},
"product_reference": "libaom-devel-doc-1.0.0-lp150.2.1.noarch",
"relates_to_product_reference": "openSUSE Leap 15.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libaom0-1.0.0-lp150.2.1.x86_64 as component of openSUSE Leap 15.0",
"product_id": "openSUSE Leap 15.0:libaom0-1.0.0-lp150.2.1.x86_64"
},
"product_reference": "libaom0-1.0.0-lp150.2.1.x86_64",
"relates_to_product_reference": "openSUSE Leap 15.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libvlc5-3.0.7.1-lp150.8.1.x86_64 as component of openSUSE Leap 15.0",
"product_id": "openSUSE Leap 15.0:libvlc5-3.0.7.1-lp150.8.1.x86_64"
},
"product_reference": "libvlc5-3.0.7.1-lp150.8.1.x86_64",
"relates_to_product_reference": "openSUSE Leap 15.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libvlccore9-3.0.7.1-lp150.8.1.x86_64 as component of openSUSE Leap 15.0",
"product_id": "openSUSE Leap 15.0:libvlccore9-3.0.7.1-lp150.8.1.x86_64"
},
"product_reference": "libvlccore9-3.0.7.1-lp150.8.1.x86_64",
"relates_to_product_reference": "openSUSE Leap 15.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "vlc-3.0.7.1-lp150.8.1.x86_64 as component of openSUSE Leap 15.0",
"product_id": "openSUSE Leap 15.0:vlc-3.0.7.1-lp150.8.1.x86_64"
},
"product_reference": "vlc-3.0.7.1-lp150.8.1.x86_64",
"relates_to_product_reference": "openSUSE Leap 15.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "vlc-codec-gstreamer-3.0.7.1-lp150.8.1.x86_64 as component of openSUSE Leap 15.0",
"product_id": "openSUSE Leap 15.0:vlc-codec-gstreamer-3.0.7.1-lp150.8.1.x86_64"
},
"product_reference": "vlc-codec-gstreamer-3.0.7.1-lp150.8.1.x86_64",
"relates_to_product_reference": "openSUSE Leap 15.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "vlc-devel-3.0.7.1-lp150.8.1.x86_64 as component of openSUSE Leap 15.0",
"product_id": "openSUSE Leap 15.0:vlc-devel-3.0.7.1-lp150.8.1.x86_64"
},
"product_reference": "vlc-devel-3.0.7.1-lp150.8.1.x86_64",
"relates_to_product_reference": "openSUSE Leap 15.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "vlc-jack-3.0.7.1-lp150.8.1.x86_64 as component of openSUSE Leap 15.0",
"product_id": "openSUSE Leap 15.0:vlc-jack-3.0.7.1-lp150.8.1.x86_64"
},
"product_reference": "vlc-jack-3.0.7.1-lp150.8.1.x86_64",
"relates_to_product_reference": "openSUSE Leap 15.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "vlc-lang-3.0.7.1-lp150.8.1.noarch as component of openSUSE Leap 15.0",
"product_id": "openSUSE Leap 15.0:vlc-lang-3.0.7.1-lp150.8.1.noarch"
},
"product_reference": "vlc-lang-3.0.7.1-lp150.8.1.noarch",
"relates_to_product_reference": "openSUSE Leap 15.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "vlc-noX-3.0.7.1-lp150.8.1.x86_64 as component of openSUSE Leap 15.0",
"product_id": "openSUSE Leap 15.0:vlc-noX-3.0.7.1-lp150.8.1.x86_64"
},
"product_reference": "vlc-noX-3.0.7.1-lp150.8.1.x86_64",
"relates_to_product_reference": "openSUSE Leap 15.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "vlc-qt-3.0.7.1-lp150.8.1.x86_64 as component of openSUSE Leap 15.0",
"product_id": "openSUSE Leap 15.0:vlc-qt-3.0.7.1-lp150.8.1.x86_64"
},
"product_reference": "vlc-qt-3.0.7.1-lp150.8.1.x86_64",
"relates_to_product_reference": "openSUSE Leap 15.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "vlc-vdpau-3.0.7.1-lp150.8.1.x86_64 as component of openSUSE Leap 15.0",
"product_id": "openSUSE Leap 15.0:vlc-vdpau-3.0.7.1-lp150.8.1.x86_64"
},
"product_reference": "vlc-vdpau-3.0.7.1-lp150.8.1.x86_64",
"relates_to_product_reference": "openSUSE Leap 15.0"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2018-19857",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2018-19857"
}
],
"notes": [
{
"category": "general",
"text": "The CAF demuxer in modules/demux/caf.c in VideoLAN VLC media player 3.0.4 may read memory from an uninitialized pointer when processing magic cookies in CAF files, because a ReadKukiChunk() cast converts a return value to an unsigned int even if that value is negative. This could result in a denial of service and/or a potential infoleak.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Leap 15.0:aom-tools-1.0.0-lp150.2.1.x86_64",
"openSUSE Leap 15.0:libaom-devel-1.0.0-lp150.2.1.x86_64",
"openSUSE Leap 15.0:libaom-devel-doc-1.0.0-lp150.2.1.noarch",
"openSUSE Leap 15.0:libaom0-1.0.0-lp150.2.1.x86_64",
"openSUSE Leap 15.0:libvlc5-3.0.7.1-lp150.8.1.x86_64",
"openSUSE Leap 15.0:libvlccore9-3.0.7.1-lp150.8.1.x86_64",
"openSUSE Leap 15.0:vlc-3.0.7.1-lp150.8.1.x86_64",
"openSUSE Leap 15.0:vlc-codec-gstreamer-3.0.7.1-lp150.8.1.x86_64",
"openSUSE Leap 15.0:vlc-devel-3.0.7.1-lp150.8.1.x86_64",
"openSUSE Leap 15.0:vlc-jack-3.0.7.1-lp150.8.1.x86_64",
"openSUSE Leap 15.0:vlc-lang-3.0.7.1-lp150.8.1.noarch",
"openSUSE Leap 15.0:vlc-noX-3.0.7.1-lp150.8.1.x86_64",
"openSUSE Leap 15.0:vlc-qt-3.0.7.1-lp150.8.1.x86_64",
"openSUSE Leap 15.0:vlc-vdpau-3.0.7.1-lp150.8.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2018-19857",
"url": "https://www.suse.com/security/cve/CVE-2018-19857"
},
{
"category": "external",
"summary": "SUSE Bug 1118586 for CVE-2018-19857",
"url": "https://bugzilla.suse.com/1118586"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Leap 15.0:aom-tools-1.0.0-lp150.2.1.x86_64",
"openSUSE Leap 15.0:libaom-devel-1.0.0-lp150.2.1.x86_64",
"openSUSE Leap 15.0:libaom-devel-doc-1.0.0-lp150.2.1.noarch",
"openSUSE Leap 15.0:libaom0-1.0.0-lp150.2.1.x86_64",
"openSUSE Leap 15.0:libvlc5-3.0.7.1-lp150.8.1.x86_64",
"openSUSE Leap 15.0:libvlccore9-3.0.7.1-lp150.8.1.x86_64",
"openSUSE Leap 15.0:vlc-3.0.7.1-lp150.8.1.x86_64",
"openSUSE Leap 15.0:vlc-codec-gstreamer-3.0.7.1-lp150.8.1.x86_64",
"openSUSE Leap 15.0:vlc-devel-3.0.7.1-lp150.8.1.x86_64",
"openSUSE Leap 15.0:vlc-jack-3.0.7.1-lp150.8.1.x86_64",
"openSUSE Leap 15.0:vlc-lang-3.0.7.1-lp150.8.1.noarch",
"openSUSE Leap 15.0:vlc-noX-3.0.7.1-lp150.8.1.x86_64",
"openSUSE Leap 15.0:vlc-qt-3.0.7.1-lp150.8.1.x86_64",
"openSUSE Leap 15.0:vlc-vdpau-3.0.7.1-lp150.8.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 9.1,
"baseSeverity": "CRITICAL",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H",
"version": "3.0"
},
"products": [
"openSUSE Leap 15.0:aom-tools-1.0.0-lp150.2.1.x86_64",
"openSUSE Leap 15.0:libaom-devel-1.0.0-lp150.2.1.x86_64",
"openSUSE Leap 15.0:libaom-devel-doc-1.0.0-lp150.2.1.noarch",
"openSUSE Leap 15.0:libaom0-1.0.0-lp150.2.1.x86_64",
"openSUSE Leap 15.0:libvlc5-3.0.7.1-lp150.8.1.x86_64",
"openSUSE Leap 15.0:libvlccore9-3.0.7.1-lp150.8.1.x86_64",
"openSUSE Leap 15.0:vlc-3.0.7.1-lp150.8.1.x86_64",
"openSUSE Leap 15.0:vlc-codec-gstreamer-3.0.7.1-lp150.8.1.x86_64",
"openSUSE Leap 15.0:vlc-devel-3.0.7.1-lp150.8.1.x86_64",
"openSUSE Leap 15.0:vlc-jack-3.0.7.1-lp150.8.1.x86_64",
"openSUSE Leap 15.0:vlc-lang-3.0.7.1-lp150.8.1.noarch",
"openSUSE Leap 15.0:vlc-noX-3.0.7.1-lp150.8.1.x86_64",
"openSUSE Leap 15.0:vlc-qt-3.0.7.1-lp150.8.1.x86_64",
"openSUSE Leap 15.0:vlc-vdpau-3.0.7.1-lp150.8.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2019-08-15T09:44:57Z",
"details": "moderate"
}
],
"title": "CVE-2018-19857"
},
{
"cve": "CVE-2019-12874",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2019-12874"
}
],
"notes": [
{
"category": "general",
"text": "An issue was discovered in zlib_decompress_extra in modules/demux/mkv/util.cpp in VideoLAN VLC media player 3.x through 3.0.7. The Matroska demuxer, while parsing a malformed MKV file type, has a double free.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Leap 15.0:aom-tools-1.0.0-lp150.2.1.x86_64",
"openSUSE Leap 15.0:libaom-devel-1.0.0-lp150.2.1.x86_64",
"openSUSE Leap 15.0:libaom-devel-doc-1.0.0-lp150.2.1.noarch",
"openSUSE Leap 15.0:libaom0-1.0.0-lp150.2.1.x86_64",
"openSUSE Leap 15.0:libvlc5-3.0.7.1-lp150.8.1.x86_64",
"openSUSE Leap 15.0:libvlccore9-3.0.7.1-lp150.8.1.x86_64",
"openSUSE Leap 15.0:vlc-3.0.7.1-lp150.8.1.x86_64",
"openSUSE Leap 15.0:vlc-codec-gstreamer-3.0.7.1-lp150.8.1.x86_64",
"openSUSE Leap 15.0:vlc-devel-3.0.7.1-lp150.8.1.x86_64",
"openSUSE Leap 15.0:vlc-jack-3.0.7.1-lp150.8.1.x86_64",
"openSUSE Leap 15.0:vlc-lang-3.0.7.1-lp150.8.1.noarch",
"openSUSE Leap 15.0:vlc-noX-3.0.7.1-lp150.8.1.x86_64",
"openSUSE Leap 15.0:vlc-qt-3.0.7.1-lp150.8.1.x86_64",
"openSUSE Leap 15.0:vlc-vdpau-3.0.7.1-lp150.8.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2019-12874",
"url": "https://www.suse.com/security/cve/CVE-2019-12874"
},
{
"category": "external",
"summary": "SUSE Bug 1138933 for CVE-2019-12874",
"url": "https://bugzilla.suse.com/1138933"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Leap 15.0:aom-tools-1.0.0-lp150.2.1.x86_64",
"openSUSE Leap 15.0:libaom-devel-1.0.0-lp150.2.1.x86_64",
"openSUSE Leap 15.0:libaom-devel-doc-1.0.0-lp150.2.1.noarch",
"openSUSE Leap 15.0:libaom0-1.0.0-lp150.2.1.x86_64",
"openSUSE Leap 15.0:libvlc5-3.0.7.1-lp150.8.1.x86_64",
"openSUSE Leap 15.0:libvlccore9-3.0.7.1-lp150.8.1.x86_64",
"openSUSE Leap 15.0:vlc-3.0.7.1-lp150.8.1.x86_64",
"openSUSE Leap 15.0:vlc-codec-gstreamer-3.0.7.1-lp150.8.1.x86_64",
"openSUSE Leap 15.0:vlc-devel-3.0.7.1-lp150.8.1.x86_64",
"openSUSE Leap 15.0:vlc-jack-3.0.7.1-lp150.8.1.x86_64",
"openSUSE Leap 15.0:vlc-lang-3.0.7.1-lp150.8.1.noarch",
"openSUSE Leap 15.0:vlc-noX-3.0.7.1-lp150.8.1.x86_64",
"openSUSE Leap 15.0:vlc-qt-3.0.7.1-lp150.8.1.x86_64",
"openSUSE Leap 15.0:vlc-vdpau-3.0.7.1-lp150.8.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
},
"products": [
"openSUSE Leap 15.0:aom-tools-1.0.0-lp150.2.1.x86_64",
"openSUSE Leap 15.0:libaom-devel-1.0.0-lp150.2.1.x86_64",
"openSUSE Leap 15.0:libaom-devel-doc-1.0.0-lp150.2.1.noarch",
"openSUSE Leap 15.0:libaom0-1.0.0-lp150.2.1.x86_64",
"openSUSE Leap 15.0:libvlc5-3.0.7.1-lp150.8.1.x86_64",
"openSUSE Leap 15.0:libvlccore9-3.0.7.1-lp150.8.1.x86_64",
"openSUSE Leap 15.0:vlc-3.0.7.1-lp150.8.1.x86_64",
"openSUSE Leap 15.0:vlc-codec-gstreamer-3.0.7.1-lp150.8.1.x86_64",
"openSUSE Leap 15.0:vlc-devel-3.0.7.1-lp150.8.1.x86_64",
"openSUSE Leap 15.0:vlc-jack-3.0.7.1-lp150.8.1.x86_64",
"openSUSE Leap 15.0:vlc-lang-3.0.7.1-lp150.8.1.noarch",
"openSUSE Leap 15.0:vlc-noX-3.0.7.1-lp150.8.1.x86_64",
"openSUSE Leap 15.0:vlc-qt-3.0.7.1-lp150.8.1.x86_64",
"openSUSE Leap 15.0:vlc-vdpau-3.0.7.1-lp150.8.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2019-08-15T09:44:57Z",
"details": "important"
}
],
"title": "CVE-2019-12874"
},
{
"cve": "CVE-2019-13602",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2019-13602"
}
],
"notes": [
{
"category": "general",
"text": "An Integer Underflow in MP4_EIA608_Convert() in modules/demux/mp4/mp4.c in VideoLAN VLC media player through 3.0.7.1 allows remote attackers to cause a denial of service (heap-based buffer overflow and crash) or possibly have unspecified other impact via a crafted .mp4 file.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Leap 15.0:aom-tools-1.0.0-lp150.2.1.x86_64",
"openSUSE Leap 15.0:libaom-devel-1.0.0-lp150.2.1.x86_64",
"openSUSE Leap 15.0:libaom-devel-doc-1.0.0-lp150.2.1.noarch",
"openSUSE Leap 15.0:libaom0-1.0.0-lp150.2.1.x86_64",
"openSUSE Leap 15.0:libvlc5-3.0.7.1-lp150.8.1.x86_64",
"openSUSE Leap 15.0:libvlccore9-3.0.7.1-lp150.8.1.x86_64",
"openSUSE Leap 15.0:vlc-3.0.7.1-lp150.8.1.x86_64",
"openSUSE Leap 15.0:vlc-codec-gstreamer-3.0.7.1-lp150.8.1.x86_64",
"openSUSE Leap 15.0:vlc-devel-3.0.7.1-lp150.8.1.x86_64",
"openSUSE Leap 15.0:vlc-jack-3.0.7.1-lp150.8.1.x86_64",
"openSUSE Leap 15.0:vlc-lang-3.0.7.1-lp150.8.1.noarch",
"openSUSE Leap 15.0:vlc-noX-3.0.7.1-lp150.8.1.x86_64",
"openSUSE Leap 15.0:vlc-qt-3.0.7.1-lp150.8.1.x86_64",
"openSUSE Leap 15.0:vlc-vdpau-3.0.7.1-lp150.8.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2019-13602",
"url": "https://www.suse.com/security/cve/CVE-2019-13602"
},
{
"category": "external",
"summary": "SUSE Bug 1141522 for CVE-2019-13602",
"url": "https://bugzilla.suse.com/1141522"
},
{
"category": "external",
"summary": "SUSE Bug 1146428 for CVE-2019-13602",
"url": "https://bugzilla.suse.com/1146428"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Leap 15.0:aom-tools-1.0.0-lp150.2.1.x86_64",
"openSUSE Leap 15.0:libaom-devel-1.0.0-lp150.2.1.x86_64",
"openSUSE Leap 15.0:libaom-devel-doc-1.0.0-lp150.2.1.noarch",
"openSUSE Leap 15.0:libaom0-1.0.0-lp150.2.1.x86_64",
"openSUSE Leap 15.0:libvlc5-3.0.7.1-lp150.8.1.x86_64",
"openSUSE Leap 15.0:libvlccore9-3.0.7.1-lp150.8.1.x86_64",
"openSUSE Leap 15.0:vlc-3.0.7.1-lp150.8.1.x86_64",
"openSUSE Leap 15.0:vlc-codec-gstreamer-3.0.7.1-lp150.8.1.x86_64",
"openSUSE Leap 15.0:vlc-devel-3.0.7.1-lp150.8.1.x86_64",
"openSUSE Leap 15.0:vlc-jack-3.0.7.1-lp150.8.1.x86_64",
"openSUSE Leap 15.0:vlc-lang-3.0.7.1-lp150.8.1.noarch",
"openSUSE Leap 15.0:vlc-noX-3.0.7.1-lp150.8.1.x86_64",
"openSUSE Leap 15.0:vlc-qt-3.0.7.1-lp150.8.1.x86_64",
"openSUSE Leap 15.0:vlc-vdpau-3.0.7.1-lp150.8.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.0"
},
"products": [
"openSUSE Leap 15.0:aom-tools-1.0.0-lp150.2.1.x86_64",
"openSUSE Leap 15.0:libaom-devel-1.0.0-lp150.2.1.x86_64",
"openSUSE Leap 15.0:libaom-devel-doc-1.0.0-lp150.2.1.noarch",
"openSUSE Leap 15.0:libaom0-1.0.0-lp150.2.1.x86_64",
"openSUSE Leap 15.0:libvlc5-3.0.7.1-lp150.8.1.x86_64",
"openSUSE Leap 15.0:libvlccore9-3.0.7.1-lp150.8.1.x86_64",
"openSUSE Leap 15.0:vlc-3.0.7.1-lp150.8.1.x86_64",
"openSUSE Leap 15.0:vlc-codec-gstreamer-3.0.7.1-lp150.8.1.x86_64",
"openSUSE Leap 15.0:vlc-devel-3.0.7.1-lp150.8.1.x86_64",
"openSUSE Leap 15.0:vlc-jack-3.0.7.1-lp150.8.1.x86_64",
"openSUSE Leap 15.0:vlc-lang-3.0.7.1-lp150.8.1.noarch",
"openSUSE Leap 15.0:vlc-noX-3.0.7.1-lp150.8.1.x86_64",
"openSUSE Leap 15.0:vlc-qt-3.0.7.1-lp150.8.1.x86_64",
"openSUSE Leap 15.0:vlc-vdpau-3.0.7.1-lp150.8.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2019-08-15T09:44:57Z",
"details": "important"
}
],
"title": "CVE-2019-13602"
},
{
"cve": "CVE-2019-13962",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2019-13962"
}
],
"notes": [
{
"category": "general",
"text": "lavc_CopyPicture in modules/codec/avcodec/video.c in VideoLAN VLC media player through 3.0.7 has a heap-based buffer over-read because it does not properly validate the width and height.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Leap 15.0:aom-tools-1.0.0-lp150.2.1.x86_64",
"openSUSE Leap 15.0:libaom-devel-1.0.0-lp150.2.1.x86_64",
"openSUSE Leap 15.0:libaom-devel-doc-1.0.0-lp150.2.1.noarch",
"openSUSE Leap 15.0:libaom0-1.0.0-lp150.2.1.x86_64",
"openSUSE Leap 15.0:libvlc5-3.0.7.1-lp150.8.1.x86_64",
"openSUSE Leap 15.0:libvlccore9-3.0.7.1-lp150.8.1.x86_64",
"openSUSE Leap 15.0:vlc-3.0.7.1-lp150.8.1.x86_64",
"openSUSE Leap 15.0:vlc-codec-gstreamer-3.0.7.1-lp150.8.1.x86_64",
"openSUSE Leap 15.0:vlc-devel-3.0.7.1-lp150.8.1.x86_64",
"openSUSE Leap 15.0:vlc-jack-3.0.7.1-lp150.8.1.x86_64",
"openSUSE Leap 15.0:vlc-lang-3.0.7.1-lp150.8.1.noarch",
"openSUSE Leap 15.0:vlc-noX-3.0.7.1-lp150.8.1.x86_64",
"openSUSE Leap 15.0:vlc-qt-3.0.7.1-lp150.8.1.x86_64",
"openSUSE Leap 15.0:vlc-vdpau-3.0.7.1-lp150.8.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2019-13962",
"url": "https://www.suse.com/security/cve/CVE-2019-13962"
},
{
"category": "external",
"summary": "SUSE Bug 1142161 for CVE-2019-13962",
"url": "https://bugzilla.suse.com/1142161"
},
{
"category": "external",
"summary": "SUSE Bug 1146428 for CVE-2019-13962",
"url": "https://bugzilla.suse.com/1146428"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Leap 15.0:aom-tools-1.0.0-lp150.2.1.x86_64",
"openSUSE Leap 15.0:libaom-devel-1.0.0-lp150.2.1.x86_64",
"openSUSE Leap 15.0:libaom-devel-doc-1.0.0-lp150.2.1.noarch",
"openSUSE Leap 15.0:libaom0-1.0.0-lp150.2.1.x86_64",
"openSUSE Leap 15.0:libvlc5-3.0.7.1-lp150.8.1.x86_64",
"openSUSE Leap 15.0:libvlccore9-3.0.7.1-lp150.8.1.x86_64",
"openSUSE Leap 15.0:vlc-3.0.7.1-lp150.8.1.x86_64",
"openSUSE Leap 15.0:vlc-codec-gstreamer-3.0.7.1-lp150.8.1.x86_64",
"openSUSE Leap 15.0:vlc-devel-3.0.7.1-lp150.8.1.x86_64",
"openSUSE Leap 15.0:vlc-jack-3.0.7.1-lp150.8.1.x86_64",
"openSUSE Leap 15.0:vlc-lang-3.0.7.1-lp150.8.1.noarch",
"openSUSE Leap 15.0:vlc-noX-3.0.7.1-lp150.8.1.x86_64",
"openSUSE Leap 15.0:vlc-qt-3.0.7.1-lp150.8.1.x86_64",
"openSUSE Leap 15.0:vlc-vdpau-3.0.7.1-lp150.8.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"openSUSE Leap 15.0:aom-tools-1.0.0-lp150.2.1.x86_64",
"openSUSE Leap 15.0:libaom-devel-1.0.0-lp150.2.1.x86_64",
"openSUSE Leap 15.0:libaom-devel-doc-1.0.0-lp150.2.1.noarch",
"openSUSE Leap 15.0:libaom0-1.0.0-lp150.2.1.x86_64",
"openSUSE Leap 15.0:libvlc5-3.0.7.1-lp150.8.1.x86_64",
"openSUSE Leap 15.0:libvlccore9-3.0.7.1-lp150.8.1.x86_64",
"openSUSE Leap 15.0:vlc-3.0.7.1-lp150.8.1.x86_64",
"openSUSE Leap 15.0:vlc-codec-gstreamer-3.0.7.1-lp150.8.1.x86_64",
"openSUSE Leap 15.0:vlc-devel-3.0.7.1-lp150.8.1.x86_64",
"openSUSE Leap 15.0:vlc-jack-3.0.7.1-lp150.8.1.x86_64",
"openSUSE Leap 15.0:vlc-lang-3.0.7.1-lp150.8.1.noarch",
"openSUSE Leap 15.0:vlc-noX-3.0.7.1-lp150.8.1.x86_64",
"openSUSE Leap 15.0:vlc-qt-3.0.7.1-lp150.8.1.x86_64",
"openSUSE Leap 15.0:vlc-vdpau-3.0.7.1-lp150.8.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2019-08-15T09:44:57Z",
"details": "critical"
}
],
"title": "CVE-2019-13962"
},
{
"cve": "CVE-2019-5439",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2019-5439"
}
],
"notes": [
{
"category": "general",
"text": "A Buffer Overflow in VLC Media Player \u003c 3.0.7 causes a crash which can possibly be further developed into a remote code execution exploit.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Leap 15.0:aom-tools-1.0.0-lp150.2.1.x86_64",
"openSUSE Leap 15.0:libaom-devel-1.0.0-lp150.2.1.x86_64",
"openSUSE Leap 15.0:libaom-devel-doc-1.0.0-lp150.2.1.noarch",
"openSUSE Leap 15.0:libaom0-1.0.0-lp150.2.1.x86_64",
"openSUSE Leap 15.0:libvlc5-3.0.7.1-lp150.8.1.x86_64",
"openSUSE Leap 15.0:libvlccore9-3.0.7.1-lp150.8.1.x86_64",
"openSUSE Leap 15.0:vlc-3.0.7.1-lp150.8.1.x86_64",
"openSUSE Leap 15.0:vlc-codec-gstreamer-3.0.7.1-lp150.8.1.x86_64",
"openSUSE Leap 15.0:vlc-devel-3.0.7.1-lp150.8.1.x86_64",
"openSUSE Leap 15.0:vlc-jack-3.0.7.1-lp150.8.1.x86_64",
"openSUSE Leap 15.0:vlc-lang-3.0.7.1-lp150.8.1.noarch",
"openSUSE Leap 15.0:vlc-noX-3.0.7.1-lp150.8.1.x86_64",
"openSUSE Leap 15.0:vlc-qt-3.0.7.1-lp150.8.1.x86_64",
"openSUSE Leap 15.0:vlc-vdpau-3.0.7.1-lp150.8.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2019-5439",
"url": "https://www.suse.com/security/cve/CVE-2019-5439"
},
{
"category": "external",
"summary": "SUSE Bug 1138354 for CVE-2019-5439",
"url": "https://bugzilla.suse.com/1138354"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Leap 15.0:aom-tools-1.0.0-lp150.2.1.x86_64",
"openSUSE Leap 15.0:libaom-devel-1.0.0-lp150.2.1.x86_64",
"openSUSE Leap 15.0:libaom-devel-doc-1.0.0-lp150.2.1.noarch",
"openSUSE Leap 15.0:libaom0-1.0.0-lp150.2.1.x86_64",
"openSUSE Leap 15.0:libvlc5-3.0.7.1-lp150.8.1.x86_64",
"openSUSE Leap 15.0:libvlccore9-3.0.7.1-lp150.8.1.x86_64",
"openSUSE Leap 15.0:vlc-3.0.7.1-lp150.8.1.x86_64",
"openSUSE Leap 15.0:vlc-codec-gstreamer-3.0.7.1-lp150.8.1.x86_64",
"openSUSE Leap 15.0:vlc-devel-3.0.7.1-lp150.8.1.x86_64",
"openSUSE Leap 15.0:vlc-jack-3.0.7.1-lp150.8.1.x86_64",
"openSUSE Leap 15.0:vlc-lang-3.0.7.1-lp150.8.1.noarch",
"openSUSE Leap 15.0:vlc-noX-3.0.7.1-lp150.8.1.x86_64",
"openSUSE Leap 15.0:vlc-qt-3.0.7.1-lp150.8.1.x86_64",
"openSUSE Leap 15.0:vlc-vdpau-3.0.7.1-lp150.8.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
"version": "3.0"
},
"products": [
"openSUSE Leap 15.0:aom-tools-1.0.0-lp150.2.1.x86_64",
"openSUSE Leap 15.0:libaom-devel-1.0.0-lp150.2.1.x86_64",
"openSUSE Leap 15.0:libaom-devel-doc-1.0.0-lp150.2.1.noarch",
"openSUSE Leap 15.0:libaom0-1.0.0-lp150.2.1.x86_64",
"openSUSE Leap 15.0:libvlc5-3.0.7.1-lp150.8.1.x86_64",
"openSUSE Leap 15.0:libvlccore9-3.0.7.1-lp150.8.1.x86_64",
"openSUSE Leap 15.0:vlc-3.0.7.1-lp150.8.1.x86_64",
"openSUSE Leap 15.0:vlc-codec-gstreamer-3.0.7.1-lp150.8.1.x86_64",
"openSUSE Leap 15.0:vlc-devel-3.0.7.1-lp150.8.1.x86_64",
"openSUSE Leap 15.0:vlc-jack-3.0.7.1-lp150.8.1.x86_64",
"openSUSE Leap 15.0:vlc-lang-3.0.7.1-lp150.8.1.noarch",
"openSUSE Leap 15.0:vlc-noX-3.0.7.1-lp150.8.1.x86_64",
"openSUSE Leap 15.0:vlc-qt-3.0.7.1-lp150.8.1.x86_64",
"openSUSE Leap 15.0:vlc-vdpau-3.0.7.1-lp150.8.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2019-08-15T09:44:57Z",
"details": "moderate"
}
],
"title": "CVE-2019-5439"
},
{
"cve": "CVE-2019-5459",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2019-5459"
}
],
"notes": [
{
"category": "general",
"text": "An Integer underflow in VLC Media Player versions \u003c 3.0.7 leads to an out-of-band read.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Leap 15.0:aom-tools-1.0.0-lp150.2.1.x86_64",
"openSUSE Leap 15.0:libaom-devel-1.0.0-lp150.2.1.x86_64",
"openSUSE Leap 15.0:libaom-devel-doc-1.0.0-lp150.2.1.noarch",
"openSUSE Leap 15.0:libaom0-1.0.0-lp150.2.1.x86_64",
"openSUSE Leap 15.0:libvlc5-3.0.7.1-lp150.8.1.x86_64",
"openSUSE Leap 15.0:libvlccore9-3.0.7.1-lp150.8.1.x86_64",
"openSUSE Leap 15.0:vlc-3.0.7.1-lp150.8.1.x86_64",
"openSUSE Leap 15.0:vlc-codec-gstreamer-3.0.7.1-lp150.8.1.x86_64",
"openSUSE Leap 15.0:vlc-devel-3.0.7.1-lp150.8.1.x86_64",
"openSUSE Leap 15.0:vlc-jack-3.0.7.1-lp150.8.1.x86_64",
"openSUSE Leap 15.0:vlc-lang-3.0.7.1-lp150.8.1.noarch",
"openSUSE Leap 15.0:vlc-noX-3.0.7.1-lp150.8.1.x86_64",
"openSUSE Leap 15.0:vlc-qt-3.0.7.1-lp150.8.1.x86_64",
"openSUSE Leap 15.0:vlc-vdpau-3.0.7.1-lp150.8.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2019-5459",
"url": "https://www.suse.com/security/cve/CVE-2019-5459"
},
{
"category": "external",
"summary": "SUSE Bug 1143549 for CVE-2019-5459",
"url": "https://bugzilla.suse.com/1143549"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Leap 15.0:aom-tools-1.0.0-lp150.2.1.x86_64",
"openSUSE Leap 15.0:libaom-devel-1.0.0-lp150.2.1.x86_64",
"openSUSE Leap 15.0:libaom-devel-doc-1.0.0-lp150.2.1.noarch",
"openSUSE Leap 15.0:libaom0-1.0.0-lp150.2.1.x86_64",
"openSUSE Leap 15.0:libvlc5-3.0.7.1-lp150.8.1.x86_64",
"openSUSE Leap 15.0:libvlccore9-3.0.7.1-lp150.8.1.x86_64",
"openSUSE Leap 15.0:vlc-3.0.7.1-lp150.8.1.x86_64",
"openSUSE Leap 15.0:vlc-codec-gstreamer-3.0.7.1-lp150.8.1.x86_64",
"openSUSE Leap 15.0:vlc-devel-3.0.7.1-lp150.8.1.x86_64",
"openSUSE Leap 15.0:vlc-jack-3.0.7.1-lp150.8.1.x86_64",
"openSUSE Leap 15.0:vlc-lang-3.0.7.1-lp150.8.1.noarch",
"openSUSE Leap 15.0:vlc-noX-3.0.7.1-lp150.8.1.x86_64",
"openSUSE Leap 15.0:vlc-qt-3.0.7.1-lp150.8.1.x86_64",
"openSUSE Leap 15.0:vlc-vdpau-3.0.7.1-lp150.8.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.1,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:H",
"version": "3.1"
},
"products": [
"openSUSE Leap 15.0:aom-tools-1.0.0-lp150.2.1.x86_64",
"openSUSE Leap 15.0:libaom-devel-1.0.0-lp150.2.1.x86_64",
"openSUSE Leap 15.0:libaom-devel-doc-1.0.0-lp150.2.1.noarch",
"openSUSE Leap 15.0:libaom0-1.0.0-lp150.2.1.x86_64",
"openSUSE Leap 15.0:libvlc5-3.0.7.1-lp150.8.1.x86_64",
"openSUSE Leap 15.0:libvlccore9-3.0.7.1-lp150.8.1.x86_64",
"openSUSE Leap 15.0:vlc-3.0.7.1-lp150.8.1.x86_64",
"openSUSE Leap 15.0:vlc-codec-gstreamer-3.0.7.1-lp150.8.1.x86_64",
"openSUSE Leap 15.0:vlc-devel-3.0.7.1-lp150.8.1.x86_64",
"openSUSE Leap 15.0:vlc-jack-3.0.7.1-lp150.8.1.x86_64",
"openSUSE Leap 15.0:vlc-lang-3.0.7.1-lp150.8.1.noarch",
"openSUSE Leap 15.0:vlc-noX-3.0.7.1-lp150.8.1.x86_64",
"openSUSE Leap 15.0:vlc-qt-3.0.7.1-lp150.8.1.x86_64",
"openSUSE Leap 15.0:vlc-vdpau-3.0.7.1-lp150.8.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2019-08-15T09:44:57Z",
"details": "moderate"
}
],
"title": "CVE-2019-5459"
},
{
"cve": "CVE-2019-5460",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2019-5460"
}
],
"notes": [
{
"category": "general",
"text": "Double Free in VLC versions \u003c= 3.0.6 leads to a crash.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Leap 15.0:aom-tools-1.0.0-lp150.2.1.x86_64",
"openSUSE Leap 15.0:libaom-devel-1.0.0-lp150.2.1.x86_64",
"openSUSE Leap 15.0:libaom-devel-doc-1.0.0-lp150.2.1.noarch",
"openSUSE Leap 15.0:libaom0-1.0.0-lp150.2.1.x86_64",
"openSUSE Leap 15.0:libvlc5-3.0.7.1-lp150.8.1.x86_64",
"openSUSE Leap 15.0:libvlccore9-3.0.7.1-lp150.8.1.x86_64",
"openSUSE Leap 15.0:vlc-3.0.7.1-lp150.8.1.x86_64",
"openSUSE Leap 15.0:vlc-codec-gstreamer-3.0.7.1-lp150.8.1.x86_64",
"openSUSE Leap 15.0:vlc-devel-3.0.7.1-lp150.8.1.x86_64",
"openSUSE Leap 15.0:vlc-jack-3.0.7.1-lp150.8.1.x86_64",
"openSUSE Leap 15.0:vlc-lang-3.0.7.1-lp150.8.1.noarch",
"openSUSE Leap 15.0:vlc-noX-3.0.7.1-lp150.8.1.x86_64",
"openSUSE Leap 15.0:vlc-qt-3.0.7.1-lp150.8.1.x86_64",
"openSUSE Leap 15.0:vlc-vdpau-3.0.7.1-lp150.8.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2019-5460",
"url": "https://www.suse.com/security/cve/CVE-2019-5460"
},
{
"category": "external",
"summary": "SUSE Bug 1143547 for CVE-2019-5460",
"url": "https://bugzilla.suse.com/1143547"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Leap 15.0:aom-tools-1.0.0-lp150.2.1.x86_64",
"openSUSE Leap 15.0:libaom-devel-1.0.0-lp150.2.1.x86_64",
"openSUSE Leap 15.0:libaom-devel-doc-1.0.0-lp150.2.1.noarch",
"openSUSE Leap 15.0:libaom0-1.0.0-lp150.2.1.x86_64",
"openSUSE Leap 15.0:libvlc5-3.0.7.1-lp150.8.1.x86_64",
"openSUSE Leap 15.0:libvlccore9-3.0.7.1-lp150.8.1.x86_64",
"openSUSE Leap 15.0:vlc-3.0.7.1-lp150.8.1.x86_64",
"openSUSE Leap 15.0:vlc-codec-gstreamer-3.0.7.1-lp150.8.1.x86_64",
"openSUSE Leap 15.0:vlc-devel-3.0.7.1-lp150.8.1.x86_64",
"openSUSE Leap 15.0:vlc-jack-3.0.7.1-lp150.8.1.x86_64",
"openSUSE Leap 15.0:vlc-lang-3.0.7.1-lp150.8.1.noarch",
"openSUSE Leap 15.0:vlc-noX-3.0.7.1-lp150.8.1.x86_64",
"openSUSE Leap 15.0:vlc-qt-3.0.7.1-lp150.8.1.x86_64",
"openSUSE Leap 15.0:vlc-vdpau-3.0.7.1-lp150.8.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"openSUSE Leap 15.0:aom-tools-1.0.0-lp150.2.1.x86_64",
"openSUSE Leap 15.0:libaom-devel-1.0.0-lp150.2.1.x86_64",
"openSUSE Leap 15.0:libaom-devel-doc-1.0.0-lp150.2.1.noarch",
"openSUSE Leap 15.0:libaom0-1.0.0-lp150.2.1.x86_64",
"openSUSE Leap 15.0:libvlc5-3.0.7.1-lp150.8.1.x86_64",
"openSUSE Leap 15.0:libvlccore9-3.0.7.1-lp150.8.1.x86_64",
"openSUSE Leap 15.0:vlc-3.0.7.1-lp150.8.1.x86_64",
"openSUSE Leap 15.0:vlc-codec-gstreamer-3.0.7.1-lp150.8.1.x86_64",
"openSUSE Leap 15.0:vlc-devel-3.0.7.1-lp150.8.1.x86_64",
"openSUSE Leap 15.0:vlc-jack-3.0.7.1-lp150.8.1.x86_64",
"openSUSE Leap 15.0:vlc-lang-3.0.7.1-lp150.8.1.noarch",
"openSUSE Leap 15.0:vlc-noX-3.0.7.1-lp150.8.1.x86_64",
"openSUSE Leap 15.0:vlc-qt-3.0.7.1-lp150.8.1.x86_64",
"openSUSE Leap 15.0:vlc-vdpau-3.0.7.1-lp150.8.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2019-08-15T09:44:57Z",
"details": "moderate"
}
],
"title": "CVE-2019-5460"
}
]
}
opensuse-su-2019:2015-1
Vulnerability from csaf_opensuse
Published
2019-08-26 14:22
Modified
2019-08-26 14:22
Summary
Security update for vlc
Notes
Title of the patch
Security update for vlc
Description of the patch
This update for vlc to version 3.0.7.1 fixes the following issues:
Security issues fixed:
- CVE-2019-5439: Fixed a buffer overflow (bsc#1138354).
- CVE-2019-5459: Fixed an integer underflow (bsc#1143549).
- CVE-2019-5460: Fixed a double free (bsc#1143547).
- CVE-2019-12874: Fixed a double free in zlib_decompress_extra in modules/demux/mkv/util.cpp (bsc#1138933).
- CVE-2019-13602: Fixed an integer underflow in mp4 demuxer (boo#1141522).
- CVE-2019-13962: Fixed a heap-based buffer over-read in avcodec (boo#1142161).
Non-security issues fixed:
- Video Output:
* Fix hardware acceleration with some AMD drivers
* Improve direct3d11 HDR support
- Access:
* Improve Blu-ray support
- Audio output:
* Fix pass-through on Android-23
* Fix DirectSound drain
- Demux: Improve MP4 support
- Video Output:
* Fix 12 bits sources playback with Direct3D11
* Fix crash on iOS
* Fix midstream aspect-ratio changes when Windows hardware decoding is on
* Fix HLG display with Direct3D11
- Stream Output: Improve Chromecast support with new ChromeCast apps
- Misc:
* Update Youtube, Dailymotion, Vimeo, Soundcloud scripts
* Work around busy looping when playing an invalid item with loop enabled
- Updated translations.
New package libaom:
* Initial version 1.0.0
* A library for AOMedia Video 1 (AV1), an open, royalty-free video coding format
designed for video transmissions over the Internet.
This update was imported from the openSUSE:Leap:15.0:Update update project.
Patchnames
openSUSE-2019-2015
Terms of use
CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).
