csaf_opensuse - opensuse-su-2020:0562-1

opensuse-su-2020:0562-1

Vulnerability from csaf_opensuse

Published

2020-04-29 06:03

Modified

2020-04-29 06:03

Summary

Security update for vlc

Notes

Title of the patch

Security update for vlc

Description of the patch

This update for vlc fixes the following issues: vlc was updated to version 3.0.9.2: + Misc: Properly bump the version in configure.ac. Changes from version 3.0.9.1: + Misc: Fix VLSub returning 401 for earch request. Changes from version 3.0.9: + Core: Work around busy looping when playing an invalid item through VLM. + Access: * Multiple dvdread and dvdnav crashs fixes * Fixed DVD glitches on clip change * Fixed dvdread commands/data sequence inversion in some cases causing unwanted glitches * Better handling of authored as corrupted DVD * Added libsmb2 support for SMB2/3 shares + Demux: * Fix TTML entities not passed to decoder * Fixed some WebVTT styling tags being not applied * Misc raw H264/HEVC frame rate fixes * Fix adaptive regression on TS format change (mostly HLS) * Fixed MP4 regression with twos/sowt PCM audio * Fixed some MP4 raw quicktime and ms-PCM audio * Fixed MP4 interlacing handling * Multiple adaptive stack (DASH/HLS/Smooth) fixes * Enabled Live seeking for HLS * Fixed seeking in some cases for HLS * Improved Live playback for Smooth and DASH * Fixed adaptive unwanted end of stream in some cases * Faster adaptive start and new buffering control options + Packetizers: * Fixes H264/HEVC incomplete draining in some cases * packetizer_helper: Fix potential trailing junk on last packet * Added missing drain in packetizers that was causing missing last frame or audio * Improved check to prevent fLAC synchronization drops + Decoder: * avcodec: revector video decoder to fix incomplete drain * spudec: implemented palette updates, fixing missing subtitles on some DVD * Fixed WebVTT CSS styling not being applied on Windows/macOS * Fixed Hebrew teletext pages support in zvbi * Fixed Dav1d aborting decoding on corrupted picture * Extract and display of all CEA708 subtitles * Update libfaad to 2.9.1 * Add DXVA support for VP9 Profile 2 (10 bits) * Mediacodec aspect ratio with Amazon devices + Audio output: * Added support for iOS audiounit audio above 48KHz * Added support for amem audio up to 384KHz + Video output: * Fix for opengl glitches in some drivers * Fix GMA950 opengl support on macOS * YUV to RGB StretchRect fixes with NVIDIA drivers * Use libpacebo new tone mapping desaturation algorithm + Text renderer: * Fix crashes on macOS with SSA/ASS subtitles containing emoji * Fixed unwanted growing background in Freetype rendering and Y padding + Mux: Fixed some YUV mappings + Service Discovery: Update libmicrodns to 0.1.2. + Misc: * Update YouTube, SoundCloud and Vocaroo scripts: this restores playback of YouTube URLs. * Add missing .wpl & .zpl file associations on Windows * Improved chromecast audio quality Update to version 3.0.8 'vetinari': + Fix stuttering for low framerate videos + Improve adaptive streaming + Improve audio output for external audio devices on macOS/iOS + Fix hardware acceleration with Direct3D11 for some AMD drivers + Fix WebVTT subtitles rendering + Vetinari is a major release changing a lot in the media engine of VLC. It is one of the largest release we've ever done. Notably, it: - activates hardware decoding on all platforms, of H.264 & H.265, 8 & 10bits, allowing 4K60 or even 8K decoding with little CPU consumption, - merges all the code from the mobile ports into the same codebase with common numbering and releases, - supports 360 video and 3D audio, and prepares for VR content, - supports direct HDR and HDR tone-mapping, - updates the audio passthrough for HD Audio codecs, - allows browsing of local network drives like SMB, FTP, SFTP, NFS... - stores the passwords securely, - brings a new subtitle rendering engine, supporting ComplexTextLayout and font fallback to support multiple languages and fonts, - supports ChromeCast with the new renderer framework, - adds support for numerous new formats and codecs, including WebVTT, AV1, TTML, HQX, 708, Cineform, and many more, - improves Bluray support with Java menus, aka BD-J, - updates the macOS interface with major cleaning and improvements, - support HiDPI UI on Windows, with the switch to Qt5, - prepares the experimental support for Wayland on Linux, and switches to OpenGL by default on Linux. + Security fixes included: * Fix a buffer overflow in the MKV demuxer (CVE-2019-14970) * Fix a read buffer overflow in the avcodec decoder (CVE-2019-13962) * Fix a read buffer overflow in the FAAD decoder * Fix a read buffer overflow in the OGG demuxer (CVE-2019-14437, CVE-2019-14438) * Fix a read buffer overflow in the ASF demuxer (CVE-2019-14776) * Fix a use after free in the MKV demuxer (CVE-2019-14777, CVE-2019-14778) * Fix a use after free in the ASF demuxer (CVE-2019-14533) * Fix a couple of integer underflows in the MP4 demuxer (CVE-2019-13602) * Fix a null dereference in the dvdnav demuxer * Fix a null dereference in the ASF demuxer (CVE-2019-14534) * Fix a null dereference in the AVI demuxer * Fix a division by zero in the CAF demuxer (CVE-2019-14498) * Fix a division by zero in the ASF demuxer (CVE-2019-14535) - Disbale mod-plug for the time being: libmodplug 0.8.9 is not yet available. - Disable SDL_image (SDL 1.2) based codec. It is only a wrapper around some image loading libraries (libpng, libjpeg, ...) which are either wrapped by vlc itself (libpng_plugin.so) or via libavcodec (libavcodec_plugin.so). This update was imported from the openSUSE:Leap:15.1:Update update project.