{
"document": {
"aggregate_severity": {
"namespace": "https://www.suse.com/support/security/rating/",
"text": "important"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright 2024 SUSE LLC. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "Security update for vlc",
"title": "Title of the patch"
},
{
"category": "description",
"text": "This update for vlc to version 3.0.7.1 fixes the following issues:\n\nSecurity issues fixed:\n\n- CVE-2019-5439: Fixed a buffer overflow (bsc#1138354).\n- CVE-2019-5459: Fixed an integer underflow (bsc#1143549).\n- CVE-2019-5460: Fixed a double free (bsc#1143547).\n- CVE-2019-12874: Fixed a double free in zlib_decompress_extra in modules/demux/mkv/util.cpp (bsc#1138933).\n- CVE-2019-13602: Fixed an integer underflow in mp4 demuxer (boo#1141522).\n- CVE-2019-13962: Fixed a heap-based buffer over-read in avcodec (boo#1142161).\n\nNon-security issues fixed:\n\n- Video Output:\n * Fix hardware acceleration with some AMD drivers\n * Improve direct3d11 HDR support\n- Access:\n * Improve Blu-ray support\n- Audio output:\n * Fix pass-through on Android-23\n * Fix DirectSound drain\n- Demux: Improve MP4 support\n- Video Output:\n * Fix 12 bits sources playback with Direct3D11\n * Fix crash on iOS\n * Fix midstream aspect-ratio changes when Windows hardware decoding is on\n * Fix HLG display with Direct3D11\n- Stream Output: Improve Chromecast support with new ChromeCast apps\n- Misc:\n * Update Youtube, Dailymotion, Vimeo, Soundcloud scripts\n * Work around busy looping when playing an invalid item with loop enabled\n- Updated translations.\n\nNew package libaom:\n * Initial version 1.0.0\n * A library for AOMedia Video 1 (AV1), an open, royalty-free video coding format\n designed for video transmissions over the Internet.\n\n\nThis update was imported from the openSUSE:Leap:15.0:Update update project.",
"title": "Description of the patch"
},
{
"category": "details",
"text": "openSUSE-2019-2015",
"title": "Patchnames"
},
{
"category": "legal_disclaimer",
"text": "CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).",
"title": "Terms of use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://www.suse.com/support/security/contact/",
"name": "SUSE Product Security Team",
"namespace": "https://www.suse.com/"
},
"references": [
{
"category": "external",
"summary": "SUSE ratings",
"url": "https://www.suse.com/support/security/rating/"
},
{
"category": "self",
"summary": "URL of this CSAF notice",
"url": "https://ftp.suse.com/pub/projects/security/csaf/opensuse-su-2019_2015-1.json"
},
{
"category": "self",
"summary": "URL for openSUSE-SU-2019:2015-1",
"url": "https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/RNBI5GJAXU5KVZYP22ZO47MDJGB63ZQK/#RNBI5GJAXU5KVZYP22ZO47MDJGB63ZQK"
},
{
"category": "self",
"summary": "E-Mail link for openSUSE-SU-2019:2015-1",
"url": "https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/RNBI5GJAXU5KVZYP22ZO47MDJGB63ZQK/#RNBI5GJAXU5KVZYP22ZO47MDJGB63ZQK"
},
{
"category": "self",
"summary": "SUSE Bug 1093732",
"url": "https://bugzilla.suse.com/1093732"
},
{
"category": "self",
"summary": "SUSE Bug 1094893",
"url": "https://bugzilla.suse.com/1094893"
},
{
"category": "self",
"summary": "SUSE Bug 1118586",
"url": "https://bugzilla.suse.com/1118586"
},
{
"category": "self",
"summary": "SUSE Bug 1133290",
"url": "https://bugzilla.suse.com/1133290"
},
{
"category": "self",
"summary": "SUSE Bug 1138354",
"url": "https://bugzilla.suse.com/1138354"
},
{
"category": "self",
"summary": "SUSE Bug 1138933",
"url": "https://bugzilla.suse.com/1138933"
},
{
"category": "self",
"summary": "SUSE Bug 1141522",
"url": "https://bugzilla.suse.com/1141522"
},
{
"category": "self",
"summary": "SUSE Bug 1142161",
"url": "https://bugzilla.suse.com/1142161"
},
{
"category": "self",
"summary": "SUSE Bug 1143547",
"url": "https://bugzilla.suse.com/1143547"
},
{
"category": "self",
"summary": "SUSE Bug 1143549",
"url": "https://bugzilla.suse.com/1143549"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2018-19857 page",
"url": "https://www.suse.com/security/cve/CVE-2018-19857/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2019-12874 page",
"url": "https://www.suse.com/security/cve/CVE-2019-12874/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2019-13602 page",
"url": "https://www.suse.com/security/cve/CVE-2019-13602/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2019-13962 page",
"url": "https://www.suse.com/security/cve/CVE-2019-13962/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2019-5439 page",
"url": "https://www.suse.com/security/cve/CVE-2019-5439/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2019-5459 page",
"url": "https://www.suse.com/security/cve/CVE-2019-5459/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2019-5460 page",
"url": "https://www.suse.com/security/cve/CVE-2019-5460/"
}
],
"title": "Security update for vlc",
"tracking": {
"current_release_date": "2019-08-26T14:22:46Z",
"generator": {
"date": "2019-08-26T14:22:46Z",
"engine": {
"name": "cve-database.git:bin/generate-csaf.pl",
"version": "1"
}
},
"id": "openSUSE-SU-2019:2015-1",
"initial_release_date": "2019-08-26T14:22:46Z",
"revision_history": [
{
"date": "2019-08-26T14:22:46Z",
"number": "1",
"summary": "Current version"
}
],
"status": "final",
"version": "1"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_version",
"name": "aom-tools-1.0.0-bp150.2.1.aarch64",
"product": {
"name": "aom-tools-1.0.0-bp150.2.1.aarch64",
"product_id": "aom-tools-1.0.0-bp150.2.1.aarch64"
}
},
{
"category": "product_version",
"name": "libaom-devel-1.0.0-bp150.2.1.aarch64",
"product": {
"name": "libaom-devel-1.0.0-bp150.2.1.aarch64",
"product_id": "libaom-devel-1.0.0-bp150.2.1.aarch64"
}
},
{
"category": "product_version",
"name": "libaom0-1.0.0-bp150.2.1.aarch64",
"product": {
"name": "libaom0-1.0.0-bp150.2.1.aarch64",
"product_id": "libaom0-1.0.0-bp150.2.1.aarch64"
}
}
],
"category": "architecture",
"name": "aarch64"
},
{
"branches": [
{
"category": "product_version",
"name": "libaom0-64bit-1.0.0-bp150.2.1.aarch64_ilp32",
"product": {
"name": "libaom0-64bit-1.0.0-bp150.2.1.aarch64_ilp32",
"product_id": "libaom0-64bit-1.0.0-bp150.2.1.aarch64_ilp32"
}
}
],
"category": "architecture",
"name": "aarch64_ilp32"
},
{
"branches": [
{
"category": "product_version",
"name": "libaom-devel-doc-1.0.0-bp150.2.1.noarch",
"product": {
"name": "libaom-devel-doc-1.0.0-bp150.2.1.noarch",
"product_id": "libaom-devel-doc-1.0.0-bp150.2.1.noarch"
}
},
{
"category": "product_version",
"name": "vlc-lang-3.0.7.1-bp150.2.6.1.noarch",
"product": {
"name": "vlc-lang-3.0.7.1-bp150.2.6.1.noarch",
"product_id": "vlc-lang-3.0.7.1-bp150.2.6.1.noarch"
}
}
],
"category": "architecture",
"name": "noarch"
},
{
"branches": [
{
"category": "product_version",
"name": "aom-tools-1.0.0-bp150.2.1.ppc64le",
"product": {
"name": "aom-tools-1.0.0-bp150.2.1.ppc64le",
"product_id": "aom-tools-1.0.0-bp150.2.1.ppc64le"
}
},
{
"category": "product_version",
"name": "libaom-devel-1.0.0-bp150.2.1.ppc64le",
"product": {
"name": "libaom-devel-1.0.0-bp150.2.1.ppc64le",
"product_id": "libaom-devel-1.0.0-bp150.2.1.ppc64le"
}
},
{
"category": "product_version",
"name": "libaom0-1.0.0-bp150.2.1.ppc64le",
"product": {
"name": "libaom0-1.0.0-bp150.2.1.ppc64le",
"product_id": "libaom0-1.0.0-bp150.2.1.ppc64le"
}
}
],
"category": "architecture",
"name": "ppc64le"
},
{
"branches": [
{
"category": "product_version",
"name": "aom-tools-1.0.0-bp150.2.1.s390x",
"product": {
"name": "aom-tools-1.0.0-bp150.2.1.s390x",
"product_id": "aom-tools-1.0.0-bp150.2.1.s390x"
}
},
{
"category": "product_version",
"name": "libaom-devel-1.0.0-bp150.2.1.s390x",
"product": {
"name": "libaom-devel-1.0.0-bp150.2.1.s390x",
"product_id": "libaom-devel-1.0.0-bp150.2.1.s390x"
}
},
{
"category": "product_version",
"name": "libaom0-1.0.0-bp150.2.1.s390x",
"product": {
"name": "libaom0-1.0.0-bp150.2.1.s390x",
"product_id": "libaom0-1.0.0-bp150.2.1.s390x"
}
}
],
"category": "architecture",
"name": "s390x"
},
{
"branches": [
{
"category": "product_version",
"name": "aom-tools-1.0.0-bp150.2.1.x86_64",
"product": {
"name": "aom-tools-1.0.0-bp150.2.1.x86_64",
"product_id": "aom-tools-1.0.0-bp150.2.1.x86_64"
}
},
{
"category": "product_version",
"name": "libaom-devel-1.0.0-bp150.2.1.x86_64",
"product": {
"name": "libaom-devel-1.0.0-bp150.2.1.x86_64",
"product_id": "libaom-devel-1.0.0-bp150.2.1.x86_64"
}
},
{
"category": "product_version",
"name": "libaom0-1.0.0-bp150.2.1.x86_64",
"product": {
"name": "libaom0-1.0.0-bp150.2.1.x86_64",
"product_id": "libaom0-1.0.0-bp150.2.1.x86_64"
}
},
{
"category": "product_version",
"name": "libvlc5-3.0.7.1-bp150.2.6.1.x86_64",
"product": {
"name": "libvlc5-3.0.7.1-bp150.2.6.1.x86_64",
"product_id": "libvlc5-3.0.7.1-bp150.2.6.1.x86_64"
}
},
{
"category": "product_version",
"name": "libvlccore9-3.0.7.1-bp150.2.6.1.x86_64",
"product": {
"name": "libvlccore9-3.0.7.1-bp150.2.6.1.x86_64",
"product_id": "libvlccore9-3.0.7.1-bp150.2.6.1.x86_64"
}
},
{
"category": "product_version",
"name": "vlc-3.0.7.1-bp150.2.6.1.x86_64",
"product": {
"name": "vlc-3.0.7.1-bp150.2.6.1.x86_64",
"product_id": "vlc-3.0.7.1-bp150.2.6.1.x86_64"
}
},
{
"category": "product_version",
"name": "vlc-codec-gstreamer-3.0.7.1-bp150.2.6.1.x86_64",
"product": {
"name": "vlc-codec-gstreamer-3.0.7.1-bp150.2.6.1.x86_64",
"product_id": "vlc-codec-gstreamer-3.0.7.1-bp150.2.6.1.x86_64"
}
},
{
"category": "product_version",
"name": "vlc-devel-3.0.7.1-bp150.2.6.1.x86_64",
"product": {
"name": "vlc-devel-3.0.7.1-bp150.2.6.1.x86_64",
"product_id": "vlc-devel-3.0.7.1-bp150.2.6.1.x86_64"
}
},
{
"category": "product_version",
"name": "vlc-jack-3.0.7.1-bp150.2.6.1.x86_64",
"product": {
"name": "vlc-jack-3.0.7.1-bp150.2.6.1.x86_64",
"product_id": "vlc-jack-3.0.7.1-bp150.2.6.1.x86_64"
}
},
{
"category": "product_version",
"name": "vlc-noX-3.0.7.1-bp150.2.6.1.x86_64",
"product": {
"name": "vlc-noX-3.0.7.1-bp150.2.6.1.x86_64",
"product_id": "vlc-noX-3.0.7.1-bp150.2.6.1.x86_64"
}
},
{
"category": "product_version",
"name": "vlc-qt-3.0.7.1-bp150.2.6.1.x86_64",
"product": {
"name": "vlc-qt-3.0.7.1-bp150.2.6.1.x86_64",
"product_id": "vlc-qt-3.0.7.1-bp150.2.6.1.x86_64"
}
},
{
"category": "product_version",
"name": "vlc-vdpau-3.0.7.1-bp150.2.6.1.x86_64",
"product": {
"name": "vlc-vdpau-3.0.7.1-bp150.2.6.1.x86_64",
"product_id": "vlc-vdpau-3.0.7.1-bp150.2.6.1.x86_64"
}
}
],
"category": "architecture",
"name": "x86_64"
},
{
"branches": [
{
"category": "product_name",
"name": "SUSE Package Hub 15",
"product": {
"name": "SUSE Package Hub 15",
"product_id": "SUSE Package Hub 15"
}
}
],
"category": "product_family",
"name": "SUSE Linux Enterprise"
}
],
"category": "vendor",
"name": "SUSE"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "aom-tools-1.0.0-bp150.2.1.aarch64 as component of SUSE Package Hub 15",
"product_id": "SUSE Package Hub 15:aom-tools-1.0.0-bp150.2.1.aarch64"
},
"product_reference": "aom-tools-1.0.0-bp150.2.1.aarch64",
"relates_to_product_reference": "SUSE Package Hub 15"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "aom-tools-1.0.0-bp150.2.1.ppc64le as component of SUSE Package Hub 15",
"product_id": "SUSE Package Hub 15:aom-tools-1.0.0-bp150.2.1.ppc64le"
},
"product_reference": "aom-tools-1.0.0-bp150.2.1.ppc64le",
"relates_to_product_reference": "SUSE Package Hub 15"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "aom-tools-1.0.0-bp150.2.1.s390x as component of SUSE Package Hub 15",
"product_id": "SUSE Package Hub 15:aom-tools-1.0.0-bp150.2.1.s390x"
},
"product_reference": "aom-tools-1.0.0-bp150.2.1.s390x",
"relates_to_product_reference": "SUSE Package Hub 15"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "aom-tools-1.0.0-bp150.2.1.x86_64 as component of SUSE Package Hub 15",
"product_id": "SUSE Package Hub 15:aom-tools-1.0.0-bp150.2.1.x86_64"
},
"product_reference": "aom-tools-1.0.0-bp150.2.1.x86_64",
"relates_to_product_reference": "SUSE Package Hub 15"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libaom-devel-1.0.0-bp150.2.1.aarch64 as component of SUSE Package Hub 15",
"product_id": "SUSE Package Hub 15:libaom-devel-1.0.0-bp150.2.1.aarch64"
},
"product_reference": "libaom-devel-1.0.0-bp150.2.1.aarch64",
"relates_to_product_reference": "SUSE Package Hub 15"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libaom-devel-1.0.0-bp150.2.1.ppc64le as component of SUSE Package Hub 15",
"product_id": "SUSE Package Hub 15:libaom-devel-1.0.0-bp150.2.1.ppc64le"
},
"product_reference": "libaom-devel-1.0.0-bp150.2.1.ppc64le",
"relates_to_product_reference": "SUSE Package Hub 15"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libaom-devel-1.0.0-bp150.2.1.s390x as component of SUSE Package Hub 15",
"product_id": "SUSE Package Hub 15:libaom-devel-1.0.0-bp150.2.1.s390x"
},
"product_reference": "libaom-devel-1.0.0-bp150.2.1.s390x",
"relates_to_product_reference": "SUSE Package Hub 15"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libaom-devel-1.0.0-bp150.2.1.x86_64 as component of SUSE Package Hub 15",
"product_id": "SUSE Package Hub 15:libaom-devel-1.0.0-bp150.2.1.x86_64"
},
"product_reference": "libaom-devel-1.0.0-bp150.2.1.x86_64",
"relates_to_product_reference": "SUSE Package Hub 15"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libaom-devel-doc-1.0.0-bp150.2.1.noarch as component of SUSE Package Hub 15",
"product_id": "SUSE Package Hub 15:libaom-devel-doc-1.0.0-bp150.2.1.noarch"
},
"product_reference": "libaom-devel-doc-1.0.0-bp150.2.1.noarch",
"relates_to_product_reference": "SUSE Package Hub 15"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libaom0-1.0.0-bp150.2.1.aarch64 as component of SUSE Package Hub 15",
"product_id": "SUSE Package Hub 15:libaom0-1.0.0-bp150.2.1.aarch64"
},
"product_reference": "libaom0-1.0.0-bp150.2.1.aarch64",
"relates_to_product_reference": "SUSE Package Hub 15"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libaom0-1.0.0-bp150.2.1.ppc64le as component of SUSE Package Hub 15",
"product_id": "SUSE Package Hub 15:libaom0-1.0.0-bp150.2.1.ppc64le"
},
"product_reference": "libaom0-1.0.0-bp150.2.1.ppc64le",
"relates_to_product_reference": "SUSE Package Hub 15"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libaom0-1.0.0-bp150.2.1.s390x as component of SUSE Package Hub 15",
"product_id": "SUSE Package Hub 15:libaom0-1.0.0-bp150.2.1.s390x"
},
"product_reference": "libaom0-1.0.0-bp150.2.1.s390x",
"relates_to_product_reference": "SUSE Package Hub 15"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libaom0-1.0.0-bp150.2.1.x86_64 as component of SUSE Package Hub 15",
"product_id": "SUSE Package Hub 15:libaom0-1.0.0-bp150.2.1.x86_64"
},
"product_reference": "libaom0-1.0.0-bp150.2.1.x86_64",
"relates_to_product_reference": "SUSE Package Hub 15"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libaom0-64bit-1.0.0-bp150.2.1.aarch64_ilp32 as component of SUSE Package Hub 15",
"product_id": "SUSE Package Hub 15:libaom0-64bit-1.0.0-bp150.2.1.aarch64_ilp32"
},
"product_reference": "libaom0-64bit-1.0.0-bp150.2.1.aarch64_ilp32",
"relates_to_product_reference": "SUSE Package Hub 15"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libvlc5-3.0.7.1-bp150.2.6.1.x86_64 as component of SUSE Package Hub 15",
"product_id": "SUSE Package Hub 15:libvlc5-3.0.7.1-bp150.2.6.1.x86_64"
},
"product_reference": "libvlc5-3.0.7.1-bp150.2.6.1.x86_64",
"relates_to_product_reference": "SUSE Package Hub 15"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libvlccore9-3.0.7.1-bp150.2.6.1.x86_64 as component of SUSE Package Hub 15",
"product_id": "SUSE Package Hub 15:libvlccore9-3.0.7.1-bp150.2.6.1.x86_64"
},
"product_reference": "libvlccore9-3.0.7.1-bp150.2.6.1.x86_64",
"relates_to_product_reference": "SUSE Package Hub 15"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "vlc-3.0.7.1-bp150.2.6.1.x86_64 as component of SUSE Package Hub 15",
"product_id": "SUSE Package Hub 15:vlc-3.0.7.1-bp150.2.6.1.x86_64"
},
"product_reference": "vlc-3.0.7.1-bp150.2.6.1.x86_64",
"relates_to_product_reference": "SUSE Package Hub 15"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "vlc-codec-gstreamer-3.0.7.1-bp150.2.6.1.x86_64 as component of SUSE Package Hub 15",
"product_id": "SUSE Package Hub 15:vlc-codec-gstreamer-3.0.7.1-bp150.2.6.1.x86_64"
},
"product_reference": "vlc-codec-gstreamer-3.0.7.1-bp150.2.6.1.x86_64",
"relates_to_product_reference": "SUSE Package Hub 15"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "vlc-devel-3.0.7.1-bp150.2.6.1.x86_64 as component of SUSE Package Hub 15",
"product_id": "SUSE Package Hub 15:vlc-devel-3.0.7.1-bp150.2.6.1.x86_64"
},
"product_reference": "vlc-devel-3.0.7.1-bp150.2.6.1.x86_64",
"relates_to_product_reference": "SUSE Package Hub 15"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "vlc-jack-3.0.7.1-bp150.2.6.1.x86_64 as component of SUSE Package Hub 15",
"product_id": "SUSE Package Hub 15:vlc-jack-3.0.7.1-bp150.2.6.1.x86_64"
},
"product_reference": "vlc-jack-3.0.7.1-bp150.2.6.1.x86_64",
"relates_to_product_reference": "SUSE Package Hub 15"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "vlc-lang-3.0.7.1-bp150.2.6.1.noarch as component of SUSE Package Hub 15",
"product_id": "SUSE Package Hub 15:vlc-lang-3.0.7.1-bp150.2.6.1.noarch"
},
"product_reference": "vlc-lang-3.0.7.1-bp150.2.6.1.noarch",
"relates_to_product_reference": "SUSE Package Hub 15"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "vlc-noX-3.0.7.1-bp150.2.6.1.x86_64 as component of SUSE Package Hub 15",
"product_id": "SUSE Package Hub 15:vlc-noX-3.0.7.1-bp150.2.6.1.x86_64"
},
"product_reference": "vlc-noX-3.0.7.1-bp150.2.6.1.x86_64",
"relates_to_product_reference": "SUSE Package Hub 15"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "vlc-qt-3.0.7.1-bp150.2.6.1.x86_64 as component of SUSE Package Hub 15",
"product_id": "SUSE Package Hub 15:vlc-qt-3.0.7.1-bp150.2.6.1.x86_64"
},
"product_reference": "vlc-qt-3.0.7.1-bp150.2.6.1.x86_64",
"relates_to_product_reference": "SUSE Package Hub 15"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "vlc-vdpau-3.0.7.1-bp150.2.6.1.x86_64 as component of SUSE Package Hub 15",
"product_id": "SUSE Package Hub 15:vlc-vdpau-3.0.7.1-bp150.2.6.1.x86_64"
},
"product_reference": "vlc-vdpau-3.0.7.1-bp150.2.6.1.x86_64",
"relates_to_product_reference": "SUSE Package Hub 15"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2018-19857",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2018-19857"
}
],
"notes": [
{
"category": "general",
"text": "The CAF demuxer in modules/demux/caf.c in VideoLAN VLC media player 3.0.4 may read memory from an uninitialized pointer when processing magic cookies in CAF files, because a ReadKukiChunk() cast converts a return value to an unsigned int even if that value is negative. This could result in a denial of service and/or a potential infoleak.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Package Hub 15:aom-tools-1.0.0-bp150.2.1.aarch64",
"SUSE Package Hub 15:aom-tools-1.0.0-bp150.2.1.ppc64le",
"SUSE Package Hub 15:aom-tools-1.0.0-bp150.2.1.s390x",
"SUSE Package Hub 15:aom-tools-1.0.0-bp150.2.1.x86_64",
"SUSE Package Hub 15:libaom-devel-1.0.0-bp150.2.1.aarch64",
"SUSE Package Hub 15:libaom-devel-1.0.0-bp150.2.1.ppc64le",
"SUSE Package Hub 15:libaom-devel-1.0.0-bp150.2.1.s390x",
"SUSE Package Hub 15:libaom-devel-1.0.0-bp150.2.1.x86_64",
"SUSE Package Hub 15:libaom-devel-doc-1.0.0-bp150.2.1.noarch",
"SUSE Package Hub 15:libaom0-1.0.0-bp150.2.1.aarch64",
"SUSE Package Hub 15:libaom0-1.0.0-bp150.2.1.ppc64le",
"SUSE Package Hub 15:libaom0-1.0.0-bp150.2.1.s390x",
"SUSE Package Hub 15:libaom0-1.0.0-bp150.2.1.x86_64",
"SUSE Package Hub 15:libaom0-64bit-1.0.0-bp150.2.1.aarch64_ilp32",
"SUSE Package Hub 15:libvlc5-3.0.7.1-bp150.2.6.1.x86_64",
"SUSE Package Hub 15:libvlccore9-3.0.7.1-bp150.2.6.1.x86_64",
"SUSE Package Hub 15:vlc-3.0.7.1-bp150.2.6.1.x86_64",
"SUSE Package Hub 15:vlc-codec-gstreamer-3.0.7.1-bp150.2.6.1.x86_64",
"SUSE Package Hub 15:vlc-devel-3.0.7.1-bp150.2.6.1.x86_64",
"SUSE Package Hub 15:vlc-jack-3.0.7.1-bp150.2.6.1.x86_64",
"SUSE Package Hub 15:vlc-lang-3.0.7.1-bp150.2.6.1.noarch",
"SUSE Package Hub 15:vlc-noX-3.0.7.1-bp150.2.6.1.x86_64",
"SUSE Package Hub 15:vlc-qt-3.0.7.1-bp150.2.6.1.x86_64",
"SUSE Package Hub 15:vlc-vdpau-3.0.7.1-bp150.2.6.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2018-19857",
"url": "https://www.suse.com/security/cve/CVE-2018-19857"
},
{
"category": "external",
"summary": "SUSE Bug 1118586 for CVE-2018-19857",
"url": "https://bugzilla.suse.com/1118586"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Package Hub 15:aom-tools-1.0.0-bp150.2.1.aarch64",
"SUSE Package Hub 15:aom-tools-1.0.0-bp150.2.1.ppc64le",
"SUSE Package Hub 15:aom-tools-1.0.0-bp150.2.1.s390x",
"SUSE Package Hub 15:aom-tools-1.0.0-bp150.2.1.x86_64",
"SUSE Package Hub 15:libaom-devel-1.0.0-bp150.2.1.aarch64",
"SUSE Package Hub 15:libaom-devel-1.0.0-bp150.2.1.ppc64le",
"SUSE Package Hub 15:libaom-devel-1.0.0-bp150.2.1.s390x",
"SUSE Package Hub 15:libaom-devel-1.0.0-bp150.2.1.x86_64",
"SUSE Package Hub 15:libaom-devel-doc-1.0.0-bp150.2.1.noarch",
"SUSE Package Hub 15:libaom0-1.0.0-bp150.2.1.aarch64",
"SUSE Package Hub 15:libaom0-1.0.0-bp150.2.1.ppc64le",
"SUSE Package Hub 15:libaom0-1.0.0-bp150.2.1.s390x",
"SUSE Package Hub 15:libaom0-1.0.0-bp150.2.1.x86_64",
"SUSE Package Hub 15:libaom0-64bit-1.0.0-bp150.2.1.aarch64_ilp32",
"SUSE Package Hub 15:libvlc5-3.0.7.1-bp150.2.6.1.x86_64",
"SUSE Package Hub 15:libvlccore9-3.0.7.1-bp150.2.6.1.x86_64",
"SUSE Package Hub 15:vlc-3.0.7.1-bp150.2.6.1.x86_64",
"SUSE Package Hub 15:vlc-codec-gstreamer-3.0.7.1-bp150.2.6.1.x86_64",
"SUSE Package Hub 15:vlc-devel-3.0.7.1-bp150.2.6.1.x86_64",
"SUSE Package Hub 15:vlc-jack-3.0.7.1-bp150.2.6.1.x86_64",
"SUSE Package Hub 15:vlc-lang-3.0.7.1-bp150.2.6.1.noarch",
"SUSE Package Hub 15:vlc-noX-3.0.7.1-bp150.2.6.1.x86_64",
"SUSE Package Hub 15:vlc-qt-3.0.7.1-bp150.2.6.1.x86_64",
"SUSE Package Hub 15:vlc-vdpau-3.0.7.1-bp150.2.6.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 9.1,
"baseSeverity": "CRITICAL",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H",
"version": "3.0"
},
"products": [
"SUSE Package Hub 15:aom-tools-1.0.0-bp150.2.1.aarch64",
"SUSE Package Hub 15:aom-tools-1.0.0-bp150.2.1.ppc64le",
"SUSE Package Hub 15:aom-tools-1.0.0-bp150.2.1.s390x",
"SUSE Package Hub 15:aom-tools-1.0.0-bp150.2.1.x86_64",
"SUSE Package Hub 15:libaom-devel-1.0.0-bp150.2.1.aarch64",
"SUSE Package Hub 15:libaom-devel-1.0.0-bp150.2.1.ppc64le",
"SUSE Package Hub 15:libaom-devel-1.0.0-bp150.2.1.s390x",
"SUSE Package Hub 15:libaom-devel-1.0.0-bp150.2.1.x86_64",
"SUSE Package Hub 15:libaom-devel-doc-1.0.0-bp150.2.1.noarch",
"SUSE Package Hub 15:libaom0-1.0.0-bp150.2.1.aarch64",
"SUSE Package Hub 15:libaom0-1.0.0-bp150.2.1.ppc64le",
"SUSE Package Hub 15:libaom0-1.0.0-bp150.2.1.s390x",
"SUSE Package Hub 15:libaom0-1.0.0-bp150.2.1.x86_64",
"SUSE Package Hub 15:libaom0-64bit-1.0.0-bp150.2.1.aarch64_ilp32",
"SUSE Package Hub 15:libvlc5-3.0.7.1-bp150.2.6.1.x86_64",
"SUSE Package Hub 15:libvlccore9-3.0.7.1-bp150.2.6.1.x86_64",
"SUSE Package Hub 15:vlc-3.0.7.1-bp150.2.6.1.x86_64",
"SUSE Package Hub 15:vlc-codec-gstreamer-3.0.7.1-bp150.2.6.1.x86_64",
"SUSE Package Hub 15:vlc-devel-3.0.7.1-bp150.2.6.1.x86_64",
"SUSE Package Hub 15:vlc-jack-3.0.7.1-bp150.2.6.1.x86_64",
"SUSE Package Hub 15:vlc-lang-3.0.7.1-bp150.2.6.1.noarch",
"SUSE Package Hub 15:vlc-noX-3.0.7.1-bp150.2.6.1.x86_64",
"SUSE Package Hub 15:vlc-qt-3.0.7.1-bp150.2.6.1.x86_64",
"SUSE Package Hub 15:vlc-vdpau-3.0.7.1-bp150.2.6.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2019-08-26T14:22:46Z",
"details": "moderate"
}
],
"title": "CVE-2018-19857"
},
{
"cve": "CVE-2019-12874",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2019-12874"
}
],
"notes": [
{
"category": "general",
"text": "An issue was discovered in zlib_decompress_extra in modules/demux/mkv/util.cpp in VideoLAN VLC media player 3.x through 3.0.7. The Matroska demuxer, while parsing a malformed MKV file type, has a double free.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Package Hub 15:aom-tools-1.0.0-bp150.2.1.aarch64",
"SUSE Package Hub 15:aom-tools-1.0.0-bp150.2.1.ppc64le",
"SUSE Package Hub 15:aom-tools-1.0.0-bp150.2.1.s390x",
"SUSE Package Hub 15:aom-tools-1.0.0-bp150.2.1.x86_64",
"SUSE Package Hub 15:libaom-devel-1.0.0-bp150.2.1.aarch64",
"SUSE Package Hub 15:libaom-devel-1.0.0-bp150.2.1.ppc64le",
"SUSE Package Hub 15:libaom-devel-1.0.0-bp150.2.1.s390x",
"SUSE Package Hub 15:libaom-devel-1.0.0-bp150.2.1.x86_64",
"SUSE Package Hub 15:libaom-devel-doc-1.0.0-bp150.2.1.noarch",
"SUSE Package Hub 15:libaom0-1.0.0-bp150.2.1.aarch64",
"SUSE Package Hub 15:libaom0-1.0.0-bp150.2.1.ppc64le",
"SUSE Package Hub 15:libaom0-1.0.0-bp150.2.1.s390x",
"SUSE Package Hub 15:libaom0-1.0.0-bp150.2.1.x86_64",
"SUSE Package Hub 15:libaom0-64bit-1.0.0-bp150.2.1.aarch64_ilp32",
"SUSE Package Hub 15:libvlc5-3.0.7.1-bp150.2.6.1.x86_64",
"SUSE Package Hub 15:libvlccore9-3.0.7.1-bp150.2.6.1.x86_64",
"SUSE Package Hub 15:vlc-3.0.7.1-bp150.2.6.1.x86_64",
"SUSE Package Hub 15:vlc-codec-gstreamer-3.0.7.1-bp150.2.6.1.x86_64",
"SUSE Package Hub 15:vlc-devel-3.0.7.1-bp150.2.6.1.x86_64",
"SUSE Package Hub 15:vlc-jack-3.0.7.1-bp150.2.6.1.x86_64",
"SUSE Package Hub 15:vlc-lang-3.0.7.1-bp150.2.6.1.noarch",
"SUSE Package Hub 15:vlc-noX-3.0.7.1-bp150.2.6.1.x86_64",
"SUSE Package Hub 15:vlc-qt-3.0.7.1-bp150.2.6.1.x86_64",
"SUSE Package Hub 15:vlc-vdpau-3.0.7.1-bp150.2.6.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2019-12874",
"url": "https://www.suse.com/security/cve/CVE-2019-12874"
},
{
"category": "external",
"summary": "SUSE Bug 1138933 for CVE-2019-12874",
"url": "https://bugzilla.suse.com/1138933"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Package Hub 15:aom-tools-1.0.0-bp150.2.1.aarch64",
"SUSE Package Hub 15:aom-tools-1.0.0-bp150.2.1.ppc64le",
"SUSE Package Hub 15:aom-tools-1.0.0-bp150.2.1.s390x",
"SUSE Package Hub 15:aom-tools-1.0.0-bp150.2.1.x86_64",
"SUSE Package Hub 15:libaom-devel-1.0.0-bp150.2.1.aarch64",
"SUSE Package Hub 15:libaom-devel-1.0.0-bp150.2.1.ppc64le",
"SUSE Package Hub 15:libaom-devel-1.0.0-bp150.2.1.s390x",
"SUSE Package Hub 15:libaom-devel-1.0.0-bp150.2.1.x86_64",
"SUSE Package Hub 15:libaom-devel-doc-1.0.0-bp150.2.1.noarch",
"SUSE Package Hub 15:libaom0-1.0.0-bp150.2.1.aarch64",
"SUSE Package Hub 15:libaom0-1.0.0-bp150.2.1.ppc64le",
"SUSE Package Hub 15:libaom0-1.0.0-bp150.2.1.s390x",
"SUSE Package Hub 15:libaom0-1.0.0-bp150.2.1.x86_64",
"SUSE Package Hub 15:libaom0-64bit-1.0.0-bp150.2.1.aarch64_ilp32",
"SUSE Package Hub 15:libvlc5-3.0.7.1-bp150.2.6.1.x86_64",
"SUSE Package Hub 15:libvlccore9-3.0.7.1-bp150.2.6.1.x86_64",
"SUSE Package Hub 15:vlc-3.0.7.1-bp150.2.6.1.x86_64",
"SUSE Package Hub 15:vlc-codec-gstreamer-3.0.7.1-bp150.2.6.1.x86_64",
"SUSE Package Hub 15:vlc-devel-3.0.7.1-bp150.2.6.1.x86_64",
"SUSE Package Hub 15:vlc-jack-3.0.7.1-bp150.2.6.1.x86_64",
"SUSE Package Hub 15:vlc-lang-3.0.7.1-bp150.2.6.1.noarch",
"SUSE Package Hub 15:vlc-noX-3.0.7.1-bp150.2.6.1.x86_64",
"SUSE Package Hub 15:vlc-qt-3.0.7.1-bp150.2.6.1.x86_64",
"SUSE Package Hub 15:vlc-vdpau-3.0.7.1-bp150.2.6.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
},
"products": [
"SUSE Package Hub 15:aom-tools-1.0.0-bp150.2.1.aarch64",
"SUSE Package Hub 15:aom-tools-1.0.0-bp150.2.1.ppc64le",
"SUSE Package Hub 15:aom-tools-1.0.0-bp150.2.1.s390x",
"SUSE Package Hub 15:aom-tools-1.0.0-bp150.2.1.x86_64",
"SUSE Package Hub 15:libaom-devel-1.0.0-bp150.2.1.aarch64",
"SUSE Package Hub 15:libaom-devel-1.0.0-bp150.2.1.ppc64le",
"SUSE Package Hub 15:libaom-devel-1.0.0-bp150.2.1.s390x",
"SUSE Package Hub 15:libaom-devel-1.0.0-bp150.2.1.x86_64",
"SUSE Package Hub 15:libaom-devel-doc-1.0.0-bp150.2.1.noarch",
"SUSE Package Hub 15:libaom0-1.0.0-bp150.2.1.aarch64",
"SUSE Package Hub 15:libaom0-1.0.0-bp150.2.1.ppc64le",
"SUSE Package Hub 15:libaom0-1.0.0-bp150.2.1.s390x",
"SUSE Package Hub 15:libaom0-1.0.0-bp150.2.1.x86_64",
"SUSE Package Hub 15:libaom0-64bit-1.0.0-bp150.2.1.aarch64_ilp32",
"SUSE Package Hub 15:libvlc5-3.0.7.1-bp150.2.6.1.x86_64",
"SUSE Package Hub 15:libvlccore9-3.0.7.1-bp150.2.6.1.x86_64",
"SUSE Package Hub 15:vlc-3.0.7.1-bp150.2.6.1.x86_64",
"SUSE Package Hub 15:vlc-codec-gstreamer-3.0.7.1-bp150.2.6.1.x86_64",
"SUSE Package Hub 15:vlc-devel-3.0.7.1-bp150.2.6.1.x86_64",
"SUSE Package Hub 15:vlc-jack-3.0.7.1-bp150.2.6.1.x86_64",
"SUSE Package Hub 15:vlc-lang-3.0.7.1-bp150.2.6.1.noarch",
"SUSE Package Hub 15:vlc-noX-3.0.7.1-bp150.2.6.1.x86_64",
"SUSE Package Hub 15:vlc-qt-3.0.7.1-bp150.2.6.1.x86_64",
"SUSE Package Hub 15:vlc-vdpau-3.0.7.1-bp150.2.6.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2019-08-26T14:22:46Z",
"details": "important"
}
],
"title": "CVE-2019-12874"
},
{
"cve": "CVE-2019-13602",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2019-13602"
}
],
"notes": [
{
"category": "general",
"text": "An Integer Underflow in MP4_EIA608_Convert() in modules/demux/mp4/mp4.c in VideoLAN VLC media player through 3.0.7.1 allows remote attackers to cause a denial of service (heap-based buffer overflow and crash) or possibly have unspecified other impact via a crafted .mp4 file.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Package Hub 15:aom-tools-1.0.0-bp150.2.1.aarch64",
"SUSE Package Hub 15:aom-tools-1.0.0-bp150.2.1.ppc64le",
"SUSE Package Hub 15:aom-tools-1.0.0-bp150.2.1.s390x",
"SUSE Package Hub 15:aom-tools-1.0.0-bp150.2.1.x86_64",
"SUSE Package Hub 15:libaom-devel-1.0.0-bp150.2.1.aarch64",
"SUSE Package Hub 15:libaom-devel-1.0.0-bp150.2.1.ppc64le",
"SUSE Package Hub 15:libaom-devel-1.0.0-bp150.2.1.s390x",
"SUSE Package Hub 15:libaom-devel-1.0.0-bp150.2.1.x86_64",
"SUSE Package Hub 15:libaom-devel-doc-1.0.0-bp150.2.1.noarch",
"SUSE Package Hub 15:libaom0-1.0.0-bp150.2.1.aarch64",
"SUSE Package Hub 15:libaom0-1.0.0-bp150.2.1.ppc64le",
"SUSE Package Hub 15:libaom0-1.0.0-bp150.2.1.s390x",
"SUSE Package Hub 15:libaom0-1.0.0-bp150.2.1.x86_64",
"SUSE Package Hub 15:libaom0-64bit-1.0.0-bp150.2.1.aarch64_ilp32",
"SUSE Package Hub 15:libvlc5-3.0.7.1-bp150.2.6.1.x86_64",
"SUSE Package Hub 15:libvlccore9-3.0.7.1-bp150.2.6.1.x86_64",
"SUSE Package Hub 15:vlc-3.0.7.1-bp150.2.6.1.x86_64",
"SUSE Package Hub 15:vlc-codec-gstreamer-3.0.7.1-bp150.2.6.1.x86_64",
"SUSE Package Hub 15:vlc-devel-3.0.7.1-bp150.2.6.1.x86_64",
"SUSE Package Hub 15:vlc-jack-3.0.7.1-bp150.2.6.1.x86_64",
"SUSE Package Hub 15:vlc-lang-3.0.7.1-bp150.2.6.1.noarch",
"SUSE Package Hub 15:vlc-noX-3.0.7.1-bp150.2.6.1.x86_64",
"SUSE Package Hub 15:vlc-qt-3.0.7.1-bp150.2.6.1.x86_64",
"SUSE Package Hub 15:vlc-vdpau-3.0.7.1-bp150.2.6.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2019-13602",
"url": "https://www.suse.com/security/cve/CVE-2019-13602"
},
{
"category": "external",
"summary": "SUSE Bug 1141522 for CVE-2019-13602",
"url": "https://bugzilla.suse.com/1141522"
},
{
"category": "external",
"summary": "SUSE Bug 1146428 for CVE-2019-13602",
"url": "https://bugzilla.suse.com/1146428"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Package Hub 15:aom-tools-1.0.0-bp150.2.1.aarch64",
"SUSE Package Hub 15:aom-tools-1.0.0-bp150.2.1.ppc64le",
"SUSE Package Hub 15:aom-tools-1.0.0-bp150.2.1.s390x",
"SUSE Package Hub 15:aom-tools-1.0.0-bp150.2.1.x86_64",
"SUSE Package Hub 15:libaom-devel-1.0.0-bp150.2.1.aarch64",
"SUSE Package Hub 15:libaom-devel-1.0.0-bp150.2.1.ppc64le",
"SUSE Package Hub 15:libaom-devel-1.0.0-bp150.2.1.s390x",
"SUSE Package Hub 15:libaom-devel-1.0.0-bp150.2.1.x86_64",
"SUSE Package Hub 15:libaom-devel-doc-1.0.0-bp150.2.1.noarch",
"SUSE Package Hub 15:libaom0-1.0.0-bp150.2.1.aarch64",
"SUSE Package Hub 15:libaom0-1.0.0-bp150.2.1.ppc64le",
"SUSE Package Hub 15:libaom0-1.0.0-bp150.2.1.s390x",
"SUSE Package Hub 15:libaom0-1.0.0-bp150.2.1.x86_64",
"SUSE Package Hub 15:libaom0-64bit-1.0.0-bp150.2.1.aarch64_ilp32",
"SUSE Package Hub 15:libvlc5-3.0.7.1-bp150.2.6.1.x86_64",
"SUSE Package Hub 15:libvlccore9-3.0.7.1-bp150.2.6.1.x86_64",
"SUSE Package Hub 15:vlc-3.0.7.1-bp150.2.6.1.x86_64",
"SUSE Package Hub 15:vlc-codec-gstreamer-3.0.7.1-bp150.2.6.1.x86_64",
"SUSE Package Hub 15:vlc-devel-3.0.7.1-bp150.2.6.1.x86_64",
"SUSE Package Hub 15:vlc-jack-3.0.7.1-bp150.2.6.1.x86_64",
"SUSE Package Hub 15:vlc-lang-3.0.7.1-bp150.2.6.1.noarch",
"SUSE Package Hub 15:vlc-noX-3.0.7.1-bp150.2.6.1.x86_64",
"SUSE Package Hub 15:vlc-qt-3.0.7.1-bp150.2.6.1.x86_64",
"SUSE Package Hub 15:vlc-vdpau-3.0.7.1-bp150.2.6.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.0"
},
"products": [
"SUSE Package Hub 15:aom-tools-1.0.0-bp150.2.1.aarch64",
"SUSE Package Hub 15:aom-tools-1.0.0-bp150.2.1.ppc64le",
"SUSE Package Hub 15:aom-tools-1.0.0-bp150.2.1.s390x",
"SUSE Package Hub 15:aom-tools-1.0.0-bp150.2.1.x86_64",
"SUSE Package Hub 15:libaom-devel-1.0.0-bp150.2.1.aarch64",
"SUSE Package Hub 15:libaom-devel-1.0.0-bp150.2.1.ppc64le",
"SUSE Package Hub 15:libaom-devel-1.0.0-bp150.2.1.s390x",
"SUSE Package Hub 15:libaom-devel-1.0.0-bp150.2.1.x86_64",
"SUSE Package Hub 15:libaom-devel-doc-1.0.0-bp150.2.1.noarch",
"SUSE Package Hub 15:libaom0-1.0.0-bp150.2.1.aarch64",
"SUSE Package Hub 15:libaom0-1.0.0-bp150.2.1.ppc64le",
"SUSE Package Hub 15:libaom0-1.0.0-bp150.2.1.s390x",
"SUSE Package Hub 15:libaom0-1.0.0-bp150.2.1.x86_64",
"SUSE Package Hub 15:libaom0-64bit-1.0.0-bp150.2.1.aarch64_ilp32",
"SUSE Package Hub 15:libvlc5-3.0.7.1-bp150.2.6.1.x86_64",
"SUSE Package Hub 15:libvlccore9-3.0.7.1-bp150.2.6.1.x86_64",
"SUSE Package Hub 15:vlc-3.0.7.1-bp150.2.6.1.x86_64",
"SUSE Package Hub 15:vlc-codec-gstreamer-3.0.7.1-bp150.2.6.1.x86_64",
"SUSE Package Hub 15:vlc-devel-3.0.7.1-bp150.2.6.1.x86_64",
"SUSE Package Hub 15:vlc-jack-3.0.7.1-bp150.2.6.1.x86_64",
"SUSE Package Hub 15:vlc-lang-3.0.7.1-bp150.2.6.1.noarch",
"SUSE Package Hub 15:vlc-noX-3.0.7.1-bp150.2.6.1.x86_64",
"SUSE Package Hub 15:vlc-qt-3.0.7.1-bp150.2.6.1.x86_64",
"SUSE Package Hub 15:vlc-vdpau-3.0.7.1-bp150.2.6.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2019-08-26T14:22:46Z",
"details": "important"
}
],
"title": "CVE-2019-13602"
},
{
"cve": "CVE-2019-13962",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2019-13962"
}
],
"notes": [
{
"category": "general",
"text": "lavc_CopyPicture in modules/codec/avcodec/video.c in VideoLAN VLC media player through 3.0.7 has a heap-based buffer over-read because it does not properly validate the width and height.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Package Hub 15:aom-tools-1.0.0-bp150.2.1.aarch64",
"SUSE Package Hub 15:aom-tools-1.0.0-bp150.2.1.ppc64le",
"SUSE Package Hub 15:aom-tools-1.0.0-bp150.2.1.s390x",
"SUSE Package Hub 15:aom-tools-1.0.0-bp150.2.1.x86_64",
"SUSE Package Hub 15:libaom-devel-1.0.0-bp150.2.1.aarch64",
"SUSE Package Hub 15:libaom-devel-1.0.0-bp150.2.1.ppc64le",
"SUSE Package Hub 15:libaom-devel-1.0.0-bp150.2.1.s390x",
"SUSE Package Hub 15:libaom-devel-1.0.0-bp150.2.1.x86_64",
"SUSE Package Hub 15:libaom-devel-doc-1.0.0-bp150.2.1.noarch",
"SUSE Package Hub 15:libaom0-1.0.0-bp150.2.1.aarch64",
"SUSE Package Hub 15:libaom0-1.0.0-bp150.2.1.ppc64le",
"SUSE Package Hub 15:libaom0-1.0.0-bp150.2.1.s390x",
"SUSE Package Hub 15:libaom0-1.0.0-bp150.2.1.x86_64",
"SUSE Package Hub 15:libaom0-64bit-1.0.0-bp150.2.1.aarch64_ilp32",
"SUSE Package Hub 15:libvlc5-3.0.7.1-bp150.2.6.1.x86_64",
"SUSE Package Hub 15:libvlccore9-3.0.7.1-bp150.2.6.1.x86_64",
"SUSE Package Hub 15:vlc-3.0.7.1-bp150.2.6.1.x86_64",
"SUSE Package Hub 15:vlc-codec-gstreamer-3.0.7.1-bp150.2.6.1.x86_64",
"SUSE Package Hub 15:vlc-devel-3.0.7.1-bp150.2.6.1.x86_64",
"SUSE Package Hub 15:vlc-jack-3.0.7.1-bp150.2.6.1.x86_64",
"SUSE Package Hub 15:vlc-lang-3.0.7.1-bp150.2.6.1.noarch",
"SUSE Package Hub 15:vlc-noX-3.0.7.1-bp150.2.6.1.x86_64",
"SUSE Package Hub 15:vlc-qt-3.0.7.1-bp150.2.6.1.x86_64",
"SUSE Package Hub 15:vlc-vdpau-3.0.7.1-bp150.2.6.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2019-13962",
"url": "https://www.suse.com/security/cve/CVE-2019-13962"
},
{
"category": "external",
"summary": "SUSE Bug 1142161 for CVE-2019-13962",
"url": "https://bugzilla.suse.com/1142161"
},
{
"category": "external",
"summary": "SUSE Bug 1146428 for CVE-2019-13962",
"url": "https://bugzilla.suse.com/1146428"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Package Hub 15:aom-tools-1.0.0-bp150.2.1.aarch64",
"SUSE Package Hub 15:aom-tools-1.0.0-bp150.2.1.ppc64le",
"SUSE Package Hub 15:aom-tools-1.0.0-bp150.2.1.s390x",
"SUSE Package Hub 15:aom-tools-1.0.0-bp150.2.1.x86_64",
"SUSE Package Hub 15:libaom-devel-1.0.0-bp150.2.1.aarch64",
"SUSE Package Hub 15:libaom-devel-1.0.0-bp150.2.1.ppc64le",
"SUSE Package Hub 15:libaom-devel-1.0.0-bp150.2.1.s390x",
"SUSE Package Hub 15:libaom-devel-1.0.0-bp150.2.1.x86_64",
"SUSE Package Hub 15:libaom-devel-doc-1.0.0-bp150.2.1.noarch",
"SUSE Package Hub 15:libaom0-1.0.0-bp150.2.1.aarch64",
"SUSE Package Hub 15:libaom0-1.0.0-bp150.2.1.ppc64le",
"SUSE Package Hub 15:libaom0-1.0.0-bp150.2.1.s390x",
"SUSE Package Hub 15:libaom0-1.0.0-bp150.2.1.x86_64",
"SUSE Package Hub 15:libaom0-64bit-1.0.0-bp150.2.1.aarch64_ilp32",
"SUSE Package Hub 15:libvlc5-3.0.7.1-bp150.2.6.1.x86_64",
"SUSE Package Hub 15:libvlccore9-3.0.7.1-bp150.2.6.1.x86_64",
"SUSE Package Hub 15:vlc-3.0.7.1-bp150.2.6.1.x86_64",
"SUSE Package Hub 15:vlc-codec-gstreamer-3.0.7.1-bp150.2.6.1.x86_64",
"SUSE Package Hub 15:vlc-devel-3.0.7.1-bp150.2.6.1.x86_64",
"SUSE Package Hub 15:vlc-jack-3.0.7.1-bp150.2.6.1.x86_64",
"SUSE Package Hub 15:vlc-lang-3.0.7.1-bp150.2.6.1.noarch",
"SUSE Package Hub 15:vlc-noX-3.0.7.1-bp150.2.6.1.x86_64",
"SUSE Package Hub 15:vlc-qt-3.0.7.1-bp150.2.6.1.x86_64",
"SUSE Package Hub 15:vlc-vdpau-3.0.7.1-bp150.2.6.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"SUSE Package Hub 15:aom-tools-1.0.0-bp150.2.1.aarch64",
"SUSE Package Hub 15:aom-tools-1.0.0-bp150.2.1.ppc64le",
"SUSE Package Hub 15:aom-tools-1.0.0-bp150.2.1.s390x",
"SUSE Package Hub 15:aom-tools-1.0.0-bp150.2.1.x86_64",
"SUSE Package Hub 15:libaom-devel-1.0.0-bp150.2.1.aarch64",
"SUSE Package Hub 15:libaom-devel-1.0.0-bp150.2.1.ppc64le",
"SUSE Package Hub 15:libaom-devel-1.0.0-bp150.2.1.s390x",
"SUSE Package Hub 15:libaom-devel-1.0.0-bp150.2.1.x86_64",
"SUSE Package Hub 15:libaom-devel-doc-1.0.0-bp150.2.1.noarch",
"SUSE Package Hub 15:libaom0-1.0.0-bp150.2.1.aarch64",
"SUSE Package Hub 15:libaom0-1.0.0-bp150.2.1.ppc64le",
"SUSE Package Hub 15:libaom0-1.0.0-bp150.2.1.s390x",
"SUSE Package Hub 15:libaom0-1.0.0-bp150.2.1.x86_64",
"SUSE Package Hub 15:libaom0-64bit-1.0.0-bp150.2.1.aarch64_ilp32",
"SUSE Package Hub 15:libvlc5-3.0.7.1-bp150.2.6.1.x86_64",
"SUSE Package Hub 15:libvlccore9-3.0.7.1-bp150.2.6.1.x86_64",
"SUSE Package Hub 15:vlc-3.0.7.1-bp150.2.6.1.x86_64",
"SUSE Package Hub 15:vlc-codec-gstreamer-3.0.7.1-bp150.2.6.1.x86_64",
"SUSE Package Hub 15:vlc-devel-3.0.7.1-bp150.2.6.1.x86_64",
"SUSE Package Hub 15:vlc-jack-3.0.7.1-bp150.2.6.1.x86_64",
"SUSE Package Hub 15:vlc-lang-3.0.7.1-bp150.2.6.1.noarch",
"SUSE Package Hub 15:vlc-noX-3.0.7.1-bp150.2.6.1.x86_64",
"SUSE Package Hub 15:vlc-qt-3.0.7.1-bp150.2.6.1.x86_64",
"SUSE Package Hub 15:vlc-vdpau-3.0.7.1-bp150.2.6.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2019-08-26T14:22:46Z",
"details": "critical"
}
],
"title": "CVE-2019-13962"
},
{
"cve": "CVE-2019-5439",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2019-5439"
}
],
"notes": [
{
"category": "general",
"text": "A Buffer Overflow in VLC Media Player \u003c 3.0.7 causes a crash which can possibly be further developed into a remote code execution exploit.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Package Hub 15:aom-tools-1.0.0-bp150.2.1.aarch64",
"SUSE Package Hub 15:aom-tools-1.0.0-bp150.2.1.ppc64le",
"SUSE Package Hub 15:aom-tools-1.0.0-bp150.2.1.s390x",
"SUSE Package Hub 15:aom-tools-1.0.0-bp150.2.1.x86_64",
"SUSE Package Hub 15:libaom-devel-1.0.0-bp150.2.1.aarch64",
"SUSE Package Hub 15:libaom-devel-1.0.0-bp150.2.1.ppc64le",
"SUSE Package Hub 15:libaom-devel-1.0.0-bp150.2.1.s390x",
"SUSE Package Hub 15:libaom-devel-1.0.0-bp150.2.1.x86_64",
"SUSE Package Hub 15:libaom-devel-doc-1.0.0-bp150.2.1.noarch",
"SUSE Package Hub 15:libaom0-1.0.0-bp150.2.1.aarch64",
"SUSE Package Hub 15:libaom0-1.0.0-bp150.2.1.ppc64le",
"SUSE Package Hub 15:libaom0-1.0.0-bp150.2.1.s390x",
"SUSE Package Hub 15:libaom0-1.0.0-bp150.2.1.x86_64",
"SUSE Package Hub 15:libaom0-64bit-1.0.0-bp150.2.1.aarch64_ilp32",
"SUSE Package Hub 15:libvlc5-3.0.7.1-bp150.2.6.1.x86_64",
"SUSE Package Hub 15:libvlccore9-3.0.7.1-bp150.2.6.1.x86_64",
"SUSE Package Hub 15:vlc-3.0.7.1-bp150.2.6.1.x86_64",
"SUSE Package Hub 15:vlc-codec-gstreamer-3.0.7.1-bp150.2.6.1.x86_64",
"SUSE Package Hub 15:vlc-devel-3.0.7.1-bp150.2.6.1.x86_64",
"SUSE Package Hub 15:vlc-jack-3.0.7.1-bp150.2.6.1.x86_64",
"SUSE Package Hub 15:vlc-lang-3.0.7.1-bp150.2.6.1.noarch",
"SUSE Package Hub 15:vlc-noX-3.0.7.1-bp150.2.6.1.x86_64",
"SUSE Package Hub 15:vlc-qt-3.0.7.1-bp150.2.6.1.x86_64",
"SUSE Package Hub 15:vlc-vdpau-3.0.7.1-bp150.2.6.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2019-5439",
"url": "https://www.suse.com/security/cve/CVE-2019-5439"
},
{
"category": "external",
"summary": "SUSE Bug 1138354 for CVE-2019-5439",
"url": "https://bugzilla.suse.com/1138354"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Package Hub 15:aom-tools-1.0.0-bp150.2.1.aarch64",
"SUSE Package Hub 15:aom-tools-1.0.0-bp150.2.1.ppc64le",
"SUSE Package Hub 15:aom-tools-1.0.0-bp150.2.1.s390x",
"SUSE Package Hub 15:aom-tools-1.0.0-bp150.2.1.x86_64",
"SUSE Package Hub 15:libaom-devel-1.0.0-bp150.2.1.aarch64",
"SUSE Package Hub 15:libaom-devel-1.0.0-bp150.2.1.ppc64le",
"SUSE Package Hub 15:libaom-devel-1.0.0-bp150.2.1.s390x",
"SUSE Package Hub 15:libaom-devel-1.0.0-bp150.2.1.x86_64",
"SUSE Package Hub 15:libaom-devel-doc-1.0.0-bp150.2.1.noarch",
"SUSE Package Hub 15:libaom0-1.0.0-bp150.2.1.aarch64",
"SUSE Package Hub 15:libaom0-1.0.0-bp150.2.1.ppc64le",
"SUSE Package Hub 15:libaom0-1.0.0-bp150.2.1.s390x",
"SUSE Package Hub 15:libaom0-1.0.0-bp150.2.1.x86_64",
"SUSE Package Hub 15:libaom0-64bit-1.0.0-bp150.2.1.aarch64_ilp32",
"SUSE Package Hub 15:libvlc5-3.0.7.1-bp150.2.6.1.x86_64",
"SUSE Package Hub 15:libvlccore9-3.0.7.1-bp150.2.6.1.x86_64",
"SUSE Package Hub 15:vlc-3.0.7.1-bp150.2.6.1.x86_64",
"SUSE Package Hub 15:vlc-codec-gstreamer-3.0.7.1-bp150.2.6.1.x86_64",
"SUSE Package Hub 15:vlc-devel-3.0.7.1-bp150.2.6.1.x86_64",
"SUSE Package Hub 15:vlc-jack-3.0.7.1-bp150.2.6.1.x86_64",
"SUSE Package Hub 15:vlc-lang-3.0.7.1-bp150.2.6.1.noarch",
"SUSE Package Hub 15:vlc-noX-3.0.7.1-bp150.2.6.1.x86_64",
"SUSE Package Hub 15:vlc-qt-3.0.7.1-bp150.2.6.1.x86_64",
"SUSE Package Hub 15:vlc-vdpau-3.0.7.1-bp150.2.6.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
"version": "3.0"
},
"products": [
"SUSE Package Hub 15:aom-tools-1.0.0-bp150.2.1.aarch64",
"SUSE Package Hub 15:aom-tools-1.0.0-bp150.2.1.ppc64le",
"SUSE Package Hub 15:aom-tools-1.0.0-bp150.2.1.s390x",
"SUSE Package Hub 15:aom-tools-1.0.0-bp150.2.1.x86_64",
"SUSE Package Hub 15:libaom-devel-1.0.0-bp150.2.1.aarch64",
"SUSE Package Hub 15:libaom-devel-1.0.0-bp150.2.1.ppc64le",
"SUSE Package Hub 15:libaom-devel-1.0.0-bp150.2.1.s390x",
"SUSE Package Hub 15:libaom-devel-1.0.0-bp150.2.1.x86_64",
"SUSE Package Hub 15:libaom-devel-doc-1.0.0-bp150.2.1.noarch",
"SUSE Package Hub 15:libaom0-1.0.0-bp150.2.1.aarch64",
"SUSE Package Hub 15:libaom0-1.0.0-bp150.2.1.ppc64le",
"SUSE Package Hub 15:libaom0-1.0.0-bp150.2.1.s390x",
"SUSE Package Hub 15:libaom0-1.0.0-bp150.2.1.x86_64",
"SUSE Package Hub 15:libaom0-64bit-1.0.0-bp150.2.1.aarch64_ilp32",
"SUSE Package Hub 15:libvlc5-3.0.7.1-bp150.2.6.1.x86_64",
"SUSE Package Hub 15:libvlccore9-3.0.7.1-bp150.2.6.1.x86_64",
"SUSE Package Hub 15:vlc-3.0.7.1-bp150.2.6.1.x86_64",
"SUSE Package Hub 15:vlc-codec-gstreamer-3.0.7.1-bp150.2.6.1.x86_64",
"SUSE Package Hub 15:vlc-devel-3.0.7.1-bp150.2.6.1.x86_64",
"SUSE Package Hub 15:vlc-jack-3.0.7.1-bp150.2.6.1.x86_64",
"SUSE Package Hub 15:vlc-lang-3.0.7.1-bp150.2.6.1.noarch",
"SUSE Package Hub 15:vlc-noX-3.0.7.1-bp150.2.6.1.x86_64",
"SUSE Package Hub 15:vlc-qt-3.0.7.1-bp150.2.6.1.x86_64",
"SUSE Package Hub 15:vlc-vdpau-3.0.7.1-bp150.2.6.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2019-08-26T14:22:46Z",
"details": "moderate"
}
],
"title": "CVE-2019-5439"
},
{
"cve": "CVE-2019-5459",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2019-5459"
}
],
"notes": [
{
"category": "general",
"text": "An Integer underflow in VLC Media Player versions \u003c 3.0.7 leads to an out-of-band read.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Package Hub 15:aom-tools-1.0.0-bp150.2.1.aarch64",
"SUSE Package Hub 15:aom-tools-1.0.0-bp150.2.1.ppc64le",
"SUSE Package Hub 15:aom-tools-1.0.0-bp150.2.1.s390x",
"SUSE Package Hub 15:aom-tools-1.0.0-bp150.2.1.x86_64",
"SUSE Package Hub 15:libaom-devel-1.0.0-bp150.2.1.aarch64",
"SUSE Package Hub 15:libaom-devel-1.0.0-bp150.2.1.ppc64le",
"SUSE Package Hub 15:libaom-devel-1.0.0-bp150.2.1.s390x",
"SUSE Package Hub 15:libaom-devel-1.0.0-bp150.2.1.x86_64",
"SUSE Package Hub 15:libaom-devel-doc-1.0.0-bp150.2.1.noarch",
"SUSE Package Hub 15:libaom0-1.0.0-bp150.2.1.aarch64",
"SUSE Package Hub 15:libaom0-1.0.0-bp150.2.1.ppc64le",
"SUSE Package Hub 15:libaom0-1.0.0-bp150.2.1.s390x",
"SUSE Package Hub 15:libaom0-1.0.0-bp150.2.1.x86_64",
"SUSE Package Hub 15:libaom0-64bit-1.0.0-bp150.2.1.aarch64_ilp32",
"SUSE Package Hub 15:libvlc5-3.0.7.1-bp150.2.6.1.x86_64",
"SUSE Package Hub 15:libvlccore9-3.0.7.1-bp150.2.6.1.x86_64",
"SUSE Package Hub 15:vlc-3.0.7.1-bp150.2.6.1.x86_64",
"SUSE Package Hub 15:vlc-codec-gstreamer-3.0.7.1-bp150.2.6.1.x86_64",
"SUSE Package Hub 15:vlc-devel-3.0.7.1-bp150.2.6.1.x86_64",
"SUSE Package Hub 15:vlc-jack-3.0.7.1-bp150.2.6.1.x86_64",
"SUSE Package Hub 15:vlc-lang-3.0.7.1-bp150.2.6.1.noarch",
"SUSE Package Hub 15:vlc-noX-3.0.7.1-bp150.2.6.1.x86_64",
"SUSE Package Hub 15:vlc-qt-3.0.7.1-bp150.2.6.1.x86_64",
"SUSE Package Hub 15:vlc-vdpau-3.0.7.1-bp150.2.6.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2019-5459",
"url": "https://www.suse.com/security/cve/CVE-2019-5459"
},
{
"category": "external",
"summary": "SUSE Bug 1143549 for CVE-2019-5459",
"url": "https://bugzilla.suse.com/1143549"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Package Hub 15:aom-tools-1.0.0-bp150.2.1.aarch64",
"SUSE Package Hub 15:aom-tools-1.0.0-bp150.2.1.ppc64le",
"SUSE Package Hub 15:aom-tools-1.0.0-bp150.2.1.s390x",
"SUSE Package Hub 15:aom-tools-1.0.0-bp150.2.1.x86_64",
"SUSE Package Hub 15:libaom-devel-1.0.0-bp150.2.1.aarch64",
"SUSE Package Hub 15:libaom-devel-1.0.0-bp150.2.1.ppc64le",
"SUSE Package Hub 15:libaom-devel-1.0.0-bp150.2.1.s390x",
"SUSE Package Hub 15:libaom-devel-1.0.0-bp150.2.1.x86_64",
"SUSE Package Hub 15:libaom-devel-doc-1.0.0-bp150.2.1.noarch",
"SUSE Package Hub 15:libaom0-1.0.0-bp150.2.1.aarch64",
"SUSE Package Hub 15:libaom0-1.0.0-bp150.2.1.ppc64le",
"SUSE Package Hub 15:libaom0-1.0.0-bp150.2.1.s390x",
"SUSE Package Hub 15:libaom0-1.0.0-bp150.2.1.x86_64",
"SUSE Package Hub 15:libaom0-64bit-1.0.0-bp150.2.1.aarch64_ilp32",
"SUSE Package Hub 15:libvlc5-3.0.7.1-bp150.2.6.1.x86_64",
"SUSE Package Hub 15:libvlccore9-3.0.7.1-bp150.2.6.1.x86_64",
"SUSE Package Hub 15:vlc-3.0.7.1-bp150.2.6.1.x86_64",
"SUSE Package Hub 15:vlc-codec-gstreamer-3.0.7.1-bp150.2.6.1.x86_64",
"SUSE Package Hub 15:vlc-devel-3.0.7.1-bp150.2.6.1.x86_64",
"SUSE Package Hub 15:vlc-jack-3.0.7.1-bp150.2.6.1.x86_64",
"SUSE Package Hub 15:vlc-lang-3.0.7.1-bp150.2.6.1.noarch",
"SUSE Package Hub 15:vlc-noX-3.0.7.1-bp150.2.6.1.x86_64",
"SUSE Package Hub 15:vlc-qt-3.0.7.1-bp150.2.6.1.x86_64",
"SUSE Package Hub 15:vlc-vdpau-3.0.7.1-bp150.2.6.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.1,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Package Hub 15:aom-tools-1.0.0-bp150.2.1.aarch64",
"SUSE Package Hub 15:aom-tools-1.0.0-bp150.2.1.ppc64le",
"SUSE Package Hub 15:aom-tools-1.0.0-bp150.2.1.s390x",
"SUSE Package Hub 15:aom-tools-1.0.0-bp150.2.1.x86_64",
"SUSE Package Hub 15:libaom-devel-1.0.0-bp150.2.1.aarch64",
"SUSE Package Hub 15:libaom-devel-1.0.0-bp150.2.1.ppc64le",
"SUSE Package Hub 15:libaom-devel-1.0.0-bp150.2.1.s390x",
"SUSE Package Hub 15:libaom-devel-1.0.0-bp150.2.1.x86_64",
"SUSE Package Hub 15:libaom-devel-doc-1.0.0-bp150.2.1.noarch",
"SUSE Package Hub 15:libaom0-1.0.0-bp150.2.1.aarch64",
"SUSE Package Hub 15:libaom0-1.0.0-bp150.2.1.ppc64le",
"SUSE Package Hub 15:libaom0-1.0.0-bp150.2.1.s390x",
"SUSE Package Hub 15:libaom0-1.0.0-bp150.2.1.x86_64",
"SUSE Package Hub 15:libaom0-64bit-1.0.0-bp150.2.1.aarch64_ilp32",
"SUSE Package Hub 15:libvlc5-3.0.7.1-bp150.2.6.1.x86_64",
"SUSE Package Hub 15:libvlccore9-3.0.7.1-bp150.2.6.1.x86_64",
"SUSE Package Hub 15:vlc-3.0.7.1-bp150.2.6.1.x86_64",
"SUSE Package Hub 15:vlc-codec-gstreamer-3.0.7.1-bp150.2.6.1.x86_64",
"SUSE Package Hub 15:vlc-devel-3.0.7.1-bp150.2.6.1.x86_64",
"SUSE Package Hub 15:vlc-jack-3.0.7.1-bp150.2.6.1.x86_64",
"SUSE Package Hub 15:vlc-lang-3.0.7.1-bp150.2.6.1.noarch",
"SUSE Package Hub 15:vlc-noX-3.0.7.1-bp150.2.6.1.x86_64",
"SUSE Package Hub 15:vlc-qt-3.0.7.1-bp150.2.6.1.x86_64",
"SUSE Package Hub 15:vlc-vdpau-3.0.7.1-bp150.2.6.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2019-08-26T14:22:46Z",
"details": "moderate"
}
],
"title": "CVE-2019-5459"
},
{
"cve": "CVE-2019-5460",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2019-5460"
}
],
"notes": [
{
"category": "general",
"text": "Double Free in VLC versions \u003c= 3.0.6 leads to a crash.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Package Hub 15:aom-tools-1.0.0-bp150.2.1.aarch64",
"SUSE Package Hub 15:aom-tools-1.0.0-bp150.2.1.ppc64le",
"SUSE Package Hub 15:aom-tools-1.0.0-bp150.2.1.s390x",
"SUSE Package Hub 15:aom-tools-1.0.0-bp150.2.1.x86_64",
"SUSE Package Hub 15:libaom-devel-1.0.0-bp150.2.1.aarch64",
"SUSE Package Hub 15:libaom-devel-1.0.0-bp150.2.1.ppc64le",
"SUSE Package Hub 15:libaom-devel-1.0.0-bp150.2.1.s390x",
"SUSE Package Hub 15:libaom-devel-1.0.0-bp150.2.1.x86_64",
"SUSE Package Hub 15:libaom-devel-doc-1.0.0-bp150.2.1.noarch",
"SUSE Package Hub 15:libaom0-1.0.0-bp150.2.1.aarch64",
"SUSE Package Hub 15:libaom0-1.0.0-bp150.2.1.ppc64le",
"SUSE Package Hub 15:libaom0-1.0.0-bp150.2.1.s390x",
"SUSE Package Hub 15:libaom0-1.0.0-bp150.2.1.x86_64",
"SUSE Package Hub 15:libaom0-64bit-1.0.0-bp150.2.1.aarch64_ilp32",
"SUSE Package Hub 15:libvlc5-3.0.7.1-bp150.2.6.1.x86_64",
"SUSE Package Hub 15:libvlccore9-3.0.7.1-bp150.2.6.1.x86_64",
"SUSE Package Hub 15:vlc-3.0.7.1-bp150.2.6.1.x86_64",
"SUSE Package Hub 15:vlc-codec-gstreamer-3.0.7.1-bp150.2.6.1.x86_64",
"SUSE Package Hub 15:vlc-devel-3.0.7.1-bp150.2.6.1.x86_64",
"SUSE Package Hub 15:vlc-jack-3.0.7.1-bp150.2.6.1.x86_64",
"SUSE Package Hub 15:vlc-lang-3.0.7.1-bp150.2.6.1.noarch",
"SUSE Package Hub 15:vlc-noX-3.0.7.1-bp150.2.6.1.x86_64",
"SUSE Package Hub 15:vlc-qt-3.0.7.1-bp150.2.6.1.x86_64",
"SUSE Package Hub 15:vlc-vdpau-3.0.7.1-bp150.2.6.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2019-5460",
"url": "https://www.suse.com/security/cve/CVE-2019-5460"
},
{
"category": "external",
"summary": "SUSE Bug 1143547 for CVE-2019-5460",
"url": "https://bugzilla.suse.com/1143547"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Package Hub 15:aom-tools-1.0.0-bp150.2.1.aarch64",
"SUSE Package Hub 15:aom-tools-1.0.0-bp150.2.1.ppc64le",
"SUSE Package Hub 15:aom-tools-1.0.0-bp150.2.1.s390x",
"SUSE Package Hub 15:aom-tools-1.0.0-bp150.2.1.x86_64",
"SUSE Package Hub 15:libaom-devel-1.0.0-bp150.2.1.aarch64",
"SUSE Package Hub 15:libaom-devel-1.0.0-bp150.2.1.ppc64le",
"SUSE Package Hub 15:libaom-devel-1.0.0-bp150.2.1.s390x",
"SUSE Package Hub 15:libaom-devel-1.0.0-bp150.2.1.x86_64",
"SUSE Package Hub 15:libaom-devel-doc-1.0.0-bp150.2.1.noarch",
"SUSE Package Hub 15:libaom0-1.0.0-bp150.2.1.aarch64",
"SUSE Package Hub 15:libaom0-1.0.0-bp150.2.1.ppc64le",
"SUSE Package Hub 15:libaom0-1.0.0-bp150.2.1.s390x",
"SUSE Package Hub 15:libaom0-1.0.0-bp150.2.1.x86_64",
"SUSE Package Hub 15:libaom0-64bit-1.0.0-bp150.2.1.aarch64_ilp32",
"SUSE Package Hub 15:libvlc5-3.0.7.1-bp150.2.6.1.x86_64",
"SUSE Package Hub 15:libvlccore9-3.0.7.1-bp150.2.6.1.x86_64",
"SUSE Package Hub 15:vlc-3.0.7.1-bp150.2.6.1.x86_64",
"SUSE Package Hub 15:vlc-codec-gstreamer-3.0.7.1-bp150.2.6.1.x86_64",
"SUSE Package Hub 15:vlc-devel-3.0.7.1-bp150.2.6.1.x86_64",
"SUSE Package Hub 15:vlc-jack-3.0.7.1-bp150.2.6.1.x86_64",
"SUSE Package Hub 15:vlc-lang-3.0.7.1-bp150.2.6.1.noarch",
"SUSE Package Hub 15:vlc-noX-3.0.7.1-bp150.2.6.1.x86_64",
"SUSE Package Hub 15:vlc-qt-3.0.7.1-bp150.2.6.1.x86_64",
"SUSE Package Hub 15:vlc-vdpau-3.0.7.1-bp150.2.6.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Package Hub 15:aom-tools-1.0.0-bp150.2.1.aarch64",
"SUSE Package Hub 15:aom-tools-1.0.0-bp150.2.1.ppc64le",
"SUSE Package Hub 15:aom-tools-1.0.0-bp150.2.1.s390x",
"SUSE Package Hub 15:aom-tools-1.0.0-bp150.2.1.x86_64",
"SUSE Package Hub 15:libaom-devel-1.0.0-bp150.2.1.aarch64",
"SUSE Package Hub 15:libaom-devel-1.0.0-bp150.2.1.ppc64le",
"SUSE Package Hub 15:libaom-devel-1.0.0-bp150.2.1.s390x",
"SUSE Package Hub 15:libaom-devel-1.0.0-bp150.2.1.x86_64",
"SUSE Package Hub 15:libaom-devel-doc-1.0.0-bp150.2.1.noarch",
"SUSE Package Hub 15:libaom0-1.0.0-bp150.2.1.aarch64",
"SUSE Package Hub 15:libaom0-1.0.0-bp150.2.1.ppc64le",
"SUSE Package Hub 15:libaom0-1.0.0-bp150.2.1.s390x",
"SUSE Package Hub 15:libaom0-1.0.0-bp150.2.1.x86_64",
"SUSE Package Hub 15:libaom0-64bit-1.0.0-bp150.2.1.aarch64_ilp32",
"SUSE Package Hub 15:libvlc5-3.0.7.1-bp150.2.6.1.x86_64",
"SUSE Package Hub 15:libvlccore9-3.0.7.1-bp150.2.6.1.x86_64",
"SUSE Package Hub 15:vlc-3.0.7.1-bp150.2.6.1.x86_64",
"SUSE Package Hub 15:vlc-codec-gstreamer-3.0.7.1-bp150.2.6.1.x86_64",
"SUSE Package Hub 15:vlc-devel-3.0.7.1-bp150.2.6.1.x86_64",
"SUSE Package Hub 15:vlc-jack-3.0.7.1-bp150.2.6.1.x86_64",
"SUSE Package Hub 15:vlc-lang-3.0.7.1-bp150.2.6.1.noarch",
"SUSE Package Hub 15:vlc-noX-3.0.7.1-bp150.2.6.1.x86_64",
"SUSE Package Hub 15:vlc-qt-3.0.7.1-bp150.2.6.1.x86_64",
"SUSE Package Hub 15:vlc-vdpau-3.0.7.1-bp150.2.6.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2019-08-26T14:22:46Z",
"details": "moderate"
}
],
"title": "CVE-2019-5460"
}
]
}
opensuse-su-2019:1897-1
Vulnerability from csaf_opensuse
Published
2019-08-15 08:55
Modified
2019-08-15 08:55
Summary
Security update for vlc
Notes
Title of the patch
Security update for vlc
Description of the patch
This update for vlc to version 3.0.7.1 fixes the following issues:
Security issues fixed:
- CVE-2019-5439: Fixed a buffer overflow (bsc#1138354).
- CVE-2019-5459: Fixed an integer underflow (bsc#1143549).
- CVE-2019-5460: Fixed a double free (bsc#1143547).
- CVE-2019-12874: Fixed a double free in zlib_decompress_extra in modules/demux/mkv/util.cpp (bsc#1138933).
- CVE-2019-13602: Fixed an integer underflow in mp4 demuxer (boo#1141522).
- CVE-2019-13962: Fixed a heap-based buffer over-read in avcodec (boo#1142161).
Non-security issues fixed:
- Video Output:
* Fix hardware acceleration with some AMD drivers
* Improve direct3d11 HDR support
- Access:
* Improve Blu-ray support
- Audio output:
* Fix pass-through on Android-23
* Fix DirectSound drain
- Demux: Improve MP4 support
- Video Output:
* Fix 12 bits sources playback with Direct3D11
* Fix crash on iOS
* Fix midstream aspect-ratio changes when Windows hardware decoding is on
* Fix HLG display with Direct3D11
- Stream Output: Improve Chromecast support with new ChromeCast apps
- Misc:
* Update Youtube, Dailymotion, Vimeo, Soundcloud scripts
* Work around busy looping when playing an invalid item with loop enabled
- Updated translations.
This update was imported from the openSUSE:Leap:15.1:Update update project.
Patchnames
openSUSE-2019-1897
Terms of use
CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).
{
"document": {
"aggregate_severity": {
"namespace": "https://www.suse.com/support/security/rating/",
"text": "important"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright 2024 SUSE LLC. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "Security update for vlc",
"title": "Title of the patch"
},
{
"category": "description",
"text": "This update for vlc to version 3.0.7.1 fixes the following issues:\n\nSecurity issues fixed:\n\t \n- CVE-2019-5439: Fixed a buffer overflow (bsc#1138354).\n- CVE-2019-5459: Fixed an integer underflow (bsc#1143549).\n- CVE-2019-5460: Fixed a double free (bsc#1143547).\n- CVE-2019-12874: Fixed a double free in zlib_decompress_extra in modules/demux/mkv/util.cpp (bsc#1138933).\n- CVE-2019-13602: Fixed an integer underflow in mp4 demuxer (boo#1141522).\n- CVE-2019-13962: Fixed a heap-based buffer over-read in avcodec (boo#1142161).\n\nNon-security issues fixed:\n\n- Video Output:\n * Fix hardware acceleration with some AMD drivers\n * Improve direct3d11 HDR support\n- Access:\n * Improve Blu-ray support\n- Audio output:\n * Fix pass-through on Android-23\n * Fix DirectSound drain\n- Demux: Improve MP4 support\n- Video Output:\n * Fix 12 bits sources playback with Direct3D11\n * Fix crash on iOS\n * Fix midstream aspect-ratio changes when Windows hardware decoding is on\n * Fix HLG display with Direct3D11\n- Stream Output: Improve Chromecast support with new ChromeCast apps\n- Misc:\n * Update Youtube, Dailymotion, Vimeo, Soundcloud scripts\n * Work around busy looping when playing an invalid item with loop enabled\n- Updated translations.\n\nThis update was imported from the openSUSE:Leap:15.1:Update update project.",
"title": "Description of the patch"
},
{
"category": "details",
"text": "openSUSE-2019-1897",
"title": "Patchnames"
},
{
"category": "legal_disclaimer",
"text": "CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).",
"title": "Terms of use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://www.suse.com/support/security/contact/",
"name": "SUSE Product Security Team",
"namespace": "https://www.suse.com/"
},
"references": [
{
"category": "external",
"summary": "SUSE ratings",
"url": "https://www.suse.com/support/security/rating/"
},
{
"category": "self",
"summary": "URL of this CSAF notice",
"url": "https://ftp.suse.com/pub/projects/security/csaf/opensuse-su-2019_1897-1.json"
},
{
"category": "self",
"summary": "URL for openSUSE-SU-2019:1897-1",
"url": "https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/BZ6PVIORM3E3KCDWEJP6ZSJVHTRTXT2M/#BZ6PVIORM3E3KCDWEJP6ZSJVHTRTXT2M"
},
{
"category": "self",
"summary": "E-Mail link for openSUSE-SU-2019:1897-1",
"url": "https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/BZ6PVIORM3E3KCDWEJP6ZSJVHTRTXT2M/#BZ6PVIORM3E3KCDWEJP6ZSJVHTRTXT2M"
},
{
"category": "self",
"summary": "SUSE Bug 1118586",
"url": "https://bugzilla.suse.com/1118586"
},
{
"category": "self",
"summary": "SUSE Bug 1138354",
"url": "https://bugzilla.suse.com/1138354"
},
{
"category": "self",
"summary": "SUSE Bug 1138933",
"url": "https://bugzilla.suse.com/1138933"
},
{
"category": "self",
"summary": "SUSE Bug 1141522",
"url": "https://bugzilla.suse.com/1141522"
},
{
"category": "self",
"summary": "SUSE Bug 1142161",
"url": "https://bugzilla.suse.com/1142161"
},
{
"category": "self",
"summary": "SUSE Bug 1143547",
"url": "https://bugzilla.suse.com/1143547"
},
{
"category": "self",
"summary": "SUSE Bug 1143549",
"url": "https://bugzilla.suse.com/1143549"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2018-19857 page",
"url": "https://www.suse.com/security/cve/CVE-2018-19857/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2019-12874 page",
"url": "https://www.suse.com/security/cve/CVE-2019-12874/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2019-13602 page",
"url": "https://www.suse.com/security/cve/CVE-2019-13602/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2019-13962 page",
"url": "https://www.suse.com/security/cve/CVE-2019-13962/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2019-5439 page",
"url": "https://www.suse.com/security/cve/CVE-2019-5439/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2019-5459 page",
"url": "https://www.suse.com/security/cve/CVE-2019-5459/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2019-5460 page",
"url": "https://www.suse.com/security/cve/CVE-2019-5460/"
}
],
"title": "Security update for vlc",
"tracking": {
"current_release_date": "2019-08-15T08:55:15Z",
"generator": {
"date": "2019-08-15T08:55:15Z",
"engine": {
"name": "cve-database.git:bin/generate-csaf.pl",
"version": "1"
}
},
"id": "openSUSE-SU-2019:1897-1",
"initial_release_date": "2019-08-15T08:55:15Z",
"revision_history": [
{
"date": "2019-08-15T08:55:15Z",
"number": "1",
"summary": "Current version"
}
],
"status": "final",
"version": "1"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_version",
"name": "vlc-lang-3.0.7.1-bp151.5.3.3.noarch",
"product": {
"name": "vlc-lang-3.0.7.1-bp151.5.3.3.noarch",
"product_id": "vlc-lang-3.0.7.1-bp151.5.3.3.noarch"
}
}
],
"category": "architecture",
"name": "noarch"
},
{
"branches": [
{
"category": "product_version",
"name": "libvlc5-3.0.7.1-bp151.5.3.3.x86_64",
"product": {
"name": "libvlc5-3.0.7.1-bp151.5.3.3.x86_64",
"product_id": "libvlc5-3.0.7.1-bp151.5.3.3.x86_64"
}
},
{
"category": "product_version",
"name": "libvlccore9-3.0.7.1-bp151.5.3.3.x86_64",
"product": {
"name": "libvlccore9-3.0.7.1-bp151.5.3.3.x86_64",
"product_id": "libvlccore9-3.0.7.1-bp151.5.3.3.x86_64"
}
},
{
"category": "product_version",
"name": "vlc-3.0.7.1-bp151.5.3.3.x86_64",
"product": {
"name": "vlc-3.0.7.1-bp151.5.3.3.x86_64",
"product_id": "vlc-3.0.7.1-bp151.5.3.3.x86_64"
}
},
{
"category": "product_version",
"name": "vlc-codec-gstreamer-3.0.7.1-bp151.5.3.3.x86_64",
"product": {
"name": "vlc-codec-gstreamer-3.0.7.1-bp151.5.3.3.x86_64",
"product_id": "vlc-codec-gstreamer-3.0.7.1-bp151.5.3.3.x86_64"
}
},
{
"category": "product_version",
"name": "vlc-devel-3.0.7.1-bp151.5.3.3.x86_64",
"product": {
"name": "vlc-devel-3.0.7.1-bp151.5.3.3.x86_64",
"product_id": "vlc-devel-3.0.7.1-bp151.5.3.3.x86_64"
}
},
{
"category": "product_version",
"name": "vlc-jack-3.0.7.1-bp151.5.3.3.x86_64",
"product": {
"name": "vlc-jack-3.0.7.1-bp151.5.3.3.x86_64",
"product_id": "vlc-jack-3.0.7.1-bp151.5.3.3.x86_64"
}
},
{
"category": "product_version",
"name": "vlc-noX-3.0.7.1-bp151.5.3.3.x86_64",
"product": {
"name": "vlc-noX-3.0.7.1-bp151.5.3.3.x86_64",
"product_id": "vlc-noX-3.0.7.1-bp151.5.3.3.x86_64"
}
},
{
"category": "product_version",
"name": "vlc-qt-3.0.7.1-bp151.5.3.3.x86_64",
"product": {
"name": "vlc-qt-3.0.7.1-bp151.5.3.3.x86_64",
"product_id": "vlc-qt-3.0.7.1-bp151.5.3.3.x86_64"
}
},
{
"category": "product_version",
"name": "vlc-vdpau-3.0.7.1-bp151.5.3.3.x86_64",
"product": {
"name": "vlc-vdpau-3.0.7.1-bp151.5.3.3.x86_64",
"product_id": "vlc-vdpau-3.0.7.1-bp151.5.3.3.x86_64"
}
}
],
"category": "architecture",
"name": "x86_64"
},
{
"branches": [
{
"category": "product_name",
"name": "SUSE Package Hub 15 SP1",
"product": {
"name": "SUSE Package Hub 15 SP1",
"product_id": "SUSE Package Hub 15 SP1"
}
}
],
"category": "product_family",
"name": "SUSE Linux Enterprise"
}
],
"category": "vendor",
"name": "SUSE"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "libvlc5-3.0.7.1-bp151.5.3.3.x86_64 as component of SUSE Package Hub 15 SP1",
"product_id": "SUSE Package Hub 15 SP1:libvlc5-3.0.7.1-bp151.5.3.3.x86_64"
},
"product_reference": "libvlc5-3.0.7.1-bp151.5.3.3.x86_64",
"relates_to_product_reference": "SUSE Package Hub 15 SP1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libvlccore9-3.0.7.1-bp151.5.3.3.x86_64 as component of SUSE Package Hub 15 SP1",
"product_id": "SUSE Package Hub 15 SP1:libvlccore9-3.0.7.1-bp151.5.3.3.x86_64"
},
"product_reference": "libvlccore9-3.0.7.1-bp151.5.3.3.x86_64",
"relates_to_product_reference": "SUSE Package Hub 15 SP1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "vlc-3.0.7.1-bp151.5.3.3.x86_64 as component of SUSE Package Hub 15 SP1",
"product_id": "SUSE Package Hub 15 SP1:vlc-3.0.7.1-bp151.5.3.3.x86_64"
},
"product_reference": "vlc-3.0.7.1-bp151.5.3.3.x86_64",
"relates_to_product_reference": "SUSE Package Hub 15 SP1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "vlc-codec-gstreamer-3.0.7.1-bp151.5.3.3.x86_64 as component of SUSE Package Hub 15 SP1",
"product_id": "SUSE Package Hub 15 SP1:vlc-codec-gstreamer-3.0.7.1-bp151.5.3.3.x86_64"
},
"product_reference": "vlc-codec-gstreamer-3.0.7.1-bp151.5.3.3.x86_64",
"relates_to_product_reference": "SUSE Package Hub 15 SP1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "vlc-devel-3.0.7.1-bp151.5.3.3.x86_64 as component of SUSE Package Hub 15 SP1",
"product_id": "SUSE Package Hub 15 SP1:vlc-devel-3.0.7.1-bp151.5.3.3.x86_64"
},
"product_reference": "vlc-devel-3.0.7.1-bp151.5.3.3.x86_64",
"relates_to_product_reference": "SUSE Package Hub 15 SP1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "vlc-jack-3.0.7.1-bp151.5.3.3.x86_64 as component of SUSE Package Hub 15 SP1",
"product_id": "SUSE Package Hub 15 SP1:vlc-jack-3.0.7.1-bp151.5.3.3.x86_64"
},
"product_reference": "vlc-jack-3.0.7.1-bp151.5.3.3.x86_64",
"relates_to_product_reference": "SUSE Package Hub 15 SP1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "vlc-lang-3.0.7.1-bp151.5.3.3.noarch as component of SUSE Package Hub 15 SP1",
"product_id": "SUSE Package Hub 15 SP1:vlc-lang-3.0.7.1-bp151.5.3.3.noarch"
},
"product_reference": "vlc-lang-3.0.7.1-bp151.5.3.3.noarch",
"relates_to_product_reference": "SUSE Package Hub 15 SP1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "vlc-noX-3.0.7.1-bp151.5.3.3.x86_64 as component of SUSE Package Hub 15 SP1",
"product_id": "SUSE Package Hub 15 SP1:vlc-noX-3.0.7.1-bp151.5.3.3.x86_64"
},
"product_reference": "vlc-noX-3.0.7.1-bp151.5.3.3.x86_64",
"relates_to_product_reference": "SUSE Package Hub 15 SP1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "vlc-qt-3.0.7.1-bp151.5.3.3.x86_64 as component of SUSE Package Hub 15 SP1",
"product_id": "SUSE Package Hub 15 SP1:vlc-qt-3.0.7.1-bp151.5.3.3.x86_64"
},
"product_reference": "vlc-qt-3.0.7.1-bp151.5.3.3.x86_64",
"relates_to_product_reference": "SUSE Package Hub 15 SP1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "vlc-vdpau-3.0.7.1-bp151.5.3.3.x86_64 as component of SUSE Package Hub 15 SP1",
"product_id": "SUSE Package Hub 15 SP1:vlc-vdpau-3.0.7.1-bp151.5.3.3.x86_64"
},
"product_reference": "vlc-vdpau-3.0.7.1-bp151.5.3.3.x86_64",
"relates_to_product_reference": "SUSE Package Hub 15 SP1"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2018-19857",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2018-19857"
}
],
"notes": [
{
"category": "general",
"text": "The CAF demuxer in modules/demux/caf.c in VideoLAN VLC media player 3.0.4 may read memory from an uninitialized pointer when processing magic cookies in CAF files, because a ReadKukiChunk() cast converts a return value to an unsigned int even if that value is negative. This could result in a denial of service and/or a potential infoleak.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Package Hub 15 SP1:libvlc5-3.0.7.1-bp151.5.3.3.x86_64",
"SUSE Package Hub 15 SP1:libvlccore9-3.0.7.1-bp151.5.3.3.x86_64",
"SUSE Package Hub 15 SP1:vlc-3.0.7.1-bp151.5.3.3.x86_64",
"SUSE Package Hub 15 SP1:vlc-codec-gstreamer-3.0.7.1-bp151.5.3.3.x86_64",
"SUSE Package Hub 15 SP1:vlc-devel-3.0.7.1-bp151.5.3.3.x86_64",
"SUSE Package Hub 15 SP1:vlc-jack-3.0.7.1-bp151.5.3.3.x86_64",
"SUSE Package Hub 15 SP1:vlc-lang-3.0.7.1-bp151.5.3.3.noarch",
"SUSE Package Hub 15 SP1:vlc-noX-3.0.7.1-bp151.5.3.3.x86_64",
"SUSE Package Hub 15 SP1:vlc-qt-3.0.7.1-bp151.5.3.3.x86_64",
"SUSE Package Hub 15 SP1:vlc-vdpau-3.0.7.1-bp151.5.3.3.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2018-19857",
"url": "https://www.suse.com/security/cve/CVE-2018-19857"
},
{
"category": "external",
"summary": "SUSE Bug 1118586 for CVE-2018-19857",
"url": "https://bugzilla.suse.com/1118586"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Package Hub 15 SP1:libvlc5-3.0.7.1-bp151.5.3.3.x86_64",
"SUSE Package Hub 15 SP1:libvlccore9-3.0.7.1-bp151.5.3.3.x86_64",
"SUSE Package Hub 15 SP1:vlc-3.0.7.1-bp151.5.3.3.x86_64",
"SUSE Package Hub 15 SP1:vlc-codec-gstreamer-3.0.7.1-bp151.5.3.3.x86_64",
"SUSE Package Hub 15 SP1:vlc-devel-3.0.7.1-bp151.5.3.3.x86_64",
"SUSE Package Hub 15 SP1:vlc-jack-3.0.7.1-bp151.5.3.3.x86_64",
"SUSE Package Hub 15 SP1:vlc-lang-3.0.7.1-bp151.5.3.3.noarch",
"SUSE Package Hub 15 SP1:vlc-noX-3.0.7.1-bp151.5.3.3.x86_64",
"SUSE Package Hub 15 SP1:vlc-qt-3.0.7.1-bp151.5.3.3.x86_64",
"SUSE Package Hub 15 SP1:vlc-vdpau-3.0.7.1-bp151.5.3.3.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 9.1,
"baseSeverity": "CRITICAL",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H",
"version": "3.0"
},
"products": [
"SUSE Package Hub 15 SP1:libvlc5-3.0.7.1-bp151.5.3.3.x86_64",
"SUSE Package Hub 15 SP1:libvlccore9-3.0.7.1-bp151.5.3.3.x86_64",
"SUSE Package Hub 15 SP1:vlc-3.0.7.1-bp151.5.3.3.x86_64",
"SUSE Package Hub 15 SP1:vlc-codec-gstreamer-3.0.7.1-bp151.5.3.3.x86_64",
"SUSE Package Hub 15 SP1:vlc-devel-3.0.7.1-bp151.5.3.3.x86_64",
"SUSE Package Hub 15 SP1:vlc-jack-3.0.7.1-bp151.5.3.3.x86_64",
"SUSE Package Hub 15 SP1:vlc-lang-3.0.7.1-bp151.5.3.3.noarch",
"SUSE Package Hub 15 SP1:vlc-noX-3.0.7.1-bp151.5.3.3.x86_64",
"SUSE Package Hub 15 SP1:vlc-qt-3.0.7.1-bp151.5.3.3.x86_64",
"SUSE Package Hub 15 SP1:vlc-vdpau-3.0.7.1-bp151.5.3.3.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2019-08-15T08:55:15Z",
"details": "moderate"
}
],
"title": "CVE-2018-19857"
},
{
"cve": "CVE-2019-12874",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2019-12874"
}
],
"notes": [
{
"category": "general",
"text": "An issue was discovered in zlib_decompress_extra in modules/demux/mkv/util.cpp in VideoLAN VLC media player 3.x through 3.0.7. The Matroska demuxer, while parsing a malformed MKV file type, has a double free.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Package Hub 15 SP1:libvlc5-3.0.7.1-bp151.5.3.3.x86_64",
"SUSE Package Hub 15 SP1:libvlccore9-3.0.7.1-bp151.5.3.3.x86_64",
"SUSE Package Hub 15 SP1:vlc-3.0.7.1-bp151.5.3.3.x86_64",
"SUSE Package Hub 15 SP1:vlc-codec-gstreamer-3.0.7.1-bp151.5.3.3.x86_64",
"SUSE Package Hub 15 SP1:vlc-devel-3.0.7.1-bp151.5.3.3.x86_64",
"SUSE Package Hub 15 SP1:vlc-jack-3.0.7.1-bp151.5.3.3.x86_64",
"SUSE Package Hub 15 SP1:vlc-lang-3.0.7.1-bp151.5.3.3.noarch",
"SUSE Package Hub 15 SP1:vlc-noX-3.0.7.1-bp151.5.3.3.x86_64",
"SUSE Package Hub 15 SP1:vlc-qt-3.0.7.1-bp151.5.3.3.x86_64",
"SUSE Package Hub 15 SP1:vlc-vdpau-3.0.7.1-bp151.5.3.3.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2019-12874",
"url": "https://www.suse.com/security/cve/CVE-2019-12874"
},
{
"category": "external",
"summary": "SUSE Bug 1138933 for CVE-2019-12874",
"url": "https://bugzilla.suse.com/1138933"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Package Hub 15 SP1:libvlc5-3.0.7.1-bp151.5.3.3.x86_64",
"SUSE Package Hub 15 SP1:libvlccore9-3.0.7.1-bp151.5.3.3.x86_64",
"SUSE Package Hub 15 SP1:vlc-3.0.7.1-bp151.5.3.3.x86_64",
"SUSE Package Hub 15 SP1:vlc-codec-gstreamer-3.0.7.1-bp151.5.3.3.x86_64",
"SUSE Package Hub 15 SP1:vlc-devel-3.0.7.1-bp151.5.3.3.x86_64",
"SUSE Package Hub 15 SP1:vlc-jack-3.0.7.1-bp151.5.3.3.x86_64",
"SUSE Package Hub 15 SP1:vlc-lang-3.0.7.1-bp151.5.3.3.noarch",
"SUSE Package Hub 15 SP1:vlc-noX-3.0.7.1-bp151.5.3.3.x86_64",
"SUSE Package Hub 15 SP1:vlc-qt-3.0.7.1-bp151.5.3.3.x86_64",
"SUSE Package Hub 15 SP1:vlc-vdpau-3.0.7.1-bp151.5.3.3.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
},
"products": [
"SUSE Package Hub 15 SP1:libvlc5-3.0.7.1-bp151.5.3.3.x86_64",
"SUSE Package Hub 15 SP1:libvlccore9-3.0.7.1-bp151.5.3.3.x86_64",
"SUSE Package Hub 15 SP1:vlc-3.0.7.1-bp151.5.3.3.x86_64",
"SUSE Package Hub 15 SP1:vlc-codec-gstreamer-3.0.7.1-bp151.5.3.3.x86_64",
"SUSE Package Hub 15 SP1:vlc-devel-3.0.7.1-bp151.5.3.3.x86_64",
"SUSE Package Hub 15 SP1:vlc-jack-3.0.7.1-bp151.5.3.3.x86_64",
"SUSE Package Hub 15 SP1:vlc-lang-3.0.7.1-bp151.5.3.3.noarch",
"SUSE Package Hub 15 SP1:vlc-noX-3.0.7.1-bp151.5.3.3.x86_64",
"SUSE Package Hub 15 SP1:vlc-qt-3.0.7.1-bp151.5.3.3.x86_64",
"SUSE Package Hub 15 SP1:vlc-vdpau-3.0.7.1-bp151.5.3.3.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2019-08-15T08:55:15Z",
"details": "important"
}
],
"title": "CVE-2019-12874"
},
{
"cve": "CVE-2019-13602",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2019-13602"
}
],
"notes": [
{
"category": "general",
"text": "An Integer Underflow in MP4_EIA608_Convert() in modules/demux/mp4/mp4.c in VideoLAN VLC media player through 3.0.7.1 allows remote attackers to cause a denial of service (heap-based buffer overflow and crash) or possibly have unspecified other impact via a crafted .mp4 file.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Package Hub 15 SP1:libvlc5-3.0.7.1-bp151.5.3.3.x86_64",
"SUSE Package Hub 15 SP1:libvlccore9-3.0.7.1-bp151.5.3.3.x86_64",
"SUSE Package Hub 15 SP1:vlc-3.0.7.1-bp151.5.3.3.x86_64",
"SUSE Package Hub 15 SP1:vlc-codec-gstreamer-3.0.7.1-bp151.5.3.3.x86_64",
"SUSE Package Hub 15 SP1:vlc-devel-3.0.7.1-bp151.5.3.3.x86_64",
"SUSE Package Hub 15 SP1:vlc-jack-3.0.7.1-bp151.5.3.3.x86_64",
"SUSE Package Hub 15 SP1:vlc-lang-3.0.7.1-bp151.5.3.3.noarch",
"SUSE Package Hub 15 SP1:vlc-noX-3.0.7.1-bp151.5.3.3.x86_64",
"SUSE Package Hub 15 SP1:vlc-qt-3.0.7.1-bp151.5.3.3.x86_64",
"SUSE Package Hub 15 SP1:vlc-vdpau-3.0.7.1-bp151.5.3.3.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2019-13602",
"url": "https://www.suse.com/security/cve/CVE-2019-13602"
},
{
"category": "external",
"summary": "SUSE Bug 1141522 for CVE-2019-13602",
"url": "https://bugzilla.suse.com/1141522"
},
{
"category": "external",
"summary": "SUSE Bug 1146428 for CVE-2019-13602",
"url": "https://bugzilla.suse.com/1146428"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Package Hub 15 SP1:libvlc5-3.0.7.1-bp151.5.3.3.x86_64",
"SUSE Package Hub 15 SP1:libvlccore9-3.0.7.1-bp151.5.3.3.x86_64",
"SUSE Package Hub 15 SP1:vlc-3.0.7.1-bp151.5.3.3.x86_64",
"SUSE Package Hub 15 SP1:vlc-codec-gstreamer-3.0.7.1-bp151.5.3.3.x86_64",
"SUSE Package Hub 15 SP1:vlc-devel-3.0.7.1-bp151.5.3.3.x86_64",
"SUSE Package Hub 15 SP1:vlc-jack-3.0.7.1-bp151.5.3.3.x86_64",
"SUSE Package Hub 15 SP1:vlc-lang-3.0.7.1-bp151.5.3.3.noarch",
"SUSE Package Hub 15 SP1:vlc-noX-3.0.7.1-bp151.5.3.3.x86_64",
"SUSE Package Hub 15 SP1:vlc-qt-3.0.7.1-bp151.5.3.3.x86_64",
"SUSE Package Hub 15 SP1:vlc-vdpau-3.0.7.1-bp151.5.3.3.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.0"
},
"products": [
"SUSE Package Hub 15 SP1:libvlc5-3.0.7.1-bp151.5.3.3.x86_64",
"SUSE Package Hub 15 SP1:libvlccore9-3.0.7.1-bp151.5.3.3.x86_64",
"SUSE Package Hub 15 SP1:vlc-3.0.7.1-bp151.5.3.3.x86_64",
"SUSE Package Hub 15 SP1:vlc-codec-gstreamer-3.0.7.1-bp151.5.3.3.x86_64",
"SUSE Package Hub 15 SP1:vlc-devel-3.0.7.1-bp151.5.3.3.x86_64",
"SUSE Package Hub 15 SP1:vlc-jack-3.0.7.1-bp151.5.3.3.x86_64",
"SUSE Package Hub 15 SP1:vlc-lang-3.0.7.1-bp151.5.3.3.noarch",
"SUSE Package Hub 15 SP1:vlc-noX-3.0.7.1-bp151.5.3.3.x86_64",
"SUSE Package Hub 15 SP1:vlc-qt-3.0.7.1-bp151.5.3.3.x86_64",
"SUSE Package Hub 15 SP1:vlc-vdpau-3.0.7.1-bp151.5.3.3.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2019-08-15T08:55:15Z",
"details": "important"
}
],
"title": "CVE-2019-13602"
},
{
"cve": "CVE-2019-13962",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2019-13962"
}
],
"notes": [
{
"category": "general",
"text": "lavc_CopyPicture in modules/codec/avcodec/video.c in VideoLAN VLC media player through 3.0.7 has a heap-based buffer over-read because it does not properly validate the width and height.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Package Hub 15 SP1:libvlc5-3.0.7.1-bp151.5.3.3.x86_64",
"SUSE Package Hub 15 SP1:libvlccore9-3.0.7.1-bp151.5.3.3.x86_64",
"SUSE Package Hub 15 SP1:vlc-3.0.7.1-bp151.5.3.3.x86_64",
"SUSE Package Hub 15 SP1:vlc-codec-gstreamer-3.0.7.1-bp151.5.3.3.x86_64",
"SUSE Package Hub 15 SP1:vlc-devel-3.0.7.1-bp151.5.3.3.x86_64",
"SUSE Package Hub 15 SP1:vlc-jack-3.0.7.1-bp151.5.3.3.x86_64",
"SUSE Package Hub 15 SP1:vlc-lang-3.0.7.1-bp151.5.3.3.noarch",
"SUSE Package Hub 15 SP1:vlc-noX-3.0.7.1-bp151.5.3.3.x86_64",
"SUSE Package Hub 15 SP1:vlc-qt-3.0.7.1-bp151.5.3.3.x86_64",
"SUSE Package Hub 15 SP1:vlc-vdpau-3.0.7.1-bp151.5.3.3.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2019-13962",
"url": "https://www.suse.com/security/cve/CVE-2019-13962"
},
{
"category": "external",
"summary": "SUSE Bug 1142161 for CVE-2019-13962",
"url": "https://bugzilla.suse.com/1142161"
},
{
"category": "external",
"summary": "SUSE Bug 1146428 for CVE-2019-13962",
"url": "https://bugzilla.suse.com/1146428"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Package Hub 15 SP1:libvlc5-3.0.7.1-bp151.5.3.3.x86_64",
"SUSE Package Hub 15 SP1:libvlccore9-3.0.7.1-bp151.5.3.3.x86_64",
"SUSE Package Hub 15 SP1:vlc-3.0.7.1-bp151.5.3.3.x86_64",
"SUSE Package Hub 15 SP1:vlc-codec-gstreamer-3.0.7.1-bp151.5.3.3.x86_64",
"SUSE Package Hub 15 SP1:vlc-devel-3.0.7.1-bp151.5.3.3.x86_64",
"SUSE Package Hub 15 SP1:vlc-jack-3.0.7.1-bp151.5.3.3.x86_64",
"SUSE Package Hub 15 SP1:vlc-lang-3.0.7.1-bp151.5.3.3.noarch",
"SUSE Package Hub 15 SP1:vlc-noX-3.0.7.1-bp151.5.3.3.x86_64",
"SUSE Package Hub 15 SP1:vlc-qt-3.0.7.1-bp151.5.3.3.x86_64",
"SUSE Package Hub 15 SP1:vlc-vdpau-3.0.7.1-bp151.5.3.3.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"SUSE Package Hub 15 SP1:libvlc5-3.0.7.1-bp151.5.3.3.x86_64",
"SUSE Package Hub 15 SP1:libvlccore9-3.0.7.1-bp151.5.3.3.x86_64",
"SUSE Package Hub 15 SP1:vlc-3.0.7.1-bp151.5.3.3.x86_64",
"SUSE Package Hub 15 SP1:vlc-codec-gstreamer-3.0.7.1-bp151.5.3.3.x86_64",
"SUSE Package Hub 15 SP1:vlc-devel-3.0.7.1-bp151.5.3.3.x86_64",
"SUSE Package Hub 15 SP1:vlc-jack-3.0.7.1-bp151.5.3.3.x86_64",
"SUSE Package Hub 15 SP1:vlc-lang-3.0.7.1-bp151.5.3.3.noarch",
"SUSE Package Hub 15 SP1:vlc-noX-3.0.7.1-bp151.5.3.3.x86_64",
"SUSE Package Hub 15 SP1:vlc-qt-3.0.7.1-bp151.5.3.3.x86_64",
"SUSE Package Hub 15 SP1:vlc-vdpau-3.0.7.1-bp151.5.3.3.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2019-08-15T08:55:15Z",
"details": "critical"
}
],
"title": "CVE-2019-13962"
},
{
"cve": "CVE-2019-5439",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2019-5439"
}
],
"notes": [
{
"category": "general",
"text": "A Buffer Overflow in VLC Media Player \u003c 3.0.7 causes a crash which can possibly be further developed into a remote code execution exploit.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Package Hub 15 SP1:libvlc5-3.0.7.1-bp151.5.3.3.x86_64",
"SUSE Package Hub 15 SP1:libvlccore9-3.0.7.1-bp151.5.3.3.x86_64",
"SUSE Package Hub 15 SP1:vlc-3.0.7.1-bp151.5.3.3.x86_64",
"SUSE Package Hub 15 SP1:vlc-codec-gstreamer-3.0.7.1-bp151.5.3.3.x86_64",
"SUSE Package Hub 15 SP1:vlc-devel-3.0.7.1-bp151.5.3.3.x86_64",
"SUSE Package Hub 15 SP1:vlc-jack-3.0.7.1-bp151.5.3.3.x86_64",
"SUSE Package Hub 15 SP1:vlc-lang-3.0.7.1-bp151.5.3.3.noarch",
"SUSE Package Hub 15 SP1:vlc-noX-3.0.7.1-bp151.5.3.3.x86_64",
"SUSE Package Hub 15 SP1:vlc-qt-3.0.7.1-bp151.5.3.3.x86_64",
"SUSE Package Hub 15 SP1:vlc-vdpau-3.0.7.1-bp151.5.3.3.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2019-5439",
"url": "https://www.suse.com/security/cve/CVE-2019-5439"
},
{
"category": "external",
"summary": "SUSE Bug 1138354 for CVE-2019-5439",
"url": "https://bugzilla.suse.com/1138354"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Package Hub 15 SP1:libvlc5-3.0.7.1-bp151.5.3.3.x86_64",
"SUSE Package Hub 15 SP1:libvlccore9-3.0.7.1-bp151.5.3.3.x86_64",
"SUSE Package Hub 15 SP1:vlc-3.0.7.1-bp151.5.3.3.x86_64",
"SUSE Package Hub 15 SP1:vlc-codec-gstreamer-3.0.7.1-bp151.5.3.3.x86_64",
"SUSE Package Hub 15 SP1:vlc-devel-3.0.7.1-bp151.5.3.3.x86_64",
"SUSE Package Hub 15 SP1:vlc-jack-3.0.7.1-bp151.5.3.3.x86_64",
"SUSE Package Hub 15 SP1:vlc-lang-3.0.7.1-bp151.5.3.3.noarch",
"SUSE Package Hub 15 SP1:vlc-noX-3.0.7.1-bp151.5.3.3.x86_64",
"SUSE Package Hub 15 SP1:vlc-qt-3.0.7.1-bp151.5.3.3.x86_64",
"SUSE Package Hub 15 SP1:vlc-vdpau-3.0.7.1-bp151.5.3.3.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
"version": "3.0"
},
"products": [
"SUSE Package Hub 15 SP1:libvlc5-3.0.7.1-bp151.5.3.3.x86_64",
"SUSE Package Hub 15 SP1:libvlccore9-3.0.7.1-bp151.5.3.3.x86_64",
"SUSE Package Hub 15 SP1:vlc-3.0.7.1-bp151.5.3.3.x86_64",
"SUSE Package Hub 15 SP1:vlc-codec-gstreamer-3.0.7.1-bp151.5.3.3.x86_64",
"SUSE Package Hub 15 SP1:vlc-devel-3.0.7.1-bp151.5.3.3.x86_64",
"SUSE Package Hub 15 SP1:vlc-jack-3.0.7.1-bp151.5.3.3.x86_64",
"SUSE Package Hub 15 SP1:vlc-lang-3.0.7.1-bp151.5.3.3.noarch",
"SUSE Package Hub 15 SP1:vlc-noX-3.0.7.1-bp151.5.3.3.x86_64",
"SUSE Package Hub 15 SP1:vlc-qt-3.0.7.1-bp151.5.3.3.x86_64",
"SUSE Package Hub 15 SP1:vlc-vdpau-3.0.7.1-bp151.5.3.3.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2019-08-15T08:55:15Z",
"details": "moderate"
}
],
"title": "CVE-2019-5439"
},
{
"cve": "CVE-2019-5459",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2019-5459"
}
],
"notes": [
{
"category": "general",
"text": "An Integer underflow in VLC Media Player versions \u003c 3.0.7 leads to an out-of-band read.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Package Hub 15 SP1:libvlc5-3.0.7.1-bp151.5.3.3.x86_64",
"SUSE Package Hub 15 SP1:libvlccore9-3.0.7.1-bp151.5.3.3.x86_64",
"SUSE Package Hub 15 SP1:vlc-3.0.7.1-bp151.5.3.3.x86_64",
"SUSE Package Hub 15 SP1:vlc-codec-gstreamer-3.0.7.1-bp151.5.3.3.x86_64",
"SUSE Package Hub 15 SP1:vlc-devel-3.0.7.1-bp151.5.3.3.x86_64",
"SUSE Package Hub 15 SP1:vlc-jack-3.0.7.1-bp151.5.3.3.x86_64",
"SUSE Package Hub 15 SP1:vlc-lang-3.0.7.1-bp151.5.3.3.noarch",
"SUSE Package Hub 15 SP1:vlc-noX-3.0.7.1-bp151.5.3.3.x86_64",
"SUSE Package Hub 15 SP1:vlc-qt-3.0.7.1-bp151.5.3.3.x86_64",
"SUSE Package Hub 15 SP1:vlc-vdpau-3.0.7.1-bp151.5.3.3.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2019-5459",
"url": "https://www.suse.com/security/cve/CVE-2019-5459"
},
{
"category": "external",
"summary": "SUSE Bug 1143549 for CVE-2019-5459",
"url": "https://bugzilla.suse.com/1143549"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Package Hub 15 SP1:libvlc5-3.0.7.1-bp151.5.3.3.x86_64",
"SUSE Package Hub 15 SP1:libvlccore9-3.0.7.1-bp151.5.3.3.x86_64",
"SUSE Package Hub 15 SP1:vlc-3.0.7.1-bp151.5.3.3.x86_64",
"SUSE Package Hub 15 SP1:vlc-codec-gstreamer-3.0.7.1-bp151.5.3.3.x86_64",
"SUSE Package Hub 15 SP1:vlc-devel-3.0.7.1-bp151.5.3.3.x86_64",
"SUSE Package Hub 15 SP1:vlc-jack-3.0.7.1-bp151.5.3.3.x86_64",
"SUSE Package Hub 15 SP1:vlc-lang-3.0.7.1-bp151.5.3.3.noarch",
"SUSE Package Hub 15 SP1:vlc-noX-3.0.7.1-bp151.5.3.3.x86_64",
"SUSE Package Hub 15 SP1:vlc-qt-3.0.7.1-bp151.5.3.3.x86_64",
"SUSE Package Hub 15 SP1:vlc-vdpau-3.0.7.1-bp151.5.3.3.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.1,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Package Hub 15 SP1:libvlc5-3.0.7.1-bp151.5.3.3.x86_64",
"SUSE Package Hub 15 SP1:libvlccore9-3.0.7.1-bp151.5.3.3.x86_64",
"SUSE Package Hub 15 SP1:vlc-3.0.7.1-bp151.5.3.3.x86_64",
"SUSE Package Hub 15 SP1:vlc-codec-gstreamer-3.0.7.1-bp151.5.3.3.x86_64",
"SUSE Package Hub 15 SP1:vlc-devel-3.0.7.1-bp151.5.3.3.x86_64",
"SUSE Package Hub 15 SP1:vlc-jack-3.0.7.1-bp151.5.3.3.x86_64",
"SUSE Package Hub 15 SP1:vlc-lang-3.0.7.1-bp151.5.3.3.noarch",
"SUSE Package Hub 15 SP1:vlc-noX-3.0.7.1-bp151.5.3.3.x86_64",
"SUSE Package Hub 15 SP1:vlc-qt-3.0.7.1-bp151.5.3.3.x86_64",
"SUSE Package Hub 15 SP1:vlc-vdpau-3.0.7.1-bp151.5.3.3.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2019-08-15T08:55:15Z",
"details": "moderate"
}
],
"title": "CVE-2019-5459"
},
{
"cve": "CVE-2019-5460",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2019-5460"
}
],
"notes": [
{
"category": "general",
"text": "Double Free in VLC versions \u003c= 3.0.6 leads to a crash.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Package Hub 15 SP1:libvlc5-3.0.7.1-bp151.5.3.3.x86_64",
"SUSE Package Hub 15 SP1:libvlccore9-3.0.7.1-bp151.5.3.3.x86_64",
"SUSE Package Hub 15 SP1:vlc-3.0.7.1-bp151.5.3.3.x86_64",
"SUSE Package Hub 15 SP1:vlc-codec-gstreamer-3.0.7.1-bp151.5.3.3.x86_64",
"SUSE Package Hub 15 SP1:vlc-devel-3.0.7.1-bp151.5.3.3.x86_64",
"SUSE Package Hub 15 SP1:vlc-jack-3.0.7.1-bp151.5.3.3.x86_64",
"SUSE Package Hub 15 SP1:vlc-lang-3.0.7.1-bp151.5.3.3.noarch",
"SUSE Package Hub 15 SP1:vlc-noX-3.0.7.1-bp151.5.3.3.x86_64",
"SUSE Package Hub 15 SP1:vlc-qt-3.0.7.1-bp151.5.3.3.x86_64",
"SUSE Package Hub 15 SP1:vlc-vdpau-3.0.7.1-bp151.5.3.3.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2019-5460",
"url": "https://www.suse.com/security/cve/CVE-2019-5460"
},
{
"category": "external",
"summary": "SUSE Bug 1143547 for CVE-2019-5460",
"url": "https://bugzilla.suse.com/1143547"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Package Hub 15 SP1:libvlc5-3.0.7.1-bp151.5.3.3.x86_64",
"SUSE Package Hub 15 SP1:libvlccore9-3.0.7.1-bp151.5.3.3.x86_64",
"SUSE Package Hub 15 SP1:vlc-3.0.7.1-bp151.5.3.3.x86_64",
"SUSE Package Hub 15 SP1:vlc-codec-gstreamer-3.0.7.1-bp151.5.3.3.x86_64",
"SUSE Package Hub 15 SP1:vlc-devel-3.0.7.1-bp151.5.3.3.x86_64",
"SUSE Package Hub 15 SP1:vlc-jack-3.0.7.1-bp151.5.3.3.x86_64",
"SUSE Package Hub 15 SP1:vlc-lang-3.0.7.1-bp151.5.3.3.noarch",
"SUSE Package Hub 15 SP1:vlc-noX-3.0.7.1-bp151.5.3.3.x86_64",
"SUSE Package Hub 15 SP1:vlc-qt-3.0.7.1-bp151.5.3.3.x86_64",
"SUSE Package Hub 15 SP1:vlc-vdpau-3.0.7.1-bp151.5.3.3.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Package Hub 15 SP1:libvlc5-3.0.7.1-bp151.5.3.3.x86_64",
"SUSE Package Hub 15 SP1:libvlccore9-3.0.7.1-bp151.5.3.3.x86_64",
"SUSE Package Hub 15 SP1:vlc-3.0.7.1-bp151.5.3.3.x86_64",
"SUSE Package Hub 15 SP1:vlc-codec-gstreamer-3.0.7.1-bp151.5.3.3.x86_64",
"SUSE Package Hub 15 SP1:vlc-devel-3.0.7.1-bp151.5.3.3.x86_64",
"SUSE Package Hub 15 SP1:vlc-jack-3.0.7.1-bp151.5.3.3.x86_64",
"SUSE Package Hub 15 SP1:vlc-lang-3.0.7.1-bp151.5.3.3.noarch",
"SUSE Package Hub 15 SP1:vlc-noX-3.0.7.1-bp151.5.3.3.x86_64",
"SUSE Package Hub 15 SP1:vlc-qt-3.0.7.1-bp151.5.3.3.x86_64",
"SUSE Package Hub 15 SP1:vlc-vdpau-3.0.7.1-bp151.5.3.3.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2019-08-15T08:55:15Z",
"details": "moderate"
}
],
"title": "CVE-2019-5460"
}
]
}
opensuse-su-2024:11502-1
Vulnerability from csaf_opensuse
Published
2024-06-15 00:00
Modified
2024-06-15 00:00
Summary
libvlc5-3.0.16-1.5 on GA media
Notes
Title of the patch
libvlc5-3.0.16-1.5 on GA media
Description of the patch
These are all security issues fixed in the libvlc5-3.0.16-1.5 package on the GA media of openSUSE Tumbleweed.
Patchnames
openSUSE-Tumbleweed-2024-11502
Terms of use
CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).