Patchnames

openSUSE-2020-562

CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).

JSON

To clipboard

{
  "document": {
    "aggregate_severity": {
      "namespace": "https://www.suse.com/support/security/rating/",
      "text": "moderate"
    },
    "category": "csaf_security_advisory",
    "csaf_version": "2.0",
    "distribution": {
      "text": "Copyright 2024 SUSE LLC. All rights reserved.",
      "tlp": {
        "label": "WHITE",
        "url": "https://www.first.org/tlp/"
      }
    },
    "lang": "en",
    "notes": [
      {
        "category": "summary",
        "text": "Security update for vlc",
        "title": "Title of the patch"
      },
      {
        "category": "description",
        "text": "This update for vlc fixes the following issues:\n\nvlc was updated to version 3.0.9.2:\n\n+ Misc: Properly bump the version in configure.ac.\n\nChanges from version 3.0.9.1:\n\n+ Misc: Fix VLSub returning 401 for earch request.\n\nChanges from version 3.0.9:\n\n+ Core: Work around busy looping when playing an invalid item\n  through VLM.\n+ Access:\n  * Multiple dvdread and dvdnav crashs fixes\n  * Fixed DVD glitches on clip change\n  * Fixed dvdread commands/data sequence inversion in some cases causing\n    unwanted glitches\n  * Better handling of authored as corrupted DVD\n  * Added libsmb2 support for SMB2/3 shares\n+ Demux:\n  * Fix TTML entities not passed to decoder\n  * Fixed some WebVTT styling tags being not applied\n  * Misc raw H264/HEVC frame rate fixes\n  * Fix adaptive regression on TS format change (mostly HLS)\n  * Fixed MP4 regression with twos/sowt PCM audio\n  * Fixed some MP4 raw quicktime and ms-PCM audio\n  * Fixed MP4 interlacing handling\n  * Multiple adaptive stack (DASH/HLS/Smooth) fixes\n  * Enabled Live seeking for HLS\n  * Fixed seeking in some cases for HLS\n  * Improved Live playback for Smooth and DASH\n  * Fixed adaptive unwanted end of stream in some cases\n  * Faster adaptive start and new buffering control options\n+ Packetizers:\n  * Fixes H264/HEVC incomplete draining in some cases\n  * packetizer_helper: Fix potential trailing junk on last packet\n  * Added missing drain in packetizers that was causing missing\n    last frame or audio\n  * Improved check to prevent fLAC synchronization drops\n+ Decoder:\n  * avcodec: revector video decoder to fix incomplete drain\n  * spudec: implemented palette updates, fixing missing subtitles\n    on some DVD\n  * Fixed WebVTT CSS styling not being applied on Windows/macOS\n  * Fixed Hebrew teletext pages support in zvbi\n  * Fixed Dav1d aborting decoding on corrupted picture\n  * Extract and display of all CEA708 subtitles\n  * Update libfaad to 2.9.1\n  * Add DXVA support for VP9 Profile 2 (10 bits)\n  * Mediacodec aspect ratio with Amazon devices\n+ Audio output:\n  * Added support for iOS audiounit audio above 48KHz\n  * Added support for amem audio up to 