{
"document": {
"aggregate_severity": {
"namespace": "https://www.suse.com/support/security/rating/",
"text": "moderate"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright 2024 SUSE LLC. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "libvlc5-3.0.16-1.5 on GA media",
"title": "Title of the patch"
},
{
"category": "description",
"text": "These are all security issues fixed in the libvlc5-3.0.16-1.5 package on the GA media of openSUSE Tumbleweed.",
"title": "Description of the patch"
},
{
"category": "details",
"text": "openSUSE-Tumbleweed-2024-11502",
"title": "Patchnames"
},
{
"category": "legal_disclaimer",
"text": "CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).",
"title": "Terms of use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://www.suse.com/support/security/contact/",
"name": "SUSE Product Security Team",
"namespace": "https://www.suse.com/"
},
"references": [
{
"category": "external",
"summary": "SUSE ratings",
"url": "https://www.suse.com/support/security/rating/"
},
{
"category": "self",
"summary": "URL of this CSAF notice",
"url": "https://ftp.suse.com/pub/projects/security/csaf/opensuse-su-2024_11502-1.json"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2017-10699 page",
"url": "https://www.suse.com/security/cve/CVE-2017-10699/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2017-9300 page",
"url": "https://www.suse.com/security/cve/CVE-2017-9300/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2018-19857 page",
"url": "https://www.suse.com/security/cve/CVE-2018-19857/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2019-13602 page",
"url": "https://www.suse.com/security/cve/CVE-2019-13602/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2019-13962 page",
"url": "https://www.suse.com/security/cve/CVE-2019-13962/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2019-14437 page",
"url": "https://www.suse.com/security/cve/CVE-2019-14437/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2019-14498 page",
"url": "https://www.suse.com/security/cve/CVE-2019-14498/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2019-14533 page",
"url": "https://www.suse.com/security/cve/CVE-2019-14533/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2019-14534 page",
"url": "https://www.suse.com/security/cve/CVE-2019-14534/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2019-14535 page",
"url": "https://www.suse.com/security/cve/CVE-2019-14535/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2019-14776 page",
"url": "https://www.suse.com/security/cve/CVE-2019-14776/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2019-14777 page",
"url": "https://www.suse.com/security/cve/CVE-2019-14777/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2019-14970 page",
"url": "https://www.suse.com/security/cve/CVE-2019-14970/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2019-5439 page",
"url": "https://www.suse.com/security/cve/CVE-2019-5439/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2019-5460 page",
"url": "https://www.suse.com/security/cve/CVE-2019-5460/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2020-13428 page",
"url": "https://www.suse.com/security/cve/CVE-2020-13428/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2020-26664 page",
"url": "https://www.suse.com/security/cve/CVE-2020-26664/"
}
],
"title": "libvlc5-3.0.16-1.5 on GA media",
"tracking": {
"current_release_date": "2024-06-15T00:00:00Z",
"generator": {
"date": "2024-06-15T00:00:00Z",
"engine": {
"name": "cve-database.git:bin/generate-csaf.pl",
"version": "1"
}
},
"id": "openSUSE-SU-2024:11502-1",
"initial_release_date": "2024-06-15T00:00:00Z",
"revision_history": [
{
"date": "2024-06-15T00:00:00Z",
"number": "1",
"summary": "Current version"
}
],
"status": "final",
"version": "1"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_version",
"name": "libvlc5-3.0.16-1.5.aarch64",
"product": {
"name": "libvlc5-3.0.16-1.5.aarch64",
"product_id": "libvlc5-3.0.16-1.5.aarch64"
}
},
{
"category": "product_version",
"name": "libvlccore9-3.0.16-1.5.aarch64",
"product": {
"name": "libvlccore9-3.0.16-1.5.aarch64",
"product_id": "libvlccore9-3.0.16-1.5.aarch64"
}
},
{
"category": "product_version",
"name": "vlc-3.0.16-1.5.aarch64",
"product": {
"name": "vlc-3.0.16-1.5.aarch64",
"product_id": "vlc-3.0.16-1.5.aarch64"
}
},
{
"category": "product_version",
"name": "vlc-codec-gstreamer-3.0.16-1.5.aarch64",
"product": {
"name": "vlc-codec-gstreamer-3.0.16-1.5.aarch64",
"product_id": "vlc-codec-gstreamer-3.0.16-1.5.aarch64"
}
},
{
"category": "product_version",
"name": "vlc-devel-3.0.16-1.5.aarch64",
"product": {
"name": "vlc-devel-3.0.16-1.5.aarch64",
"product_id": "vlc-devel-3.0.16-1.5.aarch64"
}
},
{
"category": "product_version",
"name": "vlc-jack-3.0.16-1.5.aarch64",
"product": {
"name": "vlc-jack-3.0.16-1.5.aarch64",
"product_id": "vlc-jack-3.0.16-1.5.aarch64"
}
},
{
"category": "product_version",
"name": "vlc-lang-3.0.16-1.5.aarch64",
"product": {
"name": "vlc-lang-3.0.16-1.5.aarch64",
"product_id": "vlc-lang-3.0.16-1.5.aarch64"
}
},
{
"category": "product_version",
"name": "vlc-noX-3.0.16-1.5.aarch64",
"product": {
"name": "vlc-noX-3.0.16-1.5.aarch64",
"product_id": "vlc-noX-3.0.16-1.5.aarch64"
}
},
{
"category": "product_version",
"name": "vlc-opencv-3.0.16-1.5.aarch64",
"product": {
"name": "vlc-opencv-3.0.16-1.5.aarch64",
"product_id": "vlc-opencv-3.0.16-1.5.aarch64"
}
},
{
"category": "product_version",
"name": "vlc-qt-3.0.16-1.5.aarch64",
"product": {
"name": "vlc-qt-3.0.16-1.5.aarch64",
"product_id": "vlc-qt-3.0.16-1.5.aarch64"
}
},
{
"category": "product_version",
"name": "vlc-vdpau-3.0.16-1.5.aarch64",
"product": {
"name": "vlc-vdpau-3.0.16-1.5.aarch64",
"product_id": "vlc-vdpau-3.0.16-1.5.aarch64"
}
}
],
"category": "architecture",
"name": "aarch64"
},
{
"branches": [
{
"category": "product_version",
"name": "libvlc5-3.0.16-1.5.ppc64le",
"product": {
"name": "libvlc5-3.0.16-1.5.ppc64le",
"product_id": "libvlc5-3.0.16-1.5.ppc64le"
}
},
{
"category": "product_version",
"name": "libvlccore9-3.0.16-1.5.ppc64le",
"product": {
"name": "libvlccore9-3.0.16-1.5.ppc64le",
"product_id": "libvlccore9-3.0.16-1.5.ppc64le"
}
},
{
"category": "product_version",
"name": "vlc-3.0.16-1.5.ppc64le",
"product": {
"name": "vlc-3.0.16-1.5.ppc64le",
"product_id": "vlc-3.0.16-1.5.ppc64le"
}
},
{
"category": "product_version",
"name": "vlc-codec-gstreamer-3.0.16-1.5.ppc64le",
"product": {
"name": "vlc-codec-gstreamer-3.0.16-1.5.ppc64le",
"product_id": "vlc-codec-gstreamer-3.0.16-1.5.ppc64le"
}
},
{
"category": "product_version",
"name": "vlc-devel-3.0.16-1.5.ppc64le",
"product": {
"name": "vlc-devel-3.0.16-1.5.ppc64le",
"product_id": "vlc-devel-3.0.16-1.5.ppc64le"
}
},
{
"category": "product_version",
"name": "vlc-jack-3.0.16-1.5.ppc64le",
"product": {
"name": "vlc-jack-3.0.16-1.5.ppc64le",
"product_id": "vlc-jack-3.0.16-1.5.ppc64le"
}
},
{
"category": "product_version",
"name": "vlc-lang-3.0.16-1.5.ppc64le",
"product": {
"name": "vlc-lang-3.0.16-1.5.ppc64le",
"product_id": "vlc-lang-3.0.16-1.5.ppc64le"
}
},
{
"category": "product_version",
"name": "vlc-noX-3.0.16-1.5.ppc64le",
"product": {
"name": "vlc-noX-3.0.16-1.5.ppc64le",
"product_id": "vlc-noX-3.0.16-1.5.ppc64le"
}
},
{
"category": "product_version",
"name": "vlc-opencv-3.0.16-1.5.ppc64le",
"product": {
"name": "vlc-opencv-3.0.16-1.5.ppc64le",
"product_id": "vlc-opencv-3.0.16-1.5.ppc64le"
}
},
{
"category": "product_version",
"name": "vlc-qt-3.0.16-1.5.ppc64le",
"product": {
"name": "vlc-qt-3.0.16-1.5.ppc64le",
"product_id": "vlc-qt-3.0.16-1.5.ppc64le"
}
},
{
"category": "product_version",
"name": "vlc-vdpau-3.0.16-1.5.ppc64le",
"product": {
"name": "vlc-vdpau-3.0.16-1.5.ppc64le",
"product_id": "vlc-vdpau-3.0.16-1.5.ppc64le"
}
}
],
"category": "architecture",
"name": "ppc64le"
},
{
"branches": [
{
"category": "product_version",
"name": "libvlc5-3.0.16-1.5.s390x",
"product": {
"name": "libvlc5-3.0.16-1.5.s390x",
"product_id": "libvlc5-3.0.16-1.5.s390x"
}
},
{
"category": "product_version",
"name": "libvlccore9-3.0.16-1.5.s390x",
"product": {
"name": "libvlccore9-3.0.16-1.5.s390x",
"product_id": "libvlccore9-3.0.16-1.5.s390x"
}
},
{
"category": "product_version",
"name": "vlc-3.0.16-1.5.s390x",
"product": {
"name": "vlc-3.0.16-1.5.s390x",
"product_id": "vlc-3.0.16-1.5.s390x"
}
},
{
"category": "product_version",
"name": "vlc-codec-gstreamer-3.0.16-1.5.s390x",
"product": {
"name": "vlc-codec-gstreamer-3.0.16-1.5.s390x",
"product_id": "vlc-codec-gstreamer-3.0.16-1.5.s390x"
}
},
{
"category": "product_version",
"name": "vlc-devel-3.0.16-1.5.s390x",
"product": {
"name": "vlc-devel-3.0.16-1.5.s390x",
"product_id": "vlc-devel-3.0.16-1.5.s390x"
}
},
{
"category": "product_version",
"name": "vlc-jack-3.0.16-1.5.s390x",
"product": {
"name": "vlc-jack-3.0.16-1.5.s390x",
"product_id": "vlc-jack-3.0.16-1.5.s390x"
}
},
{
"category": "product_version",
"name": "vlc-lang-3.0.16-1.5.s390x",
"product": {
"name": "vlc-lang-3.0.16-1.5.s390x",
"product_id": "vlc-lang-3.0.16-1.5.s390x"
}
},
{
"category": "product_version",
"name": "vlc-noX-3.0.16-1.5.s390x",
"product": {
"name": "vlc-noX-3.0.16-1.5.s390x",
"product_id": "vlc-noX-3.0.16-1.5.s390x"
}
},
{
"category": "product_version",
"name": "vlc-opencv-3.0.16-1.5.s390x",
"product": {
"name": "vlc-opencv-3.0.16-1.5.s390x",
"product_id": "vlc-opencv-3.0.16-1.5.s390x"
}
},
{
"category": "product_version",
"name": "vlc-qt-3.0.16-1.5.s390x",
"product": {
"name": "vlc-qt-3.0.16-1.5.s390x",
"product_id": "vlc-qt-3.0.16-1.5.s390x"
}
},
{
"category": "product_version",
"name": "vlc-vdpau-3.0.16-1.5.s390x",
"product": {
"name": "vlc-vdpau-3.0.16-1.5.s390x",
"product_id": "vlc-vdpau-3.0.16-1.5.s390x"
}
}
],
"category": "architecture",
"name": "s390x"
},
{
"branches": [
{
"category": "product_version",
"name": "libvlc5-3.0.16-1.5.x86_64",
"product": {
"name": "libvlc5-3.0.16-1.5.x86_64",
"product_id": "libvlc5-3.0.16-1.5.x86_64"
}
},
{
"category": "product_version",
"name": "libvlccore9-3.0.16-1.5.x86_64",
"product": {
"name": "libvlccore9-3.0.16-1.5.x86_64",
"product_id": "libvlccore9-3.0.16-1.5.x86_64"
}
},
{
"category": "product_version",
"name": "vlc-3.0.16-1.5.x86_64",
"product": {
"name": "vlc-3.0.16-1.5.x86_64",
"product_id": "vlc-3.0.16-1.5.x86_64"
}
},
{
"category": "product_version",
"name": "vlc-codec-gstreamer-3.0.16-1.5.x86_64",
"product": {
"name": "vlc-codec-gstreamer-3.0.16-1.5.x86_64",
"product_id": "vlc-codec-gstreamer-3.0.16-1.5.x86_64"
}
},
{
"category": "product_version",
"name": "vlc-devel-3.0.16-1.5.x86_64",
"product": {
"name": "vlc-devel-3.0.16-1.5.x86_64",
"product_id": "vlc-devel-3.0.16-1.5.x86_64"
}
},
{
"category": "product_version",
"name": "vlc-jack-3.0.16-1.5.x86_64",
"product": {
"name": "vlc-jack-3.0.16-1.5.x86_64",
"product_id": "vlc-jack-3.0.16-1.5.x86_64"
}
},
{
"category": "product_version",
"name": "vlc-lang-3.0.16-1.5.x86_64",
"product": {
"name": "vlc-lang-3.0.16-1.5.x86_64",
"product_id": "vlc-lang-3.0.16-1.5.x86_64"
}
},
{
"category": "product_version",
"name": "vlc-noX-3.0.16-1.5.x86_64",
"product": {
"name": "vlc-noX-3.0.16-1.5.x86_64",
"product_id": "vlc-noX-3.0.16-1.5.x86_64"
}
},
{
"category": "product_version",
"name": "vlc-opencv-3.0.16-1.5.x86_64",
"product": {
"name": "vlc-opencv-3.0.16-1.5.x86_64",
"product_id": "vlc-opencv-3.0.16-1.5.x86_64"
}
},
{
"category": "product_version",
"name": "vlc-qt-3.0.16-1.5.x86_64",
"product": {
"name": "vlc-qt-3.0.16-1.5.x86_64",
"product_id": "vlc-qt-3.0.16-1.5.x86_64"
}
},
{
"category": "product_version",
"name": "vlc-vdpau-3.0.16-1.5.x86_64",
"product": {
"name": "vlc-vdpau-3.0.16-1.5.x86_64",
"product_id": "vlc-vdpau-3.0.16-1.5.x86_64"
}
}
],
"category": "architecture",
"name": "x86_64"
},
{
"branches": [
{
"category": "product_name",
"name": "openSUSE Tumbleweed",
"product": {
"name": "openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed",
"product_identification_helper": {
"cpe": "cpe:/o:opensuse:tumbleweed"
}
}
}
],
"category": "product_family",
"name": "SUSE Linux Enterprise"
}
],
"category": "vendor",
"name": "SUSE"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "libvlc5-3.0.16-1.5.aarch64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:libvlc5-3.0.16-1.5.aarch64"
},
"product_reference": "libvlc5-3.0.16-1.5.aarch64",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libvlc5-3.0.16-1.5.ppc64le as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:libvlc5-3.0.16-1.5.ppc64le"
},
"product_reference": "libvlc5-3.0.16-1.5.ppc64le",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libvlc5-3.0.16-1.5.s390x as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:libvlc5-3.0.16-1.5.s390x"
},
"product_reference": "libvlc5-3.0.16-1.5.s390x",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libvlc5-3.0.16-1.5.x86_64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:libvlc5-3.0.16-1.5.x86_64"
},
"product_reference": "libvlc5-3.0.16-1.5.x86_64",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libvlccore9-3.0.16-1.5.aarch64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:libvlccore9-3.0.16-1.5.aarch64"
},
"product_reference": "libvlccore9-3.0.16-1.5.aarch64",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libvlccore9-3.0.16-1.5.ppc64le as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:libvlccore9-3.0.16-1.5.ppc64le"
},
"product_reference": "libvlccore9-3.0.16-1.5.ppc64le",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libvlccore9-3.0.16-1.5.s390x as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:libvlccore9-3.0.16-1.5.s390x"
},
"product_reference": "libvlccore9-3.0.16-1.5.s390x",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libvlccore9-3.0.16-1.5.x86_64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:libvlccore9-3.0.16-1.5.x86_64"
},
"product_reference": "libvlccore9-3.0.16-1.5.x86_64",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "vlc-3.0.16-1.5.aarch64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:vlc-3.0.16-1.5.aarch64"
},
"product_reference": "vlc-3.0.16-1.5.aarch64",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "vlc-3.0.16-1.5.ppc64le as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:vlc-3.0.16-1.5.ppc64le"
},
"product_reference": "vlc-3.0.16-1.5.ppc64le",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "vlc-3.0.16-1.5.s390x as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:vlc-3.0.16-1.5.s390x"
},
"product_reference": "vlc-3.0.16-1.5.s390x",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "vlc-3.0.16-1.5.x86_64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:vlc-3.0.16-1.5.x86_64"
},
"product_reference": "vlc-3.0.16-1.5.x86_64",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "vlc-codec-gstreamer-3.0.16-1.5.aarch64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:vlc-codec-gstreamer-3.0.16-1.5.aarch64"
},
"product_reference": "vlc-codec-gstreamer-3.0.16-1.5.aarch64",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "vlc-codec-gstreamer-3.0.16-1.5.ppc64le as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:vlc-codec-gstreamer-3.0.16-1.5.ppc64le"
},
"product_reference": "vlc-codec-gstreamer-3.0.16-1.5.ppc64le",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "vlc-codec-gstreamer-3.0.16-1.5.s390x as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:vlc-codec-gstreamer-3.0.16-1.5.s390x"
},
"product_reference": "vlc-codec-gstreamer-3.0.16-1.5.s390x",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "vlc-codec-gstreamer-3.0.16-1.5.x86_64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:vlc-codec-gstreamer-3.0.16-1.5.x86_64"
},
"product_reference": "vlc-codec-gstreamer-3.0.16-1.5.x86_64",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "vlc-devel-3.0.16-1.5.aarch64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:vlc-devel-3.0.16-1.5.aarch64"
},
"product_reference": "vlc-devel-3.0.16-1.5.aarch64",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "vlc-devel-3.0.16-1.5.ppc64le as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:vlc-devel-3.0.16-1.5.ppc64le"
},
"product_reference": "vlc-devel-3.0.16-1.5.ppc64le",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "vlc-devel-3.0.16-1.5.s390x as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:vlc-devel-3.0.16-1.5.s390x"
},
"product_reference": "vlc-devel-3.0.16-1.5.s390x",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "vlc-devel-3.0.16-1.5.x86_64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:vlc-devel-3.0.16-1.5.x86_64"
},
"product_reference": "vlc-devel-3.0.16-1.5.x86_64",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "vlc-jack-3.0.16-1.5.aarch64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:vlc-jack-3.0.16-1.5.aarch64"
},
"product_reference": "vlc-jack-3.0.16-1.5.aarch64",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "vlc-jack-3.0.16-1.5.ppc64le as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:vlc-jack-3.0.16-1.5.ppc64le"
},
"product_reference": "vlc-jack-3.0.16-1.5.ppc64le",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "vlc-jack-3.0.16-1.5.s390x as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:vlc-jack-3.0.16-1.5.s390x"
},
"product_reference": "vlc-jack-3.0.16-1.5.s390x",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "vlc-jack-3.0.16-1.5.x86_64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:vlc-jack-3.0.16-1.5.x86_64"
},
"product_reference": "vlc-jack-3.0.16-1.5.x86_64",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "vlc-lang-3.0.16-1.5.aarch64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:vlc-lang-3.0.16-1.5.aarch64"
},
"product_reference": "vlc-lang-3.0.16-1.5.aarch64",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "vlc-lang-3.0.16-1.5.ppc64le as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:vlc-lang-3.0.16-1.5.ppc64le"
},
"product_reference": "vlc-lang-3.0.16-1.5.ppc64le",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "vlc-lang-3.0.16-1.5.s390x as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:vlc-lang-3.0.16-1.5.s390x"
},
"product_reference": "vlc-lang-3.0.16-1.5.s390x",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "vlc-lang-3.0.16-1.5.x86_64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:vlc-lang-3.0.16-1.5.x86_64"
},
"product_reference": "vlc-lang-3.0.16-1.5.x86_64",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "vlc-noX-3.0.16-1.5.aarch64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:vlc-noX-3.0.16-1.5.aarch64"
},
"product_reference": "vlc-noX-3.0.16-1.5.aarch64",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "vlc-noX-3.0.16-1.5.ppc64le as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:vlc-noX-3.0.16-1.5.ppc64le"
},
"product_reference": "vlc-noX-3.0.16-1.5.ppc64le",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "vlc-noX-3.0.16-1.5.s390x as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:vlc-noX-3.0.16-1.5.s390x"
},
"product_reference": "vlc-noX-3.0.16-1.5.s390x",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "vlc-noX-3.0.16-1.5.x86_64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:vlc-noX-3.0.16-1.5.x86_64"
},
"product_reference": "vlc-noX-3.0.16-1.5.x86_64",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "vlc-opencv-3.0.16-1.5.aarch64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:vlc-opencv-3.0.16-1.5.aarch64"
},
"product_reference": "vlc-opencv-3.0.16-1.5.aarch64",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "vlc-opencv-3.0.16-1.5.ppc64le as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:vlc-opencv-3.0.16-1.5.ppc64le"
},
"product_reference": "vlc-opencv-3.0.16-1.5.ppc64le",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "vlc-opencv-3.0.16-1.5.s390x as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:vlc-opencv-3.0.16-1.5.s390x"
},
"product_reference": "vlc-opencv-3.0.16-1.5.s390x",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "vlc-opencv-3.0.16-1.5.x86_64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:vlc-opencv-3.0.16-1.5.x86_64"
},
"product_reference": "vlc-opencv-3.0.16-1.5.x86_64",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "vlc-qt-3.0.16-1.5.aarch64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:vlc-qt-3.0.16-1.5.aarch64"
},
"product_reference": "vlc-qt-3.0.16-1.5.aarch64",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "vlc-qt-3.0.16-1.5.ppc64le as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:vlc-qt-3.0.16-1.5.ppc64le"
},
"product_reference": "vlc-qt-3.0.16-1.5.ppc64le",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "vlc-qt-3.0.16-1.5.s390x as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:vlc-qt-3.0.16-1.5.s390x"
},
"product_reference": "vlc-qt-3.0.16-1.5.s390x",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "vlc-qt-3.0.16-1.5.x86_64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:vlc-qt-3.0.16-1.5.x86_64"
},
"product_reference": "vlc-qt-3.0.16-1.5.x86_64",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "vlc-vdpau-3.0.16-1.5.aarch64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:vlc-vdpau-3.0.16-1.5.aarch64"
},
"product_reference": "vlc-vdpau-3.0.16-1.5.aarch64",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "vlc-vdpau-3.0.16-1.5.ppc64le as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:vlc-vdpau-3.0.16-1.5.ppc64le"
},
"product_reference": "vlc-vdpau-3.0.16-1.5.ppc64le",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "vlc-vdpau-3.0.16-1.5.s390x as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:vlc-vdpau-3.0.16-1.5.s390x"
},
"product_reference": "vlc-vdpau-3.0.16-1.5.s390x",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "vlc-vdpau-3.0.16-1.5.x86_64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:vlc-vdpau-3.0.16-1.5.x86_64"
},
"product_reference": "vlc-vdpau-3.0.16-1.5.x86_64",
"relates_to_product_reference": "openSUSE Tumbleweed"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2017-10699",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2017-10699"
}
],
"notes": [
{
"category": "general",
"text": "avcodec 2.2.x, as used in VideoLAN VLC media player 2.2.7-x before 2017-06-29, allows out-of-bounds heap memory write due to calling memcpy() with a wrong size, leading to a denial of service (application crash) or possibly code execution.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:libvlc5-3.0.16-1.5.aarch64",
"openSUSE Tumbleweed:libvlc5-3.0.16-1.5.ppc64le",
"openSUSE Tumbleweed:libvlc5-3.0.16-1.5.s390x",
"openSUSE Tumbleweed:libvlc5-3.0.16-1.5.x86_64",
"openSUSE Tumbleweed:libvlccore9-3.0.16-1.5.aarch64",
"openSUSE Tumbleweed:libvlccore9-3.0.16-1.5.ppc64le",
"openSUSE Tumbleweed:libvlccore9-3.0.16-1.5.s390x",
"openSUSE Tumbleweed:libvlccore9-3.0.16-1.5.x86_64",
"openSUSE Tumbleweed:vlc-3.0.16-1.5.aarch64",
"openSUSE Tumbleweed:vlc-3.0.16-1.5.ppc64le",
"openSUSE Tumbleweed:vlc-3.0.16-1.5.s390x",
"openSUSE Tumbleweed:vlc-3.0.16-1.5.x86_64",
"openSUSE Tumbleweed:vlc-codec-gstreamer-3.0.16-1.5.aarch64",
"openSUSE Tumbleweed:vlc-codec-gstreamer-3.0.16-1.5.ppc64le",
"openSUSE Tumbleweed:vlc-codec-gstreamer-3.0.16-1.5.s390x",
"openSUSE Tumbleweed:vlc-codec-gstreamer-3.0.16-1.5.x86_64",
"openSUSE Tumbleweed:vlc-devel-3.0.16-1.5.aarch64",
"openSUSE Tumbleweed:vlc-devel-3.0.16-1.5.ppc64le",
"openSUSE Tumbleweed:vlc-devel-3.0.16-1.5.s390x",
"openSUSE Tumbleweed:vlc-devel-3.0.16-1.5.x86_64",
"openSUSE Tumbleweed:vlc-jack-3.0.16-1.5.aarch64",
"openSUSE Tumbleweed:vlc-jack-3.0.16-1.5.ppc64le",
"openSUSE Tumbleweed:vlc-jack-3.0.16-1.5.s390x",
"openSUSE Tumbleweed:vlc-jack-3.0.16-1.5.x86_64",
"openSUSE Tumbleweed:vlc-lang-3.0.16-1.5.aarch64",
"openSUSE Tumbleweed:vlc-lang-3.0.16-1.5.ppc64le",
"openSUSE Tumbleweed:vlc-lang-3.0.16-1.5.s390x",
"openSUSE Tumbleweed:vlc-lang-3.0.16-1.5.x86_64",
"openSUSE Tumbleweed:vlc-noX-3.0.16-1.5.aarch64",
"openSUSE Tumbleweed:vlc-noX-3.0.16-1.5.ppc64le",
"openSUSE Tumbleweed:vlc-noX-3.0.16-1.5.s390x",
"openSUSE Tumbleweed:vlc-noX-3.0.16-1.5.x86_64",
"openSUSE Tumbleweed:vlc-opencv-3.0.16-1.5.aarch64",
"openSUSE Tumbleweed:vlc-opencv-3.0.16-1.5.ppc64le",
"openSUSE Tumbleweed:vlc-opencv-3.0.16-1.5.s390x",
"openSUSE Tumbleweed:vlc-opencv-3.0.16-1.5.x86_64",
"openSUSE Tumbleweed:vlc-qt-3.0.16-1.5.aarch64",
"openSUSE Tumbleweed:vlc-qt-3.0.16-1.5.ppc64le",
"openSUSE Tumbleweed:vlc-qt-3.0.16-1.5.s390x",
"openSUSE Tumbleweed:vlc-qt-3.0.16-1.5.x86_64",
"openSUSE Tumbleweed:vlc-vdpau-3.0.16-1.5.aarch64",
"openSUSE Tumbleweed:vlc-vdpau-3.0.16-1.5.ppc64le",
"openSUSE Tumbleweed:vlc-vdpau-3.0.16-1.5.s390x",
"openSUSE Tumbleweed:vlc-vdpau-3.0.16-1.5.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2017-10699",
"url": "https://www.suse.com/security/cve/CVE-2017-10699"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:libvlc5-3.0.16-1.5.aarch64",
"openSUSE Tumbleweed:libvlc5-3.0.16-1.5.ppc64le",
"openSUSE Tumbleweed:libvlc5-3.0.16-1.5.s390x",
"openSUSE Tumbleweed:libvlc5-3.0.16-1.5.x86_64",
"openSUSE Tumbleweed:libvlccore9-3.0.16-1.5.aarch64",
"openSUSE Tumbleweed:libvlccore9-3.0.16-1.5.ppc64le",
"openSUSE Tumbleweed:libvlccore9-3.0.16-1.5.s390x",
"openSUSE Tumbleweed:libvlccore9-3.0.16-1.5.x86_64",
"openSUSE Tumbleweed:vlc-3.0.16-1.5.aarch64",
"openSUSE Tumbleweed:vlc-3.0.16-1.5.ppc64le",
"openSUSE Tumbleweed:vlc-3.0.16-1.5.s390x",
"openSUSE Tumbleweed:vlc-3.0.16-1.5.x86_64",
"openSUSE Tumbleweed:vlc-codec-gstreamer-3.0.16-1.5.aarch64",
"openSUSE Tumbleweed:vlc-codec-gstreamer-3.0.16-1.5.ppc64le",
"openSUSE Tumbleweed:vlc-codec-gstreamer-3.0.16-1.5.s390x",
"openSUSE Tumbleweed:vlc-codec-gstreamer-3.0.16-1.5.x86_64",
"openSUSE Tumbleweed:vlc-devel-3.0.16-1.5.aarch64",
"openSUSE Tumbleweed:vlc-devel-3.0.16-1.5.ppc64le",
"openSUSE Tumbleweed:vlc-devel-3.0.16-1.5.s390x",
"openSUSE Tumbleweed:vlc-devel-3.0.16-1.5.x86_64",
"openSUSE Tumbleweed:vlc-jack-3.0.16-1.5.aarch64",
"openSUSE Tumbleweed:vlc-jack-3.0.16-1.5.ppc64le",
"openSUSE Tumbleweed:vlc-jack-3.0.16-1.5.s390x",
"openSUSE Tumbleweed:vlc-jack-3.0.16-1.5.x86_64",
"openSUSE Tumbleweed:vlc-lang-3.0.16-1.5.aarch64",
"openSUSE Tumbleweed:vlc-lang-3.0.16-1.5.ppc64le",
"openSUSE Tumbleweed:vlc-lang-3.0.16-1.5.s390x",
"openSUSE Tumbleweed:vlc-lang-3.0.16-1.5.x86_64",
"openSUSE Tumbleweed:vlc-noX-3.0.16-1.5.aarch64",
"openSUSE Tumbleweed:vlc-noX-3.0.16-1.5.ppc64le",
"openSUSE Tumbleweed:vlc-noX-3.0.16-1.5.s390x",
"openSUSE Tumbleweed:vlc-noX-3.0.16-1.5.x86_64",
"openSUSE Tumbleweed:vlc-opencv-3.0.16-1.5.aarch64",
"openSUSE Tumbleweed:vlc-opencv-3.0.16-1.5.ppc64le",
"openSUSE Tumbleweed:vlc-opencv-3.0.16-1.5.s390x",
"openSUSE Tumbleweed:vlc-opencv-3.0.16-1.5.x86_64",
"openSUSE Tumbleweed:vlc-qt-3.0.16-1.5.aarch64",
"openSUSE Tumbleweed:vlc-qt-3.0.16-1.5.ppc64le",
"openSUSE Tumbleweed:vlc-qt-3.0.16-1.5.s390x",
"openSUSE Tumbleweed:vlc-qt-3.0.16-1.5.x86_64",
"openSUSE Tumbleweed:vlc-vdpau-3.0.16-1.5.aarch64",
"openSUSE Tumbleweed:vlc-vdpau-3.0.16-1.5.ppc64le",
"openSUSE Tumbleweed:vlc-vdpau-3.0.16-1.5.s390x",
"openSUSE Tumbleweed:vlc-vdpau-3.0.16-1.5.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
},
"products": [
"openSUSE Tumbleweed:libvlc5-3.0.16-1.5.aarch64",
"openSUSE Tumbleweed:libvlc5-3.0.16-1.5.ppc64le",
"openSUSE Tumbleweed:libvlc5-3.0.16-1.5.s390x",
"openSUSE Tumbleweed:libvlc5-3.0.16-1.5.x86_64",
"openSUSE Tumbleweed:libvlccore9-3.0.16-1.5.aarch64",
"openSUSE Tumbleweed:libvlccore9-3.0.16-1.5.ppc64le",
"openSUSE Tumbleweed:libvlccore9-3.0.16-1.5.s390x",
"openSUSE Tumbleweed:libvlccore9-3.0.16-1.5.x86_64",
"openSUSE Tumbleweed:vlc-3.0.16-1.5.aarch64",
"openSUSE Tumbleweed:vlc-3.0.16-1.5.ppc64le",
"openSUSE Tumbleweed:vlc-3.0.16-1.5.s390x",
"openSUSE Tumbleweed:vlc-3.0.16-1.5.x86_64",
"openSUSE Tumbleweed:vlc-codec-gstreamer-3.0.16-1.5.aarch64",
"openSUSE Tumbleweed:vlc-codec-gstreamer-3.0.16-1.5.ppc64le",
"openSUSE Tumbleweed:vlc-codec-gstreamer-3.0.16-1.5.s390x",
"openSUSE Tumbleweed:vlc-codec-gstreamer-3.0.16-1.5.x86_64",
"openSUSE Tumbleweed:vlc-devel-3.0.16-1.5.aarch64",
"openSUSE Tumbleweed:vlc-devel-3.0.16-1.5.ppc64le",
"openSUSE Tumbleweed:vlc-devel-3.0.16-1.5.s390x",
"openSUSE Tumbleweed:vlc-devel-3.0.16-1.5.x86_64",
"openSUSE Tumbleweed:vlc-jack-3.0.16-1.5.aarch64",
"openSUSE Tumbleweed:vlc-jack-3.0.16-1.5.ppc64le",
"openSUSE Tumbleweed:vlc-jack-3.0.16-1.5.s390x",
"openSUSE Tumbleweed:vlc-jack-3.0.16-1.5.x86_64",
"openSUSE Tumbleweed:vlc-lang-3.0.16-1.5.aarch64",
"openSUSE Tumbleweed:vlc-lang-3.0.16-1.5.ppc64le",
"openSUSE Tumbleweed:vlc-lang-3.0.16-1.5.s390x",
"openSUSE Tumbleweed:vlc-lang-3.0.16-1.5.x86_64",
"openSUSE Tumbleweed:vlc-noX-3.0.16-1.5.aarch64",
"openSUSE Tumbleweed:vlc-noX-3.0.16-1.5.ppc64le",
"openSUSE Tumbleweed:vlc-noX-3.0.16-1.5.s390x",
"openSUSE Tumbleweed:vlc-noX-3.0.16-1.5.x86_64",
"openSUSE Tumbleweed:vlc-opencv-3.0.16-1.5.aarch64",
"openSUSE Tumbleweed:vlc-opencv-3.0.16-1.5.ppc64le",
"openSUSE Tumbleweed:vlc-opencv-3.0.16-1.5.s390x",
"openSUSE Tumbleweed:vlc-opencv-3.0.16-1.5.x86_64",
"openSUSE Tumbleweed:vlc-qt-3.0.16-1.5.aarch64",
"openSUSE Tumbleweed:vlc-qt-3.0.16-1.5.ppc64le",
"openSUSE Tumbleweed:vlc-qt-3.0.16-1.5.s390x",
"openSUSE Tumbleweed:vlc-qt-3.0.16-1.5.x86_64",
"openSUSE Tumbleweed:vlc-vdpau-3.0.16-1.5.aarch64",
"openSUSE Tumbleweed:vlc-vdpau-3.0.16-1.5.ppc64le",
"openSUSE Tumbleweed:vlc-vdpau-3.0.16-1.5.s390x",
"openSUSE Tumbleweed:vlc-vdpau-3.0.16-1.5.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-06-15T00:00:00Z",
"details": "important"
}
],
"title": "CVE-2017-10699"
},
{
"cve": "CVE-2017-9300",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2017-9300"
}
],
"notes": [
{
"category": "general",
"text": "plugins\\codec\\libflac_plugin.dll in VideoLAN VLC media player 2.2.4 allows remote attackers to cause a denial of service (heap corruption and application crash) or possibly have unspecified other impact via a crafted FLAC file.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:libvlc5-3.0.16-1.5.aarch64",
"openSUSE Tumbleweed:libvlc5-3.0.16-1.5.ppc64le",
"openSUSE Tumbleweed:libvlc5-3.0.16-1.5.s390x",
"openSUSE Tumbleweed:libvlc5-3.0.16-1.5.x86_64",
"openSUSE Tumbleweed:libvlccore9-3.0.16-1.5.aarch64",
"openSUSE Tumbleweed:libvlccore9-3.0.16-1.5.ppc64le",
"openSUSE Tumbleweed:libvlccore9-3.0.16-1.5.s390x",
"openSUSE Tumbleweed:libvlccore9-3.0.16-1.5.x86_64",
"openSUSE Tumbleweed:vlc-3.0.16-1.5.aarch64",
"openSUSE Tumbleweed:vlc-3.0.16-1.5.ppc64le",
"openSUSE Tumbleweed:vlc-3.0.16-1.5.s390x",
"openSUSE Tumbleweed:vlc-3.0.16-1.5.x86_64",
"openSUSE Tumbleweed:vlc-codec-gstreamer-3.0.16-1.5.aarch64",
"openSUSE Tumbleweed:vlc-codec-gstreamer-3.0.16-1.5.ppc64le",
"openSUSE Tumbleweed:vlc-codec-gstreamer-3.0.16-1.5.s390x",
"openSUSE Tumbleweed:vlc-codec-gstreamer-3.0.16-1.5.x86_64",
"openSUSE Tumbleweed:vlc-devel-3.0.16-1.5.aarch64",
"openSUSE Tumbleweed:vlc-devel-3.0.16-1.5.ppc64le",
"openSUSE Tumbleweed:vlc-devel-3.0.16-1.5.s390x",
"openSUSE Tumbleweed:vlc-devel-3.0.16-1.5.x86_64",
"openSUSE Tumbleweed:vlc-jack-3.0.16-1.5.aarch64",
"openSUSE Tumbleweed:vlc-jack-3.0.16-1.5.ppc64le",
"openSUSE Tumbleweed:vlc-jack-3.0.16-1.5.s390x",
"openSUSE Tumbleweed:vlc-jack-3.0.16-1.5.x86_64",
"openSUSE Tumbleweed:vlc-lang-3.0.16-1.5.aarch64",
"openSUSE Tumbleweed:vlc-lang-3.0.16-1.5.ppc64le",
"openSUSE Tumbleweed:vlc-lang-3.0.16-1.5.s390x",
"openSUSE Tumbleweed:vlc-lang-3.0.16-1.5.x86_64",
"openSUSE Tumbleweed:vlc-noX-3.0.16-1.5.aarch64",
"openSUSE Tumbleweed:vlc-noX-3.0.16-1.5.ppc64le",
"openSUSE Tumbleweed:vlc-noX-3.0.16-1.5.s390x",
"openSUSE Tumbleweed:vlc-noX-3.0.16-1.5.x86_64",
"openSUSE Tumbleweed:vlc-opencv-3.0.16-1.5.aarch64",
"openSUSE Tumbleweed:vlc-opencv-3.0.16-1.5.ppc64le",
"openSUSE Tumbleweed:vlc-opencv-3.0.16-1.5.s390x",
"openSUSE Tumbleweed:vlc-opencv-3.0.16-1.5.x86_64",
"openSUSE Tumbleweed:vlc-qt-3.0.16-1.5.aarch64",
"openSUSE Tumbleweed:vlc-qt-3.0.16-1.5.ppc64le",
"openSUSE Tumbleweed:vlc-qt-3.0.16-1.5.s390x",
"openSUSE Tumbleweed:vlc-qt-3.0.16-1.5.x86_64",
"openSUSE Tumbleweed:vlc-vdpau-3.0.16-1.5.aarch64",
"openSUSE Tumbleweed:vlc-vdpau-3.0.16-1.5.ppc64le",
"openSUSE Tumbleweed:vlc-vdpau-3.0.16-1.5.s390x",
"openSUSE Tumbleweed:vlc-vdpau-3.0.16-1.5.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2017-9300",
"url": "https://www.suse.com/security/cve/CVE-2017-9300"
},
{
"category": "external",
"summary": "SUSE Bug 1041907 for CVE-2017-9300",
"url": "https://bugzilla.suse.com/1041907"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:libvlc5-3.0.16-1.5.aarch64",
"openSUSE Tumbleweed:libvlc5-3.0.16-1.5.ppc64le",
"openSUSE Tumbleweed:libvlc5-3.0.16-1.5.s390x",
"openSUSE Tumbleweed:libvlc5-3.0.16-1.5.x86_64",
"openSUSE Tumbleweed:libvlccore9-3.0.16-1.5.aarch64",
"openSUSE Tumbleweed:libvlccore9-3.0.16-1.5.ppc64le",
"openSUSE Tumbleweed:libvlccore9-3.0.16-1.5.s390x",
"openSUSE Tumbleweed:libvlccore9-3.0.16-1.5.x86_64",
"openSUSE Tumbleweed:vlc-3.0.16-1.5.aarch64",
"openSUSE Tumbleweed:vlc-3.0.16-1.5.ppc64le",
"openSUSE Tumbleweed:vlc-3.0.16-1.5.s390x",
"openSUSE Tumbleweed:vlc-3.0.16-1.5.x86_64",
"openSUSE Tumbleweed:vlc-codec-gstreamer-3.0.16-1.5.aarch64",
"openSUSE Tumbleweed:vlc-codec-gstreamer-3.0.16-1.5.ppc64le",
"openSUSE Tumbleweed:vlc-codec-gstreamer-3.0.16-1.5.s390x",
"openSUSE Tumbleweed:vlc-codec-gstreamer-3.0.16-1.5.x86_64",
"openSUSE Tumbleweed:vlc-devel-3.0.16-1.5.aarch64",
"openSUSE Tumbleweed:vlc-devel-3.0.16-1.5.ppc64le",
"openSUSE Tumbleweed:vlc-devel-3.0.16-1.5.s390x",
"openSUSE Tumbleweed:vlc-devel-3.0.16-1.5.x86_64",
"openSUSE Tumbleweed:vlc-jack-3.0.16-1.5.aarch64",
"openSUSE Tumbleweed:vlc-jack-3.0.16-1.5.ppc64le",
"openSUSE Tumbleweed:vlc-jack-3.0.16-1.5.s390x",
"openSUSE Tumbleweed:vlc-jack-3.0.16-1.5.x86_64",
"openSUSE Tumbleweed:vlc-lang-3.0.16-1.5.aarch64",
"openSUSE Tumbleweed:vlc-lang-3.0.16-1.5.ppc64le",
"openSUSE Tumbleweed:vlc-lang-3.0.16-1.5.s390x",
"openSUSE Tumbleweed:vlc-lang-3.0.16-1.5.x86_64",
"openSUSE Tumbleweed:vlc-noX-3.0.16-1.5.aarch64",
"openSUSE Tumbleweed:vlc-noX-3.0.16-1.5.ppc64le",
"openSUSE Tumbleweed:vlc-noX-3.0.16-1.5.s390x",
"openSUSE Tumbleweed:vlc-noX-3.0.16-1.5.x86_64",
"openSUSE Tumbleweed:vlc-opencv-3.0.16-1.5.aarch64",
"openSUSE Tumbleweed:vlc-opencv-3.0.16-1.5.ppc64le",
"openSUSE Tumbleweed:vlc-opencv-3.0.16-1.5.s390x",
"openSUSE Tumbleweed:vlc-opencv-3.0.16-1.5.x86_64",
"openSUSE Tumbleweed:vlc-qt-3.0.16-1.5.aarch64",
"openSUSE Tumbleweed:vlc-qt-3.0.16-1.5.ppc64le",
"openSUSE Tumbleweed:vlc-qt-3.0.16-1.5.s390x",
"openSUSE Tumbleweed:vlc-qt-3.0.16-1.5.x86_64",
"openSUSE Tumbleweed:vlc-vdpau-3.0.16-1.5.aarch64",
"openSUSE Tumbleweed:vlc-vdpau-3.0.16-1.5.ppc64le",
"openSUSE Tumbleweed:vlc-vdpau-3.0.16-1.5.s390x",
"openSUSE Tumbleweed:vlc-vdpau-3.0.16-1.5.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.0"
},
"products": [
"openSUSE Tumbleweed:libvlc5-3.0.16-1.5.aarch64",
"openSUSE Tumbleweed:libvlc5-3.0.16-1.5.ppc64le",
"openSUSE Tumbleweed:libvlc5-3.0.16-1.5.s390x",
"openSUSE Tumbleweed:libvlc5-3.0.16-1.5.x86_64",
"openSUSE Tumbleweed:libvlccore9-3.0.16-1.5.aarch64",
"openSUSE Tumbleweed:libvlccore9-3.0.16-1.5.ppc64le",
"openSUSE Tumbleweed:libvlccore9-3.0.16-1.5.s390x",
"openSUSE Tumbleweed:libvlccore9-3.0.16-1.5.x86_64",
"openSUSE Tumbleweed:vlc-3.0.16-1.5.aarch64",
"openSUSE Tumbleweed:vlc-3.0.16-1.5.ppc64le",
"openSUSE Tumbleweed:vlc-3.0.16-1.5.s390x",
"openSUSE Tumbleweed:vlc-3.0.16-1.5.x86_64",
"openSUSE Tumbleweed:vlc-codec-gstreamer-3.0.16-1.5.aarch64",
"openSUSE Tumbleweed:vlc-codec-gstreamer-3.0.16-1.5.ppc64le",
"openSUSE Tumbleweed:vlc-codec-gstreamer-3.0.16-1.5.s390x",
"openSUSE Tumbleweed:vlc-codec-gstreamer-3.0.16-1.5.x86_64",
"openSUSE Tumbleweed:vlc-devel-3.0.16-1.5.aarch64",
"openSUSE Tumbleweed:vlc-devel-3.0.16-1.5.ppc64le",
"openSUSE Tumbleweed:vlc-devel-3.0.16-1.5.s390x",
"openSUSE Tumbleweed:vlc-devel-3.0.16-1.5.x86_64",
"openSUSE Tumbleweed:vlc-jack-3.0.16-1.5.aarch64",
"openSUSE Tumbleweed:vlc-jack-3.0.16-1.5.ppc64le",
"openSUSE Tumbleweed:vlc-jack-3.0.16-1.5.s390x",
"openSUSE Tumbleweed:vlc-jack-3.0.16-1.5.x86_64",
"openSUSE Tumbleweed:vlc-lang-3.0.16-1.5.aarch64",
"openSUSE Tumbleweed:vlc-lang-3.0.16-1.5.ppc64le",
"openSUSE Tumbleweed:vlc-lang-3.0.16-1.5.s390x",
"openSUSE Tumbleweed:vlc-lang-3.0.16-1.5.x86_64",
"openSUSE Tumbleweed:vlc-noX-3.0.16-1.5.aarch64",
"openSUSE Tumbleweed:vlc-noX-3.0.16-1.5.ppc64le",
"openSUSE Tumbleweed:vlc-noX-3.0.16-1.5.s390x",
"openSUSE Tumbleweed:vlc-noX-3.0.16-1.5.x86_64",
"openSUSE Tumbleweed:vlc-opencv-3.0.16-1.5.aarch64",
"openSUSE Tumbleweed:vlc-opencv-3.0.16-1.5.ppc64le",
"openSUSE Tumbleweed:vlc-opencv-3.0.16-1.5.s390x",
"openSUSE Tumbleweed:vlc-opencv-3.0.16-1.5.x86_64",
"openSUSE Tumbleweed:vlc-qt-3.0.16-1.5.aarch64",
"openSUSE Tumbleweed:vlc-qt-3.0.16-1.5.ppc64le",
"openSUSE Tumbleweed:vlc-qt-3.0.16-1.5.s390x",
"openSUSE Tumbleweed:vlc-qt-3.0.16-1.5.x86_64",
"openSUSE Tumbleweed:vlc-vdpau-3.0.16-1.5.aarch64",
"openSUSE Tumbleweed:vlc-vdpau-3.0.16-1.5.ppc64le",
"openSUSE Tumbleweed:vlc-vdpau-3.0.16-1.5.s390x",
"openSUSE Tumbleweed:vlc-vdpau-3.0.16-1.5.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-06-15T00:00:00Z",
"details": "important"
}
],
"title": "CVE-2017-9300"
},
{
"cve": "CVE-2018-19857",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2018-19857"
}
],
"notes": [
{
"category": "general",
"text": "The CAF demuxer in modules/demux/caf.c in VideoLAN VLC media player 3.0.4 may read memory from an uninitialized pointer when processing magic cookies in CAF files, because a ReadKukiChunk() cast converts a return value to an unsigned int even if that value is negative. This could result in a denial of service and/or a potential infoleak.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:libvlc5-3.0.16-1.5.aarch64",
"openSUSE Tumbleweed:libvlc5-3.0.16-1.5.ppc64le",
"openSUSE Tumbleweed:libvlc5-3.0.16-1.5.s390x",
"openSUSE Tumbleweed:libvlc5-3.0.16-1.5.x86_64",
"openSUSE Tumbleweed:libvlccore9-3.0.16-1.5.aarch64",
"openSUSE Tumbleweed:libvlccore9-3.0.16-1.5.ppc64le",
"openSUSE Tumbleweed:libvlccore9-3.0.16-1.5.s390x",
"openSUSE Tumbleweed:libvlccore9-3.0.16-1.5.x86_64",
"openSUSE Tumbleweed:vlc-3.0.16-1.5.aarch64",
"openSUSE Tumbleweed:vlc-3.0.16-1.5.ppc64le",
"openSUSE Tumbleweed:vlc-3.0.16-1.5.s390x",
"openSUSE Tumbleweed:vlc-3.0.16-1.5.x86_64",
"openSUSE Tumbleweed:vlc-codec-gstreamer-3.0.16-1.5.aarch64",
"openSUSE Tumbleweed:vlc-codec-gstreamer-3.0.16-1.5.ppc64le",
"openSUSE Tumbleweed:vlc-codec-gstreamer-3.0.16-1.5.s390x",
"openSUSE Tumbleweed:vlc-codec-gstreamer-3.0.16-1.5.x86_64",
"openSUSE Tumbleweed:vlc-devel-3.0.16-1.5.aarch64",
"openSUSE Tumbleweed:vlc-devel-3.0.16-1.5.ppc64le",
"openSUSE Tumbleweed:vlc-devel-3.0.16-1.5.s390x",
"openSUSE Tumbleweed:vlc-devel-3.0.16-1.5.x86_64",
"openSUSE Tumbleweed:vlc-jack-3.0.16-1.5.aarch64",
"openSUSE Tumbleweed:vlc-jack-3.0.16-1.5.ppc64le",
"openSUSE Tumbleweed:vlc-jack-3.0.16-1.5.s390x",
"openSUSE Tumbleweed:vlc-jack-3.0.16-1.5.x86_64",
"openSUSE Tumbleweed:vlc-lang-3.0.16-1.5.aarch64",
"openSUSE Tumbleweed:vlc-lang-3.0.16-1.5.ppc64le",
"openSUSE Tumbleweed:vlc-lang-3.0.16-1.5.s390x",
"openSUSE Tumbleweed:vlc-lang-3.0.16-1.5.x86_64",
"openSUSE Tumbleweed:vlc-noX-3.0.16-1.5.aarch64",
"openSUSE Tumbleweed:vlc-noX-3.0.16-1.5.ppc64le",
"openSUSE Tumbleweed:vlc-noX-3.0.16-1.5.s390x",
"openSUSE Tumbleweed:vlc-noX-3.0.16-1.5.x86_64",
"openSUSE Tumbleweed:vlc-opencv-3.0.16-1.5.aarch64",
"openSUSE Tumbleweed:vlc-opencv-3.0.16-1.5.ppc64le",
"openSUSE Tumbleweed:vlc-opencv-3.0.16-1.5.s390x",
"openSUSE Tumbleweed:vlc-opencv-3.0.16-1.5.x86_64",
"openSUSE Tumbleweed:vlc-qt-3.0.16-1.5.aarch64",
"openSUSE Tumbleweed:vlc-qt-3.0.16-1.5.ppc64le",
"openSUSE Tumbleweed:vlc-qt-3.0.16-1.5.s390x",
"openSUSE Tumbleweed:vlc-qt-3.0.16-1.5.x86_64",
"openSUSE Tumbleweed:vlc-vdpau-3.0.16-1.5.aarch64",
"openSUSE Tumbleweed:vlc-vdpau-3.0.16-1.5.ppc64le",
"openSUSE Tumbleweed:vlc-vdpau-3.0.16-1.5.s390x",
"openSUSE Tumbleweed:vlc-vdpau-3.0.16-1.5.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2018-19857",
"url": "https://www.suse.com/security/cve/CVE-2018-19857"
},
{
"category": "external",
"summary": "SUSE Bug 1118586 for CVE-2018-19857",
"url": "https://bugzilla.suse.com/1118586"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:libvlc5-3.0.16-1.5.aarch64",
"openSUSE Tumbleweed:libvlc5-3.0.16-1.5.ppc64le",
"openSUSE Tumbleweed:libvlc5-3.0.16-1.5.s390x",
"openSUSE Tumbleweed:libvlc5-3.0.16-1.5.x86_64",
"openSUSE Tumbleweed:libvlccore9-3.0.16-1.5.aarch64",
"openSUSE Tumbleweed:libvlccore9-3.0.16-1.5.ppc64le",
"openSUSE Tumbleweed:libvlccore9-3.0.16-1.5.s390x",
"openSUSE Tumbleweed:libvlccore9-3.0.16-1.5.x86_64",
"openSUSE Tumbleweed:vlc-3.0.16-1.5.aarch64",
"openSUSE Tumbleweed:vlc-3.0.16-1.5.ppc64le",
"openSUSE Tumbleweed:vlc-3.0.16-1.5.s390x",
"openSUSE Tumbleweed:vlc-3.0.16-1.5.x86_64",
"openSUSE Tumbleweed:vlc-codec-gstreamer-3.0.16-1.5.aarch64",
"openSUSE Tumbleweed:vlc-codec-gstreamer-3.0.16-1.5.ppc64le",
"openSUSE Tumbleweed:vlc-codec-gstreamer-3.0.16-1.5.s390x",
"openSUSE Tumbleweed:vlc-codec-gstreamer-3.0.16-1.5.x86_64",
"openSUSE Tumbleweed:vlc-devel-3.0.16-1.5.aarch64",
"openSUSE Tumbleweed:vlc-devel-3.0.16-1.5.ppc64le",
"openSUSE Tumbleweed:vlc-devel-3.0.16-1.5.s390x",
"openSUSE Tumbleweed:vlc-devel-3.0.16-1.5.x86_64",
"openSUSE Tumbleweed:vlc-jack-3.0.16-1.5.aarch64",
"openSUSE Tumbleweed:vlc-jack-3.0.16-1.5.ppc64le",
"openSUSE Tumbleweed:vlc-jack-3.0.16-1.5.s390x",
"openSUSE Tumbleweed:vlc-jack-3.0.16-1.5.x86_64",
"openSUSE Tumbleweed:vlc-lang-3.0.16-1.5.aarch64",
"openSUSE Tumbleweed:vlc-lang-3.0.16-1.5.ppc64le",
"openSUSE Tumbleweed:vlc-lang-3.0.16-1.5.s390x",
"openSUSE Tumbleweed:vlc-lang-3.0.16-1.5.x86_64",
"openSUSE Tumbleweed:vlc-noX-3.0.16-1.5.aarch64",
"openSUSE Tumbleweed:vlc-noX-3.0.16-1.5.ppc64le",
"openSUSE Tumbleweed:vlc-noX-3.0.16-1.5.s390x",
"openSUSE Tumbleweed:vlc-noX-3.0.16-1.5.x86_64",
"openSUSE Tumbleweed:vlc-opencv-3.0.16-1.5.aarch64",
"openSUSE Tumbleweed:vlc-opencv-3.0.16-1.5.ppc64le",
"openSUSE Tumbleweed:vlc-opencv-3.0.16-1.5.s390x",
"openSUSE Tumbleweed:vlc-opencv-3.0.16-1.5.x86_64",
"openSUSE Tumbleweed:vlc-qt-3.0.16-1.5.aarch64",
"openSUSE Tumbleweed:vlc-qt-3.0.16-1.5.ppc64le",
"openSUSE Tumbleweed:vlc-qt-3.0.16-1.5.s390x",
"openSUSE Tumbleweed:vlc-qt-3.0.16-1.5.x86_64",
"openSUSE Tumbleweed:vlc-vdpau-3.0.16-1.5.aarch64",
"openSUSE Tumbleweed:vlc-vdpau-3.0.16-1.5.ppc64le",
"openSUSE Tumbleweed:vlc-vdpau-3.0.16-1.5.s390x",
"openSUSE Tumbleweed:vlc-vdpau-3.0.16-1.5.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 9.1,
"baseSeverity": "CRITICAL",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H",
"version": "3.0"
},
"products": [
"openSUSE Tumbleweed:libvlc5-3.0.16-1.5.aarch64",
"openSUSE Tumbleweed:libvlc5-3.0.16-1.5.ppc64le",
"openSUSE Tumbleweed:libvlc5-3.0.16-1.5.s390x",
"openSUSE Tumbleweed:libvlc5-3.0.16-1.5.x86_64",
"openSUSE Tumbleweed:libvlccore9-3.0.16-1.5.aarch64",
"openSUSE Tumbleweed:libvlccore9-3.0.16-1.5.ppc64le",
"openSUSE Tumbleweed:libvlccore9-3.0.16-1.5.s390x",
"openSUSE Tumbleweed:libvlccore9-3.0.16-1.5.x86_64",
"openSUSE Tumbleweed:vlc-3.0.16-1.5.aarch64",
"openSUSE Tumbleweed:vlc-3.0.16-1.5.ppc64le",
"openSUSE Tumbleweed:vlc-3.0.16-1.5.s390x",
"openSUSE Tumbleweed:vlc-3.0.16-1.5.x86_64",
"openSUSE Tumbleweed:vlc-codec-gstreamer-3.0.16-1.5.aarch64",
"openSUSE Tumbleweed:vlc-codec-gstreamer-3.0.16-1.5.ppc64le",
"openSUSE Tumbleweed:vlc-codec-gstreamer-3.0.16-1.5.s390x",
"openSUSE Tumbleweed:vlc-codec-gstreamer-3.0.16-1.5.x86_64",
"openSUSE Tumbleweed:vlc-devel-3.0.16-1.5.aarch64",
"openSUSE Tumbleweed:vlc-devel-3.0.16-1.5.ppc64le",
"openSUSE Tumbleweed:vlc-devel-3.0.16-1.5.s390x",
"openSUSE Tumbleweed:vlc-devel-3.0.16-1.5.x86_64",
"openSUSE Tumbleweed:vlc-jack-3.0.16-1.5.aarch64",
"openSUSE Tumbleweed:vlc-jack-3.0.16-1.5.ppc64le",
"openSUSE Tumbleweed:vlc-jack-3.0.16-1.5.s390x",
"openSUSE Tumbleweed:vlc-jack-3.0.16-1.5.x86_64",
"openSUSE Tumbleweed:vlc-lang-3.0.16-1.5.aarch64",
"openSUSE Tumbleweed:vlc-lang-3.0.16-1.5.ppc64le",
"openSUSE Tumbleweed:vlc-lang-3.0.16-1.5.s390x",
"openSUSE Tumbleweed:vlc-lang-3.0.16-1.5.x86_64",
"openSUSE Tumbleweed:vlc-noX-3.0.16-1.5.aarch64",
"openSUSE Tumbleweed:vlc-noX-3.0.16-1.5.ppc64le",
"openSUSE Tumbleweed:vlc-noX-3.0.16-1.5.s390x",
"openSUSE Tumbleweed:vlc-noX-3.0.16-1.5.x86_64",
"openSUSE Tumbleweed:vlc-opencv-3.0.16-1.5.aarch64",
"openSUSE Tumbleweed:vlc-opencv-3.0.16-1.5.ppc64le",
"openSUSE Tumbleweed:vlc-opencv-3.0.16-1.5.s390x",
"openSUSE Tumbleweed:vlc-opencv-3.0.16-1.5.x86_64",
"openSUSE Tumbleweed:vlc-qt-3.0.16-1.5.aarch64",
"openSUSE Tumbleweed:vlc-qt-3.0.16-1.5.ppc64le",
"openSUSE Tumbleweed:vlc-qt-3.0.16-1.5.s390x",
"openSUSE Tumbleweed:vlc-qt-3.0.16-1.5.x86_64",
"openSUSE Tumbleweed:vlc-vdpau-3.0.16-1.5.aarch64",
"openSUSE Tumbleweed:vlc-vdpau-3.0.16-1.5.ppc64le",
"openSUSE Tumbleweed:vlc-vdpau-3.0.16-1.5.s390x",
"openSUSE Tumbleweed:vlc-vdpau-3.0.16-1.5.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-06-15T00:00:00Z",
"details": "moderate"
}
],
"title": "CVE-2018-19857"
},
{
"cve": "CVE-2019-13602",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2019-13602"
}
],
"notes": [
{
"category": "general",
"text": "An Integer Underflow in MP4_EIA608_Convert() in modules/demux/mp4/mp4.c in VideoLAN VLC media player through 3.0.7.1 allows remote attackers to cause a denial of service (heap-based buffer overflow and crash) or possibly have unspecified other impact via a crafted .mp4 file.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:libvlc5-3.0.16-1.5.aarch64",
"openSUSE Tumbleweed:libvlc5-3.0.16-1.5.ppc64le",
"openSUSE Tumbleweed:libvlc5-3.0.16-1.5.s390x",
"openSUSE Tumbleweed:libvlc5-3.0.16-1.5.x86_64",
"openSUSE Tumbleweed:libvlccore9-3.0.16-1.5.aarch64",
"openSUSE Tumbleweed:libvlccore9-3.0.16-1.5.ppc64le",
"openSUSE Tumbleweed:libvlccore9-3.0.16-1.5.s390x",
"openSUSE Tumbleweed:libvlccore9-3.0.16-1.5.x86_64",
"openSUSE Tumbleweed:vlc-3.0.16-1.5.aarch64",
"openSUSE Tumbleweed:vlc-3.0.16-1.5.ppc64le",
"openSUSE Tumbleweed:vlc-3.0.16-1.5.s390x",
"openSUSE Tumbleweed:vlc-3.0.16-1.5.x86_64",
"openSUSE Tumbleweed:vlc-codec-gstreamer-3.0.16-1.5.aarch64",
"openSUSE Tumbleweed:vlc-codec-gstreamer-3.0.16-1.5.ppc64le",
"openSUSE Tumbleweed:vlc-codec-gstreamer-3.0.16-1.5.s390x",
"openSUSE Tumbleweed:vlc-codec-gstreamer-3.0.16-1.5.x86_64",
"openSUSE Tumbleweed:vlc-devel-3.0.16-1.5.aarch64",
"openSUSE Tumbleweed:vlc-devel-3.0.16-1.5.ppc64le",
"openSUSE Tumbleweed:vlc-devel-3.0.16-1.5.s390x",
"openSUSE Tumbleweed:vlc-devel-3.0.16-1.5.x86_64",
"openSUSE Tumbleweed:vlc-jack-3.0.16-1.5.aarch64",
"openSUSE Tumbleweed:vlc-jack-3.0.16-1.5.ppc64le",
"openSUSE Tumbleweed:vlc-jack-3.0.16-1.5.s390x",
"openSUSE Tumbleweed:vlc-jack-3.0.16-1.5.x86_64",
"openSUSE Tumbleweed:vlc-lang-3.0.16-1.5.aarch64",
"openSUSE Tumbleweed:vlc-lang-3.0.16-1.5.ppc64le",
"openSUSE Tumbleweed:vlc-lang-3.0.16-1.5.s390x",
"openSUSE Tumbleweed:vlc-lang-3.0.16-1.5.x86_64",
"openSUSE Tumbleweed:vlc-noX-3.0.16-1.5.aarch64",
"openSUSE Tumbleweed:vlc-noX-3.0.16-1.5.ppc64le",
"openSUSE Tumbleweed:vlc-noX-3.0.16-1.5.s390x",
"openSUSE Tumbleweed:vlc-noX-3.0.16-1.5.x86_64",
"openSUSE Tumbleweed:vlc-opencv-3.0.16-1.5.aarch64",
"openSUSE Tumbleweed:vlc-opencv-3.0.16-1.5.ppc64le",
"openSUSE Tumbleweed:vlc-opencv-3.0.16-1.5.s390x",
"openSUSE Tumbleweed:vlc-opencv-3.0.16-1.5.x86_64",
"openSUSE Tumbleweed:vlc-qt-3.0.16-1.5.aarch64",
"openSUSE Tumbleweed:vlc-qt-3.0.16-1.5.ppc64le",
"openSUSE Tumbleweed:vlc-qt-3.0.16-1.5.s390x",
"openSUSE Tumbleweed:vlc-qt-3.0.16-1.5.x86_64",
"openSUSE Tumbleweed:vlc-vdpau-3.0.16-1.5.aarch64",
"openSUSE Tumbleweed:vlc-vdpau-3.0.16-1.5.ppc64le",
"openSUSE Tumbleweed:vlc-vdpau-3.0.16-1.5.s390x",
"openSUSE Tumbleweed:vlc-vdpau-3.0.16-1.5.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2019-13602",
"url": "https://www.suse.com/security/cve/CVE-2019-13602"
},
{
"category": "external",
"summary": "SUSE Bug 1141522 for CVE-2019-13602",
"url": "https://bugzilla.suse.com/1141522"
},
{
"category": "external",
"summary": "SUSE Bug 1146428 for CVE-2019-13602",
"url": "https://bugzilla.suse.com/1146428"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:libvlc5-3.0.16-1.5.aarch64",
"openSUSE Tumbleweed:libvlc5-3.0.16-1.5.ppc64le",
"openSUSE Tumbleweed:libvlc5-3.0.16-1.5.s390x",
"openSUSE Tumbleweed:libvlc5-3.0.16-1.5.x86_64",
"openSUSE Tumbleweed:libvlccore9-3.0.16-1.5.aarch64",
"openSUSE Tumbleweed:libvlccore9-3.0.16-1.5.ppc64le",
"openSUSE Tumbleweed:libvlccore9-3.0.16-1.5.s390x",
"openSUSE Tumbleweed:libvlccore9-3.0.16-1.5.x86_64",
"openSUSE Tumbleweed:vlc-3.0.16-1.5.aarch64",
"openSUSE Tumbleweed:vlc-3.0.16-1.5.ppc64le",
"openSUSE Tumbleweed:vlc-3.0.16-1.5.s390x",
"openSUSE Tumbleweed:vlc-3.0.16-1.5.x86_64",
"openSUSE Tumbleweed:vlc-codec-gstreamer-3.0.16-1.5.aarch64",
"openSUSE Tumbleweed:vlc-codec-gstreamer-3.0.16-1.5.ppc64le",
"openSUSE Tumbleweed:vlc-codec-gstreamer-3.0.16-1.5.s390x",
"openSUSE Tumbleweed:vlc-codec-gstreamer-3.0.16-1.5.x86_64",
"openSUSE Tumbleweed:vlc-devel-3.0.16-1.5.aarch64",
"openSUSE Tumbleweed:vlc-devel-3.0.16-1.5.ppc64le",
"openSUSE Tumbleweed:vlc-devel-3.0.16-1.5.s390x",
"openSUSE Tumbleweed:vlc-devel-3.0.16-1.5.x86_64",
"openSUSE Tumbleweed:vlc-jack-3.0.16-1.5.aarch64",
"openSUSE Tumbleweed:vlc-jack-3.0.16-1.5.ppc64le",
"openSUSE Tumbleweed:vlc-jack-3.0.16-1.5.s390x",
"openSUSE Tumbleweed:vlc-jack-3.0.16-1.5.x86_64",
"openSUSE Tumbleweed:vlc-lang-3.0.16-1.5.aarch64",
"openSUSE Tumbleweed:vlc-lang-3.0.16-1.5.ppc64le",
"openSUSE Tumbleweed:vlc-lang-3.0.16-1.5.s390x",
"openSUSE Tumbleweed:vlc-lang-3.0.16-1.5.x86_64",
"openSUSE Tumbleweed:vlc-noX-3.0.16-1.5.aarch64",
"openSUSE Tumbleweed:vlc-noX-3.0.16-1.5.ppc64le",
"openSUSE Tumbleweed:vlc-noX-3.0.16-1.5.s390x",
"openSUSE Tumbleweed:vlc-noX-3.0.16-1.5.x86_64",
"openSUSE Tumbleweed:vlc-opencv-3.0.16-1.5.aarch64",
"openSUSE Tumbleweed:vlc-opencv-3.0.16-1.5.ppc64le",
"openSUSE Tumbleweed:vlc-opencv-3.0.16-1.5.s390x",
"openSUSE Tumbleweed:vlc-opencv-3.0.16-1.5.x86_64",
"openSUSE Tumbleweed:vlc-qt-3.0.16-1.5.aarch64",
"openSUSE Tumbleweed:vlc-qt-3.0.16-1.5.ppc64le",
"openSUSE Tumbleweed:vlc-qt-3.0.16-1.5.s390x",
"openSUSE Tumbleweed:vlc-qt-3.0.16-1.5.x86_64",
"openSUSE Tumbleweed:vlc-vdpau-3.0.16-1.5.aarch64",
"openSUSE Tumbleweed:vlc-vdpau-3.0.16-1.5.ppc64le",
"openSUSE Tumbleweed:vlc-vdpau-3.0.16-1.5.s390x",
"openSUSE Tumbleweed:vlc-vdpau-3.0.16-1.5.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.0"
},
"products": [
"openSUSE Tumbleweed:libvlc5-3.0.16-1.5.aarch64",
"openSUSE Tumbleweed:libvlc5-3.0.16-1.5.ppc64le",
"openSUSE Tumbleweed:libvlc5-3.0.16-1.5.s390x",
"openSUSE Tumbleweed:libvlc5-3.0.16-1.5.x86_64",
"openSUSE Tumbleweed:libvlccore9-3.0.16-1.5.aarch64",
"openSUSE Tumbleweed:libvlccore9-3.0.16-1.5.ppc64le",
"openSUSE Tumbleweed:libvlccore9-3.0.16-1.5.s390x",
"openSUSE Tumbleweed:libvlccore9-3.0.16-1.5.x86_64",
"openSUSE Tumbleweed:vlc-3.0.16-1.5.aarch64",
"openSUSE Tumbleweed:vlc-3.0.16-1.5.ppc64le",
"openSUSE Tumbleweed:vlc-3.0.16-1.5.s390x",
"openSUSE Tumbleweed:vlc-3.0.16-1.5.x86_64",
"openSUSE Tumbleweed:vlc-codec-gstreamer-3.0.16-1.5.aarch64",
"openSUSE Tumbleweed:vlc-codec-gstreamer-3.0.16-1.5.ppc64le",
"openSUSE Tumbleweed:vlc-codec-gstreamer-3.0.16-1.5.s390x",
"openSUSE Tumbleweed:vlc-codec-gstreamer-3.0.16-1.5.x86_64",
"openSUSE Tumbleweed:vlc-devel-3.0.16-1.5.aarch64",
"openSUSE Tumbleweed:vlc-devel-3.0.16-1.5.ppc64le",
"openSUSE Tumbleweed:vlc-devel-3.0.16-1.5.s390x",
"openSUSE Tumbleweed:vlc-devel-3.0.16-1.5.x86_64",
"openSUSE Tumbleweed:vlc-jack-3.0.16-1.5.aarch64",
"openSUSE Tumbleweed:vlc-jack-3.0.16-1.5.ppc64le",
"openSUSE Tumbleweed:vlc-jack-3.0.16-1.5.s390x",
"openSUSE Tumbleweed:vlc-jack-3.0.16-1.5.x86_64",
"openSUSE Tumbleweed:vlc-lang-3.0.16-1.5.aarch64",
"openSUSE Tumbleweed:vlc-lang-3.0.16-1.5.ppc64le",
"openSUSE Tumbleweed:vlc-lang-3.0.16-1.5.s390x",
"openSUSE Tumbleweed:vlc-lang-3.0.16-1.5.x86_64",
"openSUSE Tumbleweed:vlc-noX-3.0.16-1.5.aarch64",
"openSUSE Tumbleweed:vlc-noX-3.0.16-1.5.ppc64le",
"openSUSE Tumbleweed:vlc-noX-3.0.16-1.5.s390x",
"openSUSE Tumbleweed:vlc-noX-3.0.16-1.5.x86_64",
"openSUSE Tumbleweed:vlc-opencv-3.0.16-1.5.aarch64",
"openSUSE Tumbleweed:vlc-opencv-3.0.16-1.5.ppc64le",
"openSUSE Tumbleweed:vlc-opencv-3.0.16-1.5.s390x",
"openSUSE Tumbleweed:vlc-opencv-3.0.16-1.5.x86_64",
"openSUSE Tumbleweed:vlc-qt-3.0.16-1.5.aarch64",
"openSUSE Tumbleweed:vlc-qt-3.0.16-1.5.ppc64le",
"openSUSE Tumbleweed:vlc-qt-3.0.16-1.5.s390x",
"openSUSE Tumbleweed:vlc-qt-3.0.16-1.5.x86_64",
"openSUSE Tumbleweed:vlc-vdpau-3.0.16-1.5.aarch64",
"openSUSE Tumbleweed:vlc-vdpau-3.0.16-1.5.ppc64le",
"openSUSE Tumbleweed:vlc-vdpau-3.0.16-1.5.s390x",
"openSUSE Tumbleweed:vlc-vdpau-3.0.16-1.5.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-06-15T00:00:00Z",
"details": "important"
}
],
"title": "CVE-2019-13602"
},
{
"cve": "CVE-2019-13962",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2019-13962"
}
],
"notes": [
{
"category": "general",
"text": "lavc_CopyPicture in modules/codec/avcodec/video.c in VideoLAN VLC media player through 3.0.7 has a heap-based buffer over-read because it does not properly validate the width and height.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:libvlc5-3.0.16-1.5.aarch64",
"openSUSE Tumbleweed:libvlc5-3.0.16-1.5.ppc64le",
"openSUSE Tumbleweed:libvlc5-3.0.16-1.5.s390x",
"openSUSE Tumbleweed:libvlc5-3.0.16-1.5.x86_64",
"openSUSE Tumbleweed:libvlccore9-3.0.16-1.5.aarch64",
"openSUSE Tumbleweed:libvlccore9-3.0.16-1.5.ppc64le",
"openSUSE Tumbleweed:libvlccore9-3.0.16-1.5.s390x",
"openSUSE Tumbleweed:libvlccore9-3.0.16-1.5.x86_64",
"openSUSE Tumbleweed:vlc-3.0.16-1.5.aarch64",
"openSUSE Tumbleweed:vlc-3.0.16-1.5.ppc64le",
"openSUSE Tumbleweed:vlc-3.0.16-1.5.s390x",
"openSUSE Tumbleweed:vlc-3.0.16-1.5.x86_64",
"openSUSE Tumbleweed:vlc-codec-gstreamer-3.0.16-1.5.aarch64",
"openSUSE Tumbleweed:vlc-codec-gstreamer-3.0.16-1.5.ppc64le",
"openSUSE Tumbleweed:vlc-codec-gstreamer-3.0.16-1.5.s390x",
"openSUSE Tumbleweed:vlc-codec-gstreamer-3.0.16-1.5.x86_64",
"openSUSE Tumbleweed:vlc-devel-3.0.16-1.5.aarch64",
"openSUSE Tumbleweed:vlc-devel-3.0.16-1.5.ppc64le",
"openSUSE Tumbleweed:vlc-devel-3.0.16-1.5.s390x",
"openSUSE Tumbleweed:vlc-devel-3.0.16-1.5.x86_64",
"openSUSE Tumbleweed:vlc-jack-3.0.16-1.5.aarch64",
"openSUSE Tumbleweed:vlc-jack-3.0.16-1.5.ppc64le",
"openSUSE Tumbleweed:vlc-jack-3.0.16-1.5.s390x",
"openSUSE Tumbleweed:vlc-jack-3.0.16-1.5.x86_64",
"openSUSE Tumbleweed:vlc-lang-3.0.16-1.5.aarch64",
"openSUSE Tumbleweed:vlc-lang-3.0.16-1.5.ppc64le",
"openSUSE Tumbleweed:vlc-lang-3.0.16-1.5.s390x",
"openSUSE Tumbleweed:vlc-lang-3.0.16-1.5.x86_64",
"openSUSE Tumbleweed:vlc-noX-3.0.16-1.5.aarch64",
"openSUSE Tumbleweed:vlc-noX-3.0.16-1.5.ppc64le",
"openSUSE Tumbleweed:vlc-noX-3.0.16-1.5.s390x",
"openSUSE Tumbleweed:vlc-noX-3.0.16-1.5.x86_64",
"openSUSE Tumbleweed:vlc-opencv-3.0.16-1.5.aarch64",
"openSUSE Tumbleweed:vlc-opencv-3.0.16-1.5.ppc64le",
"openSUSE Tumbleweed:vlc-opencv-3.0.16-1.5.s390x",
"openSUSE Tumbleweed:vlc-opencv-3.0.16-1.5.x86_64",
"openSUSE Tumbleweed:vlc-qt-3.0.16-1.5.aarch64",
"openSUSE Tumbleweed:vlc-qt-3.0.16-1.5.ppc64le",
"openSUSE Tumbleweed:vlc-qt-3.0.16-1.5.s390x",
"openSUSE Tumbleweed:vlc-qt-3.0.16-1.5.x86_64",
"openSUSE Tumbleweed:vlc-vdpau-3.0.16-1.5.aarch64",
"openSUSE Tumbleweed:vlc-vdpau-3.0.16-1.5.ppc64le",
"openSUSE Tumbleweed:vlc-vdpau-3.0.16-1.5.s390x",
"openSUSE Tumbleweed:vlc-vdpau-3.0.16-1.5.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2019-13962",
"url": "https://www.suse.com/security/cve/CVE-2019-13962"
},
{
"category": "external",
"summary": "SUSE Bug 1142161 for CVE-2019-13962",
"url": "https://bugzilla.suse.com/1142161"
},
{
"category": "external",
"summary": "SUSE Bug 1146428 for CVE-2019-13962",
"url": "https://bugzilla.suse.com/1146428"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:libvlc5-3.0.16-1.5.aarch64",
"openSUSE Tumbleweed:libvlc5-3.0.16-1.5.ppc64le",
"openSUSE Tumbleweed:libvlc5-3.0.16-1.5.s390x",
"openSUSE Tumbleweed:libvlc5-3.0.16-1.5.x86_64",
"openSUSE Tumbleweed:libvlccore9-3.0.16-1.5.aarch64",
"openSUSE Tumbleweed:libvlccore9-3.0.16-1.5.ppc64le",
"openSUSE Tumbleweed:libvlccore9-3.0.16-1.5.s390x",
"openSUSE Tumbleweed:libvlccore9-3.0.16-1.5.x86_64",
"openSUSE Tumbleweed:vlc-3.0.16-1.5.aarch64",
"openSUSE Tumbleweed:vlc-3.0.16-1.5.ppc64le",
"openSUSE Tumbleweed:vlc-3.0.16-1.5.s390x",
"openSUSE Tumbleweed:vlc-3.0.16-1.5.x86_64",
"openSUSE Tumbleweed:vlc-codec-gstreamer-3.0.16-1.5.aarch64",
"openSUSE Tumbleweed:vlc-codec-gstreamer-3.0.16-1.5.ppc64le",
"openSUSE Tumbleweed:vlc-codec-gstreamer-3.0.16-1.5.s390x",
"openSUSE Tumbleweed:vlc-codec-gstreamer-3.0.16-1.5.x86_64",
"openSUSE Tumbleweed:vlc-devel-3.0.16-1.5.aarch64",
"openSUSE Tumbleweed:vlc-devel-3.0.16-1.5.ppc64le",
"openSUSE Tumbleweed:vlc-devel-3.0.16-1.5.s390x",
"openSUSE Tumbleweed:vlc-devel-3.0.16-1.5.x86_64",
"openSUSE Tumbleweed:vlc-jack-3.0.16-1.5.aarch64",
"openSUSE Tumbleweed:vlc-jack-3.0.16-1.5.ppc64le",
"openSUSE Tumbleweed:vlc-jack-3.0.16-1.5.s390x",
"openSUSE Tumbleweed:vlc-jack-3.0.16-1.5.x86_64",
"openSUSE Tumbleweed:vlc-lang-3.0.16-1.5.aarch64",
"openSUSE Tumbleweed:vlc-lang-3.0.16-1.5.ppc64le",
"openSUSE Tumbleweed:vlc-lang-3.0.16-1.5.s390x",
"openSUSE Tumbleweed:vlc-lang-3.0.16-1.5.x86_64",
"openSUSE Tumbleweed:vlc-noX-3.0.16-1.5.aarch64",
"openSUSE Tumbleweed:vlc-noX-3.0.16-1.5.ppc64le",
"openSUSE Tumbleweed:vlc-noX-3.0.16-1.5.s390x",
"openSUSE Tumbleweed:vlc-noX-3.0.16-1.5.x86_64",
"openSUSE Tumbleweed:vlc-opencv-3.0.16-1.5.aarch64",
"openSUSE Tumbleweed:vlc-opencv-3.0.16-1.5.ppc64le",
"openSUSE Tumbleweed:vlc-opencv-3.0.16-1.5.s390x",
"openSUSE Tumbleweed:vlc-opencv-3.0.16-1.5.x86_64",
"openSUSE Tumbleweed:vlc-qt-3.0.16-1.5.aarch64",
"openSUSE Tumbleweed:vlc-qt-3.0.16-1.5.ppc64le",
"openSUSE Tumbleweed:vlc-qt-3.0.16-1.5.s390x",
"openSUSE Tumbleweed:vlc-qt-3.0.16-1.5.x86_64",
"openSUSE Tumbleweed:vlc-vdpau-3.0.16-1.5.aarch64",
"openSUSE Tumbleweed:vlc-vdpau-3.0.16-1.5.ppc64le",
"openSUSE Tumbleweed:vlc-vdpau-3.0.16-1.5.s390x",
"openSUSE Tumbleweed:vlc-vdpau-3.0.16-1.5.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"openSUSE Tumbleweed:libvlc5-3.0.16-1.5.aarch64",
"openSUSE Tumbleweed:libvlc5-3.0.16-1.5.ppc64le",
"openSUSE Tumbleweed:libvlc5-3.0.16-1.5.s390x",
"openSUSE Tumbleweed:libvlc5-3.0.16-1.5.x86_64",
"openSUSE Tumbleweed:libvlccore9-3.0.16-1.5.aarch64",
"openSUSE Tumbleweed:libvlccore9-3.0.16-1.5.ppc64le",
"openSUSE Tumbleweed:libvlccore9-3.0.16-1.5.s390x",
"openSUSE Tumbleweed:libvlccore9-3.0.16-1.5.x86_64",
"openSUSE Tumbleweed:vlc-3.0.16-1.5.aarch64",
"openSUSE Tumbleweed:vlc-3.0.16-1.5.ppc64le",
"openSUSE Tumbleweed:vlc-3.0.16-1.5.s390x",
"openSUSE Tumbleweed:vlc-3.0.16-1.5.x86_64",
"openSUSE Tumbleweed:vlc-codec-gstreamer-3.0.16-1.5.aarch64",
"openSUSE Tumbleweed:vlc-codec-gstreamer-3.0.16-1.5.ppc64le",
"openSUSE Tumbleweed:vlc-codec-gstreamer-3.0.16-1.5.s390x",
"openSUSE Tumbleweed:vlc-codec-gstreamer-3.0.16-1.5.x86_64",
"openSUSE Tumbleweed:vlc-devel-3.0.16-1.5.aarch64",
"openSUSE Tumbleweed:vlc-devel-3.0.16-1.5.ppc64le",
"openSUSE Tumbleweed:vlc-devel-3.0.16-1.5.s390x",
"openSUSE Tumbleweed:vlc-devel-3.0.16-1.5.x86_64",
"openSUSE Tumbleweed:vlc-jack-3.0.16-1.5.aarch64",
"openSUSE Tumbleweed:vlc-jack-3.0.16-1.5.ppc64le",
"openSUSE Tumbleweed:vlc-jack-3.0.16-1.5.s390x",
"openSUSE Tumbleweed:vlc-jack-3.0.16-1.5.x86_64",
"openSUSE Tumbleweed:vlc-lang-3.0.16-1.5.aarch64",
"openSUSE Tumbleweed:vlc-lang-3.0.16-1.5.ppc64le",
"openSUSE Tumbleweed:vlc-lang-3.0.16-1.5.s390x",
"openSUSE Tumbleweed:vlc-lang-3.0.16-1.5.x86_64",
"openSUSE Tumbleweed:vlc-noX-3.0.16-1.5.aarch64",
"openSUSE Tumbleweed:vlc-noX-3.0.16-1.5.ppc64le",
"openSUSE Tumbleweed:vlc-noX-3.0.16-1.5.s390x",
"openSUSE Tumbleweed:vlc-noX-3.0.16-1.5.x86_64",
"openSUSE Tumbleweed:vlc-opencv-3.0.16-1.5.aarch64",
"openSUSE Tumbleweed:vlc-opencv-3.0.16-1.5.ppc64le",
"openSUSE Tumbleweed:vlc-opencv-3.0.16-1.5.s390x",
"openSUSE Tumbleweed:vlc-opencv-3.0.16-1.5.x86_64",
"openSUSE Tumbleweed:vlc-qt-3.0.16-1.5.aarch64",
"openSUSE Tumbleweed:vlc-qt-3.0.16-1.5.ppc64le",
"openSUSE Tumbleweed:vlc-qt-3.0.16-1.5.s390x",
"openSUSE Tumbleweed:vlc-qt-3.0.16-1.5.x86_64",
"openSUSE Tumbleweed:vlc-vdpau-3.0.16-1.5.aarch64",
"openSUSE Tumbleweed:vlc-vdpau-3.0.16-1.5.ppc64le",
"openSUSE Tumbleweed:vlc-vdpau-3.0.16-1.5.s390x",
"openSUSE Tumbleweed:vlc-vdpau-3.0.16-1.5.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-06-15T00:00:00Z",
"details": "critical"
}
],
"title": "CVE-2019-13962"
},
{
"cve": "CVE-2019-14437",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2019-14437"
}
],
"notes": [
{
"category": "general",
"text": "The xiph_SplitHeaders function in modules/demux/xiph.h in VideoLAN VLC media player 3.0.7.1 does not check array bounds properly. As a result, a heap-based buffer over-read can be triggered via a crafted .ogg file.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:libvlc5-3.0.16-1.5.aarch64",
"openSUSE Tumbleweed:libvlc5-3.0.16-1.5.ppc64le",
"openSUSE Tumbleweed:libvlc5-3.0.16-1.5.s390x",
"openSUSE Tumbleweed:libvlc5-3.0.16-1.5.x86_64",
"openSUSE Tumbleweed:libvlccore9-3.0.16-1.5.aarch64",
"openSUSE Tumbleweed:libvlccore9-3.0.16-1.5.ppc64le",
"openSUSE Tumbleweed:libvlccore9-3.0.16-1.5.s390x",
"openSUSE Tumbleweed:libvlccore9-3.0.16-1.5.x86_64",
"openSUSE Tumbleweed:vlc-3.0.16-1.5.aarch64",
"openSUSE Tumbleweed:vlc-3.0.16-1.5.ppc64le",
"openSUSE Tumbleweed:vlc-3.0.16-1.5.s390x",
"openSUSE Tumbleweed:vlc-3.0.16-1.5.x86_64",
"openSUSE Tumbleweed:vlc-codec-gstreamer-3.0.16-1.5.aarch64",
"openSUSE Tumbleweed:vlc-codec-gstreamer-3.0.16-1.5.ppc64le",
"openSUSE Tumbleweed:vlc-codec-gstreamer-3.0.16-1.5.s390x",
"openSUSE Tumbleweed:vlc-codec-gstreamer-3.0.16-1.5.x86_64",
"openSUSE Tumbleweed:vlc-devel-3.0.16-1.5.aarch64",
"openSUSE Tumbleweed:vlc-devel-3.0.16-1.5.ppc64le",
"openSUSE Tumbleweed:vlc-devel-3.0.16-1.5.s390x",
"openSUSE Tumbleweed:vlc-devel-3.0.16-1.5.x86_64",
"openSUSE Tumbleweed:vlc-jack-3.0.16-1.5.aarch64",
"openSUSE Tumbleweed:vlc-jack-3.0.16-1.5.ppc64le",
"openSUSE Tumbleweed:vlc-jack-3.0.16-1.5.s390x",
"openSUSE Tumbleweed:vlc-jack-3.0.16-1.5.x86_64",
"openSUSE Tumbleweed:vlc-lang-3.0.16-1.5.aarch64",
"openSUSE Tumbleweed:vlc-lang-3.0.16-1.5.ppc64le",
"openSUSE Tumbleweed:vlc-lang-3.0.16-1.5.s390x",
"openSUSE Tumbleweed:vlc-lang-3.0.16-1.5.x86_64",
"openSUSE Tumbleweed:vlc-noX-3.0.16-1.5.aarch64",
"openSUSE Tumbleweed:vlc-noX-3.0.16-1.5.ppc64le",
"openSUSE Tumbleweed:vlc-noX-3.0.16-1.5.s390x",
"openSUSE Tumbleweed:vlc-noX-3.0.16-1.5.x86_64",
"openSUSE Tumbleweed:vlc-opencv-3.0.16-1.5.aarch64",
"openSUSE Tumbleweed:vlc-opencv-3.0.16-1.5.ppc64le",
"openSUSE Tumbleweed:vlc-opencv-3.0.16-1.5.s390x",
"openSUSE Tumbleweed:vlc-opencv-3.0.16-1.5.x86_64",
"openSUSE Tumbleweed:vlc-qt-3.0.16-1.5.aarch64",
"openSUSE Tumbleweed:vlc-qt-3.0.16-1.5.ppc64le",
"openSUSE Tumbleweed:vlc-qt-3.0.16-1.5.s390x",
"openSUSE Tumbleweed:vlc-qt-3.0.16-1.5.x86_64",
"openSUSE Tumbleweed:vlc-vdpau-3.0.16-1.5.aarch64",
"openSUSE Tumbleweed:vlc-vdpau-3.0.16-1.5.ppc64le",
"openSUSE Tumbleweed:vlc-vdpau-3.0.16-1.5.s390x",
"openSUSE Tumbleweed:vlc-vdpau-3.0.16-1.5.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2019-14437",
"url": "https://www.suse.com/security/cve/CVE-2019-14437"
},
{
"category": "external",
"summary": "SUSE Bug 1146428 for CVE-2019-14437",
"url": "https://bugzilla.suse.com/1146428"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:libvlc5-3.0.16-1.5.aarch64",
"openSUSE Tumbleweed:libvlc5-3.0.16-1.5.ppc64le",
"openSUSE Tumbleweed:libvlc5-3.0.16-1.5.s390x",
"openSUSE Tumbleweed:libvlc5-3.0.16-1.5.x86_64",
"openSUSE Tumbleweed:libvlccore9-3.0.16-1.5.aarch64",
"openSUSE Tumbleweed:libvlccore9-3.0.16-1.5.ppc64le",
"openSUSE Tumbleweed:libvlccore9-3.0.16-1.5.s390x",
"openSUSE Tumbleweed:libvlccore9-3.0.16-1.5.x86_64",
"openSUSE Tumbleweed:vlc-3.0.16-1.5.aarch64",
"openSUSE Tumbleweed:vlc-3.0.16-1.5.ppc64le",
"openSUSE Tumbleweed:vlc-3.0.16-1.5.s390x",
"openSUSE Tumbleweed:vlc-3.0.16-1.5.x86_64",
"openSUSE Tumbleweed:vlc-codec-gstreamer-3.0.16-1.5.aarch64",
"openSUSE Tumbleweed:vlc-codec-gstreamer-3.0.16-1.5.ppc64le",
"openSUSE Tumbleweed:vlc-codec-gstreamer-3.0.16-1.5.s390x",
"openSUSE Tumbleweed:vlc-codec-gstreamer-3.0.16-1.5.x86_64",
"openSUSE Tumbleweed:vlc-devel-3.0.16-1.5.aarch64",
"openSUSE Tumbleweed:vlc-devel-3.0.16-1.5.ppc64le",
"openSUSE Tumbleweed:vlc-devel-3.0.16-1.5.s390x",
"openSUSE Tumbleweed:vlc-devel-3.0.16-1.5.x86_64",
"openSUSE Tumbleweed:vlc-jack-3.0.16-1.5.aarch64",
"openSUSE Tumbleweed:vlc-jack-3.0.16-1.5.ppc64le",
"openSUSE Tumbleweed:vlc-jack-3.0.16-1.5.s390x",
"openSUSE Tumbleweed:vlc-jack-3.0.16-1.5.x86_64",
"openSUSE Tumbleweed:vlc-lang-3.0.16-1.5.aarch64",
"openSUSE Tumbleweed:vlc-lang-3.0.16-1.5.ppc64le",
"openSUSE Tumbleweed:vlc-lang-3.0.16-1.5.s390x",
"openSUSE Tumbleweed:vlc-lang-3.0.16-1.5.x86_64",
"openSUSE Tumbleweed:vlc-noX-3.0.16-1.5.aarch64",
"openSUSE Tumbleweed:vlc-noX-3.0.16-1.5.ppc64le",
"openSUSE Tumbleweed:vlc-noX-3.0.16-1.5.s390x",
"openSUSE Tumbleweed:vlc-noX-3.0.16-1.5.x86_64",
"openSUSE Tumbleweed:vlc-opencv-3.0.16-1.5.aarch64",
"openSUSE Tumbleweed:vlc-opencv-3.0.16-1.5.ppc64le",
"openSUSE Tumbleweed:vlc-opencv-3.0.16-1.5.s390x",
"openSUSE Tumbleweed:vlc-opencv-3.0.16-1.5.x86_64",
"openSUSE Tumbleweed:vlc-qt-3.0.16-1.5.aarch64",
"openSUSE Tumbleweed:vlc-qt-3.0.16-1.5.ppc64le",
"openSUSE Tumbleweed:vlc-qt-3.0.16-1.5.s390x",
"openSUSE Tumbleweed:vlc-qt-3.0.16-1.5.x86_64",
"openSUSE Tumbleweed:vlc-vdpau-3.0.16-1.5.aarch64",
"openSUSE Tumbleweed:vlc-vdpau-3.0.16-1.5.ppc64le",
"openSUSE Tumbleweed:vlc-vdpau-3.0.16-1.5.s390x",
"openSUSE Tumbleweed:vlc-vdpau-3.0.16-1.5.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.0"
},
"products": [
"openSUSE Tumbleweed:libvlc5-3.0.16-1.5.aarch64",
"openSUSE Tumbleweed:libvlc5-3.0.16-1.5.ppc64le",
"openSUSE Tumbleweed:libvlc5-3.0.16-1.5.s390x",
"openSUSE Tumbleweed:libvlc5-3.0.16-1.5.x86_64",
"openSUSE Tumbleweed:libvlccore9-3.0.16-1.5.aarch64",
"openSUSE Tumbleweed:libvlccore9-3.0.16-1.5.ppc64le",
"openSUSE Tumbleweed:libvlccore9-3.0.16-1.5.s390x",
"openSUSE Tumbleweed:libvlccore9-3.0.16-1.5.x86_64",
"openSUSE Tumbleweed:vlc-3.0.16-1.5.aarch64",
"openSUSE Tumbleweed:vlc-3.0.16-1.5.ppc64le",
"openSUSE Tumbleweed:vlc-3.0.16-1.5.s390x",
"openSUSE Tumbleweed:vlc-3.0.16-1.5.x86_64",
"openSUSE Tumbleweed:vlc-codec-gstreamer-3.0.16-1.5.aarch64",
"openSUSE Tumbleweed:vlc-codec-gstreamer-3.0.16-1.5.ppc64le",
"openSUSE Tumbleweed:vlc-codec-gstreamer-3.0.16-1.5.s390x",
"openSUSE Tumbleweed:vlc-codec-gstreamer-3.0.16-1.5.x86_64",
"openSUSE Tumbleweed:vlc-devel-3.0.16-1.5.aarch64",
"openSUSE Tumbleweed:vlc-devel-3.0.16-1.5.ppc64le",
"openSUSE Tumbleweed:vlc-devel-3.0.16-1.5.s390x",
"openSUSE Tumbleweed:vlc-devel-3.0.16-1.5.x86_64",
"openSUSE Tumbleweed:vlc-jack-3.0.16-1.5.aarch64",
"openSUSE Tumbleweed:vlc-jack-3.0.16-1.5.ppc64le",
"openSUSE Tumbleweed:vlc-jack-3.0.16-1.5.s390x",
"openSUSE Tumbleweed:vlc-jack-3.0.16-1.5.x86_64",
"openSUSE Tumbleweed:vlc-lang-3.0.16-1.5.aarch64",
"openSUSE Tumbleweed:vlc-lang-3.0.16-1.5.ppc64le",
"openSUSE Tumbleweed:vlc-lang-3.0.16-1.5.s390x",
"openSUSE Tumbleweed:vlc-lang-3.0.16-1.5.x86_64",
"openSUSE Tumbleweed:vlc-noX-3.0.16-1.5.aarch64",
"openSUSE Tumbleweed:vlc-noX-3.0.16-1.5.ppc64le",
"openSUSE Tumbleweed:vlc-noX-3.0.16-1.5.s390x",
"openSUSE Tumbleweed:vlc-noX-3.0.16-1.5.x86_64",
"openSUSE Tumbleweed:vlc-opencv-3.0.16-1.5.aarch64",
"openSUSE Tumbleweed:vlc-opencv-3.0.16-1.5.ppc64le",
"openSUSE Tumbleweed:vlc-opencv-3.0.16-1.5.s390x",
"openSUSE Tumbleweed:vlc-opencv-3.0.16-1.5.x86_64",
"openSUSE Tumbleweed:vlc-qt-3.0.16-1.5.aarch64",
"openSUSE Tumbleweed:vlc-qt-3.0.16-1.5.ppc64le",
"openSUSE Tumbleweed:vlc-qt-3.0.16-1.5.s390x",
"openSUSE Tumbleweed:vlc-qt-3.0.16-1.5.x86_64",
"openSUSE Tumbleweed:vlc-vdpau-3.0.16-1.5.aarch64",
"openSUSE Tumbleweed:vlc-vdpau-3.0.16-1.5.ppc64le",
"openSUSE Tumbleweed:vlc-vdpau-3.0.16-1.5.s390x",
"openSUSE Tumbleweed:vlc-vdpau-3.0.16-1.5.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-06-15T00:00:00Z",
"details": "moderate"
}
],
"title": "CVE-2019-14437"
},
{
"cve": "CVE-2019-14498",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2019-14498"
}
],
"notes": [
{
"category": "general",
"text": "A divide-by-zero error exists in the Control function of demux/caf.c in VideoLAN VLC media player 3.0.7.1. As a result, an FPE can be triggered via a crafted CAF file.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:libvlc5-3.0.16-1.5.aarch64",
"openSUSE Tumbleweed:libvlc5-3.0.16-1.5.ppc64le",
"openSUSE Tumbleweed:libvlc5-3.0.16-1.5.s390x",
"openSUSE Tumbleweed:libvlc5-3.0.16-1.5.x86_64",
"openSUSE Tumbleweed:libvlccore9-3.0.16-1.5.aarch64",
"openSUSE Tumbleweed:libvlccore9-3.0.16-1.5.ppc64le",
"openSUSE Tumbleweed:libvlccore9-3.0.16-1.5.s390x",
"openSUSE Tumbleweed:libvlccore9-3.0.16-1.5.x86_64",
"openSUSE Tumbleweed:vlc-3.0.16-1.5.aarch64",
"openSUSE Tumbleweed:vlc-3.0.16-1.5.ppc64le",
"openSUSE Tumbleweed:vlc-3.0.16-1.5.s390x",
"openSUSE Tumbleweed:vlc-3.0.16-1.5.x86_64",
"openSUSE Tumbleweed:vlc-codec-gstreamer-3.0.16-1.5.aarch64",
"openSUSE Tumbleweed:vlc-codec-gstreamer-3.0.16-1.5.ppc64le",
"openSUSE Tumbleweed:vlc-codec-gstreamer-3.0.16-1.5.s390x",
"openSUSE Tumbleweed:vlc-codec-gstreamer-3.0.16-1.5.x86_64",
"openSUSE Tumbleweed:vlc-devel-3.0.16-1.5.aarch64",
"openSUSE Tumbleweed:vlc-devel-3.0.16-1.5.ppc64le",
"openSUSE Tumbleweed:vlc-devel-3.0.16-1.5.s390x",
"openSUSE Tumbleweed:vlc-devel-3.0.16-1.5.x86_64",
"openSUSE Tumbleweed:vlc-jack-3.0.16-1.5.aarch64",
"openSUSE Tumbleweed:vlc-jack-3.0.16-1.5.ppc64le",
"openSUSE Tumbleweed:vlc-jack-3.0.16-1.5.s390x",
"openSUSE Tumbleweed:vlc-jack-3.0.16-1.5.x86_64",
"openSUSE Tumbleweed:vlc-lang-3.0.16-1.5.aarch64",
"openSUSE Tumbleweed:vlc-lang-3.0.16-1.5.ppc64le",
"openSUSE Tumbleweed:vlc-lang-3.0.16-1.5.s390x",
"openSUSE Tumbleweed:vlc-lang-3.0.16-1.5.x86_64",
"openSUSE Tumbleweed:vlc-noX-3.0.16-1.5.aarch64",
"openSUSE Tumbleweed:vlc-noX-3.0.16-1.5.ppc64le",
"openSUSE Tumbleweed:vlc-noX-3.0.16-1.5.s390x",
"openSUSE Tumbleweed:vlc-noX-3.0.16-1.5.x86_64",
"openSUSE Tumbleweed:vlc-opencv-3.0.16-1.5.aarch64",
"openSUSE Tumbleweed:vlc-opencv-3.0.16-1.5.ppc64le",
"openSUSE Tumbleweed:vlc-opencv-3.0.16-1.5.s390x",
"openSUSE Tumbleweed:vlc-opencv-3.0.16-1.5.x86_64",
"openSUSE Tumbleweed:vlc-qt-3.0.16-1.5.aarch64",
"openSUSE Tumbleweed:vlc-qt-3.0.16-1.5.ppc64le",
"openSUSE Tumbleweed:vlc-qt-3.0.16-1.5.s390x",
"openSUSE Tumbleweed:vlc-qt-3.0.16-1.5.x86_64",
"openSUSE Tumbleweed:vlc-vdpau-3.0.16-1.5.aarch64",
"openSUSE Tumbleweed:vlc-vdpau-3.0.16-1.5.ppc64le",
"openSUSE Tumbleweed:vlc-vdpau-3.0.16-1.5.s390x",
"openSUSE Tumbleweed:vlc-vdpau-3.0.16-1.5.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2019-14498",
"url": "https://www.suse.com/security/cve/CVE-2019-14498"
},
{
"category": "external",
"summary": "SUSE Bug 1146428 for CVE-2019-14498",
"url": "https://bugzilla.suse.com/1146428"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:libvlc5-3.0.16-1.5.aarch64",
"openSUSE Tumbleweed:libvlc5-3.0.16-1.5.ppc64le",
"openSUSE Tumbleweed:libvlc5-3.0.16-1.5.s390x",
"openSUSE Tumbleweed:libvlc5-3.0.16-1.5.x86_64",
"openSUSE Tumbleweed:libvlccore9-3.0.16-1.5.aarch64",
"openSUSE Tumbleweed:libvlccore9-3.0.16-1.5.ppc64le",
"openSUSE Tumbleweed:libvlccore9-3.0.16-1.5.s390x",
"openSUSE Tumbleweed:libvlccore9-3.0.16-1.5.x86_64",
"openSUSE Tumbleweed:vlc-3.0.16-1.5.aarch64",
"openSUSE Tumbleweed:vlc-3.0.16-1.5.ppc64le",
"openSUSE Tumbleweed:vlc-3.0.16-1.5.s390x",
"openSUSE Tumbleweed:vlc-3.0.16-1.5.x86_64",
"openSUSE Tumbleweed:vlc-codec-gstreamer-3.0.16-1.5.aarch64",
"openSUSE Tumbleweed:vlc-codec-gstreamer-3.0.16-1.5.ppc64le",
"openSUSE Tumbleweed:vlc-codec-gstreamer-3.0.16-1.5.s390x",
"openSUSE Tumbleweed:vlc-codec-gstreamer-3.0.16-1.5.x86_64",
"openSUSE Tumbleweed:vlc-devel-3.0.16-1.5.aarch64",
"openSUSE Tumbleweed:vlc-devel-3.0.16-1.5.ppc64le",
"openSUSE Tumbleweed:vlc-devel-3.0.16-1.5.s390x",
"openSUSE Tumbleweed:vlc-devel-3.0.16-1.5.x86_64",
"openSUSE Tumbleweed:vlc-jack-3.0.16-1.5.aarch64",
"openSUSE Tumbleweed:vlc-jack-3.0.16-1.5.ppc64le",
"openSUSE Tumbleweed:vlc-jack-3.0.16-1.5.s390x",
"openSUSE Tumbleweed:vlc-jack-3.0.16-1.5.x86_64",
"openSUSE Tumbleweed:vlc-lang-3.0.16-1.5.aarch64",
"openSUSE Tumbleweed:vlc-lang-3.0.16-1.5.ppc64le",
"openSUSE Tumbleweed:vlc-lang-3.0.16-1.5.s390x",
"openSUSE Tumbleweed:vlc-lang-3.0.16-1.5.x86_64",
"openSUSE Tumbleweed:vlc-noX-3.0.16-1.5.aarch64",
"openSUSE Tumbleweed:vlc-noX-3.0.16-1.5.ppc64le",
"openSUSE Tumbleweed:vlc-noX-3.0.16-1.5.s390x",
"openSUSE Tumbleweed:vlc-noX-3.0.16-1.5.x86_64",
"openSUSE Tumbleweed:vlc-opencv-3.0.16-1.5.aarch64",
"openSUSE Tumbleweed:vlc-opencv-3.0.16-1.5.ppc64le",
"openSUSE Tumbleweed:vlc-opencv-3.0.16-1.5.s390x",
"openSUSE Tumbleweed:vlc-opencv-3.0.16-1.5.x86_64",
"openSUSE Tumbleweed:vlc-qt-3.0.16-1.5.aarch64",
"openSUSE Tumbleweed:vlc-qt-3.0.16-1.5.ppc64le",
"openSUSE Tumbleweed:vlc-qt-3.0.16-1.5.s390x",
"openSUSE Tumbleweed:vlc-qt-3.0.16-1.5.x86_64",
"openSUSE Tumbleweed:vlc-vdpau-3.0.16-1.5.aarch64",
"openSUSE Tumbleweed:vlc-vdpau-3.0.16-1.5.ppc64le",
"openSUSE Tumbleweed:vlc-vdpau-3.0.16-1.5.s390x",
"openSUSE Tumbleweed:vlc-vdpau-3.0.16-1.5.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.0"
},
"products": [
"openSUSE Tumbleweed:libvlc5-3.0.16-1.5.aarch64",
"openSUSE Tumbleweed:libvlc5-3.0.16-1.5.ppc64le",
"openSUSE Tumbleweed:libvlc5-3.0.16-1.5.s390x",
"openSUSE Tumbleweed:libvlc5-3.0.16-1.5.x86_64",
"openSUSE Tumbleweed:libvlccore9-3.0.16-1.5.aarch64",
"openSUSE Tumbleweed:libvlccore9-3.0.16-1.5.ppc64le",
"openSUSE Tumbleweed:libvlccore9-3.0.16-1.5.s390x",
"openSUSE Tumbleweed:libvlccore9-3.0.16-1.5.x86_64",
"openSUSE Tumbleweed:vlc-3.0.16-1.5.aarch64",
"openSUSE Tumbleweed:vlc-3.0.16-1.5.ppc64le",
"openSUSE Tumbleweed:vlc-3.0.16-1.5.s390x",
"openSUSE Tumbleweed:vlc-3.0.16-1.5.x86_64",
"openSUSE Tumbleweed:vlc-codec-gstreamer-3.0.16-1.5.aarch64",
"openSUSE Tumbleweed:vlc-codec-gstreamer-3.0.16-1.5.ppc64le",
"openSUSE Tumbleweed:vlc-codec-gstreamer-3.0.16-1.5.s390x",
"openSUSE Tumbleweed:vlc-codec-gstreamer-3.0.16-1.5.x86_64",
"openSUSE Tumbleweed:vlc-devel-3.0.16-1.5.aarch64",
"openSUSE Tumbleweed:vlc-devel-3.0.16-1.5.ppc64le",
"openSUSE Tumbleweed:vlc-devel-3.0.16-1.5.s390x",
"openSUSE Tumbleweed:vlc-devel-3.0.16-1.5.x86_64",
"openSUSE Tumbleweed:vlc-jack-3.0.16-1.5.aarch64",
"openSUSE Tumbleweed:vlc-jack-3.0.16-1.5.ppc64le",
"openSUSE Tumbleweed:vlc-jack-3.0.16-1.5.s390x",
"openSUSE Tumbleweed:vlc-jack-3.0.16-1.5.x86_64",
"openSUSE Tumbleweed:vlc-lang-3.0.16-1.5.aarch64",
"openSUSE Tumbleweed:vlc-lang-3.0.16-1.5.ppc64le",
"openSUSE Tumbleweed:vlc-lang-3.0.16-1.5.s390x",
"openSUSE Tumbleweed:vlc-lang-3.0.16-1.5.x86_64",
"openSUSE Tumbleweed:vlc-noX-3.0.16-1.5.aarch64",
"openSUSE Tumbleweed:vlc-noX-3.0.16-1.5.ppc64le",
"openSUSE Tumbleweed:vlc-noX-3.0.16-1.5.s390x",
"openSUSE Tumbleweed:vlc-noX-3.0.16-1.5.x86_64",
"openSUSE Tumbleweed:vlc-opencv-3.0.16-1.5.aarch64",
"openSUSE Tumbleweed:vlc-opencv-3.0.16-1.5.ppc64le",
"openSUSE Tumbleweed:vlc-opencv-3.0.16-1.5.s390x",
"openSUSE Tumbleweed:vlc-opencv-3.0.16-1.5.x86_64",
"openSUSE Tumbleweed:vlc-qt-3.0.16-1.5.aarch64",
"openSUSE Tumbleweed:vlc-qt-3.0.16-1.5.ppc64le",
"openSUSE Tumbleweed:vlc-qt-3.0.16-1.5.s390x",
"openSUSE Tumbleweed:vlc-qt-3.0.16-1.5.x86_64",
"openSUSE Tumbleweed:vlc-vdpau-3.0.16-1.5.aarch64",
"openSUSE Tumbleweed:vlc-vdpau-3.0.16-1.5.ppc64le",
"openSUSE Tumbleweed:vlc-vdpau-3.0.16-1.5.s390x",
"openSUSE Tumbleweed:vlc-vdpau-3.0.16-1.5.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-06-15T00:00:00Z",
"details": "moderate"
}
],
"title": "CVE-2019-14498"
},
{
"cve": "CVE-2019-14533",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2019-14533"
}
],
"notes": [
{
"category": "general",
"text": "The Control function of demux/asf/asf.c in VideoLAN VLC media player 3.0.7.1 has a use-after-free.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:libvlc5-3.0.16-1.5.aarch64",
"openSUSE Tumbleweed:libvlc5-3.0.16-1.5.ppc64le",
"openSUSE Tumbleweed:libvlc5-3.0.16-1.5.s390x",
"openSUSE Tumbleweed:libvlc5-3.0.16-1.5.x86_64",
"openSUSE Tumbleweed:libvlccore9-3.0.16-1.5.aarch64",
"openSUSE Tumbleweed:libvlccore9-3.0.16-1.5.ppc64le",
"openSUSE Tumbleweed:libvlccore9-3.0.16-1.5.s390x",
"openSUSE Tumbleweed:libvlccore9-3.0.16-1.5.x86_64",
"openSUSE Tumbleweed:vlc-3.0.16-1.5.aarch64",
"openSUSE Tumbleweed:vlc-3.0.16-1.5.ppc64le",
"openSUSE Tumbleweed:vlc-3.0.16-1.5.s390x",
"openSUSE Tumbleweed:vlc-3.0.16-1.5.x86_64",
"openSUSE Tumbleweed:vlc-codec-gstreamer-3.0.16-1.5.aarch64",
"openSUSE Tumbleweed:vlc-codec-gstreamer-3.0.16-1.5.ppc64le",
"openSUSE Tumbleweed:vlc-codec-gstreamer-3.0.16-1.5.s390x",
"openSUSE Tumbleweed:vlc-codec-gstreamer-3.0.16-1.5.x86_64",
"openSUSE Tumbleweed:vlc-devel-3.0.16-1.5.aarch64",
"openSUSE Tumbleweed:vlc-devel-3.0.16-1.5.ppc64le",
"openSUSE Tumbleweed:vlc-devel-3.0.16-1.5.s390x",
"openSUSE Tumbleweed:vlc-devel-3.0.16-1.5.x86_64",
"openSUSE Tumbleweed:vlc-jack-3.0.16-1.5.aarch64",
"openSUSE Tumbleweed:vlc-jack-3.0.16-1.5.ppc64le",
"openSUSE Tumbleweed:vlc-jack-3.0.16-1.5.s390x",
"openSUSE Tumbleweed:vlc-jack-3.0.16-1.5.x86_64",
"openSUSE Tumbleweed:vlc-lang-3.0.16-1.5.aarch64",
"openSUSE Tumbleweed:vlc-lang-3.0.16-1.5.ppc64le",
"openSUSE Tumbleweed:vlc-lang-3.0.16-1.5.s390x",
"openSUSE Tumbleweed:vlc-lang-3.0.16-1.5.x86_64",
"openSUSE Tumbleweed:vlc-noX-3.0.16-1.5.aarch64",
"openSUSE Tumbleweed:vlc-noX-3.0.16-1.5.ppc64le",
"openSUSE Tumbleweed:vlc-noX-3.0.16-1.5.s390x",
"openSUSE Tumbleweed:vlc-noX-3.0.16-1.5.x86_64",
"openSUSE Tumbleweed:vlc-opencv-3.0.16-1.5.aarch64",
"openSUSE Tumbleweed:vlc-opencv-3.0.16-1.5.ppc64le",
"openSUSE Tumbleweed:vlc-opencv-3.0.16-1.5.s390x",
"openSUSE Tumbleweed:vlc-opencv-3.0.16-1.5.x86_64",
"openSUSE Tumbleweed:vlc-qt-3.0.16-1.5.aarch64",
"openSUSE Tumbleweed:vlc-qt-3.0.16-1.5.ppc64le",
"openSUSE Tumbleweed:vlc-qt-3.0.16-1.5.s390x",
"openSUSE Tumbleweed:vlc-qt-3.0.16-1.5.x86_64",
"openSUSE Tumbleweed:vlc-vdpau-3.0.16-1.5.aarch64",
"openSUSE Tumbleweed:vlc-vdpau-3.0.16-1.5.ppc64le",
"openSUSE Tumbleweed:vlc-vdpau-3.0.16-1.5.s390x",
"openSUSE Tumbleweed:vlc-vdpau-3.0.16-1.5.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2019-14533",
"url": "https://www.suse.com/security/cve/CVE-2019-14533"
},
{
"category": "external",
"summary": "SUSE Bug 1146428 for CVE-2019-14533",
"url": "https://bugzilla.suse.com/1146428"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:libvlc5-3.0.16-1.5.aarch64",
"openSUSE Tumbleweed:libvlc5-3.0.16-1.5.ppc64le",
"openSUSE Tumbleweed:libvlc5-3.0.16-1.5.s390x",
"openSUSE Tumbleweed:libvlc5-3.0.16-1.5.x86_64",
"openSUSE Tumbleweed:libvlccore9-3.0.16-1.5.aarch64",
"openSUSE Tumbleweed:libvlccore9-3.0.16-1.5.ppc64le",
"openSUSE Tumbleweed:libvlccore9-3.0.16-1.5.s390x",
"openSUSE Tumbleweed:libvlccore9-3.0.16-1.5.x86_64",
"openSUSE Tumbleweed:vlc-3.0.16-1.5.aarch64",
"openSUSE Tumbleweed:vlc-3.0.16-1.5.ppc64le",
"openSUSE Tumbleweed:vlc-3.0.16-1.5.s390x",
"openSUSE Tumbleweed:vlc-3.0.16-1.5.x86_64",
"openSUSE Tumbleweed:vlc-codec-gstreamer-3.0.16-1.5.aarch64",
"openSUSE Tumbleweed:vlc-codec-gstreamer-3.0.16-1.5.ppc64le",
"openSUSE Tumbleweed:vlc-codec-gstreamer-3.0.16-1.5.s390x",
"openSUSE Tumbleweed:vlc-codec-gstreamer-3.0.16-1.5.x86_64",
"openSUSE Tumbleweed:vlc-devel-3.0.16-1.5.aarch64",
"openSUSE Tumbleweed:vlc-devel-3.0.16-1.5.ppc64le",
"openSUSE Tumbleweed:vlc-devel-3.0.16-1.5.s390x",
"openSUSE Tumbleweed:vlc-devel-3.0.16-1.5.x86_64",
"openSUSE Tumbleweed:vlc-jack-3.0.16-1.5.aarch64",
"openSUSE Tumbleweed:vlc-jack-3.0.16-1.5.ppc64le",
"openSUSE Tumbleweed:vlc-jack-3.0.16-1.5.s390x",
"openSUSE Tumbleweed:vlc-jack-3.0.16-1.5.x86_64",
"openSUSE Tumbleweed:vlc-lang-3.0.16-1.5.aarch64",
"openSUSE Tumbleweed:vlc-lang-3.0.16-1.5.ppc64le",
"openSUSE Tumbleweed:vlc-lang-3.0.16-1.5.s390x",
"openSUSE Tumbleweed:vlc-lang-3.0.16-1.5.x86_64",
"openSUSE Tumbleweed:vlc-noX-3.0.16-1.5.aarch64",
"openSUSE Tumbleweed:vlc-noX-3.0.16-1.5.ppc64le",
"openSUSE Tumbleweed:vlc-noX-3.0.16-1.5.s390x",
"openSUSE Tumbleweed:vlc-noX-3.0.16-1.5.x86_64",
"openSUSE Tumbleweed:vlc-opencv-3.0.16-1.5.aarch64",
"openSUSE Tumbleweed:vlc-opencv-3.0.16-1.5.ppc64le",
"openSUSE Tumbleweed:vlc-opencv-3.0.16-1.5.s390x",
"openSUSE Tumbleweed:vlc-opencv-3.0.16-1.5.x86_64",
"openSUSE Tumbleweed:vlc-qt-3.0.16-1.5.aarch64",
"openSUSE Tumbleweed:vlc-qt-3.0.16-1.5.ppc64le",
"openSUSE Tumbleweed:vlc-qt-3.0.16-1.5.s390x",
"openSUSE Tumbleweed:vlc-qt-3.0.16-1.5.x86_64",
"openSUSE Tumbleweed:vlc-vdpau-3.0.16-1.5.aarch64",
"openSUSE Tumbleweed:vlc-vdpau-3.0.16-1.5.ppc64le",
"openSUSE Tumbleweed:vlc-vdpau-3.0.16-1.5.s390x",
"openSUSE Tumbleweed:vlc-vdpau-3.0.16-1.5.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.0"
},
"products": [
"openSUSE Tumbleweed:libvlc5-3.0.16-1.5.aarch64",
"openSUSE Tumbleweed:libvlc5-3.0.16-1.5.ppc64le",
"openSUSE Tumbleweed:libvlc5-3.0.16-1.5.s390x",
"openSUSE Tumbleweed:libvlc5-3.0.16-1.5.x86_64",
"openSUSE Tumbleweed:libvlccore9-3.0.16-1.5.aarch64",
"openSUSE Tumbleweed:libvlccore9-3.0.16-1.5.ppc64le",
"openSUSE Tumbleweed:libvlccore9-3.0.16-1.5.s390x",
"openSUSE Tumbleweed:libvlccore9-3.0.16-1.5.x86_64",
"openSUSE Tumbleweed:vlc-3.0.16-1.5.aarch64",
"openSUSE Tumbleweed:vlc-3.0.16-1.5.ppc64le",
"openSUSE Tumbleweed:vlc-3.0.16-1.5.s390x",
"openSUSE Tumbleweed:vlc-3.0.16-1.5.x86_64",
"openSUSE Tumbleweed:vlc-codec-gstreamer-3.0.16-1.5.aarch64",
"openSUSE Tumbleweed:vlc-codec-gstreamer-3.0.16-1.5.ppc64le",
"openSUSE Tumbleweed:vlc-codec-gstreamer-3.0.16-1.5.s390x",
"openSUSE Tumbleweed:vlc-codec-gstreamer-3.0.16-1.5.x86_64",
"openSUSE Tumbleweed:vlc-devel-3.0.16-1.5.aarch64",
"openSUSE Tumbleweed:vlc-devel-3.0.16-1.5.ppc64le",
"openSUSE Tumbleweed:vlc-devel-3.0.16-1.5.s390x",
"openSUSE Tumbleweed:vlc-devel-3.0.16-1.5.x86_64",
"openSUSE Tumbleweed:vlc-jack-3.0.16-1.5.aarch64",
"openSUSE Tumbleweed:vlc-jack-3.0.16-1.5.ppc64le",
"openSUSE Tumbleweed:vlc-jack-3.0.16-1.5.s390x",
"openSUSE Tumbleweed:vlc-jack-3.0.16-1.5.x86_64",
"openSUSE Tumbleweed:vlc-lang-3.0.16-1.5.aarch64",
"openSUSE Tumbleweed:vlc-lang-3.0.16-1.5.ppc64le",
"openSUSE Tumbleweed:vlc-lang-3.0.16-1.5.s390x",
"openSUSE Tumbleweed:vlc-lang-3.0.16-1.5.x86_64",
"openSUSE Tumbleweed:vlc-noX-3.0.16-1.5.aarch64",
"openSUSE Tumbleweed:vlc-noX-3.0.16-1.5.ppc64le",
"openSUSE Tumbleweed:vlc-noX-3.0.16-1.5.s390x",
"openSUSE Tumbleweed:vlc-noX-3.0.16-1.5.x86_64",
"openSUSE Tumbleweed:vlc-opencv-3.0.16-1.5.aarch64",
"openSUSE Tumbleweed:vlc-opencv-3.0.16-1.5.ppc64le",
"openSUSE Tumbleweed:vlc-opencv-3.0.16-1.5.s390x",
"openSUSE Tumbleweed:vlc-opencv-3.0.16-1.5.x86_64",
"openSUSE Tumbleweed:vlc-qt-3.0.16-1.5.aarch64",
"openSUSE Tumbleweed:vlc-qt-3.0.16-1.5.ppc64le",
"openSUSE Tumbleweed:vlc-qt-3.0.16-1.5.s390x",
"openSUSE Tumbleweed:vlc-qt-3.0.16-1.5.x86_64",
"openSUSE Tumbleweed:vlc-vdpau-3.0.16-1.5.aarch64",
"openSUSE Tumbleweed:vlc-vdpau-3.0.16-1.5.ppc64le",
"openSUSE Tumbleweed:vlc-vdpau-3.0.16-1.5.s390x",
"openSUSE Tumbleweed:vlc-vdpau-3.0.16-1.5.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-06-15T00:00:00Z",
"details": "moderate"
}
],
"title": "CVE-2019-14533"
},
{
"cve": "CVE-2019-14534",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2019-14534"
}
],
"notes": [
{
"category": "general",
"text": "In VideoLAN VLC media player 3.0.7.1, there is a NULL pointer dereference at the function SeekPercent of demux/asf/asf.c that will lead to a denial of service attack.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:libvlc5-3.0.16-1.5.aarch64",
"openSUSE Tumbleweed:libvlc5-3.0.16-1.5.ppc64le",
"openSUSE Tumbleweed:libvlc5-3.0.16-1.5.s390x",
"openSUSE Tumbleweed:libvlc5-3.0.16-1.5.x86_64",
"openSUSE Tumbleweed:libvlccore9-3.0.16-1.5.aarch64",
"openSUSE Tumbleweed:libvlccore9-3.0.16-1.5.ppc64le",
"openSUSE Tumbleweed:libvlccore9-3.0.16-1.5.s390x",
"openSUSE Tumbleweed:libvlccore9-3.0.16-1.5.x86_64",
"openSUSE Tumbleweed:vlc-3.0.16-1.5.aarch64",
"openSUSE Tumbleweed:vlc-3.0.16-1.5.ppc64le",
"openSUSE Tumbleweed:vlc-3.0.16-1.5.s390x",
"openSUSE Tumbleweed:vlc-3.0.16-1.5.x86_64",
"openSUSE Tumbleweed:vlc-codec-gstreamer-3.0.16-1.5.aarch64",
"openSUSE Tumbleweed:vlc-codec-gstreamer-3.0.16-1.5.ppc64le",
"openSUSE Tumbleweed:vlc-codec-gstreamer-3.0.16-1.5.s390x",
"openSUSE Tumbleweed:vlc-codec-gstreamer-3.0.16-1.5.x86_64",
"openSUSE Tumbleweed:vlc-devel-3.0.16-1.5.aarch64",
"openSUSE Tumbleweed:vlc-devel-3.0.16-1.5.ppc64le",
"openSUSE Tumbleweed:vlc-devel-3.0.16-1.5.s390x",
"openSUSE Tumbleweed:vlc-devel-3.0.16-1.5.x86_64",
"openSUSE Tumbleweed:vlc-jack-3.0.16-1.5.aarch64",
"openSUSE Tumbleweed:vlc-jack-3.0.16-1.5.ppc64le",
"openSUSE Tumbleweed:vlc-jack-3.0.16-1.5.s390x",
"openSUSE Tumbleweed:vlc-jack-3.0.16-1.5.x86_64",
"openSUSE Tumbleweed:vlc-lang-3.0.16-1.5.aarch64",
"openSUSE Tumbleweed:vlc-lang-3.0.16-1.5.ppc64le",
"openSUSE Tumbleweed:vlc-lang-3.0.16-1.5.s390x",
"openSUSE Tumbleweed:vlc-lang-3.0.16-1.5.x86_64",
"openSUSE Tumbleweed:vlc-noX-3.0.16-1.5.aarch64",
"openSUSE Tumbleweed:vlc-noX-3.0.16-1.5.ppc64le",
"openSUSE Tumbleweed:vlc-noX-3.0.16-1.5.s390x",
"openSUSE Tumbleweed:vlc-noX-3.0.16-1.5.x86_64",
"openSUSE Tumbleweed:vlc-opencv-3.0.16-1.5.aarch64",
"openSUSE Tumbleweed:vlc-opencv-3.0.16-1.5.ppc64le",
"openSUSE Tumbleweed:vlc-opencv-3.0.16-1.5.s390x",
"openSUSE Tumbleweed:vlc-opencv-3.0.16-1.5.x86_64",
"openSUSE Tumbleweed:vlc-qt-3.0.16-1.5.aarch64",
"openSUSE Tumbleweed:vlc-qt-3.0.16-1.5.ppc64le",
"openSUSE Tumbleweed:vlc-qt-3.0.16-1.5.s390x",
"openSUSE Tumbleweed:vlc-qt-3.0.16-1.5.x86_64",
"openSUSE Tumbleweed:vlc-vdpau-3.0.16-1.5.aarch64",
"openSUSE Tumbleweed:vlc-vdpau-3.0.16-1.5.ppc64le",
"openSUSE Tumbleweed:vlc-vdpau-3.0.16-1.5.s390x",
"openSUSE Tumbleweed:vlc-vdpau-3.0.16-1.5.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2019-14534",
"url": "https://www.suse.com/security/cve/CVE-2019-14534"
},
{
"category": "external",
"summary": "SUSE Bug 1146428 for CVE-2019-14534",
"url": "https://bugzilla.suse.com/1146428"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:libvlc5-3.0.16-1.5.aarch64",
"openSUSE Tumbleweed:libvlc5-3.0.16-1.5.ppc64le",
"openSUSE Tumbleweed:libvlc5-3.0.16-1.5.s390x",
"openSUSE Tumbleweed:libvlc5-3.0.16-1.5.x86_64",
"openSUSE Tumbleweed:libvlccore9-3.0.16-1.5.aarch64",
"openSUSE Tumbleweed:libvlccore9-3.0.16-1.5.ppc64le",
"openSUSE Tumbleweed:libvlccore9-3.0.16-1.5.s390x",
"openSUSE Tumbleweed:libvlccore9-3.0.16-1.5.x86_64",
"openSUSE Tumbleweed:vlc-3.0.16-1.5.aarch64",
"openSUSE Tumbleweed:vlc-3.0.16-1.5.ppc64le",
"openSUSE Tumbleweed:vlc-3.0.16-1.5.s390x",
"openSUSE Tumbleweed:vlc-3.0.16-1.5.x86_64",
"openSUSE Tumbleweed:vlc-codec-gstreamer-3.0.16-1.5.aarch64",
"openSUSE Tumbleweed:vlc-codec-gstreamer-3.0.16-1.5.ppc64le",
"openSUSE Tumbleweed:vlc-codec-gstreamer-3.0.16-1.5.s390x",
"openSUSE Tumbleweed:vlc-codec-gstreamer-3.0.16-1.5.x86_64",
"openSUSE Tumbleweed:vlc-devel-3.0.16-1.5.aarch64",
"openSUSE Tumbleweed:vlc-devel-3.0.16-1.5.ppc64le",
"openSUSE Tumbleweed:vlc-devel-3.0.16-1.5.s390x",
"openSUSE Tumbleweed:vlc-devel-3.0.16-1.5.x86_64",
"openSUSE Tumbleweed:vlc-jack-3.0.16-1.5.aarch64",
"openSUSE Tumbleweed:vlc-jack-3.0.16-1.5.ppc64le",
"openSUSE Tumbleweed:vlc-jack-3.0.16-1.5.s390x",
"openSUSE Tumbleweed:vlc-jack-3.0.16-1.5.x86_64",
"openSUSE Tumbleweed:vlc-lang-3.0.16-1.5.aarch64",
"openSUSE Tumbleweed:vlc-lang-3.0.16-1.5.ppc64le",
"openSUSE Tumbleweed:vlc-lang-3.0.16-1.5.s390x",
"openSUSE Tumbleweed:vlc-lang-3.0.16-1.5.x86_64",
"openSUSE Tumbleweed:vlc-noX-3.0.16-1.5.aarch64",
"openSUSE Tumbleweed:vlc-noX-3.0.16-1.5.ppc64le",
"openSUSE Tumbleweed:vlc-noX-3.0.16-1.5.s390x",
"openSUSE Tumbleweed:vlc-noX-3.0.16-1.5.x86_64",
"openSUSE Tumbleweed:vlc-opencv-3.0.16-1.5.aarch64",
"openSUSE Tumbleweed:vlc-opencv-3.0.16-1.5.ppc64le",
"openSUSE Tumbleweed:vlc-opencv-3.0.16-1.5.s390x",
"openSUSE Tumbleweed:vlc-opencv-3.0.16-1.5.x86_64",
"openSUSE Tumbleweed:vlc-qt-3.0.16-1.5.aarch64",
"openSUSE Tumbleweed:vlc-qt-3.0.16-1.5.ppc64le",
"openSUSE Tumbleweed:vlc-qt-3.0.16-1.5.s390x",
"openSUSE Tumbleweed:vlc-qt-3.0.16-1.5.x86_64",
"openSUSE Tumbleweed:vlc-vdpau-3.0.16-1.5.aarch64",
"openSUSE Tumbleweed:vlc-vdpau-3.0.16-1.5.ppc64le",
"openSUSE Tumbleweed:vlc-vdpau-3.0.16-1.5.s390x",
"openSUSE Tumbleweed:vlc-vdpau-3.0.16-1.5.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
"version": "3.0"
},
"products": [
"openSUSE Tumbleweed:libvlc5-3.0.16-1.5.aarch64",
"openSUSE Tumbleweed:libvlc5-3.0.16-1.5.ppc64le",
"openSUSE Tumbleweed:libvlc5-3.0.16-1.5.s390x",
"openSUSE Tumbleweed:libvlc5-3.0.16-1.5.x86_64",
"openSUSE Tumbleweed:libvlccore9-3.0.16-1.5.aarch64",
"openSUSE Tumbleweed:libvlccore9-3.0.16-1.5.ppc64le",
"openSUSE Tumbleweed:libvlccore9-3.0.16-1.5.s390x",
"openSUSE Tumbleweed:libvlccore9-3.0.16-1.5.x86_64",
"openSUSE Tumbleweed:vlc-3.0.16-1.5.aarch64",
"openSUSE Tumbleweed:vlc-3.0.16-1.5.ppc64le",
"openSUSE Tumbleweed:vlc-3.0.16-1.5.s390x",
"openSUSE Tumbleweed:vlc-3.0.16-1.5.x86_64",
"openSUSE Tumbleweed:vlc-codec-gstreamer-3.0.16-1.5.aarch64",
"openSUSE Tumbleweed:vlc-codec-gstreamer-3.0.16-1.5.ppc64le",
"openSUSE Tumbleweed:vlc-codec-gstreamer-3.0.16-1.5.s390x",
"openSUSE Tumbleweed:vlc-codec-gstreamer-3.0.16-1.5.x86_64",
"openSUSE Tumbleweed:vlc-devel-3.0.16-1.5.aarch64",
"openSUSE Tumbleweed:vlc-devel-3.0.16-1.5.ppc64le",
"openSUSE Tumbleweed:vlc-devel-3.0.16-1.5.s390x",
"openSUSE Tumbleweed:vlc-devel-3.0.16-1.5.x86_64",
"openSUSE Tumbleweed:vlc-jack-3.0.16-1.5.aarch64",
"openSUSE Tumbleweed:vlc-jack-3.0.16-1.5.ppc64le",
"openSUSE Tumbleweed:vlc-jack-3.0.16-1.5.s390x",
"openSUSE Tumbleweed:vlc-jack-3.0.16-1.5.x86_64",
"openSUSE Tumbleweed:vlc-lang-3.0.16-1.5.aarch64",
"openSUSE Tumbleweed:vlc-lang-3.0.16-1.5.ppc64le",
"openSUSE Tumbleweed:vlc-lang-3.0.16-1.5.s390x",
"openSUSE Tumbleweed:vlc-lang-3.0.16-1.5.x86_64",
"openSUSE Tumbleweed:vlc-noX-3.0.16-1.5.aarch64",
"openSUSE Tumbleweed:vlc-noX-3.0.16-1.5.ppc64le",
"openSUSE Tumbleweed:vlc-noX-3.0.16-1.5.s390x",
"openSUSE Tumbleweed:vlc-noX-3.0.16-1.5.x86_64",
"openSUSE Tumbleweed:vlc-opencv-3.0.16-1.5.aarch64",
"openSUSE Tumbleweed:vlc-opencv-3.0.16-1.5.ppc64le",
"openSUSE Tumbleweed:vlc-opencv-3.0.16-1.5.s390x",
"openSUSE Tumbleweed:vlc-opencv-3.0.16-1.5.x86_64",
"openSUSE Tumbleweed:vlc-qt-3.0.16-1.5.aarch64",
"openSUSE Tumbleweed:vlc-qt-3.0.16-1.5.ppc64le",
"openSUSE Tumbleweed:vlc-qt-3.0.16-1.5.s390x",
"openSUSE Tumbleweed:vlc-qt-3.0.16-1.5.x86_64",
"openSUSE Tumbleweed:vlc-vdpau-3.0.16-1.5.aarch64",
"openSUSE Tumbleweed:vlc-vdpau-3.0.16-1.5.ppc64le",
"openSUSE Tumbleweed:vlc-vdpau-3.0.16-1.5.s390x",
"openSUSE Tumbleweed:vlc-vdpau-3.0.16-1.5.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-06-15T00:00:00Z",
"details": "moderate"
}
],
"title": "CVE-2019-14534"
},
{
"cve": "CVE-2019-14535",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2019-14535"
}
],
"notes": [
{
"category": "general",
"text": "A divide-by-zero error exists in the SeekIndex function of demux/asf/asf.c in VideoLAN VLC media player 3.0.7.1. As a result, an FPE can be triggered via a crafted WMV file.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:libvlc5-3.0.16-1.5.aarch64",
"openSUSE Tumbleweed:libvlc5-3.0.16-1.5.ppc64le",
"openSUSE Tumbleweed:libvlc5-3.0.16-1.5.s390x",
"openSUSE Tumbleweed:libvlc5-3.0.16-1.5.x86_64",
"openSUSE Tumbleweed:libvlccore9-3.0.16-1.5.aarch64",
"openSUSE Tumbleweed:libvlccore9-3.0.16-1.5.ppc64le",
"openSUSE Tumbleweed:libvlccore9-3.0.16-1.5.s390x",
"openSUSE Tumbleweed:libvlccore9-3.0.16-1.5.x86_64",
"openSUSE Tumbleweed:vlc-3.0.16-1.5.aarch64",
"openSUSE Tumbleweed:vlc-3.0.16-1.5.ppc64le",
"openSUSE Tumbleweed:vlc-3.0.16-1.5.s390x",
"openSUSE Tumbleweed:vlc-3.0.16-1.5.x86_64",
"openSUSE Tumbleweed:vlc-codec-gstreamer-3.0.16-1.5.aarch64",
"openSUSE Tumbleweed:vlc-codec-gstreamer-3.0.16-1.5.ppc64le",
"openSUSE Tumbleweed:vlc-codec-gstreamer-3.0.16-1.5.s390x",
"openSUSE Tumbleweed:vlc-codec-gstreamer-3.0.16-1.5.x86_64",
"openSUSE Tumbleweed:vlc-devel-3.0.16-1.5.aarch64",
"openSUSE Tumbleweed:vlc-devel-3.0.16-1.5.ppc64le",
"openSUSE Tumbleweed:vlc-devel-3.0.16-1.5.s390x",
"openSUSE Tumbleweed:vlc-devel-3.0.16-1.5.x86_64",
"openSUSE Tumbleweed:vlc-jack-3.0.16-1.5.aarch64",
"openSUSE Tumbleweed:vlc-jack-3.0.16-1.5.ppc64le",
"openSUSE Tumbleweed:vlc-jack-3.0.16-1.5.s390x",
"openSUSE Tumbleweed:vlc-jack-3.0.16-1.5.x86_64",
"openSUSE Tumbleweed:vlc-lang-3.0.16-1.5.aarch64",
"openSUSE Tumbleweed:vlc-lang-3.0.16-1.5.ppc64le",
"openSUSE Tumbleweed:vlc-lang-3.0.16-1.5.s390x",
"openSUSE Tumbleweed:vlc-lang-3.0.16-1.5.x86_64",
"openSUSE Tumbleweed:vlc-noX-3.0.16-1.5.aarch64",
"openSUSE Tumbleweed:vlc-noX-3.0.16-1.5.ppc64le",
"openSUSE Tumbleweed:vlc-noX-3.0.16-1.5.s390x",
"openSUSE Tumbleweed:vlc-noX-3.0.16-1.5.x86_64",
"openSUSE Tumbleweed:vlc-opencv-3.0.16-1.5.aarch64",
"openSUSE Tumbleweed:vlc-opencv-3.0.16-1.5.ppc64le",
"openSUSE Tumbleweed:vlc-opencv-3.0.16-1.5.s390x",
"openSUSE Tumbleweed:vlc-opencv-3.0.16-1.5.x86_64",
"openSUSE Tumbleweed:vlc-qt-3.0.16-1.5.aarch64",
"openSUSE Tumbleweed:vlc-qt-3.0.16-1.5.ppc64le",
"openSUSE Tumbleweed:vlc-qt-3.0.16-1.5.s390x",
"openSUSE Tumbleweed:vlc-qt-3.0.16-1.5.x86_64",
"openSUSE Tumbleweed:vlc-vdpau-3.0.16-1.5.aarch64",
"openSUSE Tumbleweed:vlc-vdpau-3.0.16-1.5.ppc64le",
"openSUSE Tumbleweed:vlc-vdpau-3.0.16-1.5.s390x",
"openSUSE Tumbleweed:vlc-vdpau-3.0.16-1.5.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2019-14535",
"url": "https://www.suse.com/security/cve/CVE-2019-14535"
},
{
"category": "external",
"summary": "SUSE Bug 1146428 for CVE-2019-14535",
"url": "https://bugzilla.suse.com/1146428"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:libvlc5-3.0.16-1.5.aarch64",
"openSUSE Tumbleweed:libvlc5-3.0.16-1.5.ppc64le",
"openSUSE Tumbleweed:libvlc5-3.0.16-1.5.s390x",
"openSUSE Tumbleweed:libvlc5-3.0.16-1.5.x86_64",
"openSUSE Tumbleweed:libvlccore9-3.0.16-1.5.aarch64",
"openSUSE Tumbleweed:libvlccore9-3.0.16-1.5.ppc64le",
"openSUSE Tumbleweed:libvlccore9-3.0.16-1.5.s390x",
"openSUSE Tumbleweed:libvlccore9-3.0.16-1.5.x86_64",
"openSUSE Tumbleweed:vlc-3.0.16-1.5.aarch64",
"openSUSE Tumbleweed:vlc-3.0.16-1.5.ppc64le",
"openSUSE Tumbleweed:vlc-3.0.16-1.5.s390x",
"openSUSE Tumbleweed:vlc-3.0.16-1.5.x86_64",
"openSUSE Tumbleweed:vlc-codec-gstreamer-3.0.16-1.5.aarch64",
"openSUSE Tumbleweed:vlc-codec-gstreamer-3.0.16-1.5.ppc64le",
"openSUSE Tumbleweed:vlc-codec-gstreamer-3.0.16-1.5.s390x",
"openSUSE Tumbleweed:vlc-codec-gstreamer-3.0.16-1.5.x86_64",
"openSUSE Tumbleweed:vlc-devel-3.0.16-1.5.aarch64",
"openSUSE Tumbleweed:vlc-devel-3.0.16-1.5.ppc64le",
"openSUSE Tumbleweed:vlc-devel-3.0.16-1.5.s390x",
"openSUSE Tumbleweed:vlc-devel-3.0.16-1.5.x86_64",
"openSUSE Tumbleweed:vlc-jack-3.0.16-1.5.aarch64",
"openSUSE Tumbleweed:vlc-jack-3.0.16-1.5.ppc64le",
"openSUSE Tumbleweed:vlc-jack-3.0.16-1.5.s390x",
"openSUSE Tumbleweed:vlc-jack-3.0.16-1.5.x86_64",
"openSUSE Tumbleweed:vlc-lang-3.0.16-1.5.aarch64",
"openSUSE Tumbleweed:vlc-lang-3.0.16-1.5.ppc64le",
"openSUSE Tumbleweed:vlc-lang-3.0.16-1.5.s390x",
"openSUSE Tumbleweed:vlc-lang-3.0.16-1.5.x86_64",
"openSUSE Tumbleweed:vlc-noX-3.0.16-1.5.aarch64",
"openSUSE Tumbleweed:vlc-noX-3.0.16-1.5.ppc64le",
"openSUSE Tumbleweed:vlc-noX-3.0.16-1.5.s390x",
"openSUSE Tumbleweed:vlc-noX-3.0.16-1.5.x86_64",
"openSUSE Tumbleweed:vlc-opencv-3.0.16-1.5.aarch64",
"openSUSE Tumbleweed:vlc-opencv-3.0.16-1.5.ppc64le",
"openSUSE Tumbleweed:vlc-opencv-3.0.16-1.5.s390x",
"openSUSE Tumbleweed:vlc-opencv-3.0.16-1.5.x86_64",
"openSUSE Tumbleweed:vlc-qt-3.0.16-1.5.aarch64",
"openSUSE Tumbleweed:vlc-qt-3.0.16-1.5.ppc64le",
"openSUSE Tumbleweed:vlc-qt-3.0.16-1.5.s390x",
"openSUSE Tumbleweed:vlc-qt-3.0.16-1.5.x86_64",
"openSUSE Tumbleweed:vlc-vdpau-3.0.16-1.5.aarch64",
"openSUSE Tumbleweed:vlc-vdpau-3.0.16-1.5.ppc64le",
"openSUSE Tumbleweed:vlc-vdpau-3.0.16-1.5.s390x",
"openSUSE Tumbleweed:vlc-vdpau-3.0.16-1.5.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.0"
},
"products": [
"openSUSE Tumbleweed:libvlc5-3.0.16-1.5.aarch64",
"openSUSE Tumbleweed:libvlc5-3.0.16-1.5.ppc64le",
"openSUSE Tumbleweed:libvlc5-3.0.16-1.5.s390x",
"openSUSE Tumbleweed:libvlc5-3.0.16-1.5.x86_64",
"openSUSE Tumbleweed:libvlccore9-3.0.16-1.5.aarch64",
"openSUSE Tumbleweed:libvlccore9-3.0.16-1.5.ppc64le",
"openSUSE Tumbleweed:libvlccore9-3.0.16-1.5.s390x",
"openSUSE Tumbleweed:libvlccore9-3.0.16-1.5.x86_64",
"openSUSE Tumbleweed:vlc-3.0.16-1.5.aarch64",
"openSUSE Tumbleweed:vlc-3.0.16-1.5.ppc64le",
"openSUSE Tumbleweed:vlc-3.0.16-1.5.s390x",
"openSUSE Tumbleweed:vlc-3.0.16-1.5.x86_64",
"openSUSE Tumbleweed:vlc-codec-gstreamer-3.0.16-1.5.aarch64",
"openSUSE Tumbleweed:vlc-codec-gstreamer-3.0.16-1.5.ppc64le",
"openSUSE Tumbleweed:vlc-codec-gstreamer-3.0.16-1.5.s390x",
"openSUSE Tumbleweed:vlc-codec-gstreamer-3.0.16-1.5.x86_64",
"openSUSE Tumbleweed:vlc-devel-3.0.16-1.5.aarch64",
"openSUSE Tumbleweed:vlc-devel-3.0.16-1.5.ppc64le",
"openSUSE Tumbleweed:vlc-devel-3.0.16-1.5.s390x",
"openSUSE Tumbleweed:vlc-devel-3.0.16-1.5.x86_64",
"openSUSE Tumbleweed:vlc-jack-3.0.16-1.5.aarch64",
"openSUSE Tumbleweed:vlc-jack-3.0.16-1.5.ppc64le",
"openSUSE Tumbleweed:vlc-jack-3.0.16-1.5.s390x",
"openSUSE Tumbleweed:vlc-jack-3.0.16-1.5.x86_64",
"openSUSE Tumbleweed:vlc-lang-3.0.16-1.5.aarch64",
"openSUSE Tumbleweed:vlc-lang-3.0.16-1.5.ppc64le",
"openSUSE Tumbleweed:vlc-lang-3.0.16-1.5.s390x",
"openSUSE Tumbleweed:vlc-lang-3.0.16-1.5.x86_64",
"openSUSE Tumbleweed:vlc-noX-3.0.16-1.5.aarch64",
"openSUSE Tumbleweed:vlc-noX-3.0.16-1.5.ppc64le",
"openSUSE Tumbleweed:vlc-noX-3.0.16-1.5.s390x",
"openSUSE Tumbleweed:vlc-noX-3.0.16-1.5.x86_64",
"openSUSE Tumbleweed:vlc-opencv-3.0.16-1.5.aarch64",
"openSUSE Tumbleweed:vlc-opencv-3.0.16-1.5.ppc64le",
"openSUSE Tumbleweed:vlc-opencv-3.0.16-1.5.s390x",
"openSUSE Tumbleweed:vlc-opencv-3.0.16-1.5.x86_64",
"openSUSE Tumbleweed:vlc-qt-3.0.16-1.5.aarch64",
"openSUSE Tumbleweed:vlc-qt-3.0.16-1.5.ppc64le",
"openSUSE Tumbleweed:vlc-qt-3.0.16-1.5.s390x",
"openSUSE Tumbleweed:vlc-qt-3.0.16-1.5.x86_64",
"openSUSE Tumbleweed:vlc-vdpau-3.0.16-1.5.aarch64",
"openSUSE Tumbleweed:vlc-vdpau-3.0.16-1.5.ppc64le",
"openSUSE Tumbleweed:vlc-vdpau-3.0.16-1.5.s390x",
"openSUSE Tumbleweed:vlc-vdpau-3.0.16-1.5.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-06-15T00:00:00Z",
"details": "moderate"
}
],
"title": "CVE-2019-14535"
},
{
"cve": "CVE-2019-14776",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2019-14776"
}
],
"notes": [
{
"category": "general",
"text": "A heap-based buffer over-read exists in DemuxInit() in demux/asf/asf.c in VideoLAN VLC media player 3.0.7.1 via a crafted .mkv file.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:libvlc5-3.0.16-1.5.aarch64",
"openSUSE Tumbleweed:libvlc5-3.0.16-1.5.ppc64le",
"openSUSE Tumbleweed:libvlc5-3.0.16-1.5.s390x",
"openSUSE Tumbleweed:libvlc5-3.0.16-1.5.x86_64",
"openSUSE Tumbleweed:libvlccore9-3.0.16-1.5.aarch64",
"openSUSE Tumbleweed:libvlccore9-3.0.16-1.5.ppc64le",
"openSUSE Tumbleweed:libvlccore9-3.0.16-1.5.s390x",
"openSUSE Tumbleweed:libvlccore9-3.0.16-1.5.x86_64",
"openSUSE Tumbleweed:vlc-3.0.16-1.5.aarch64",
"openSUSE Tumbleweed:vlc-3.0.16-1.5.ppc64le",
"openSUSE Tumbleweed:vlc-3.0.16-1.5.s390x",
"openSUSE Tumbleweed:vlc-3.0.16-1.5.x86_64",
"openSUSE Tumbleweed:vlc-codec-gstreamer-3.0.16-1.5.aarch64",
"openSUSE Tumbleweed:vlc-codec-gstreamer-3.0.16-1.5.ppc64le",
"openSUSE Tumbleweed:vlc-codec-gstreamer-3.0.16-1.5.s390x",
"openSUSE Tumbleweed:vlc-codec-gstreamer-3.0.16-1.5.x86_64",
"openSUSE Tumbleweed:vlc-devel-3.0.16-1.5.aarch64",
"openSUSE Tumbleweed:vlc-devel-3.0.16-1.5.ppc64le",
"openSUSE Tumbleweed:vlc-devel-3.0.16-1.5.s390x",
"openSUSE Tumbleweed:vlc-devel-3.0.16-1.5.x86_64",
"openSUSE Tumbleweed:vlc-jack-3.0.16-1.5.aarch64",
"openSUSE Tumbleweed:vlc-jack-3.0.16-1.5.ppc64le",
"openSUSE Tumbleweed:vlc-jack-3.0.16-1.5.s390x",
"openSUSE Tumbleweed:vlc-jack-3.0.16-1.5.x86_64",
"openSUSE Tumbleweed:vlc-lang-3.0.16-1.5.aarch64",
"openSUSE Tumbleweed:vlc-lang-3.0.16-1.5.ppc64le",
"openSUSE Tumbleweed:vlc-lang-3.0.16-1.5.s390x",
"openSUSE Tumbleweed:vlc-lang-3.0.16-1.5.x86_64",
"openSUSE Tumbleweed:vlc-noX-3.0.16-1.5.aarch64",
"openSUSE Tumbleweed:vlc-noX-3.0.16-1.5.ppc64le",
"openSUSE Tumbleweed:vlc-noX-3.0.16-1.5.s390x",
"openSUSE Tumbleweed:vlc-noX-3.0.16-1.5.x86_64",
"openSUSE Tumbleweed:vlc-opencv-3.0.16-1.5.aarch64",
"openSUSE Tumbleweed:vlc-opencv-3.0.16-1.5.ppc64le",
"openSUSE Tumbleweed:vlc-opencv-3.0.16-1.5.s390x",
"openSUSE Tumbleweed:vlc-opencv-3.0.16-1.5.x86_64",
"openSUSE Tumbleweed:vlc-qt-3.0.16-1.5.aarch64",
"openSUSE Tumbleweed:vlc-qt-3.0.16-1.5.ppc64le",
"openSUSE Tumbleweed:vlc-qt-3.0.16-1.5.s390x",
"openSUSE Tumbleweed:vlc-qt-3.0.16-1.5.x86_64",
"openSUSE Tumbleweed:vlc-vdpau-3.0.16-1.5.aarch64",
"openSUSE Tumbleweed:vlc-vdpau-3.0.16-1.5.ppc64le",
"openSUSE Tumbleweed:vlc-vdpau-3.0.16-1.5.s390x",
"openSUSE Tumbleweed:vlc-vdpau-3.0.16-1.5.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2019-14776",
"url": "https://www.suse.com/security/cve/CVE-2019-14776"
},
{
"category": "external",
"summary": "SUSE Bug 1146428 for CVE-2019-14776",
"url": "https://bugzilla.suse.com/1146428"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:libvlc5-3.0.16-1.5.aarch64",
"openSUSE Tumbleweed:libvlc5-3.0.16-1.5.ppc64le",
"openSUSE Tumbleweed:libvlc5-3.0.16-1.5.s390x",
"openSUSE Tumbleweed:libvlc5-3.0.16-1.5.x86_64",
"openSUSE Tumbleweed:libvlccore9-3.0.16-1.5.aarch64",
"openSUSE Tumbleweed:libvlccore9-3.0.16-1.5.ppc64le",
"openSUSE Tumbleweed:libvlccore9-3.0.16-1.5.s390x",
"openSUSE Tumbleweed:libvlccore9-3.0.16-1.5.x86_64",
"openSUSE Tumbleweed:vlc-3.0.16-1.5.aarch64",
"openSUSE Tumbleweed:vlc-3.0.16-1.5.ppc64le",
"openSUSE Tumbleweed:vlc-3.0.16-1.5.s390x",
"openSUSE Tumbleweed:vlc-3.0.16-1.5.x86_64",
"openSUSE Tumbleweed:vlc-codec-gstreamer-3.0.16-1.5.aarch64",
"openSUSE Tumbleweed:vlc-codec-gstreamer-3.0.16-1.5.ppc64le",
"openSUSE Tumbleweed:vlc-codec-gstreamer-3.0.16-1.5.s390x",
"openSUSE Tumbleweed:vlc-codec-gstreamer-3.0.16-1.5.x86_64",
"openSUSE Tumbleweed:vlc-devel-3.0.16-1.5.aarch64",
"openSUSE Tumbleweed:vlc-devel-3.0.16-1.5.ppc64le",
"openSUSE Tumbleweed:vlc-devel-3.0.16-1.5.s390x",
"openSUSE Tumbleweed:vlc-devel-3.0.16-1.5.x86_64",
"openSUSE Tumbleweed:vlc-jack-3.0.16-1.5.aarch64",
"openSUSE Tumbleweed:vlc-jack-3.0.16-1.5.ppc64le",
"openSUSE Tumbleweed:vlc-jack-3.0.16-1.5.s390x",
"openSUSE Tumbleweed:vlc-jack-3.0.16-1.5.x86_64",
"openSUSE Tumbleweed:vlc-lang-3.0.16-1.5.aarch64",
"openSUSE Tumbleweed:vlc-lang-3.0.16-1.5.ppc64le",
"openSUSE Tumbleweed:vlc-lang-3.0.16-1.5.s390x",
"openSUSE Tumbleweed:vlc-lang-3.0.16-1.5.x86_64",
"openSUSE Tumbleweed:vlc-noX-3.0.16-1.5.aarch64",
"openSUSE Tumbleweed:vlc-noX-3.0.16-1.5.ppc64le",
"openSUSE Tumbleweed:vlc-noX-3.0.16-1.5.s390x",
"openSUSE Tumbleweed:vlc-noX-3.0.16-1.5.x86_64",
"openSUSE Tumbleweed:vlc-opencv-3.0.16-1.5.aarch64",
"openSUSE Tumbleweed:vlc-opencv-3.0.16-1.5.ppc64le",
"openSUSE Tumbleweed:vlc-opencv-3.0.16-1.5.s390x",
"openSUSE Tumbleweed:vlc-opencv-3.0.16-1.5.x86_64",
"openSUSE Tumbleweed:vlc-qt-3.0.16-1.5.aarch64",
"openSUSE Tumbleweed:vlc-qt-3.0.16-1.5.ppc64le",
"openSUSE Tumbleweed:vlc-qt-3.0.16-1.5.s390x",
"openSUSE Tumbleweed:vlc-qt-3.0.16-1.5.x86_64",
"openSUSE Tumbleweed:vlc-vdpau-3.0.16-1.5.aarch64",
"openSUSE Tumbleweed:vlc-vdpau-3.0.16-1.5.ppc64le",
"openSUSE Tumbleweed:vlc-vdpau-3.0.16-1.5.s390x",
"openSUSE Tumbleweed:vlc-vdpau-3.0.16-1.5.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.0"
},
"products": [
"openSUSE Tumbleweed:libvlc5-3.0.16-1.5.aarch64",
"openSUSE Tumbleweed:libvlc5-3.0.16-1.5.ppc64le",
"openSUSE Tumbleweed:libvlc5-3.0.16-1.5.s390x",
"openSUSE Tumbleweed:libvlc5-3.0.16-1.5.x86_64",
"openSUSE Tumbleweed:libvlccore9-3.0.16-1.5.aarch64",
"openSUSE Tumbleweed:libvlccore9-3.0.16-1.5.ppc64le",
"openSUSE Tumbleweed:libvlccore9-3.0.16-1.5.s390x",
"openSUSE Tumbleweed:libvlccore9-3.0.16-1.5.x86_64",
"openSUSE Tumbleweed:vlc-3.0.16-1.5.aarch64",
"openSUSE Tumbleweed:vlc-3.0.16-1.5.ppc64le",
"openSUSE Tumbleweed:vlc-3.0.16-1.5.s390x",
"openSUSE Tumbleweed:vlc-3.0.16-1.5.x86_64",
"openSUSE Tumbleweed:vlc-codec-gstreamer-3.0.16-1.5.aarch64",
"openSUSE Tumbleweed:vlc-codec-gstreamer-3.0.16-1.5.ppc64le",
"openSUSE Tumbleweed:vlc-codec-gstreamer-3.0.16-1.5.s390x",
"openSUSE Tumbleweed:vlc-codec-gstreamer-3.0.16-1.5.x86_64",
"openSUSE Tumbleweed:vlc-devel-3.0.16-1.5.aarch64",
"openSUSE Tumbleweed:vlc-devel-3.0.16-1.5.ppc64le",
"openSUSE Tumbleweed:vlc-devel-3.0.16-1.5.s390x",
"openSUSE Tumbleweed:vlc-devel-3.0.16-1.5.x86_64",
"openSUSE Tumbleweed:vlc-jack-3.0.16-1.5.aarch64",
"openSUSE Tumbleweed:vlc-jack-3.0.16-1.5.ppc64le",
"openSUSE Tumbleweed:vlc-jack-3.0.16-1.5.s390x",
"openSUSE Tumbleweed:vlc-jack-3.0.16-1.5.x86_64",
"openSUSE Tumbleweed:vlc-lang-3.0.16-1.5.aarch64",
"openSUSE Tumbleweed:vlc-lang-3.0.16-1.5.ppc64le",
"openSUSE Tumbleweed:vlc-lang-3.0.16-1.5.s390x",
"openSUSE Tumbleweed:vlc-lang-3.0.16-1.5.x86_64",
"openSUSE Tumbleweed:vlc-noX-3.0.16-1.5.aarch64",
"openSUSE Tumbleweed:vlc-noX-3.0.16-1.5.ppc64le",
"openSUSE Tumbleweed:vlc-noX-3.0.16-1.5.s390x",
"openSUSE Tumbleweed:vlc-noX-3.0.16-1.5.x86_64",
"openSUSE Tumbleweed:vlc-opencv-3.0.16-1.5.aarch64",
"openSUSE Tumbleweed:vlc-opencv-3.0.16-1.5.ppc64le",
"openSUSE Tumbleweed:vlc-opencv-3.0.16-1.5.s390x",
"openSUSE Tumbleweed:vlc-opencv-3.0.16-1.5.x86_64",
"openSUSE Tumbleweed:vlc-qt-3.0.16-1.5.aarch64",
"openSUSE Tumbleweed:vlc-qt-3.0.16-1.5.ppc64le",
"openSUSE Tumbleweed:vlc-qt-3.0.16-1.5.s390x",
"openSUSE Tumbleweed:vlc-qt-3.0.16-1.5.x86_64",
"openSUSE Tumbleweed:vlc-vdpau-3.0.16-1.5.aarch64",
"openSUSE Tumbleweed:vlc-vdpau-3.0.16-1.5.ppc64le",
"openSUSE Tumbleweed:vlc-vdpau-3.0.16-1.5.s390x",
"openSUSE Tumbleweed:vlc-vdpau-3.0.16-1.5.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-06-15T00:00:00Z",
"details": "moderate"
}
],
"title": "CVE-2019-14776"
},
{
"cve": "CVE-2019-14777",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2019-14777"
}
],
"notes": [
{
"category": "general",
"text": "The Control function of demux/mkv/mkv.cpp in VideoLAN VLC media player 3.0.7.1 has a use-after-free.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:libvlc5-3.0.16-1.5.aarch64",
"openSUSE Tumbleweed:libvlc5-3.0.16-1.5.ppc64le",
"openSUSE Tumbleweed:libvlc5-3.0.16-1.5.s390x",
"openSUSE Tumbleweed:libvlc5-3.0.16-1.5.x86_64",
"openSUSE Tumbleweed:libvlccore9-3.0.16-1.5.aarch64",
"openSUSE Tumbleweed:libvlccore9-3.0.16-1.5.ppc64le",
"openSUSE Tumbleweed:libvlccore9-3.0.16-1.5.s390x",
"openSUSE Tumbleweed:libvlccore9-3.0.16-1.5.x86_64",
"openSUSE Tumbleweed:vlc-3.0.16-1.5.aarch64",
"openSUSE Tumbleweed:vlc-3.0.16-1.5.ppc64le",
"openSUSE Tumbleweed:vlc-3.0.16-1.5.s390x",
"openSUSE Tumbleweed:vlc-3.0.16-1.5.x86_64",
"openSUSE Tumbleweed:vlc-codec-gstreamer-3.0.16-1.5.aarch64",
"openSUSE Tumbleweed:vlc-codec-gstreamer-3.0.16-1.5.ppc64le",
"openSUSE Tumbleweed:vlc-codec-gstreamer-3.0.16-1.5.s390x",
"openSUSE Tumbleweed:vlc-codec-gstreamer-3.0.16-1.5.x86_64",
"openSUSE Tumbleweed:vlc-devel-3.0.16-1.5.aarch64",
"openSUSE Tumbleweed:vlc-devel-3.0.16-1.5.ppc64le",
"openSUSE Tumbleweed:vlc-devel-3.0.16-1.5.s390x",
"openSUSE Tumbleweed:vlc-devel-3.0.16-1.5.x86_64",
"openSUSE Tumbleweed:vlc-jack-3.0.16-1.5.aarch64",
"openSUSE Tumbleweed:vlc-jack-3.0.16-1.5.ppc64le",
"openSUSE Tumbleweed:vlc-jack-3.0.16-1.5.s390x",
"openSUSE Tumbleweed:vlc-jack-3.0.16-1.5.x86_64",
"openSUSE Tumbleweed:vlc-lang-3.0.16-1.5.aarch64",
"openSUSE Tumbleweed:vlc-lang-3.0.16-1.5.ppc64le",
"openSUSE Tumbleweed:vlc-lang-3.0.16-1.5.s390x",
"openSUSE Tumbleweed:vlc-lang-3.0.16-1.5.x86_64",
"openSUSE Tumbleweed:vlc-noX-3.0.16-1.5.aarch64",
"openSUSE Tumbleweed:vlc-noX-3.0.16-1.5.ppc64le",
"openSUSE Tumbleweed:vlc-noX-3.0.16-1.5.s390x",
"openSUSE Tumbleweed:vlc-noX-3.0.16-1.5.x86_64",
"openSUSE Tumbleweed:vlc-opencv-3.0.16-1.5.aarch64",
"openSUSE Tumbleweed:vlc-opencv-3.0.16-1.5.ppc64le",
"openSUSE Tumbleweed:vlc-opencv-3.0.16-1.5.s390x",
"openSUSE Tumbleweed:vlc-opencv-3.0.16-1.5.x86_64",
"openSUSE Tumbleweed:vlc-qt-3.0.16-1.5.aarch64",
"openSUSE Tumbleweed:vlc-qt-3.0.16-1.5.ppc64le",
"openSUSE Tumbleweed:vlc-qt-3.0.16-1.5.s390x",
"openSUSE Tumbleweed:vlc-qt-3.0.16-1.5.x86_64",
"openSUSE Tumbleweed:vlc-vdpau-3.0.16-1.5.aarch64",
"openSUSE Tumbleweed:vlc-vdpau-3.0.16-1.5.ppc64le",
"openSUSE Tumbleweed:vlc-vdpau-3.0.16-1.5.s390x",
"openSUSE Tumbleweed:vlc-vdpau-3.0.16-1.5.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2019-14777",
"url": "https://www.suse.com/security/cve/CVE-2019-14777"
},
{
"category": "external",
"summary": "SUSE Bug 1146428 for CVE-2019-14777",
"url": "https://bugzilla.suse.com/1146428"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:libvlc5-3.0.16-1.5.aarch64",
"openSUSE Tumbleweed:libvlc5-3.0.16-1.5.ppc64le",
"openSUSE Tumbleweed:libvlc5-3.0.16-1.5.s390x",
"openSUSE Tumbleweed:libvlc5-3.0.16-1.5.x86_64",
"openSUSE Tumbleweed:libvlccore9-3.0.16-1.5.aarch64",
"openSUSE Tumbleweed:libvlccore9-3.0.16-1.5.ppc64le",
"openSUSE Tumbleweed:libvlccore9-3.0.16-1.5.s390x",
"openSUSE Tumbleweed:libvlccore9-3.0.16-1.5.x86_64",
"openSUSE Tumbleweed:vlc-3.0.16-1.5.aarch64",
"openSUSE Tumbleweed:vlc-3.0.16-1.5.ppc64le",
"openSUSE Tumbleweed:vlc-3.0.16-1.5.s390x",
"openSUSE Tumbleweed:vlc-3.0.16-1.5.x86_64",
"openSUSE Tumbleweed:vlc-codec-gstreamer-3.0.16-1.5.aarch64",
"openSUSE Tumbleweed:vlc-codec-gstreamer-3.0.16-1.5.ppc64le",
"openSUSE Tumbleweed:vlc-codec-gstreamer-3.0.16-1.5.s390x",
"openSUSE Tumbleweed:vlc-codec-gstreamer-3.0.16-1.5.x86_64",
"openSUSE Tumbleweed:vlc-devel-3.0.16-1.5.aarch64",
"openSUSE Tumbleweed:vlc-devel-3.0.16-1.5.ppc64le",
"openSUSE Tumbleweed:vlc-devel-3.0.16-1.5.s390x",
"openSUSE Tumbleweed:vlc-devel-3.0.16-1.5.x86_64",
"openSUSE Tumbleweed:vlc-jack-3.0.16-1.5.aarch64",
"openSUSE Tumbleweed:vlc-jack-3.0.16-1.5.ppc64le",
"openSUSE Tumbleweed:vlc-jack-3.0.16-1.5.s390x",
"openSUSE Tumbleweed:vlc-jack-3.0.16-1.5.x86_64",
"openSUSE Tumbleweed:vlc-lang-3.0.16-1.5.aarch64",
"openSUSE Tumbleweed:vlc-lang-3.0.16-1.5.ppc64le",
"openSUSE Tumbleweed:vlc-lang-3.0.16-1.5.s390x",
"openSUSE Tumbleweed:vlc-lang-3.0.16-1.5.x86_64",
"openSUSE Tumbleweed:vlc-noX-3.0.16-1.5.aarch64",
"openSUSE Tumbleweed:vlc-noX-3.0.16-1.5.ppc64le",
"openSUSE Tumbleweed:vlc-noX-3.0.16-1.5.s390x",
"openSUSE Tumbleweed:vlc-noX-3.0.16-1.5.x86_64",
"openSUSE Tumbleweed:vlc-opencv-3.0.16-1.5.aarch64",
"openSUSE Tumbleweed:vlc-opencv-3.0.16-1.5.ppc64le",
"openSUSE Tumbleweed:vlc-opencv-3.0.16-1.5.s390x",
"openSUSE Tumbleweed:vlc-opencv-3.0.16-1.5.x86_64",
"openSUSE Tumbleweed:vlc-qt-3.0.16-1.5.aarch64",
"openSUSE Tumbleweed:vlc-qt-3.0.16-1.5.ppc64le",
"openSUSE Tumbleweed:vlc-qt-3.0.16-1.5.s390x",
"openSUSE Tumbleweed:vlc-qt-3.0.16-1.5.x86_64",
"openSUSE Tumbleweed:vlc-vdpau-3.0.16-1.5.aarch64",
"openSUSE Tumbleweed:vlc-vdpau-3.0.16-1.5.ppc64le",
"openSUSE Tumbleweed:vlc-vdpau-3.0.16-1.5.s390x",
"openSUSE Tumbleweed:vlc-vdpau-3.0.16-1.5.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.0"
},
"products": [
"openSUSE Tumbleweed:libvlc5-3.0.16-1.5.aarch64",
"openSUSE Tumbleweed:libvlc5-3.0.16-1.5.ppc64le",
"openSUSE Tumbleweed:libvlc5-3.0.16-1.5.s390x",
"openSUSE Tumbleweed:libvlc5-3.0.16-1.5.x86_64",
"openSUSE Tumbleweed:libvlccore9-3.0.16-1.5.aarch64",
"openSUSE Tumbleweed:libvlccore9-3.0.16-1.5.ppc64le",
"openSUSE Tumbleweed:libvlccore9-3.0.16-1.5.s390x",
"openSUSE Tumbleweed:libvlccore9-3.0.16-1.5.x86_64",
"openSUSE Tumbleweed:vlc-3.0.16-1.5.aarch64",
"openSUSE Tumbleweed:vlc-3.0.16-1.5.ppc64le",
"openSUSE Tumbleweed:vlc-3.0.16-1.5.s390x",
"openSUSE Tumbleweed:vlc-3.0.16-1.5.x86_64",
"openSUSE Tumbleweed:vlc-codec-gstreamer-3.0.16-1.5.aarch64",
"openSUSE Tumbleweed:vlc-codec-gstreamer-3.0.16-1.5.ppc64le",
"openSUSE Tumbleweed:vlc-codec-gstreamer-3.0.16-1.5.s390x",
"openSUSE Tumbleweed:vlc-codec-gstreamer-3.0.16-1.5.x86_64",
"openSUSE Tumbleweed:vlc-devel-3.0.16-1.5.aarch64",
"openSUSE Tumbleweed:vlc-devel-3.0.16-1.5.ppc64le",
"openSUSE Tumbleweed:vlc-devel-3.0.16-1.5.s390x",
"openSUSE Tumbleweed:vlc-devel-3.0.16-1.5.x86_64",
"openSUSE Tumbleweed:vlc-jack-3.0.16-1.5.aarch64",
"openSUSE Tumbleweed:vlc-jack-3.0.16-1.5.ppc64le",
"openSUSE Tumbleweed:vlc-jack-3.0.16-1.5.s390x",
"openSUSE Tumbleweed:vlc-jack-3.0.16-1.5.x86_64",
"openSUSE Tumbleweed:vlc-lang-3.0.16-1.5.aarch64",
"openSUSE Tumbleweed:vlc-lang-3.0.16-1.5.ppc64le",
"openSUSE Tumbleweed:vlc-lang-3.0.16-1.5.s390x",
"openSUSE Tumbleweed:vlc-lang-3.0.16-1.5.x86_64",
"openSUSE Tumbleweed:vlc-noX-3.0.16-1.5.aarch64",
"openSUSE Tumbleweed:vlc-noX-3.0.16-1.5.ppc64le",
"openSUSE Tumbleweed:vlc-noX-3.0.16-1.5.s390x",
"openSUSE Tumbleweed:vlc-noX-3.0.16-1.5.x86_64",
"openSUSE Tumbleweed:vlc-opencv-3.0.16-1.5.aarch64",
"openSUSE Tumbleweed:vlc-opencv-3.0.16-1.5.ppc64le",
"openSUSE Tumbleweed:vlc-opencv-3.0.16-1.5.s390x",
"openSUSE Tumbleweed:vlc-opencv-3.0.16-1.5.x86_64",
"openSUSE Tumbleweed:vlc-qt-3.0.16-1.5.aarch64",
"openSUSE Tumbleweed:vlc-qt-3.0.16-1.5.ppc64le",
"openSUSE Tumbleweed:vlc-qt-3.0.16-1.5.s390x",
"openSUSE Tumbleweed:vlc-qt-3.0.16-1.5.x86_64",
"openSUSE Tumbleweed:vlc-vdpau-3.0.16-1.5.aarch64",
"openSUSE Tumbleweed:vlc-vdpau-3.0.16-1.5.ppc64le",
"openSUSE Tumbleweed:vlc-vdpau-3.0.16-1.5.s390x",
"openSUSE Tumbleweed:vlc-vdpau-3.0.16-1.5.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-06-15T00:00:00Z",
"details": "moderate"
}
],
"title": "CVE-2019-14777"
},
{
"cve": "CVE-2019-14970",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2019-14970"
}
],
"notes": [
{
"category": "general",
"text": "A vulnerability in mkv::event_thread_t in VideoLAN VLC media player 3.0.7.1 allows remote attackers to trigger a heap-based buffer overflow via a crafted .mkv file.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:libvlc5-3.0.16-1.5.aarch64",
"openSUSE Tumbleweed:libvlc5-3.0.16-1.5.ppc64le",
"openSUSE Tumbleweed:libvlc5-3.0.16-1.5.s390x",
"openSUSE Tumbleweed:libvlc5-3.0.16-1.5.x86_64",
"openSUSE Tumbleweed:libvlccore9-3.0.16-1.5.aarch64",
"openSUSE Tumbleweed:libvlccore9-3.0.16-1.5.ppc64le",
"openSUSE Tumbleweed:libvlccore9-3.0.16-1.5.s390x",
"openSUSE Tumbleweed:libvlccore9-3.0.16-1.5.x86_64",
"openSUSE Tumbleweed:vlc-3.0.16-1.5.aarch64",
"openSUSE Tumbleweed:vlc-3.0.16-1.5.ppc64le",
"openSUSE Tumbleweed:vlc-3.0.16-1.5.s390x",
"openSUSE Tumbleweed:vlc-3.0.16-1.5.x86_64",
"openSUSE Tumbleweed:vlc-codec-gstreamer-3.0.16-1.5.aarch64",
"openSUSE Tumbleweed:vlc-codec-gstreamer-3.0.16-1.5.ppc64le",
"openSUSE Tumbleweed:vlc-codec-gstreamer-3.0.16-1.5.s390x",
"openSUSE Tumbleweed:vlc-codec-gstreamer-3.0.16-1.5.x86_64",
"openSUSE Tumbleweed:vlc-devel-3.0.16-1.5.aarch64",
"openSUSE Tumbleweed:vlc-devel-3.0.16-1.5.ppc64le",
"openSUSE Tumbleweed:vlc-devel-3.0.16-1.5.s390x",
"openSUSE Tumbleweed:vlc-devel-3.0.16-1.5.x86_64",
"openSUSE Tumbleweed:vlc-jack-3.0.16-1.5.aarch64",
"openSUSE Tumbleweed:vlc-jack-3.0.16-1.5.ppc64le",
"openSUSE Tumbleweed:vlc-jack-3.0.16-1.5.s390x",
"openSUSE Tumbleweed:vlc-jack-3.0.16-1.5.x86_64",
"openSUSE Tumbleweed:vlc-lang-3.0.16-1.5.aarch64",
"openSUSE Tumbleweed:vlc-lang-3.0.16-1.5.ppc64le",
"openSUSE Tumbleweed:vlc-lang-3.0.16-1.5.s390x",
"openSUSE Tumbleweed:vlc-lang-3.0.16-1.5.x86_64",
"openSUSE Tumbleweed:vlc-noX-3.0.16-1.5.aarch64",
"openSUSE Tumbleweed:vlc-noX-3.0.16-1.5.ppc64le",
"openSUSE Tumbleweed:vlc-noX-3.0.16-1.5.s390x",
"openSUSE Tumbleweed:vlc-noX-3.0.16-1.5.x86_64",
"openSUSE Tumbleweed:vlc-opencv-3.0.16-1.5.aarch64",
"openSUSE Tumbleweed:vlc-opencv-3.0.16-1.5.ppc64le",
"openSUSE Tumbleweed:vlc-opencv-3.0.16-1.5.s390x",
"openSUSE Tumbleweed:vlc-opencv-3.0.16-1.5.x86_64",
"openSUSE Tumbleweed:vlc-qt-3.0.16-1.5.aarch64",
"openSUSE Tumbleweed:vlc-qt-3.0.16-1.5.ppc64le",
"openSUSE Tumbleweed:vlc-qt-3.0.16-1.5.s390x",
"openSUSE Tumbleweed:vlc-qt-3.0.16-1.5.x86_64",
"openSUSE Tumbleweed:vlc-vdpau-3.0.16-1.5.aarch64",
"openSUSE Tumbleweed:vlc-vdpau-3.0.16-1.5.ppc64le",
"openSUSE Tumbleweed:vlc-vdpau-3.0.16-1.5.s390x",
"openSUSE Tumbleweed:vlc-vdpau-3.0.16-1.5.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2019-14970",
"url": "https://www.suse.com/security/cve/CVE-2019-14970"
},
{
"category": "external",
"summary": "SUSE Bug 1146428 for CVE-2019-14970",
"url": "https://bugzilla.suse.com/1146428"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:libvlc5-3.0.16-1.5.aarch64",
"openSUSE Tumbleweed:libvlc5-3.0.16-1.5.ppc64le",
"openSUSE Tumbleweed:libvlc5-3.0.16-1.5.s390x",
"openSUSE Tumbleweed:libvlc5-3.0.16-1.5.x86_64",
"openSUSE Tumbleweed:libvlccore9-3.0.16-1.5.aarch64",
"openSUSE Tumbleweed:libvlccore9-3.0.16-1.5.ppc64le",
"openSUSE Tumbleweed:libvlccore9-3.0.16-1.5.s390x",
"openSUSE Tumbleweed:libvlccore9-3.0.16-1.5.x86_64",
"openSUSE Tumbleweed:vlc-3.0.16-1.5.aarch64",
"openSUSE Tumbleweed:vlc-3.0.16-1.5.ppc64le",
"openSUSE Tumbleweed:vlc-3.0.16-1.5.s390x",
"openSUSE Tumbleweed:vlc-3.0.16-1.5.x86_64",
"openSUSE Tumbleweed:vlc-codec-gstreamer-3.0.16-1.5.aarch64",
"openSUSE Tumbleweed:vlc-codec-gstreamer-3.0.16-1.5.ppc64le",
"openSUSE Tumbleweed:vlc-codec-gstreamer-3.0.16-1.5.s390x",
"openSUSE Tumbleweed:vlc-codec-gstreamer-3.0.16-1.5.x86_64",
"openSUSE Tumbleweed:vlc-devel-3.0.16-1.5.aarch64",
"openSUSE Tumbleweed:vlc-devel-3.0.16-1.5.ppc64le",
"openSUSE Tumbleweed:vlc-devel-3.0.16-1.5.s390x",
"openSUSE Tumbleweed:vlc-devel-3.0.16-1.5.x86_64",
"openSUSE Tumbleweed:vlc-jack-3.0.16-1.5.aarch64",
"openSUSE Tumbleweed:vlc-jack-3.0.16-1.5.ppc64le",
"openSUSE Tumbleweed:vlc-jack-3.0.16-1.5.s390x",
"openSUSE Tumbleweed:vlc-jack-3.0.16-1.5.x86_64",
"openSUSE Tumbleweed:vlc-lang-3.0.16-1.5.aarch64",
"openSUSE Tumbleweed:vlc-lang-3.0.16-1.5.ppc64le",
"openSUSE Tumbleweed:vlc-lang-3.0.16-1.5.s390x",
"openSUSE Tumbleweed:vlc-lang-3.0.16-1.5.x86_64",
"openSUSE Tumbleweed:vlc-noX-3.0.16-1.5.aarch64",
"openSUSE Tumbleweed:vlc-noX-3.0.16-1.5.ppc64le",
"openSUSE Tumbleweed:vlc-noX-3.0.16-1.5.s390x",
"openSUSE Tumbleweed:vlc-noX-3.0.16-1.5.x86_64",
"openSUSE Tumbleweed:vlc-opencv-3.0.16-1.5.aarch64",
"openSUSE Tumbleweed:vlc-opencv-3.0.16-1.5.ppc64le",
"openSUSE Tumbleweed:vlc-opencv-3.0.16-1.5.s390x",
"openSUSE Tumbleweed:vlc-opencv-3.0.16-1.5.x86_64",
"openSUSE Tumbleweed:vlc-qt-3.0.16-1.5.aarch64",
"openSUSE Tumbleweed:vlc-qt-3.0.16-1.5.ppc64le",
"openSUSE Tumbleweed:vlc-qt-3.0.16-1.5.s390x",
"openSUSE Tumbleweed:vlc-qt-3.0.16-1.5.x86_64",
"openSUSE Tumbleweed:vlc-vdpau-3.0.16-1.5.aarch64",
"openSUSE Tumbleweed:vlc-vdpau-3.0.16-1.5.ppc64le",
"openSUSE Tumbleweed:vlc-vdpau-3.0.16-1.5.s390x",
"openSUSE Tumbleweed:vlc-vdpau-3.0.16-1.5.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.0"
},
"products": [
"openSUSE Tumbleweed:libvlc5-3.0.16-1.5.aarch64",
"openSUSE Tumbleweed:libvlc5-3.0.16-1.5.ppc64le",
"openSUSE Tumbleweed:libvlc5-3.0.16-1.5.s390x",
"openSUSE Tumbleweed:libvlc5-3.0.16-1.5.x86_64",
"openSUSE Tumbleweed:libvlccore9-3.0.16-1.5.aarch64",
"openSUSE Tumbleweed:libvlccore9-3.0.16-1.5.ppc64le",
"openSUSE Tumbleweed:libvlccore9-3.0.16-1.5.s390x",
"openSUSE Tumbleweed:libvlccore9-3.0.16-1.5.x86_64",
"openSUSE Tumbleweed:vlc-3.0.16-1.5.aarch64",
"openSUSE Tumbleweed:vlc-3.0.16-1.5.ppc64le",
"openSUSE Tumbleweed:vlc-3.0.16-1.5.s390x",
"openSUSE Tumbleweed:vlc-3.0.16-1.5.x86_64",
"openSUSE Tumbleweed:vlc-codec-gstreamer-3.0.16-1.5.aarch64",
"openSUSE Tumbleweed:vlc-codec-gstreamer-3.0.16-1.5.ppc64le",
"openSUSE Tumbleweed:vlc-codec-gstreamer-3.0.16-1.5.s390x",
"openSUSE Tumbleweed:vlc-codec-gstreamer-3.0.16-1.5.x86_64",
"openSUSE Tumbleweed:vlc-devel-3.0.16-1.5.aarch64",
"openSUSE Tumbleweed:vlc-devel-3.0.16-1.5.ppc64le",
"openSUSE Tumbleweed:vlc-devel-3.0.16-1.5.s390x",
"openSUSE Tumbleweed:vlc-devel-3.0.16-1.5.x86_64",
"openSUSE Tumbleweed:vlc-jack-3.0.16-1.5.aarch64",
"openSUSE Tumbleweed:vlc-jack-3.0.16-1.5.ppc64le",
"openSUSE Tumbleweed:vlc-jack-3.0.16-1.5.s390x",
"openSUSE Tumbleweed:vlc-jack-3.0.16-1.5.x86_64",
"openSUSE Tumbleweed:vlc-lang-3.0.16-1.5.aarch64",
"openSUSE Tumbleweed:vlc-lang-3.0.16-1.5.ppc64le",
"openSUSE Tumbleweed:vlc-lang-3.0.16-1.5.s390x",
"openSUSE Tumbleweed:vlc-lang-3.0.16-1.5.x86_64",
"openSUSE Tumbleweed:vlc-noX-3.0.16-1.5.aarch64",
"openSUSE Tumbleweed:vlc-noX-3.0.16-1.5.ppc64le",
"openSUSE Tumbleweed:vlc-noX-3.0.16-1.5.s390x",
"openSUSE Tumbleweed:vlc-noX-3.0.16-1.5.x86_64",
"openSUSE Tumbleweed:vlc-opencv-3.0.16-1.5.aarch64",
"openSUSE Tumbleweed:vlc-opencv-3.0.16-1.5.ppc64le",
"openSUSE Tumbleweed:vlc-opencv-3.0.16-1.5.s390x",
"openSUSE Tumbleweed:vlc-opencv-3.0.16-1.5.x86_64",
"openSUSE Tumbleweed:vlc-qt-3.0.16-1.5.aarch64",
"openSUSE Tumbleweed:vlc-qt-3.0.16-1.5.ppc64le",
"openSUSE Tumbleweed:vlc-qt-3.0.16-1.5.s390x",
"openSUSE Tumbleweed:vlc-qt-3.0.16-1.5.x86_64",
"openSUSE Tumbleweed:vlc-vdpau-3.0.16-1.5.aarch64",
"openSUSE Tumbleweed:vlc-vdpau-3.0.16-1.5.ppc64le",
"openSUSE Tumbleweed:vlc-vdpau-3.0.16-1.5.s390x",
"openSUSE Tumbleweed:vlc-vdpau-3.0.16-1.5.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-06-15T00:00:00Z",
"details": "moderate"
}
],
"title": "CVE-2019-14970"
},
{
"cve": "CVE-2019-5439",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2019-5439"
}
],
"notes": [
{
"category": "general",
"text": "A Buffer Overflow in VLC Media Player \u003c 3.0.7 causes a crash which can possibly be further developed into a remote code execution exploit.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:libvlc5-3.0.16-1.5.aarch64",
"openSUSE Tumbleweed:libvlc5-3.0.16-1.5.ppc64le",
"openSUSE Tumbleweed:libvlc5-3.0.16-1.5.s390x",
"openSUSE Tumbleweed:libvlc5-3.0.16-1.5.x86_64",
"openSUSE Tumbleweed:libvlccore9-3.0.16-1.5.aarch64",
"openSUSE Tumbleweed:libvlccore9-3.0.16-1.5.ppc64le",
"openSUSE Tumbleweed:libvlccore9-3.0.16-1.5.s390x",
"openSUSE Tumbleweed:libvlccore9-3.0.16-1.5.x86_64",
"openSUSE Tumbleweed:vlc-3.0.16-1.5.aarch64",
"openSUSE Tumbleweed:vlc-3.0.16-1.5.ppc64le",
"openSUSE Tumbleweed:vlc-3.0.16-1.5.s390x",
"openSUSE Tumbleweed:vlc-3.0.16-1.5.x86_64",
"openSUSE Tumbleweed:vlc-codec-gstreamer-3.0.16-1.5.aarch64",
"openSUSE Tumbleweed:vlc-codec-gstreamer-3.0.16-1.5.ppc64le",
"openSUSE Tumbleweed:vlc-codec-gstreamer-3.0.16-1.5.s390x",
"openSUSE Tumbleweed:vlc-codec-gstreamer-3.0.16-1.5.x86_64",
"openSUSE Tumbleweed:vlc-devel-3.0.16-1.5.aarch64",
"openSUSE Tumbleweed:vlc-devel-3.0.16-1.5.ppc64le",
"openSUSE Tumbleweed:vlc-devel-3.0.16-1.5.s390x",
"openSUSE Tumbleweed:vlc-devel-3.0.16-1.5.x86_64",
"openSUSE Tumbleweed:vlc-jack-3.0.16-1.5.aarch64",
"openSUSE Tumbleweed:vlc-jack-3.0.16-1.5.ppc64le",
"openSUSE Tumbleweed:vlc-jack-3.0.16-1.5.s390x",
"openSUSE Tumbleweed:vlc-jack-3.0.16-1.5.x86_64",
"openSUSE Tumbleweed:vlc-lang-3.0.16-1.5.aarch64",
"openSUSE Tumbleweed:vlc-lang-3.0.16-1.5.ppc64le",
"openSUSE Tumbleweed:vlc-lang-3.0.16-1.5.s390x",
"openSUSE Tumbleweed:vlc-lang-3.0.16-1.5.x86_64",
"openSUSE Tumbleweed:vlc-noX-3.0.16-1.5.aarch64",
"openSUSE Tumbleweed:vlc-noX-3.0.16-1.5.ppc64le",
"openSUSE Tumbleweed:vlc-noX-3.0.16-1.5.s390x",
"openSUSE Tumbleweed:vlc-noX-3.0.16-1.5.x86_64",
"openSUSE Tumbleweed:vlc-opencv-3.0.16-1.5.aarch64",
"openSUSE Tumbleweed:vlc-opencv-3.0.16-1.5.ppc64le",
"openSUSE Tumbleweed:vlc-opencv-3.0.16-1.5.s390x",
"openSUSE Tumbleweed:vlc-opencv-3.0.16-1.5.x86_64",
"openSUSE Tumbleweed:vlc-qt-3.0.16-1.5.aarch64",
"openSUSE Tumbleweed:vlc-qt-3.0.16-1.5.ppc64le",
"openSUSE Tumbleweed:vlc-qt-3.0.16-1.5.s390x",
"openSUSE Tumbleweed:vlc-qt-3.0.16-1.5.x86_64",
"openSUSE Tumbleweed:vlc-vdpau-3.0.16-1.5.aarch64",
"openSUSE Tumbleweed:vlc-vdpau-3.0.16-1.5.ppc64le",
"openSUSE Tumbleweed:vlc-vdpau-3.0.16-1.5.s390x",
"openSUSE Tumbleweed:vlc-vdpau-3.0.16-1.5.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2019-5439",
"url": "https://www.suse.com/security/cve/CVE-2019-5439"
},
{
"category": "external",
"summary": "SUSE Bug 1138354 for CVE-2019-5439",
"url": "https://bugzilla.suse.com/1138354"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:libvlc5-3.0.16-1.5.aarch64",
"openSUSE Tumbleweed:libvlc5-3.0.16-1.5.ppc64le",
"openSUSE Tumbleweed:libvlc5-3.0.16-1.5.s390x",
"openSUSE Tumbleweed:libvlc5-3.0.16-1.5.x86_64",
"openSUSE Tumbleweed:libvlccore9-3.0.16-1.5.aarch64",
"openSUSE Tumbleweed:libvlccore9-3.0.16-1.5.ppc64le",
"openSUSE Tumbleweed:libvlccore9-3.0.16-1.5.s390x",
"openSUSE Tumbleweed:libvlccore9-3.0.16-1.5.x86_64",
"openSUSE Tumbleweed:vlc-3.0.16-1.5.aarch64",
"openSUSE Tumbleweed:vlc-3.0.16-1.5.ppc64le",
"openSUSE Tumbleweed:vlc-3.0.16-1.5.s390x",
"openSUSE Tumbleweed:vlc-3.0.16-1.5.x86_64",
"openSUSE Tumbleweed:vlc-codec-gstreamer-3.0.16-1.5.aarch64",
"openSUSE Tumbleweed:vlc-codec-gstreamer-3.0.16-1.5.ppc64le",
"openSUSE Tumbleweed:vlc-codec-gstreamer-3.0.16-1.5.s390x",
"openSUSE Tumbleweed:vlc-codec-gstreamer-3.0.16-1.5.x86_64",
"openSUSE Tumbleweed:vlc-devel-3.0.16-1.5.aarch64",
"openSUSE Tumbleweed:vlc-devel-3.0.16-1.5.ppc64le",
"openSUSE Tumbleweed:vlc-devel-3.0.16-1.5.s390x",
"openSUSE Tumbleweed:vlc-devel-3.0.16-1.5.x86_64",
"openSUSE Tumbleweed:vlc-jack-3.0.16-1.5.aarch64",
"openSUSE Tumbleweed:vlc-jack-3.0.16-1.5.ppc64le",
"openSUSE Tumbleweed:vlc-jack-3.0.16-1.5.s390x",
"openSUSE Tumbleweed:vlc-jack-3.0.16-1.5.x86_64",
"openSUSE Tumbleweed:vlc-lang-3.0.16-1.5.aarch64",
"openSUSE Tumbleweed:vlc-lang-3.0.16-1.5.ppc64le",
"openSUSE Tumbleweed:vlc-lang-3.0.16-1.5.s390x",
"openSUSE Tumbleweed:vlc-lang-3.0.16-1.5.x86_64",
"openSUSE Tumbleweed:vlc-noX-3.0.16-1.5.aarch64",
"openSUSE Tumbleweed:vlc-noX-3.0.16-1.5.ppc64le",
"openSUSE Tumbleweed:vlc-noX-3.0.16-1.5.s390x",
"openSUSE Tumbleweed:vlc-noX-3.0.16-1.5.x86_64",
"openSUSE Tumbleweed:vlc-opencv-3.0.16-1.5.aarch64",
"openSUSE Tumbleweed:vlc-opencv-3.0.16-1.5.ppc64le",
"openSUSE Tumbleweed:vlc-opencv-3.0.16-1.5.s390x",
"openSUSE Tumbleweed:vlc-opencv-3.0.16-1.5.x86_64",
"openSUSE Tumbleweed:vlc-qt-3.0.16-1.5.aarch64",
"openSUSE Tumbleweed:vlc-qt-3.0.16-1.5.ppc64le",
"openSUSE Tumbleweed:vlc-qt-3.0.16-1.5.s390x",
"openSUSE Tumbleweed:vlc-qt-3.0.16-1.5.x86_64",
"openSUSE Tumbleweed:vlc-vdpau-3.0.16-1.5.aarch64",
"openSUSE Tumbleweed:vlc-vdpau-3.0.16-1.5.ppc64le",
"openSUSE Tumbleweed:vlc-vdpau-3.0.16-1.5.s390x",
"openSUSE Tumbleweed:vlc-vdpau-3.0.16-1.5.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
"version": "3.0"
},
"products": [
"openSUSE Tumbleweed:libvlc5-3.0.16-1.5.aarch64",
"openSUSE Tumbleweed:libvlc5-3.0.16-1.5.ppc64le",
"openSUSE Tumbleweed:libvlc5-3.0.16-1.5.s390x",
"openSUSE Tumbleweed:libvlc5-3.0.16-1.5.x86_64",
"openSUSE Tumbleweed:libvlccore9-3.0.16-1.5.aarch64",
"openSUSE Tumbleweed:libvlccore9-3.0.16-1.5.ppc64le",
"openSUSE Tumbleweed:libvlccore9-3.0.16-1.5.s390x",
"openSUSE Tumbleweed:libvlccore9-3.0.16-1.5.x86_64",
"openSUSE Tumbleweed:vlc-3.0.16-1.5.aarch64",
"openSUSE Tumbleweed:vlc-3.0.16-1.5.ppc64le",
"openSUSE Tumbleweed:vlc-3.0.16-1.5.s390x",
"openSUSE Tumbleweed:vlc-3.0.16-1.5.x86_64",
"openSUSE Tumbleweed:vlc-codec-gstreamer-3.0.16-1.5.aarch64",
"openSUSE Tumbleweed:vlc-codec-gstreamer-3.0.16-1.5.ppc64le",
"openSUSE Tumbleweed:vlc-codec-gstreamer-3.0.16-1.5.s390x",
"openSUSE Tumbleweed:vlc-codec-gstreamer-3.0.16-1.5.x86_64",
"openSUSE Tumbleweed:vlc-devel-3.0.16-1.5.aarch64",
"openSUSE Tumbleweed:vlc-devel-3.0.16-1.5.ppc64le",
"openSUSE Tumbleweed:vlc-devel-3.0.16-1.5.s390x",
"openSUSE Tumbleweed:vlc-devel-3.0.16-1.5.x86_64",
"openSUSE Tumbleweed:vlc-jack-3.0.16-1.5.aarch64",
"openSUSE Tumbleweed:vlc-jack-3.0.16-1.5.ppc64le",
"openSUSE Tumbleweed:vlc-jack-3.0.16-1.5.s390x",
"openSUSE Tumbleweed:vlc-jack-3.0.16-1.5.x86_64",
"openSUSE Tumbleweed:vlc-lang-3.0.16-1.5.aarch64",
"openSUSE Tumbleweed:vlc-lang-3.0.16-1.5.ppc64le",
"openSUSE Tumbleweed:vlc-lang-3.0.16-1.5.s390x",
"openSUSE Tumbleweed:vlc-lang-3.0.16-1.5.x86_64",
"openSUSE Tumbleweed:vlc-noX-3.0.16-1.5.aarch64",
"openSUSE Tumbleweed:vlc-noX-3.0.16-1.5.ppc64le",
"openSUSE Tumbleweed:vlc-noX-3.0.16-1.5.s390x",
"openSUSE Tumbleweed:vlc-noX-3.0.16-1.5.x86_64",
"openSUSE Tumbleweed:vlc-opencv-3.0.16-1.5.aarch64",
"openSUSE Tumbleweed:vlc-opencv-3.0.16-1.5.ppc64le",
"openSUSE Tumbleweed:vlc-opencv-3.0.16-1.5.s390x",
"openSUSE Tumbleweed:vlc-opencv-3.0.16-1.5.x86_64",
"openSUSE Tumbleweed:vlc-qt-3.0.16-1.5.aarch64",
"openSUSE Tumbleweed:vlc-qt-3.0.16-1.5.ppc64le",
"openSUSE Tumbleweed:vlc-qt-3.0.16-1.5.s390x",
"openSUSE Tumbleweed:vlc-qt-3.0.16-1.5.x86_64",
"openSUSE Tumbleweed:vlc-vdpau-3.0.16-1.5.aarch64",
"openSUSE Tumbleweed:vlc-vdpau-3.0.16-1.5.ppc64le",
"openSUSE Tumbleweed:vlc-vdpau-3.0.16-1.5.s390x",
"openSUSE Tumbleweed:vlc-vdpau-3.0.16-1.5.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-06-15T00:00:00Z",
"details": "moderate"
}
],
"title": "CVE-2019-5439"
},
{
"cve": "CVE-2019-5460",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2019-5460"
}
],
"notes": [
{
"category": "general",
"text": "Double Free in VLC versions \u003c= 3.0.6 leads to a crash.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:libvlc5-3.0.16-1.5.aarch64",
"openSUSE Tumbleweed:libvlc5-3.0.16-1.5.ppc64le",
"openSUSE Tumbleweed:libvlc5-3.0.16-1.5.s390x",
"openSUSE Tumbleweed:libvlc5-3.0.16-1.5.x86_64",
"openSUSE Tumbleweed:libvlccore9-3.0.16-1.5.aarch64",
"openSUSE Tumbleweed:libvlccore9-3.0.16-1.5.ppc64le",
"openSUSE Tumbleweed:libvlccore9-3.0.16-1.5.s390x",
"openSUSE Tumbleweed:libvlccore9-3.0.16-1.5.x86_64",
"openSUSE Tumbleweed:vlc-3.0.16-1.5.aarch64",
"openSUSE Tumbleweed:vlc-3.0.16-1.5.ppc64le",
"openSUSE Tumbleweed:vlc-3.0.16-1.5.s390x",
"openSUSE Tumbleweed:vlc-3.0.16-1.5.x86_64",
"openSUSE Tumbleweed:vlc-codec-gstreamer-3.0.16-1.5.aarch64",
"openSUSE Tumbleweed:vlc-codec-gstreamer-3.0.16-1.5.ppc64le",
"openSUSE Tumbleweed:vlc-codec-gstreamer-3.0.16-1.5.s390x",
"openSUSE Tumbleweed:vlc-codec-gstreamer-3.0.16-1.5.x86_64",
"openSUSE Tumbleweed:vlc-devel-3.0.16-1.5.aarch64",
"openSUSE Tumbleweed:vlc-devel-3.0.16-1.5.ppc64le",
"openSUSE Tumbleweed:vlc-devel-3.0.16-1.5.s390x",
"openSUSE Tumbleweed:vlc-devel-3.0.16-1.5.x86_64",
"openSUSE Tumbleweed:vlc-jack-3.0.16-1.5.aarch64",
"openSUSE Tumbleweed:vlc-jack-3.0.16-1.5.ppc64le",
"openSUSE Tumbleweed:vlc-jack-3.0.16-1.5.s390x",
"openSUSE Tumbleweed:vlc-jack-3.0.16-1.5.x86_64",
"openSUSE Tumbleweed:vlc-lang-3.0.16-1.5.aarch64",
"openSUSE Tumbleweed:vlc-lang-3.0.16-1.5.ppc64le",
"openSUSE Tumbleweed:vlc-lang-3.0.16-1.5.s390x",
"openSUSE Tumbleweed:vlc-lang-3.0.16-1.5.x86_64",
"openSUSE Tumbleweed:vlc-noX-3.0.16-1.5.aarch64",
"openSUSE Tumbleweed:vlc-noX-3.0.16-1.5.ppc64le",
"openSUSE Tumbleweed:vlc-noX-3.0.16-1.5.s390x",
"openSUSE Tumbleweed:vlc-noX-3.0.16-1.5.x86_64",
"openSUSE Tumbleweed:vlc-opencv-3.0.16-1.5.aarch64",
"openSUSE Tumbleweed:vlc-opencv-3.0.16-1.5.ppc64le",
"openSUSE Tumbleweed:vlc-opencv-3.0.16-1.5.s390x",
"openSUSE Tumbleweed:vlc-opencv-3.0.16-1.5.x86_64",
"openSUSE Tumbleweed:vlc-qt-3.0.16-1.5.aarch64",
"openSUSE Tumbleweed:vlc-qt-3.0.16-1.5.ppc64le",
"openSUSE Tumbleweed:vlc-qt-3.0.16-1.5.s390x",
"openSUSE Tumbleweed:vlc-qt-3.0.16-1.5.x86_64",
"openSUSE Tumbleweed:vlc-vdpau-3.0.16-1.5.aarch64",
"openSUSE Tumbleweed:vlc-vdpau-3.0.16-1.5.ppc64le",
"openSUSE Tumbleweed:vlc-vdpau-3.0.16-1.5.s390x",
"openSUSE Tumbleweed:vlc-vdpau-3.0.16-1.5.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2019-5460",
"url": "https://www.suse.com/security/cve/CVE-2019-5460"
},
{
"category": "external",
"summary": "SUSE Bug 1143547 for CVE-2019-5460",
"url": "https://bugzilla.suse.com/1143547"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:libvlc5-3.0.16-1.5.aarch64",
"openSUSE Tumbleweed:libvlc5-3.0.16-1.5.ppc64le",
"openSUSE Tumbleweed:libvlc5-3.0.16-1.5.s390x",
"openSUSE Tumbleweed:libvlc5-3.0.16-1.5.x86_64",
"openSUSE Tumbleweed:libvlccore9-3.0.16-1.5.aarch64",
"openSUSE Tumbleweed:libvlccore9-3.0.16-1.5.ppc64le",
"openSUSE Tumbleweed:libvlccore9-3.0.16-1.5.s390x",
"openSUSE Tumbleweed:libvlccore9-3.0.16-1.5.x86_64",
"openSUSE Tumbleweed:vlc-3.0.16-1.5.aarch64",
"openSUSE Tumbleweed:vlc-3.0.16-1.5.ppc64le",
"openSUSE Tumbleweed:vlc-3.0.16-1.5.s390x",
"openSUSE Tumbleweed:vlc-3.0.16-1.5.x86_64",
"openSUSE Tumbleweed:vlc-codec-gstreamer-3.0.16-1.5.aarch64",
"openSUSE Tumbleweed:vlc-codec-gstreamer-3.0.16-1.5.ppc64le",
"openSUSE Tumbleweed:vlc-codec-gstreamer-3.0.16-1.5.s390x",
"openSUSE Tumbleweed:vlc-codec-gstreamer-3.0.16-1.5.x86_64",
"openSUSE Tumbleweed:vlc-devel-3.0.16-1.5.aarch64",
"openSUSE Tumbleweed:vlc-devel-3.0.16-1.5.ppc64le",
"openSUSE Tumbleweed:vlc-devel-3.0.16-1.5.s390x",
"openSUSE Tumbleweed:vlc-devel-3.0.16-1.5.x86_64",
"openSUSE Tumbleweed:vlc-jack-3.0.16-1.5.aarch64",
"openSUSE Tumbleweed:vlc-jack-3.0.16-1.5.ppc64le",
"openSUSE Tumbleweed:vlc-jack-3.0.16-1.5.s390x",
"openSUSE Tumbleweed:vlc-jack-3.0.16-1.5.x86_64",
"openSUSE Tumbleweed:vlc-lang-3.0.16-1.5.aarch64",
"openSUSE Tumbleweed:vlc-lang-3.0.16-1.5.ppc64le",
"openSUSE Tumbleweed:vlc-lang-3.0.16-1.5.s390x",
"openSUSE Tumbleweed:vlc-lang-3.0.16-1.5.x86_64",
"openSUSE Tumbleweed:vlc-noX-3.0.16-1.5.aarch64",
"openSUSE Tumbleweed:vlc-noX-3.0.16-1.5.ppc64le",
"openSUSE Tumbleweed:vlc-noX-3.0.16-1.5.s390x",
"openSUSE Tumbleweed:vlc-noX-3.0.16-1.5.x86_64",
"openSUSE Tumbleweed:vlc-opencv-3.0.16-1.5.aarch64",
"openSUSE Tumbleweed:vlc-opencv-3.0.16-1.5.ppc64le",
"openSUSE Tumbleweed:vlc-opencv-3.0.16-1.5.s390x",
"openSUSE Tumbleweed:vlc-opencv-3.0.16-1.5.x86_64",
"openSUSE Tumbleweed:vlc-qt-3.0.16-1.5.aarch64",
"openSUSE Tumbleweed:vlc-qt-3.0.16-1.5.ppc64le",
"openSUSE Tumbleweed:vlc-qt-3.0.16-1.5.s390x",
"openSUSE Tumbleweed:vlc-qt-3.0.16-1.5.x86_64",
"openSUSE Tumbleweed:vlc-vdpau-3.0.16-1.5.aarch64",
"openSUSE Tumbleweed:vlc-vdpau-3.0.16-1.5.ppc64le",
"openSUSE Tumbleweed:vlc-vdpau-3.0.16-1.5.s390x",
"openSUSE Tumbleweed:vlc-vdpau-3.0.16-1.5.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"openSUSE Tumbleweed:libvlc5-3.0.16-1.5.aarch64",
"openSUSE Tumbleweed:libvlc5-3.0.16-1.5.ppc64le",
"openSUSE Tumbleweed:libvlc5-3.0.16-1.5.s390x",
"openSUSE Tumbleweed:libvlc5-3.0.16-1.5.x86_64",
"openSUSE Tumbleweed:libvlccore9-3.0.16-1.5.aarch64",
"openSUSE Tumbleweed:libvlccore9-3.0.16-1.5.ppc64le",
"openSUSE Tumbleweed:libvlccore9-3.0.16-1.5.s390x",
"openSUSE Tumbleweed:libvlccore9-3.0.16-1.5.x86_64",
"openSUSE Tumbleweed:vlc-3.0.16-1.5.aarch64",
"openSUSE Tumbleweed:vlc-3.0.16-1.5.ppc64le",
"openSUSE Tumbleweed:vlc-3.0.16-1.5.s390x",
"openSUSE Tumbleweed:vlc-3.0.16-1.5.x86_64",
"openSUSE Tumbleweed:vlc-codec-gstreamer-3.0.16-1.5.aarch64",
"openSUSE Tumbleweed:vlc-codec-gstreamer-3.0.16-1.5.ppc64le",
"openSUSE Tumbleweed:vlc-codec-gstreamer-3.0.16-1.5.s390x",
"openSUSE Tumbleweed:vlc-codec-gstreamer-3.0.16-1.5.x86_64",
"openSUSE Tumbleweed:vlc-devel-3.0.16-1.5.aarch64",
"openSUSE Tumbleweed:vlc-devel-3.0.16-1.5.ppc64le",
"openSUSE Tumbleweed:vlc-devel-3.0.16-1.5.s390x",
"openSUSE Tumbleweed:vlc-devel-3.0.16-1.5.x86_64",
"openSUSE Tumbleweed:vlc-jack-3.0.16-1.5.aarch64",
"openSUSE Tumbleweed:vlc-jack-3.0.16-1.5.ppc64le",
"openSUSE Tumbleweed:vlc-jack-3.0.16-1.5.s390x",
"openSUSE Tumbleweed:vlc-jack-3.0.16-1.5.x86_64",
"openSUSE Tumbleweed:vlc-lang-3.0.16-1.5.aarch64",
"openSUSE Tumbleweed:vlc-lang-3.0.16-1.5.ppc64le",
"openSUSE Tumbleweed:vlc-lang-3.0.16-1.5.s390x",
"openSUSE Tumbleweed:vlc-lang-3.0.16-1.5.x86_64",
"openSUSE Tumbleweed:vlc-noX-3.0.16-1.5.aarch64",
"openSUSE Tumbleweed:vlc-noX-3.0.16-1.5.ppc64le",
"openSUSE Tumbleweed:vlc-noX-3.0.16-1.5.s390x",
"openSUSE Tumbleweed:vlc-noX-3.0.16-1.5.x86_64",
"openSUSE Tumbleweed:vlc-opencv-3.0.16-1.5.aarch64",
"openSUSE Tumbleweed:vlc-opencv-3.0.16-1.5.ppc64le",
"openSUSE Tumbleweed:vlc-opencv-3.0.16-1.5.s390x",
"openSUSE Tumbleweed:vlc-opencv-3.0.16-1.5.x86_64",
"openSUSE Tumbleweed:vlc-qt-3.0.16-1.5.aarch64",
"openSUSE Tumbleweed:vlc-qt-3.0.16-1.5.ppc64le",
"openSUSE Tumbleweed:vlc-qt-3.0.16-1.5.s390x",
"openSUSE Tumbleweed:vlc-qt-3.0.16-1.5.x86_64",
"openSUSE Tumbleweed:vlc-vdpau-3.0.16-1.5.aarch64",
"openSUSE Tumbleweed:vlc-vdpau-3.0.16-1.5.ppc64le",
"openSUSE Tumbleweed:vlc-vdpau-3.0.16-1.5.s390x",
"openSUSE Tumbleweed:vlc-vdpau-3.0.16-1.5.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-06-15T00:00:00Z",
"details": "moderate"
}
],
"title": "CVE-2019-5460"
},
{
"cve": "CVE-2020-13428",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2020-13428"
}
],
"notes": [
{
"category": "general",
"text": "A heap-based buffer overflow in the hxxx_AnnexB_to_xVC function in modules/packetizer/hxxx_nal.c in VideoLAN VLC media player before 3.0.11 for macOS/iOS allows remote attackers to cause a denial of service (application crash) or execute arbitrary code via a crafted H.264 Annex-B video (.avi for example) file.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:libvlc5-3.0.16-1.5.aarch64",
"openSUSE Tumbleweed:libvlc5-3.0.16-1.5.ppc64le",
"openSUSE Tumbleweed:libvlc5-3.0.16-1.5.s390x",
"openSUSE Tumbleweed:libvlc5-3.0.16-1.5.x86_64",
"openSUSE Tumbleweed:libvlccore9-3.0.16-1.5.aarch64",
"openSUSE Tumbleweed:libvlccore9-3.0.16-1.5.ppc64le",
"openSUSE Tumbleweed:libvlccore9-3.0.16-1.5.s390x",
"openSUSE Tumbleweed:libvlccore9-3.0.16-1.5.x86_64",
"openSUSE Tumbleweed:vlc-3.0.16-1.5.aarch64",
"openSUSE Tumbleweed:vlc-3.0.16-1.5.ppc64le",
"openSUSE Tumbleweed:vlc-3.0.16-1.5.s390x",
"openSUSE Tumbleweed:vlc-3.0.16-1.5.x86_64",
"openSUSE Tumbleweed:vlc-codec-gstreamer-3.0.16-1.5.aarch64",
"openSUSE Tumbleweed:vlc-codec-gstreamer-3.0.16-1.5.ppc64le",
"openSUSE Tumbleweed:vlc-codec-gstreamer-3.0.16-1.5.s390x",
"openSUSE Tumbleweed:vlc-codec-gstreamer-3.0.16-1.5.x86_64",
"openSUSE Tumbleweed:vlc-devel-3.0.16-1.5.aarch64",
"openSUSE Tumbleweed:vlc-devel-3.0.16-1.5.ppc64le",
"openSUSE Tumbleweed:vlc-devel-3.0.16-1.5.s390x",
"openSUSE Tumbleweed:vlc-devel-3.0.16-1.5.x86_64",
"openSUSE Tumbleweed:vlc-jack-3.0.16-1.5.aarch64",
"openSUSE Tumbleweed:vlc-jack-3.0.16-1.5.ppc64le",
"openSUSE Tumbleweed:vlc-jack-3.0.16-1.5.s390x",
"openSUSE Tumbleweed:vlc-jack-3.0.16-1.5.x86_64",
"openSUSE Tumbleweed:vlc-lang-3.0.16-1.5.aarch64",
"openSUSE Tumbleweed:vlc-lang-3.0.16-1.5.ppc64le",
"openSUSE Tumbleweed:vlc-lang-3.0.16-1.5.s390x",
"openSUSE Tumbleweed:vlc-lang-3.0.16-1.5.x86_64",
"openSUSE Tumbleweed:vlc-noX-3.0.16-1.5.aarch64",
"openSUSE Tumbleweed:vlc-noX-3.0.16-1.5.ppc64le",
"openSUSE Tumbleweed:vlc-noX-3.0.16-1.5.s390x",
"openSUSE Tumbleweed:vlc-noX-3.0.16-1.5.x86_64",
"openSUSE Tumbleweed:vlc-opencv-3.0.16-1.5.aarch64",
"openSUSE Tumbleweed:vlc-opencv-3.0.16-1.5.ppc64le",
"openSUSE Tumbleweed:vlc-opencv-3.0.16-1.5.s390x",
"openSUSE Tumbleweed:vlc-opencv-3.0.16-1.5.x86_64",
"openSUSE Tumbleweed:vlc-qt-3.0.16-1.5.aarch64",
"openSUSE Tumbleweed:vlc-qt-3.0.16-1.5.ppc64le",
"openSUSE Tumbleweed:vlc-qt-3.0.16-1.5.s390x",
"openSUSE Tumbleweed:vlc-qt-3.0.16-1.5.x86_64",
"openSUSE Tumbleweed:vlc-vdpau-3.0.16-1.5.aarch64",
"openSUSE Tumbleweed:vlc-vdpau-3.0.16-1.5.ppc64le",
"openSUSE Tumbleweed:vlc-vdpau-3.0.16-1.5.s390x",
"openSUSE Tumbleweed:vlc-vdpau-3.0.16-1.5.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2020-13428",
"url": "https://www.suse.com/security/cve/CVE-2020-13428"
},
{
"category": "external",
"summary": "SUSE Bug 1172727 for CVE-2020-13428",
"url": "https://bugzilla.suse.com/1172727"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:libvlc5-3.0.16-1.5.aarch64",
"openSUSE Tumbleweed:libvlc5-3.0.16-1.5.ppc64le",
"openSUSE Tumbleweed:libvlc5-3.0.16-1.5.s390x",
"openSUSE Tumbleweed:libvlc5-3.0.16-1.5.x86_64",
"openSUSE Tumbleweed:libvlccore9-3.0.16-1.5.aarch64",
"openSUSE Tumbleweed:libvlccore9-3.0.16-1.5.ppc64le",
"openSUSE Tumbleweed:libvlccore9-3.0.16-1.5.s390x",
"openSUSE Tumbleweed:libvlccore9-3.0.16-1.5.x86_64",
"openSUSE Tumbleweed:vlc-3.0.16-1.5.aarch64",
"openSUSE Tumbleweed:vlc-3.0.16-1.5.ppc64le",
"openSUSE Tumbleweed:vlc-3.0.16-1.5.s390x",
"openSUSE Tumbleweed:vlc-3.0.16-1.5.x86_64",
"openSUSE Tumbleweed:vlc-codec-gstreamer-3.0.16-1.5.aarch64",
"openSUSE Tumbleweed:vlc-codec-gstreamer-3.0.16-1.5.ppc64le",
"openSUSE Tumbleweed:vlc-codec-gstreamer-3.0.16-1.5.s390x",
"openSUSE Tumbleweed:vlc-codec-gstreamer-3.0.16-1.5.x86_64",
"openSUSE Tumbleweed:vlc-devel-3.0.16-1.5.aarch64",
"openSUSE Tumbleweed:vlc-devel-3.0.16-1.5.ppc64le",
"openSUSE Tumbleweed:vlc-devel-3.0.16-1.5.s390x",
"openSUSE Tumbleweed:vlc-devel-3.0.16-1.5.x86_64",
"openSUSE Tumbleweed:vlc-jack-3.0.16-1.5.aarch64",
"openSUSE Tumbleweed:vlc-jack-3.0.16-1.5.ppc64le",
"openSUSE Tumbleweed:vlc-jack-3.0.16-1.5.s390x",
"openSUSE Tumbleweed:vlc-jack-3.0.16-1.5.x86_64",
"openSUSE Tumbleweed:vlc-lang-3.0.16-1.5.aarch64",
"openSUSE Tumbleweed:vlc-lang-3.0.16-1.5.ppc64le",
"openSUSE Tumbleweed:vlc-lang-3.0.16-1.5.s390x",
"openSUSE Tumbleweed:vlc-lang-3.0.16-1.5.x86_64",
"openSUSE Tumbleweed:vlc-noX-3.0.16-1.5.aarch64",
"openSUSE Tumbleweed:vlc-noX-3.0.16-1.5.ppc64le",
"openSUSE Tumbleweed:vlc-noX-3.0.16-1.5.s390x",
"openSUSE Tumbleweed:vlc-noX-3.0.16-1.5.x86_64",
"openSUSE Tumbleweed:vlc-opencv-3.0.16-1.5.aarch64",
"openSUSE Tumbleweed:vlc-opencv-3.0.16-1.5.ppc64le",
"openSUSE Tumbleweed:vlc-opencv-3.0.16-1.5.s390x",
"openSUSE Tumbleweed:vlc-opencv-3.0.16-1.5.x86_64",
"openSUSE Tumbleweed:vlc-qt-3.0.16-1.5.aarch64",
"openSUSE Tumbleweed:vlc-qt-3.0.16-1.5.ppc64le",
"openSUSE Tumbleweed:vlc-qt-3.0.16-1.5.s390x",
"openSUSE Tumbleweed:vlc-qt-3.0.16-1.5.x86_64",
"openSUSE Tumbleweed:vlc-vdpau-3.0.16-1.5.aarch64",
"openSUSE Tumbleweed:vlc-vdpau-3.0.16-1.5.ppc64le",
"openSUSE Tumbleweed:vlc-vdpau-3.0.16-1.5.s390x",
"openSUSE Tumbleweed:vlc-vdpau-3.0.16-1.5.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"openSUSE Tumbleweed:libvlc5-3.0.16-1.5.aarch64",
"openSUSE Tumbleweed:libvlc5-3.0.16-1.5.ppc64le",
"openSUSE Tumbleweed:libvlc5-3.0.16-1.5.s390x",
"openSUSE Tumbleweed:libvlc5-3.0.16-1.5.x86_64",
"openSUSE Tumbleweed:libvlccore9-3.0.16-1.5.aarch64",
"openSUSE Tumbleweed:libvlccore9-3.0.16-1.5.ppc64le",
"openSUSE Tumbleweed:libvlccore9-3.0.16-1.5.s390x",
"openSUSE Tumbleweed:libvlccore9-3.0.16-1.5.x86_64",
"openSUSE Tumbleweed:vlc-3.0.16-1.5.aarch64",
"openSUSE Tumbleweed:vlc-3.0.16-1.5.ppc64le",
"openSUSE Tumbleweed:vlc-3.0.16-1.5.s390x",
"openSUSE Tumbleweed:vlc-3.0.16-1.5.x86_64",
"openSUSE Tumbleweed:vlc-codec-gstreamer-3.0.16-1.5.aarch64",
"openSUSE Tumbleweed:vlc-codec-gstreamer-3.0.16-1.5.ppc64le",
"openSUSE Tumbleweed:vlc-codec-gstreamer-3.0.16-1.5.s390x",
"openSUSE Tumbleweed:vlc-codec-gstreamer-3.0.16-1.5.x86_64",
"openSUSE Tumbleweed:vlc-devel-3.0.16-1.5.aarch64",
"openSUSE Tumbleweed:vlc-devel-3.0.16-1.5.ppc64le",
"openSUSE Tumbleweed:vlc-devel-3.0.16-1.5.s390x",
"openSUSE Tumbleweed:vlc-devel-3.0.16-1.5.x86_64",
"openSUSE Tumbleweed:vlc-jack-3.0.16-1.5.aarch64",
"openSUSE Tumbleweed:vlc-jack-3.0.16-1.5.ppc64le",
"openSUSE Tumbleweed:vlc-jack-3.0.16-1.5.s390x",
"openSUSE Tumbleweed:vlc-jack-3.0.16-1.5.x86_64",
"openSUSE Tumbleweed:vlc-lang-3.0.16-1.5.aarch64",
"openSUSE Tumbleweed:vlc-lang-3.0.16-1.5.ppc64le",
"openSUSE Tumbleweed:vlc-lang-3.0.16-1.5.s390x",
"openSUSE Tumbleweed:vlc-lang-3.0.16-1.5.x86_64",
"openSUSE Tumbleweed:vlc-noX-3.0.16-1.5.aarch64",
"openSUSE Tumbleweed:vlc-noX-3.0.16-1.5.ppc64le",
"openSUSE Tumbleweed:vlc-noX-3.0.16-1.5.s390x",
"openSUSE Tumbleweed:vlc-noX-3.0.16-1.5.x86_64",
"openSUSE Tumbleweed:vlc-opencv-3.0.16-1.5.aarch64",
"openSUSE Tumbleweed:vlc-opencv-3.0.16-1.5.ppc64le",
"openSUSE Tumbleweed:vlc-opencv-3.0.16-1.5.s390x",
"openSUSE Tumbleweed:vlc-opencv-3.0.16-1.5.x86_64",
"openSUSE Tumbleweed:vlc-qt-3.0.16-1.5.aarch64",
"openSUSE Tumbleweed:vlc-qt-3.0.16-1.5.ppc64le",
"openSUSE Tumbleweed:vlc-qt-3.0.16-1.5.s390x",
"openSUSE Tumbleweed:vlc-qt-3.0.16-1.5.x86_64",
"openSUSE Tumbleweed:vlc-vdpau-3.0.16-1.5.aarch64",
"openSUSE Tumbleweed:vlc-vdpau-3.0.16-1.5.ppc64le",
"openSUSE Tumbleweed:vlc-vdpau-3.0.16-1.5.s390x",
"openSUSE Tumbleweed:vlc-vdpau-3.0.16-1.5.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-06-15T00:00:00Z",
"details": "important"
}
],
"title": "CVE-2020-13428"
},
{
"cve": "CVE-2020-26664",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2020-26664"
}
],
"notes": [
{
"category": "general",
"text": "A vulnerability in EbmlTypeDispatcher::send in VideoLAN VLC media player 3.0.11 allows attackers to trigger a heap-based buffer overflow via a crafted .mkv file.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:libvlc5-3.0.16-1.5.aarch64",
"openSUSE Tumbleweed:libvlc5-3.0.16-1.5.ppc64le",
"openSUSE Tumbleweed:libvlc5-3.0.16-1.5.s390x",
"openSUSE Tumbleweed:libvlc5-3.0.16-1.5.x86_64",
"openSUSE Tumbleweed:libvlccore9-3.0.16-1.5.aarch64",
"openSUSE Tumbleweed:libvlccore9-3.0.16-1.5.ppc64le",
"openSUSE Tumbleweed:libvlccore9-3.0.16-1.5.s390x",
"openSUSE Tumbleweed:libvlccore9-3.0.16-1.5.x86_64",
"openSUSE Tumbleweed:vlc-3.0.16-1.5.aarch64",
"openSUSE Tumbleweed:vlc-3.0.16-1.5.ppc64le",
"openSUSE Tumbleweed:vlc-3.0.16-1.5.s390x",
"openSUSE Tumbleweed:vlc-3.0.16-1.5.x86_64",
"openSUSE Tumbleweed:vlc-codec-gstreamer-3.0.16-1.5.aarch64",
"openSUSE Tumbleweed:vlc-codec-gstreamer-3.0.16-1.5.ppc64le",
"openSUSE Tumbleweed:vlc-codec-gstreamer-3.0.16-1.5.s390x",
"openSUSE Tumbleweed:vlc-codec-gstreamer-3.0.16-1.5.x86_64",
"openSUSE Tumbleweed:vlc-devel-3.0.16-1.5.aarch64",
"openSUSE Tumbleweed:vlc-devel-3.0.16-1.5.ppc64le",
"openSUSE Tumbleweed:vlc-devel-3.0.16-1.5.s390x",
"openSUSE Tumbleweed:vlc-devel-3.0.16-1.5.x86_64",
"openSUSE Tumbleweed:vlc-jack-3.0.16-1.5.aarch64",
"openSUSE Tumbleweed:vlc-jack-3.0.16-1.5.ppc64le",
"openSUSE Tumbleweed:vlc-jack-3.0.16-1.5.s390x",
"openSUSE Tumbleweed:vlc-jack-3.0.16-1.5.x86_64",
"openSUSE Tumbleweed:vlc-lang-3.0.16-1.5.aarch64",
"openSUSE Tumbleweed:vlc-lang-3.0.16-1.5.ppc64le",
"openSUSE Tumbleweed:vlc-lang-3.0.16-1.5.s390x",
"openSUSE Tumbleweed:vlc-lang-3.0.16-1.5.x86_64",
"openSUSE Tumbleweed:vlc-noX-3.0.16-1.5.aarch64",
"openSUSE Tumbleweed:vlc-noX-3.0.16-1.5.ppc64le",
"openSUSE Tumbleweed:vlc-noX-3.0.16-1.5.s390x",
"openSUSE Tumbleweed:vlc-noX-3.0.16-1.5.x86_64",
"openSUSE Tumbleweed:vlc-opencv-3.0.16-1.5.aarch64",
"openSUSE Tumbleweed:vlc-opencv-3.0.16-1.5.ppc64le",
"openSUSE Tumbleweed:vlc-opencv-3.0.16-1.5.s390x",
"openSUSE Tumbleweed:vlc-opencv-3.0.16-1.5.x86_64",
"openSUSE Tumbleweed:vlc-qt-3.0.16-1.5.aarch64",
"openSUSE Tumbleweed:vlc-qt-3.0.16-1.5.ppc64le",
"openSUSE Tumbleweed:vlc-qt-3.0.16-1.5.s390x",
"openSUSE Tumbleweed:vlc-qt-3.0.16-1.5.x86_64",
"openSUSE Tumbleweed:vlc-vdpau-3.0.16-1.5.aarch64",
"openSUSE Tumbleweed:vlc-vdpau-3.0.16-1.5.ppc64le",
"openSUSE Tumbleweed:vlc-vdpau-3.0.16-1.5.s390x",
"openSUSE Tumbleweed:vlc-vdpau-3.0.16-1.5.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2020-26664",
"url": "https://www.suse.com/security/cve/CVE-2020-26664"
},
{
"category": "external",
"summary": "SUSE Bug 1180755 for CVE-2020-26664",
"url": "https://bugzilla.suse.com/1180755"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:libvlc5-3.0.16-1.5.aarch64",
"openSUSE Tumbleweed:libvlc5-3.0.16-1.5.ppc64le",
"openSUSE Tumbleweed:libvlc5-3.0.16-1.5.s390x",
"openSUSE Tumbleweed:libvlc5-3.0.16-1.5.x86_64",
"openSUSE Tumbleweed:libvlccore9-3.0.16-1.5.aarch64",
"openSUSE Tumbleweed:libvlccore9-3.0.16-1.5.ppc64le",
"openSUSE Tumbleweed:libvlccore9-3.0.16-1.5.s390x",
"openSUSE Tumbleweed:libvlccore9-3.0.16-1.5.x86_64",
"openSUSE Tumbleweed:vlc-3.0.16-1.5.aarch64",
"openSUSE Tumbleweed:vlc-3.0.16-1.5.ppc64le",
"openSUSE Tumbleweed:vlc-3.0.16-1.5.s390x",
"openSUSE Tumbleweed:vlc-3.0.16-1.5.x86_64",
"openSUSE Tumbleweed:vlc-codec-gstreamer-3.0.16-1.5.aarch64",
"openSUSE Tumbleweed:vlc-codec-gstreamer-3.0.16-1.5.ppc64le",
"openSUSE Tumbleweed:vlc-codec-gstreamer-3.0.16-1.5.s390x",
"openSUSE Tumbleweed:vlc-codec-gstreamer-3.0.16-1.5.x86_64",
"openSUSE Tumbleweed:vlc-devel-3.0.16-1.5.aarch64",
"openSUSE Tumbleweed:vlc-devel-3.0.16-1.5.ppc64le",
"openSUSE Tumbleweed:vlc-devel-3.0.16-1.5.s390x",
"openSUSE Tumbleweed:vlc-devel-3.0.16-1.5.x86_64",
"openSUSE Tumbleweed:vlc-jack-3.0.16-1.5.aarch64",
"openSUSE Tumbleweed:vlc-jack-3.0.16-1.5.ppc64le",
"openSUSE Tumbleweed:vlc-jack-3.0.16-1.5.s390x",
"openSUSE Tumbleweed:vlc-jack-3.0.16-1.5.x86_64",
"openSUSE Tumbleweed:vlc-lang-3.0.16-1.5.aarch64",
"openSUSE Tumbleweed:vlc-lang-3.0.16-1.5.ppc64le",
"openSUSE Tumbleweed:vlc-lang-3.0.16-1.5.s390x",
"openSUSE Tumbleweed:vlc-lang-3.0.16-1.5.x86_64",
"openSUSE Tumbleweed:vlc-noX-3.0.16-1.5.aarch64",
"openSUSE Tumbleweed:vlc-noX-3.0.16-1.5.ppc64le",
"openSUSE Tumbleweed:vlc-noX-3.0.16-1.5.s390x",
"openSUSE Tumbleweed:vlc-noX-3.0.16-1.5.x86_64",
"openSUSE Tumbleweed:vlc-opencv-3.0.16-1.5.aarch64",
"openSUSE Tumbleweed:vlc-opencv-3.0.16-1.5.ppc64le",
"openSUSE Tumbleweed:vlc-opencv-3.0.16-1.5.s390x",
"openSUSE Tumbleweed:vlc-opencv-3.0.16-1.5.x86_64",
"openSUSE Tumbleweed:vlc-qt-3.0.16-1.5.aarch64",
"openSUSE Tumbleweed:vlc-qt-3.0.16-1.5.ppc64le",
"openSUSE Tumbleweed:vlc-qt-3.0.16-1.5.s390x",
"openSUSE Tumbleweed:vlc-qt-3.0.16-1.5.x86_64",
"openSUSE Tumbleweed:vlc-vdpau-3.0.16-1.5.aarch64",
"openSUSE Tumbleweed:vlc-vdpau-3.0.16-1.5.ppc64le",
"openSUSE Tumbleweed:vlc-vdpau-3.0.16-1.5.s390x",
"openSUSE Tumbleweed:vlc-vdpau-3.0.16-1.5.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"openSUSE Tumbleweed:libvlc5-3.0.16-1.5.aarch64",
"openSUSE Tumbleweed:libvlc5-3.0.16-1.5.ppc64le",
"openSUSE Tumbleweed:libvlc5-3.0.16-1.5.s390x",
"openSUSE Tumbleweed:libvlc5-3.0.16-1.5.x86_64",
"openSUSE Tumbleweed:libvlccore9-3.0.16-1.5.aarch64",
"openSUSE Tumbleweed:libvlccore9-3.0.16-1.5.ppc64le",
"openSUSE Tumbleweed:libvlccore9-3.0.16-1.5.s390x",
"openSUSE Tumbleweed:libvlccore9-3.0.16-1.5.x86_64",
"openSUSE Tumbleweed:vlc-3.0.16-1.5.aarch64",
"openSUSE Tumbleweed:vlc-3.0.16-1.5.ppc64le",
"openSUSE Tumbleweed:vlc-3.0.16-1.5.s390x",
"openSUSE Tumbleweed:vlc-3.0.16-1.5.x86_64",
"openSUSE Tumbleweed:vlc-codec-gstreamer-3.0.16-1.5.aarch64",
"openSUSE Tumbleweed:vlc-codec-gstreamer-3.0.16-1.5.ppc64le",
"openSUSE Tumbleweed:vlc-codec-gstreamer-3.0.16-1.5.s390x",
"openSUSE Tumbleweed:vlc-codec-gstreamer-3.0.16-1.5.x86_64",
"openSUSE Tumbleweed:vlc-devel-3.0.16-1.5.aarch64",
"openSUSE Tumbleweed:vlc-devel-3.0.16-1.5.ppc64le",
"openSUSE Tumbleweed:vlc-devel-3.0.16-1.5.s390x",
"openSUSE Tumbleweed:vlc-devel-3.0.16-1.5.x86_64",
"openSUSE Tumbleweed:vlc-jack-3.0.16-1.5.aarch64",
"openSUSE Tumbleweed:vlc-jack-3.0.16-1.5.ppc64le",
"openSUSE Tumbleweed:vlc-jack-3.0.16-1.5.s390x",
"openSUSE Tumbleweed:vlc-jack-3.0.16-1.5.x86_64",
"openSUSE Tumbleweed:vlc-lang-3.0.16-1.5.aarch64",
"openSUSE Tumbleweed:vlc-lang-3.0.16-1.5.ppc64le",
"openSUSE Tumbleweed:vlc-lang-3.0.16-1.5.s390x",
"openSUSE Tumbleweed:vlc-lang-3.0.16-1.5.x86_64",
"openSUSE Tumbleweed:vlc-noX-3.0.16-1.5.aarch64",
"openSUSE Tumbleweed:vlc-noX-3.0.16-1.5.ppc64le",
"openSUSE Tumbleweed:vlc-noX-3.0.16-1.5.s390x",
"openSUSE Tumbleweed:vlc-noX-3.0.16-1.5.x86_64",
"openSUSE Tumbleweed:vlc-opencv-3.0.16-1.5.aarch64",
"openSUSE Tumbleweed:vlc-opencv-3.0.16-1.5.ppc64le",
"openSUSE Tumbleweed:vlc-opencv-3.0.16-1.5.s390x",
"openSUSE Tumbleweed:vlc-opencv-3.0.16-1.5.x86_64",
"openSUSE Tumbleweed:vlc-qt-3.0.16-1.5.aarch64",
"openSUSE Tumbleweed:vlc-qt-3.0.16-1.5.ppc64le",
"openSUSE Tumbleweed:vlc-qt-3.0.16-1.5.s390x",
"openSUSE Tumbleweed:vlc-qt-3.0.16-1.5.x86_64",
"openSUSE Tumbleweed:vlc-vdpau-3.0.16-1.5.aarch64",
"openSUSE Tumbleweed:vlc-vdpau-3.0.16-1.5.ppc64le",
"openSUSE Tumbleweed:vlc-vdpau-3.0.16-1.5.s390x",
"openSUSE Tumbleweed:vlc-vdpau-3.0.16-1.5.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-06-15T00:00:00Z",
"details": "important"
}
],
"title": "CVE-2020-26664"
}
]
}
opensuse-su-2019:1840-1
Vulnerability from csaf_opensuse
Published
2019-08-08 15:58
Modified
2019-08-08 15:58
Summary
Security update for vlc
Notes
Title of the patch
Security update for vlc
Description of the patch
This update for vlc to version 3.0.7.1 fixes the following issues:
Security issues fixed:
- CVE-2019-5439: Fixed a buffer overflow (bsc#1138354).
- CVE-2019-5459: Fixed an integer underflow (bsc#1143549).
- CVE-2019-5460: Fixed a double free (bsc#1143547).
- CVE-2019-12874: Fixed a double free in zlib_decompress_extra in modules/demux/mkv/util.cpp (bsc#1138933).
- CVE-2019-13602: Fixed an integer underflow in mp4 demuxer (boo#1141522).
- CVE-2019-13962: Fixed a heap-based buffer over-read in avcodec (boo#1142161).
Non-security issues fixed:
- Video Output:
* Fix hardware acceleration with some AMD drivers
* Improve direct3d11 HDR support
- Access:
* Improve Blu-ray support
- Audio output:
* Fix pass-through on Android-23
* Fix DirectSound drain
- Demux: Improve MP4 support
- Video Output:
* Fix 12 bits sources playback with Direct3D11
* Fix crash on iOS
* Fix midstream aspect-ratio changes when Windows hardware decoding is on
* Fix HLG display with Direct3D11
- Stream Output: Improve Chromecast support with new ChromeCast apps
- Misc:
* Update Youtube, Dailymotion, Vimeo, Soundcloud scripts
* Work around busy looping when playing an invalid item with loop enabled
- Updated translations.
Patchnames
openSUSE-2019-1840
Terms of use
CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).
{
"document": {
"aggregate_severity": {
"namespace": "https://www.suse.com/support/security/rating/",
"text": "important"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright 2024 SUSE LLC. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "Security update for vlc",
"title": "Title of the patch"
},
{
"category": "description",
"text": "This update for vlc to version 3.0.7.1 fixes the following issues:\n\nSecurity issues fixed:\n\t \n- CVE-2019-5439: Fixed a buffer overflow (bsc#1138354).\n- CVE-2019-5459: Fixed an integer underflow (bsc#1143549).\n- CVE-2019-5460: Fixed a double free (bsc#1143547).\n- CVE-2019-12874: Fixed a double free in zlib_decompress_extra in modules/demux/mkv/util.cpp (bsc#1138933).\n- CVE-2019-13602: Fixed an integer underflow in mp4 demuxer (boo#1141522).\n- CVE-2019-13962: Fixed a heap-based buffer over-read in avcodec (boo#1142161).\n\nNon-security issues fixed:\n\n- Video Output:\n * Fix hardware acceleration with some AMD drivers\n * Improve direct3d11 HDR support\n- Access:\n * Improve Blu-ray support\n- Audio output:\n * Fix pass-through on Android-23\n * Fix DirectSound drain\n- Demux: Improve MP4 support\n- Video Output:\n * Fix 12 bits sources playback with Direct3D11\n * Fix crash on iOS\n * Fix midstream aspect-ratio changes when Windows hardware decoding is on\n * Fix HLG display with Direct3D11\n- Stream Output: Improve Chromecast support with new ChromeCast apps\n- Misc:\n * Update Youtube, Dailymotion, Vimeo, Soundcloud scripts\n * Work around busy looping when playing an invalid item with loop enabled\n- Updated translations.\n",
"title": "Description of the patch"
},
{
"category": "details",
"text": "openSUSE-2019-1840",
"title": "Patchnames"
},
{
"category": "legal_disclaimer",
"text": "CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).",
"title": "Terms of use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://www.suse.com/support/security/contact/",
"name": "SUSE Product Security Team",
"namespace": "https://www.suse.com/"
},
"references": [
{
"category": "external",
"summary": "SUSE ratings",
"url": "https://www.suse.com/support/security/rating/"
},
{
"category": "self",
"summary": "URL of this CSAF notice",
"url": "https://ftp.suse.com/pub/projects/security/csaf/opensuse-su-2019_1840-1.json"
},
{
"category": "self",
"summary": "URL for openSUSE-SU-2019:1840-1",
"url": "https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/5PABXAYOSN5GAIPFDYI7SHBOU4CHBWYC/#5PABXAYOSN5GAIPFDYI7SHBOU4CHBWYC"
},
{
"category": "self",
"summary": "E-Mail link for openSUSE-SU-2019:1840-1",
"url": "https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/5PABXAYOSN5GAIPFDYI7SHBOU4CHBWYC/#5PABXAYOSN5GAIPFDYI7SHBOU4CHBWYC"
},
{
"category": "self",
"summary": "SUSE Bug 1118586",
"url": "https://bugzilla.suse.com/1118586"
},
{
"category": "self",
"summary": "SUSE Bug 1138354",
"url": "https://bugzilla.suse.com/1138354"
},
{
"category": "self",
"summary": "SUSE Bug 1138933",
"url": "https://bugzilla.suse.com/1138933"
},
{
"category": "self",
"summary": "SUSE Bug 1141522",
"url": "https://bugzilla.suse.com/1141522"
},
{
"category": "self",
"summary": "SUSE Bug 1142161",
"url": "https://bugzilla.suse.com/1142161"
},
{
"category": "self",
"summary": "SUSE Bug 1143547",
"url": "https://bugzilla.suse.com/1143547"
},
{
"category": "self",
"summary": "SUSE Bug 1143549",
"url": "https://bugzilla.suse.com/1143549"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2018-19857 page",
"url": "https://www.suse.com/security/cve/CVE-2018-19857/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2019-12874 page",
"url": "https://www.suse.com/security/cve/CVE-2019-12874/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2019-13602 page",
"url": "https://www.suse.com/security/cve/CVE-2019-13602/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2019-13962 page",
"url": "https://www.suse.com/security/cve/CVE-2019-13962/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2019-5439 page",
"url": "https://www.suse.com/security/cve/CVE-2019-5439/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2019-5459 page",
"url": "https://www.suse.com/security/cve/CVE-2019-5459/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2019-5460 page",
"url": "https://www.suse.com/security/cve/CVE-2019-5460/"
}
],
"title": "Security update for vlc",
"tracking": {
"current_release_date": "2019-08-08T15:58:05Z",
"generator": {
"date": "2019-08-08T15:58:05Z",
"engine": {
"name": "cve-database.git:bin/generate-csaf.pl",
"version": "1"
}
},
"id": "openSUSE-SU-2019:1840-1",
"initial_release_date": "2019-08-08T15:58:05Z",
"revision_history": [
{
"date": "2019-08-08T15:58:05Z",
"number": "1",
"summary": "Current version"
}
],
"status": "final",
"version": "1"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_version",
"name": "vlc-lang-3.0.7.1-lp151.6.3.1.noarch",
"product": {
"name": "vlc-lang-3.0.7.1-lp151.6.3.1.noarch",
"product_id": "vlc-lang-3.0.7.1-lp151.6.3.1.noarch"
}
}
],
"category": "architecture",
"name": "noarch"
},
{
"branches": [
{
"category": "product_version",
"name": "libvlc5-3.0.7.1-lp151.6.3.1.x86_64",
"product": {
"name": "libvlc5-3.0.7.1-lp151.6.3.1.x86_64",
"product_id": "libvlc5-3.0.7.1-lp151.6.3.1.x86_64"
}
},
{
"category": "product_version",
"name": "libvlccore9-3.0.7.1-lp151.6.3.1.x86_64",
"product": {
"name": "libvlccore9-3.0.7.1-lp151.6.3.1.x86_64",
"product_id": "libvlccore9-3.0.7.1-lp151.6.3.1.x86_64"
}
},
{
"category": "product_version",
"name": "vlc-3.0.7.1-lp151.6.3.1.x86_64",
"product": {
"name": "vlc-3.0.7.1-lp151.6.3.1.x86_64",
"product_id": "vlc-3.0.7.1-lp151.6.3.1.x86_64"
}
},
{
"category": "product_version",
"name": "vlc-codec-gstreamer-3.0.7.1-lp151.6.3.1.x86_64",
"product": {
"name": "vlc-codec-gstreamer-3.0.7.1-lp151.6.3.1.x86_64",
"product_id": "vlc-codec-gstreamer-3.0.7.1-lp151.6.3.1.x86_64"
}
},
{
"category": "product_version",
"name": "vlc-devel-3.0.7.1-lp151.6.3.1.x86_64",
"product": {
"name": "vlc-devel-3.0.7.1-lp151.6.3.1.x86_64",
"product_id": "vlc-devel-3.0.7.1-lp151.6.3.1.x86_64"
}
},
{
"category": "product_version",
"name": "vlc-jack-3.0.7.1-lp151.6.3.1.x86_64",
"product": {
"name": "vlc-jack-3.0.7.1-lp151.6.3.1.x86_64",
"product_id": "vlc-jack-3.0.7.1-lp151.6.3.1.x86_64"
}
},
{
"category": "product_version",
"name": "vlc-noX-3.0.7.1-lp151.6.3.1.x86_64",
"product": {
"name": "vlc-noX-3.0.7.1-lp151.6.3.1.x86_64",
"product_id": "vlc-noX-3.0.7.1-lp151.6.3.1.x86_64"
}
},
{
"category": "product_version",
"name": "vlc-qt-3.0.7.1-lp151.6.3.1.x86_64",
"product": {
"name": "vlc-qt-3.0.7.1-lp151.6.3.1.x86_64",
"product_id": "vlc-qt-3.0.7.1-lp151.6.3.1.x86_64"
}
},
{
"category": "product_version",
"name": "vlc-vdpau-3.0.7.1-lp151.6.3.1.x86_64",
"product": {
"name": "vlc-vdpau-3.0.7.1-lp151.6.3.1.x86_64",
"product_id": "vlc-vdpau-3.0.7.1-lp151.6.3.1.x86_64"
}
}
],
"category": "architecture",
"name": "x86_64"
},
{
"branches": [
{
"category": "product_name",
"name": "openSUSE Leap 15.1",
"product": {
"name": "openSUSE Leap 15.1",
"product_id": "openSUSE Leap 15.1",
"product_identification_helper": {
"cpe": "cpe:/o:opensuse:leap:15.1"
}
}
}
],
"category": "product_family",
"name": "SUSE Linux Enterprise"
}
],
"category": "vendor",
"name": "SUSE"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "libvlc5-3.0.7.1-lp151.6.3.1.x86_64 as component of openSUSE Leap 15.1",
"product_id": "openSUSE Leap 15.1:libvlc5-3.0.7.1-lp151.6.3.1.x86_64"
},
"product_reference": "libvlc5-3.0.7.1-lp151.6.3.1.x86_64",
"relates_to_product_reference": "openSUSE Leap 15.1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libvlccore9-3.0.7.1-lp151.6.3.1.x86_64 as component of openSUSE Leap 15.1",
"product_id": "openSUSE Leap 15.1:libvlccore9-3.0.7.1-lp151.6.3.1.x86_64"
},
"product_reference": "libvlccore9-3.0.7.1-lp151.6.3.1.x86_64",
"relates_to_product_reference": "openSUSE Leap 15.1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "vlc-3.0.7.1-lp151.6.3.1.x86_64 as component of openSUSE Leap 15.1",
"product_id": "openSUSE Leap 15.1:vlc-3.0.7.1-lp151.6.3.1.x86_64"
},
"product_reference": "vlc-3.0.7.1-lp151.6.3.1.x86_64",
"relates_to_product_reference": "openSUSE Leap 15.1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "vlc-codec-gstreamer-3.0.7.1-lp151.6.3.1.x86_64 as component of openSUSE Leap 15.1",
"product_id": "openSUSE Leap 15.1:vlc-codec-gstreamer-3.0.7.1-lp151.6.3.1.x86_64"
},
"product_reference": "vlc-codec-gstreamer-3.0.7.1-lp151.6.3.1.x86_64",
"relates_to_product_reference": "openSUSE Leap 15.1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "vlc-devel-3.0.7.1-lp151.6.3.1.x86_64 as component of openSUSE Leap 15.1",
"product_id": "openSUSE Leap 15.1:vlc-devel-3.0.7.1-lp151.6.3.1.x86_64"
},
"product_reference": "vlc-devel-3.0.7.1-lp151.6.3.1.x86_64",
"relates_to_product_reference": "openSUSE Leap 15.1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "vlc-jack-3.0.7.1-lp151.6.3.1.x86_64 as component of openSUSE Leap 15.1",
"product_id": "openSUSE Leap 15.1:vlc-jack-3.0.7.1-lp151.6.3.1.x86_64"
},
"product_reference": "vlc-jack-3.0.7.1-lp151.6.3.1.x86_64",
"relates_to_product_reference": "openSUSE Leap 15.1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "vlc-lang-3.0.7.1-lp151.6.3.1.noarch as component of openSUSE Leap 15.1",
"product_id": "openSUSE Leap 15.1:vlc-lang-3.0.7.1-lp151.6.3.1.noarch"
},
"product_reference": "vlc-lang-3.0.7.1-lp151.6.3.1.noarch",
"relates_to_product_reference": "openSUSE Leap 15.1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "vlc-noX-3.0.7.1-lp151.6.3.1.x86_64 as component of openSUSE Leap 15.1",
"product_id": "openSUSE Leap 15.1:vlc-noX-3.0.7.1-lp151.6.3.1.x86_64"
},
"product_reference": "vlc-noX-3.0.7.1-lp151.6.3.1.x86_64",
"relates_to_product_reference": "openSUSE Leap 15.1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "vlc-qt-3.0.7.1-lp151.6.3.1.x86_64 as component of openSUSE Leap 15.1",
"product_id": "openSUSE Leap 15.1:vlc-qt-3.0.7.1-lp151.6.3.1.x86_64"
},
"product_reference": "vlc-qt-3.0.7.1-lp151.6.3.1.x86_64",
"relates_to_product_reference": "openSUSE Leap 15.1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "vlc-vdpau-3.0.7.1-lp151.6.3.1.x86_64 as component of openSUSE Leap 15.1",
"product_id": "openSUSE Leap 15.1:vlc-vdpau-3.0.7.1-lp151.6.3.1.x86_64"
},
"product_reference": "vlc-vdpau-3.0.7.1-lp151.6.3.1.x86_64",
"relates_to_product_reference": "openSUSE Leap 15.1"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2018-19857",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2018-19857"
}
],
"notes": [
{
"category": "general",
"text": "The CAF demuxer in modules/demux/caf.c in VideoLAN VLC media player 3.0.4 may read memory from an uninitialized pointer when processing magic cookies in CAF files, because a ReadKukiChunk() cast converts a return value to an unsigned int even if that value is negative. This could result in a denial of service and/or a potential infoleak.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Leap 15.1:libvlc5-3.0.7.1-lp151.6.3.1.x86_64",
"openSUSE Leap 15.1:libvlccore9-3.0.7.1-lp151.6.3.1.x86_64",
"openSUSE Leap 15.1:vlc-3.0.7.1-lp151.6.3.1.x86_64",
"openSUSE Leap 15.1:vlc-codec-gstreamer-3.0.7.1-lp151.6.3.1.x86_64",
"openSUSE Leap 15.1:vlc-devel-3.0.7.1-lp151.6.3.1.x86_64",
"openSUSE Leap 15.1:vlc-jack-3.0.7.1-lp151.6.3.1.x86_64",
"openSUSE Leap 15.1:vlc-lang-3.0.7.1-lp151.6.3.1.noarch",
"openSUSE Leap 15.1:vlc-noX-3.0.7.1-lp151.6.3.1.x86_64",
"openSUSE Leap 15.1:vlc-qt-3.0.7.1-lp151.6.3.1.x86_64",
"openSUSE Leap 15.1:vlc-vdpau-3.0.7.1-lp151.6.3.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2018-19857",
"url": "https://www.suse.com/security/cve/CVE-2018-19857"
},
{
"category": "external",
"summary": "SUSE Bug 1118586 for CVE-2018-19857",
"url": "https://bugzilla.suse.com/1118586"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Leap 15.1:libvlc5-3.0.7.1-lp151.6.3.1.x86_64",
"openSUSE Leap 15.1:libvlccore9-3.0.7.1-lp151.6.3.1.x86_64",
"openSUSE Leap 15.1:vlc-3.0.7.1-lp151.6.3.1.x86_64",
"openSUSE Leap 15.1:vlc-codec-gstreamer-3.0.7.1-lp151.6.3.1.x86_64",
"openSUSE Leap 15.1:vlc-devel-3.0.7.1-lp151.6.3.1.x86_64",
"openSUSE Leap 15.1:vlc-jack-3.0.7.1-lp151.6.3.1.x86_64",
"openSUSE Leap 15.1:vlc-lang-3.0.7.1-lp151.6.3.1.noarch",
"openSUSE Leap 15.1:vlc-noX-3.0.7.1-lp151.6.3.1.x86_64",
"openSUSE Leap 15.1:vlc-qt-3.0.7.1-lp151.6.3.1.x86_64",
"openSUSE Leap 15.1:vlc-vdpau-3.0.7.1-lp151.6.3.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 9.1,
"baseSeverity": "CRITICAL",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H",
"version": "3.0"
},
"products": [
"openSUSE Leap 15.1:libvlc5-3.0.7.1-lp151.6.3.1.x86_64",
"openSUSE Leap 15.1:libvlccore9-3.0.7.1-lp151.6.3.1.x86_64",
"openSUSE Leap 15.1:vlc-3.0.7.1-lp151.6.3.1.x86_64",
"openSUSE Leap 15.1:vlc-codec-gstreamer-3.0.7.1-lp151.6.3.1.x86_64",
"openSUSE Leap 15.1:vlc-devel-3.0.7.1-lp151.6.3.1.x86_64",
"openSUSE Leap 15.1:vlc-jack-3.0.7.1-lp151.6.3.1.x86_64",
"openSUSE Leap 15.1:vlc-lang-3.0.7.1-lp151.6.3.1.noarch",
"openSUSE Leap 15.1:vlc-noX-3.0.7.1-lp151.6.3.1.x86_64",
"openSUSE Leap 15.1:vlc-qt-3.0.7.1-lp151.6.3.1.x86_64",
"openSUSE Leap 15.1:vlc-vdpau-3.0.7.1-lp151.6.3.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2019-08-08T15:58:05Z",
"details": "moderate"
}
],
"title": "CVE-2018-19857"
},
{
"cve": "CVE-2019-12874",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2019-12874"
}
],
"notes": [
{
"category": "general",
"text": "An issue was discovered in zlib_decompress_extra in modules/demux/mkv/util.cpp in VideoLAN VLC media player 3.x through 3.0.7. The Matroska demuxer, while parsing a malformed MKV file type, has a double free.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Leap 15.1:libvlc5-3.0.7.1-lp151.6.3.1.x86_64",
"openSUSE Leap 15.1:libvlccore9-3.0.7.1-lp151.6.3.1.x86_64",
"openSUSE Leap 15.1:vlc-3.0.7.1-lp151.6.3.1.x86_64",
"openSUSE Leap 15.1:vlc-codec-gstreamer-3.0.7.1-lp151.6.3.1.x86_64",
"openSUSE Leap 15.1:vlc-devel-3.0.7.1-lp151.6.3.1.x86_64",
"openSUSE Leap 15.1:vlc-jack-3.0.7.1-lp151.6.3.1.x86_64",
"openSUSE Leap 15.1:vlc-lang-3.0.7.1-lp151.6.3.1.noarch",
"openSUSE Leap 15.1:vlc-noX-3.0.7.1-lp151.6.3.1.x86_64",
"openSUSE Leap 15.1:vlc-qt-3.0.7.1-lp151.6.3.1.x86_64",
"openSUSE Leap 15.1:vlc-vdpau-3.0.7.1-lp151.6.3.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2019-12874",
"url": "https://www.suse.com/security/cve/CVE-2019-12874"
},
{
"category": "external",
"summary": "SUSE Bug 1138933 for CVE-2019-12874",
"url": "https://bugzilla.suse.com/1138933"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Leap 15.1:libvlc5-3.0.7.1-lp151.6.3.1.x86_64",
"openSUSE Leap 15.1:libvlccore9-3.0.7.1-lp151.6.3.1.x86_64",
"openSUSE Leap 15.1:vlc-3.0.7.1-lp151.6.3.1.x86_64",
"openSUSE Leap 15.1:vlc-codec-gstreamer-3.0.7.1-lp151.6.3.1.x86_64",
"openSUSE Leap 15.1:vlc-devel-3.0.7.1-lp151.6.3.1.x86_64",
"openSUSE Leap 15.1:vlc-jack-3.0.7.1-lp151.6.3.1.x86_64",
"openSUSE Leap 15.1:vlc-lang-3.0.7.1-lp151.6.3.1.noarch",
"openSUSE Leap 15.1:vlc-noX-3.0.7.1-lp151.6.3.1.x86_64",
"openSUSE Leap 15.1:vlc-qt-3.0.7.1-lp151.6.3.1.x86_64",
"openSUSE Leap 15.1:vlc-vdpau-3.0.7.1-lp151.6.3.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
},
"products": [
"openSUSE Leap 15.1:libvlc5-3.0.7.1-lp151.6.3.1.x86_64",
"openSUSE Leap 15.1:libvlccore9-3.0.7.1-lp151.6.3.1.x86_64",
"openSUSE Leap 15.1:vlc-3.0.7.1-lp151.6.3.1.x86_64",
"openSUSE Leap 15.1:vlc-codec-gstreamer-3.0.7.1-lp151.6.3.1.x86_64",
"openSUSE Leap 15.1:vlc-devel-3.0.7.1-lp151.6.3.1.x86_64",
"openSUSE Leap 15.1:vlc-jack-3.0.7.1-lp151.6.3.1.x86_64",
"openSUSE Leap 15.1:vlc-lang-3.0.7.1-lp151.6.3.1.noarch",
"openSUSE Leap 15.1:vlc-noX-3.0.7.1-lp151.6.3.1.x86_64",
"openSUSE Leap 15.1:vlc-qt-3.0.7.1-lp151.6.3.1.x86_64",
"openSUSE Leap 15.1:vlc-vdpau-3.0.7.1-lp151.6.3.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2019-08-08T15:58:05Z",
"details": "important"
}
],
"title": "CVE-2019-12874"
},
{
"cve": "CVE-2019-13602",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2019-13602"
}
],
"notes": [
{
"category": "general",
"text": "An Integer Underflow in MP4_EIA608_Convert() in modules/demux/mp4/mp4.c in VideoLAN VLC media player through 3.0.7.1 allows remote attackers to cause a denial of service (heap-based buffer overflow and crash) or possibly have unspecified other impact via a crafted .mp4 file.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Leap 15.1:libvlc5-3.0.7.1-lp151.6.3.1.x86_64",
"openSUSE Leap 15.1:libvlccore9-3.0.7.1-lp151.6.3.1.x86_64",
"openSUSE Leap 15.1:vlc-3.0.7.1-lp151.6.3.1.x86_64",
"openSUSE Leap 15.1:vlc-codec-gstreamer-3.0.7.1-lp151.6.3.1.x86_64",
"openSUSE Leap 15.1:vlc-devel-3.0.7.1-lp151.6.3.1.x86_64",
"openSUSE Leap 15.1:vlc-jack-3.0.7.1-lp151.6.3.1.x86_64",
"openSUSE Leap 15.1:vlc-lang-3.0.7.1-lp151.6.3.1.noarch",
"openSUSE Leap 15.1:vlc-noX-3.0.7.1-lp151.6.3.1.x86_64",
"openSUSE Leap 15.1:vlc-qt-3.0.7.1-lp151.6.3.1.x86_64",
"openSUSE Leap 15.1:vlc-vdpau-3.0.7.1-lp151.6.3.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2019-13602",
"url": "https://www.suse.com/security/cve/CVE-2019-13602"
},
{
"category": "external",
"summary": "SUSE Bug 1141522 for CVE-2019-13602",
"url": "https://bugzilla.suse.com/1141522"
},
{
"category": "external",
"summary": "SUSE Bug 1146428 for CVE-2019-13602",
"url": "https://bugzilla.suse.com/1146428"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Leap 15.1:libvlc5-3.0.7.1-lp151.6.3.1.x86_64",
"openSUSE Leap 15.1:libvlccore9-3.0.7.1-lp151.6.3.1.x86_64",
"openSUSE Leap 15.1:vlc-3.0.7.1-lp151.6.3.1.x86_64",
"openSUSE Leap 15.1:vlc-codec-gstreamer-3.0.7.1-lp151.6.3.1.x86_64",
"openSUSE Leap 15.1:vlc-devel-3.0.7.1-lp151.6.3.1.x86_64",
"openSUSE Leap 15.1:vlc-jack-3.0.7.1-lp151.6.3.1.x86_64",
"openSUSE Leap 15.1:vlc-lang-3.0.7.1-lp151.6.3.1.noarch",
"openSUSE Leap 15.1:vlc-noX-3.0.7.1-lp151.6.3.1.x86_64",
"openSUSE Leap 15.1:vlc-qt-3.0.7.1-lp151.6.3.1.x86_64",
"openSUSE Leap 15.1:vlc-vdpau-3.0.7.1-lp151.6.3.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.0"
},
"products": [
"openSUSE Leap 15.1:libvlc5-3.0.7.1-lp151.6.3.1.x86_64",
"openSUSE Leap 15.1:libvlccore9-3.0.7.1-lp151.6.3.1.x86_64",
"openSUSE Leap 15.1:vlc-3.0.7.1-lp151.6.3.1.x86_64",
"openSUSE Leap 15.1:vlc-codec-gstreamer-3.0.7.1-lp151.6.3.1.x86_64",
"openSUSE Leap 15.1:vlc-devel-3.0.7.1-lp151.6.3.1.x86_64",
"openSUSE Leap 15.1:vlc-jack-3.0.7.1-lp151.6.3.1.x86_64",
"openSUSE Leap 15.1:vlc-lang-3.0.7.1-lp151.6.3.1.noarch",
"openSUSE Leap 15.1:vlc-noX-3.0.7.1-lp151.6.3.1.x86_64",
"openSUSE Leap 15.1:vlc-qt-3.0.7.1-lp151.6.3.1.x86_64",
"openSUSE Leap 15.1:vlc-vdpau-3.0.7.1-lp151.6.3.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2019-08-08T15:58:05Z",
"details": "important"
}
],
"title": "CVE-2019-13602"
},
{
"cve": "CVE-2019-13962",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2019-13962"
}
],
"notes": [
{
"category": "general",
"text": "lavc_CopyPicture in modules/codec/avcodec/video.c in VideoLAN VLC media player through 3.0.7 has a heap-based buffer over-read because it does not properly validate the width and height.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Leap 15.1:libvlc5-3.0.7.1-lp151.6.3.1.x86_64",
"openSUSE Leap 15.1:libvlccore9-3.0.7.1-lp151.6.3.1.x86_64",
"openSUSE Leap 15.1:vlc-3.0.7.1-lp151.6.3.1.x86_64",
"openSUSE Leap 15.1:vlc-codec-gstreamer-3.0.7.1-lp151.6.3.1.x86_64",
"openSUSE Leap 15.1:vlc-devel-3.0.7.1-lp151.6.3.1.x86_64",
"openSUSE Leap 15.1:vlc-jack-3.0.7.1-lp151.6.3.1.x86_64",
"openSUSE Leap 15.1:vlc-lang-3.0.7.1-lp151.6.3.1.noarch",
"openSUSE Leap 15.1:vlc-noX-3.0.7.1-lp151.6.3.1.x86_64",
"openSUSE Leap 15.1:vlc-qt-3.0.7.1-lp151.6.3.1.x86_64",
"openSUSE Leap 15.1:vlc-vdpau-3.0.7.1-lp151.6.3.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2019-13962",
"url": "https://www.suse.com/security/cve/CVE-2019-13962"
},
{
"category": "external",
"summary": "SUSE Bug 1142161 for CVE-2019-13962",
"url": "https://bugzilla.suse.com/1142161"
},
{
"category": "external",
"summary": "SUSE Bug 1146428 for CVE-2019-13962",
"url": "https://bugzilla.suse.com/1146428"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Leap 15.1:libvlc5-3.0.7.1-lp151.6.3.1.x86_64",
"openSUSE Leap 15.1:libvlccore9-3.0.7.1-lp151.6.3.1.x86_64",
"openSUSE Leap 15.1:vlc-3.0.7.1-lp151.6.3.1.x86_64",
"openSUSE Leap 15.1:vlc-codec-gstreamer-3.0.7.1-lp151.6.3.1.x86_64",
"openSUSE Leap 15.1:vlc-devel-3.0.7.1-lp151.6.3.1.x86_64",
"openSUSE Leap 15.1:vlc-jack-3.0.7.1-lp151.6.3.1.x86_64",
"openSUSE Leap 15.1:vlc-lang-3.0.7.1-lp151.6.3.1.noarch",
"openSUSE Leap 15.1:vlc-noX-3.0.7.1-lp151.6.3.1.x86_64",
"openSUSE Leap 15.1:vlc-qt-3.0.7.1-lp151.6.3.1.x86_64",
"openSUSE Leap 15.1:vlc-vdpau-3.0.7.1-lp151.6.3.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"openSUSE Leap 15.1:libvlc5-3.0.7.1-lp151.6.3.1.x86_64",
"openSUSE Leap 15.1:libvlccore9-3.0.7.1-lp151.6.3.1.x86_64",
"openSUSE Leap 15.1:vlc-3.0.7.1-lp151.6.3.1.x86_64",
"openSUSE Leap 15.1:vlc-codec-gstreamer-3.0.7.1-lp151.6.3.1.x86_64",
"openSUSE Leap 15.1:vlc-devel-3.0.7.1-lp151.6.3.1.x86_64",
"openSUSE Leap 15.1:vlc-jack-3.0.7.1-lp151.6.3.1.x86_64",
"openSUSE Leap 15.1:vlc-lang-3.0.7.1-lp151.6.3.1.noarch",
"openSUSE Leap 15.1:vlc-noX-3.0.7.1-lp151.6.3.1.x86_64",
"openSUSE Leap 15.1:vlc-qt-3.0.7.1-lp151.6.3.1.x86_64",
"openSUSE Leap 15.1:vlc-vdpau-3.0.7.1-lp151.6.3.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2019-08-08T15:58:05Z",
"details": "critical"
}
],
"title": "CVE-2019-13962"
},
{
"cve": "CVE-2019-5439",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2019-5439"
}
],
"notes": [
{
"category": "general",
"text": "A Buffer Overflow in VLC Media Player \u003c 3.0.7 causes a crash which can possibly be further developed into a remote code execution exploit.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Leap 15.1:libvlc5-3.0.7.1-lp151.6.3.1.x86_64",
"openSUSE Leap 15.1:libvlccore9-3.0.7.1-lp151.6.3.1.x86_64",
"openSUSE Leap 15.1:vlc-3.0.7.1-lp151.6.3.1.x86_64",
"openSUSE Leap 15.1:vlc-codec-gstreamer-3.0.7.1-lp151.6.3.1.x86_64",
"openSUSE Leap 15.1:vlc-devel-3.0.7.1-lp151.6.3.1.x86_64",
"openSUSE Leap 15.1:vlc-jack-3.0.7.1-lp151.6.3.1.x86_64",
"openSUSE Leap 15.1:vlc-lang-3.0.7.1-lp151.6.3.1.noarch",
"openSUSE Leap 15.1:vlc-noX-3.0.7.1-lp151.6.3.1.x86_64",
"openSUSE Leap 15.1:vlc-qt-3.0.7.1-lp151.6.3.1.x86_64",
"openSUSE Leap 15.1:vlc-vdpau-3.0.7.1-lp151.6.3.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2019-5439",
"url": "https://www.suse.com/security/cve/CVE-2019-5439"
},
{
"category": "external",
"summary": "SUSE Bug 1138354 for CVE-2019-5439",
"url": "https://bugzilla.suse.com/1138354"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Leap 15.1:libvlc5-3.0.7.1-lp151.6.3.1.x86_64",
"openSUSE Leap 15.1:libvlccore9-3.0.7.1-lp151.6.3.1.x86_64",
"openSUSE Leap 15.1:vlc-3.0.7.1-lp151.6.3.1.x86_64",
"openSUSE Leap 15.1:vlc-codec-gstreamer-3.0.7.1-lp151.6.3.1.x86_64",
"openSUSE Leap 15.1:vlc-devel-3.0.7.1-lp151.6.3.1.x86_64",
"openSUSE Leap 15.1:vlc-jack-3.0.7.1-lp151.6.3.1.x86_64",
"openSUSE Leap 15.1:vlc-lang-3.0.7.1-lp151.6.3.1.noarch",
"openSUSE Leap 15.1:vlc-noX-3.0.7.1-lp151.6.3.1.x86_64",
"openSUSE Leap 15.1:vlc-qt-3.0.7.1-lp151.6.3.1.x86_64",
"openSUSE Leap 15.1:vlc-vdpau-3.0.7.1-lp151.6.3.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
"version": "3.0"
},
"products": [
"openSUSE Leap 15.1:libvlc5-3.0.7.1-lp151.6.3.1.x86_64",
"openSUSE Leap 15.1:libvlccore9-3.0.7.1-lp151.6.3.1.x86_64",
"openSUSE Leap 15.1:vlc-3.0.7.1-lp151.6.3.1.x86_64",
"openSUSE Leap 15.1:vlc-codec-gstreamer-3.0.7.1-lp151.6.3.1.x86_64",
"openSUSE Leap 15.1:vlc-devel-3.0.7.1-lp151.6.3.1.x86_64",
"openSUSE Leap 15.1:vlc-jack-3.0.7.1-lp151.6.3.1.x86_64",
"openSUSE Leap 15.1:vlc-lang-3.0.7.1-lp151.6.3.1.noarch",
"openSUSE Leap 15.1:vlc-noX-3.0.7.1-lp151.6.3.1.x86_64",
"openSUSE Leap 15.1:vlc-qt-3.0.7.1-lp151.6.3.1.x86_64",
"openSUSE Leap 15.1:vlc-vdpau-3.0.7.1-lp151.6.3.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2019-08-08T15:58:05Z",
"details": "moderate"
}
],
"title": "CVE-2019-5439"
},
{
"cve": "CVE-2019-5459",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2019-5459"
}
],
"notes": [
{
"category": "general",
"text": "An Integer underflow in VLC Media Player versions \u003c 3.0.7 leads to an out-of-band read.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Leap 15.1:libvlc5-3.0.7.1-lp151.6.3.1.x86_64",
"openSUSE Leap 15.1:libvlccore9-3.0.7.1-lp151.6.3.1.x86_64",
"openSUSE Leap 15.1:vlc-3.0.7.1-lp151.6.3.1.x86_64",
"openSUSE Leap 15.1:vlc-codec-gstreamer-3.0.7.1-lp151.6.3.1.x86_64",
"openSUSE Leap 15.1:vlc-devel-3.0.7.1-lp151.6.3.1.x86_64",
"openSUSE Leap 15.1:vlc-jack-3.0.7.1-lp151.6.3.1.x86_64",
"openSUSE Leap 15.1:vlc-lang-3.0.7.1-lp151.6.3.1.noarch",
"openSUSE Leap 15.1:vlc-noX-3.0.7.1-lp151.6.3.1.x86_64",
"openSUSE Leap 15.1:vlc-qt-3.0.7.1-lp151.6.3.1.x86_64",
"openSUSE Leap 15.1:vlc-vdpau-3.0.7.1-lp151.6.3.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2019-5459",
"url": "https://www.suse.com/security/cve/CVE-2019-5459"
},
{
"category": "external",
"summary": "SUSE Bug 1143549 for CVE-2019-5459",
"url": "https://bugzilla.suse.com/1143549"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Leap 15.1:libvlc5-3.0.7.1-lp151.6.3.1.x86_64",
"openSUSE Leap 15.1:libvlccore9-3.0.7.1-lp151.6.3.1.x86_64",
"openSUSE Leap 15.1:vlc-3.0.7.1-lp151.6.3.1.x86_64",
"openSUSE Leap 15.1:vlc-codec-gstreamer-3.0.7.1-lp151.6.3.1.x86_64",
"openSUSE Leap 15.1:vlc-devel-3.0.7.1-lp151.6.3.1.x86_64",
"openSUSE Leap 15.1:vlc-jack-3.0.7.1-lp151.6.3.1.x86_64",
"openSUSE Leap 15.1:vlc-lang-3.0.7.1-lp151.6.3.1.noarch",
"openSUSE Leap 15.1:vlc-noX-3.0.7.1-lp151.6.3.1.x86_64",
"openSUSE Leap 15.1:vlc-qt-3.0.7.1-lp151.6.3.1.x86_64",
"openSUSE Leap 15.1:vlc-vdpau-3.0.7.1-lp151.6.3.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.1,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:H",
"version": "3.1"
},
"products": [
"openSUSE Leap 15.1:libvlc5-3.0.7.1-lp151.6.3.1.x86_64",
"openSUSE Leap 15.1:libvlccore9-3.0.7.1-lp151.6.3.1.x86_64",
"openSUSE Leap 15.1:vlc-3.0.7.1-lp151.6.3.1.x86_64",
"openSUSE Leap 15.1:vlc-codec-gstreamer-3.0.7.1-lp151.6.3.1.x86_64",
"openSUSE Leap 15.1:vlc-devel-3.0.7.1-lp151.6.3.1.x86_64",
"openSUSE Leap 15.1:vlc-jack-3.0.7.1-lp151.6.3.1.x86_64",
"openSUSE Leap 15.1:vlc-lang-3.0.7.1-lp151.6.3.1.noarch",
"openSUSE Leap 15.1:vlc-noX-3.0.7.1-lp151.6.3.1.x86_64",
"openSUSE Leap 15.1:vlc-qt-3.0.7.1-lp151.6.3.1.x86_64",
"openSUSE Leap 15.1:vlc-vdpau-3.0.7.1-lp151.6.3.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2019-08-08T15:58:05Z",
"details": "moderate"
}
],
"title": "CVE-2019-5459"
},
{
"cve": "CVE-2019-5460",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2019-5460"
}
],
"notes": [
{
"category": "general",
"text": "Double Free in VLC versions \u003c= 3.0.6 leads to a crash.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Leap 15.1:libvlc5-3.0.7.1-lp151.6.3.1.x86_64",
"openSUSE Leap 15.1:libvlccore9-3.0.7.1-lp151.6.3.1.x86_64",
"openSUSE Leap 15.1:vlc-3.0.7.1-lp151.6.3.1.x86_64",
"openSUSE Leap 15.1:vlc-codec-gstreamer-3.0.7.1-lp151.6.3.1.x86_64",
"openSUSE Leap 15.1:vlc-devel-3.0.7.1-lp151.6.3.1.x86_64",
"openSUSE Leap 15.1:vlc-jack-3.0.7.1-lp151.6.3.1.x86_64",
"openSUSE Leap 15.1:vlc-lang-3.0.7.1-lp151.6.3.1.noarch",
"openSUSE Leap 15.1:vlc-noX-3.0.7.1-lp151.6.3.1.x86_64",
"openSUSE Leap 15.1:vlc-qt-3.0.7.1-lp151.6.3.1.x86_64",
"openSUSE Leap 15.1:vlc-vdpau-3.0.7.1-lp151.6.3.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2019-5460",
"url": "https://www.suse.com/security/cve/CVE-2019-5460"
},
{
"category": "external",
"summary": "SUSE Bug 1143547 for CVE-2019-5460",
"url": "https://bugzilla.suse.com/1143547"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Leap 15.1:libvlc5-3.0.7.1-lp151.6.3.1.x86_64",
"openSUSE Leap 15.1:libvlccore9-3.0.7.1-lp151.6.3.1.x86_64",
"openSUSE Leap 15.1:vlc-3.0.7.1-lp151.6.3.1.x86_64",
"openSUSE Leap 15.1:vlc-codec-gstreamer-3.0.7.1-lp151.6.3.1.x86_64",
"openSUSE Leap 15.1:vlc-devel-3.0.7.1-lp151.6.3.1.x86_64",
"openSUSE Leap 15.1:vlc-jack-3.0.7.1-lp151.6.3.1.x86_64",
"openSUSE Leap 15.1:vlc-lang-3.0.7.1-lp151.6.3.1.noarch",
"openSUSE Leap 15.1:vlc-noX-3.0.7.1-lp151.6.3.1.x86_64",
"openSUSE Leap 15.1:vlc-qt-3.0.7.1-lp151.6.3.1.x86_64",
"openSUSE Leap 15.1:vlc-vdpau-3.0.7.1-lp151.6.3.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"openSUSE Leap 15.1:libvlc5-3.0.7.1-lp151.6.3.1.x86_64",
"openSUSE Leap 15.1:libvlccore9-3.0.7.1-lp151.6.3.1.x86_64",
"openSUSE Leap 15.1:vlc-3.0.7.1-lp151.6.3.1.x86_64",
"openSUSE Leap 15.1:vlc-codec-gstreamer-3.0.7.1-lp151.6.3.1.x86_64",
"openSUSE Leap 15.1:vlc-devel-3.0.7.1-lp151.6.3.1.x86_64",
"openSUSE Leap 15.1:vlc-jack-3.0.7.1-lp151.6.3.1.x86_64",
"openSUSE Leap 15.1:vlc-lang-3.0.7.1-lp151.6.3.1.noarch",
"openSUSE Leap 15.1:vlc-noX-3.0.7.1-lp151.6.3.1.x86_64",
"openSUSE Leap 15.1:vlc-qt-3.0.7.1-lp151.6.3.1.x86_64",
"openSUSE Leap 15.1:vlc-vdpau-3.0.7.1-lp151.6.3.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2019-08-08T15:58:05Z",
"details": "moderate"
}
],
"title": "CVE-2019-5460"
}
]
}
gsd-2019-5439
Vulnerability from gsd
Modified
2023-12-13 01:23
Details
A Buffer Overflow in VLC Media Player < 3.0.7 causes a crash which can possibly be further developed into a remote code execution exploit.
Aliases
Aliases
{
"GSD": {
"alias": "CVE-2019-5439",
"description": "A Buffer Overflow in VLC Media Player \u003c 3.0.7 causes a crash which can possibly be further developed into a remote code execution exploit.",
"id": "GSD-2019-5439",
"references": [
"https://www.suse.com/security/cve/CVE-2019-5439.html",
"https://ubuntu.com/security/CVE-2019-5439",
"https://security.archlinux.org/CVE-2019-5439"
]
},
"gsd": {
"metadata": {
"exploitCode": "unknown",
"remediation": "unknown",
"reportConfidence": "confirmed",
"type": "vulnerability"
},
"osvSchema": {
"aliases": [
"CVE-2019-5439"
],
"details": "A Buffer Overflow in VLC Media Player \u003c 3.0.7 causes a crash which can possibly be further developed into a remote code execution exploit.",
"id": "GSD-2019-5439",
"modified": "2023-12-13T01:23:56.327057Z",
"schema_version": "1.4.0"
}
},
"namespaces": {
"cve.org": {
"CVE_data_meta": {
"ASSIGNER": "support@hackerone.com",
"ID": "CVE-2019-5439",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "VLC Media Player",
"version": {
"version_data": [
{
"version_value": "Fixed in 3.0.7"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "A Buffer Overflow in VLC Media Player \u003c 3.0.7 causes a crash which can possibly be further developed into a remote code execution exploit."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Classic Buffer Overflow (CWE-120)"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://hackerone.com/reports/484398",
"refsource": "MISC",
"url": "https://hackerone.com/reports/484398"
},
{
"name": "108769",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/108769"
},
{
"name": "USN-4074-1",
"refsource": "UBUNTU",
"url": "https://usn.ubuntu.com/4074-1/"
},
{
"name": "openSUSE-SU-2019:1840",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2019-08/msg00005.html"
},
{
"name": "openSUSE-SU-2019:1909",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2019-08/msg00040.html"
},
{
"name": "openSUSE-SU-2019:1897",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2019-08/msg00037.html"
},
{
"name": "GLSA-201908-23",
"refsource": "GENTOO",
"url": "https://security.gentoo.org/glsa/201908-23"
},
{
"name": "openSUSE-SU-2019:2015",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2019-08/msg00081.html"
}
]
}
},
"nvd.nist.gov": {
"configurations": {
"CVE_data_version": "4.0",
"nodes": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:a:videolan:vlc_media_player:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndExcluding": "3.0.7",
"vulnerable": true
}
],
"operator": "OR"
}
]
},
"cve": {
"CVE_data_meta": {
"ASSIGNER": "cve-assignments@hackerone.com",
"ID": "CVE-2019-5439"
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "en",
"value": "A Buffer Overflow in VLC Media Player \u003c 3.0.7 causes a crash which can possibly be further developed into a remote code execution exploit."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "en",
"value": "CWE-119"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://hackerone.com/reports/484398",
"refsource": "MISC",
"tags": [
"Third Party Advisory"
],
"url": "https://hackerone.com/reports/484398"
},
{
"name": "108769",
"refsource": "BID",
"tags": [],
"url": "http://www.securityfocus.com/bid/108769"
},
{
"name": "USN-4074-1",
"refsource": "UBUNTU",
"tags": [],
"url": "https://usn.ubuntu.com/4074-1/"
},
{
"name": "openSUSE-SU-2019:1840",
"refsource": "SUSE",
"tags": [],
"url": "http://lists.opensuse.org/opensuse-security-announce/2019-08/msg00005.html"
},
{
"name": "openSUSE-SU-2019:1909",
"refsource": "SUSE",
"tags": [],
"url": "http://lists.opensuse.org/opensuse-security-announce/2019-08/msg00040.html"
},
{
"name": "openSUSE-SU-2019:1897",
"refsource": "SUSE",
"tags": [],
"url": "http://lists.opensuse.org/opensuse-security-announce/2019-08/msg00037.html"
},
{
"name": "GLSA-201908-23",
"refsource": "GENTOO",
"tags": [],
"url": "https://security.gentoo.org/glsa/201908-23"
},
{
"name": "openSUSE-SU-2019:2015",
"refsource": "SUSE",
"tags": [],
"url": "http://lists.opensuse.org/opensuse-security-announce/2019-08/msg00081.html"
}
]
}
},
"impact": {
"baseMetricV2": {
"acInsufInfo": false,
"cvssV2": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 4.3,
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:M/Au:N/C:N/I:N/A:P",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"severity": "MEDIUM",
"userInteractionRequired": true
},
"baseMetricV3": {
"cvssV3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
"version": "3.0"
},
"exploitabilityScore": 2.8,
"impactScore": 3.6
}
},
"lastModifiedDate": "2019-06-17T08:29Z",
"publishedDate": "2019-06-13T16:29Z"
}
}
}
fkie_cve-2019-5439
Vulnerability from fkie_nvd
Published
2019-06-13 16:29
Modified
2024-11-21 04:44
Severity ?
Summary
A Buffer Overflow in VLC Media Player < 3.0.7 causes a crash which can possibly be further developed into a remote code execution exploit.
References
| ▶ | URL | Tags | |
|---|---|---|---|
| support@hackerone.com | http://lists.opensuse.org/opensuse-security-announce/2019-08/msg00005.html | ||
| support@hackerone.com | http://lists.opensuse.org/opensuse-security-announce/2019-08/msg00037.html | ||
| support@hackerone.com | http://lists.opensuse.org/opensuse-security-announce/2019-08/msg00040.html | ||
| support@hackerone.com | http://lists.opensuse.org/opensuse-security-announce/2019-08/msg00081.html | ||
| support@hackerone.com | http://www.securityfocus.com/bid/108769 | ||
| support@hackerone.com | https://hackerone.com/reports/484398 | Third Party Advisory | |
| support@hackerone.com | https://security.gentoo.org/glsa/201908-23 | ||
| support@hackerone.com | https://usn.ubuntu.com/4074-1/ | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://lists.opensuse.org/opensuse-security-announce/2019-08/msg00005.html | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://lists.opensuse.org/opensuse-security-announce/2019-08/msg00037.html | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://lists.opensuse.org/opensuse-security-announce/2019-08/msg00040.html | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://lists.opensuse.org/opensuse-security-announce/2019-08/msg00081.html | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://www.securityfocus.com/bid/108769 | ||
| af854a3a-2127-422b-91ae-364da2661108 | https://hackerone.com/reports/484398 | Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://security.gentoo.org/glsa/201908-23 | ||
| af854a3a-2127-422b-91ae-364da2661108 | https://usn.ubuntu.com/4074-1/ |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| videolan | vlc_media_player | * |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:videolan:vlc_media_player:*:*:*:*:*:*:*:*",
"matchCriteriaId": "288A8608-A671-415D-9BEC-C85098C8C51B",
"versionEndExcluding": "3.0.7",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "A Buffer Overflow in VLC Media Player \u003c 3.0.7 causes a crash which can possibly be further developed into a remote code execution exploit."
},
{
"lang": "es",
"value": "Una desbordamiento en el buffer en VLC Media Player Player \u003c 3.0.7 causa un bloqueo el cual, puede ser posiblemente m\u00e1s desarrollado hacia una explotaci\u00f3n en la ejecuci\u00f3n del c\u00f3digo remoto"
}
],
"id": "CVE-2019-5439",
"lastModified": "2024-11-21T04:44:56.310",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 4.3,
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:M/Au:N/C:N/I:N/A:P",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
"version": "3.0"
},
"exploitabilityScore": 2.8,
"impactScore": 3.6,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2019-06-13T16:29:01.733",
"references": [
{
"source": "support@hackerone.com",
"url": "http://lists.opensuse.org/opensuse-security-announce/2019-08/msg00005.html"
},
{
"source": "support@hackerone.com",
"url": "http://lists.opensuse.org/opensuse-security-announce/2019-08/msg00037.html"
},
{
"source": "support@hackerone.com",
"url": "http://lists.opensuse.org/opensuse-security-announce/2019-08/msg00040.html"
},
{
"source": "support@hackerone.com",
"url": "http://lists.opensuse.org/opensuse-security-announce/2019-08/msg00081.html"
},
{
"source": "support@hackerone.com",
"url": "http://www.securityfocus.com/bid/108769"
},
{
"source": "support@hackerone.com",
"tags": [
"Third Party Advisory"
],
"url": "https://hackerone.com/reports/484398"
},
{
"source": "support@hackerone.com",
"url": "https://security.gentoo.org/glsa/201908-23"
},
{
"source": "support@hackerone.com",
"url": "https://usn.ubuntu.com/4074-1/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://lists.opensuse.org/opensuse-security-announce/2019-08/msg00005.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://lists.opensuse.org/opensuse-security-announce/2019-08/msg00037.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://lists.opensuse.org/opensuse-security-announce/2019-08/msg00040.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://lists.opensuse.org/opensuse-security-announce/2019-08/msg00081.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/bid/108769"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://hackerone.com/reports/484398"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://security.gentoo.org/glsa/201908-23"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://usn.ubuntu.com/4074-1/"
}
],
"sourceIdentifier": "support@hackerone.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-120"
}
],
"source": "support@hackerone.com",
"type": "Secondary"
},
{
"description": [
{
"lang": "en",
"value": "CWE-119"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
ghsa-r9hw-7j54-8fpw
Vulnerability from github
Published
2022-05-24 16:48
Modified
2024-04-04 00:57
Severity ?
VLAI Severity ?
Details
A Buffer Overflow in VLC Media Player < 3.0.7 causes a crash which can possibly be further developed into a remote code execution exploit.
{
"affected": [],
"aliases": [
"CVE-2019-5439"
],
"database_specific": {
"cwe_ids": [
"CWE-119",
"CWE-120"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2019-06-13T16:29:00Z",
"severity": "MODERATE"
},
"details": "A Buffer Overflow in VLC Media Player \u003c 3.0.7 causes a crash which can possibly be further developed into a remote code execution exploit.",
"id": "GHSA-r9hw-7j54-8fpw",
"modified": "2024-04-04T00:57:21Z",
"published": "2022-05-24T16:48:00Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2019-5439"
},
{
"type": "WEB",
"url": "https://hackerone.com/reports/484398"
},
{
"type": "WEB",
"url": "https://security.gentoo.org/glsa/201908-23"
},
{
"type": "WEB",
"url": "https://usn.ubuntu.com/4074-1"
},
{
"type": "WEB",
"url": "http://lists.opensuse.org/opensuse-security-announce/2019-08/msg00005.html"
},
{
"type": "WEB",
"url": "http://lists.opensuse.org/opensuse-security-announce/2019-08/msg00037.html"
},
{
"type": "WEB",
"url": "http://lists.opensuse.org/opensuse-security-announce/2019-08/msg00040.html"
},
{
"type": "WEB",
"url": "http://lists.opensuse.org/opensuse-security-announce/2019-08/msg00081.html"
},
{
"type": "WEB",
"url": "http://www.securityfocus.com/bid/108769"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
"type": "CVSS_V3"
}
]
}
Loading…
Loading…
Sightings
| Author | Source | Type | Date |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
- Confirmed: The vulnerability is confirmed from an analyst perspective.
- Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
- Patched: This vulnerability was successfully patched by the user reporting the sighting.
- Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
- Not confirmed: The user expresses doubt about the veracity of the vulnerability.
- Not patched: This vulnerability was not successfully patched by the user reporting the sighting.
Loading…
Loading…