384KHz\n+ Video output:\n  * Fix for opengl glitches in some drivers\n  * Fix GMA950 opengl support on macOS\n  * YUV to RGB StretchRect fixes with NVIDIA drivers\n  * Use libpacebo new tone mapping desaturation algorithm\n+ Text renderer:\n  * Fix crashes on macOS with SSA/ASS subtitles containing emoji\n  * Fixed unwanted growing background in Freetype rendering and Y padding\n+ Mux: Fixed some YUV mappings\n+ Service Discovery: Update libmicrodns to 0.1.2.\n+ Misc:\n  * Update YouTube, SoundCloud and Vocaroo scripts: this restores\n    playback of YouTube URLs.\n  * Add missing .wpl \u0026 .zpl file associations on Windows\n  * Improved chromecast audio quality\n\nUpdate to version 3.0.8 \u0027vetinari\u0027:\n\n+ Fix stuttering for low framerate videos\n+ Improve adaptive streaming\n+ Improve audio output for external audio devices on macOS/iOS\n+ Fix hardware acceleration with Direct3D11 for some AMD drivers\n+ Fix WebVTT subtitles rendering\n+ Vetinari is a major release changing a lot in the media engine of VLC.\n  It is one of the largest release we\u0027ve ever done.\n  Notably, it:\n   - activates hardware decoding on all platforms, of H.264 \u0026 H.265, 8 \u0026 10bits,\n     allowing 4K60 or even 8K decoding with little CPU consumption,\n   - merges all the code from the mobile ports into the same codebase with\n     common numbering and releases,\n   - supports 360 video and 3D audio, and prepares for VR content,\n   - supports direct HDR and HDR tone-mapping,\n   - updates the audio passthrough for HD Audio codecs,\n   - allows browsing of local network drives like SMB, FTP, SFTP, NFS...\n   - stores the passwords securely,\n   - brings a new subtitle rendering engine, supporting ComplexTextLayout\n     and font fallback to support multiple languages and fonts,\n   - supports ChromeCast with the new renderer framework,\n   - adds support for numerous new formats and codecs, including WebVTT,\n     AV1, TTML, HQX, 708, Cineform, and many more,\n   - improves Bluray support with Java menus, aka BD-J,\n   - updates the macOS interface with major cleaning and improvements,\n   - support HiDPI UI on Windows, with the switch to Qt5,\n   - prepares the experimental support for Wayland on Linux, and\n     switches to OpenGL by default on Linux.\n+ Security fixes included:\n  * Fix a buffer overflow in the MKV demuxer (CVE-2019-14970)\n  * Fix a read buffer overflow in the avcodec decoder (CVE-2019-13962)\n  * Fix a read buffer overflow in the FAAD decoder\n  * Fix a read buffer overflow in the OGG demuxer (CVE-2019-14437, CVE-2019-14438)\n  * Fix a read buffer overflow in the ASF demuxer (CVE-2019-14776)\n  * Fix a use after free in the MKV demuxer (CVE-2019-14777, CVE-2019-14778)\n  * Fix a use after free in the ASF demuxer (CVE-2019-14533)\n  * Fix a couple of integer underflows in the MP4 demuxer (CVE-2019-13602)\n  * Fix a null dereference in the dvdnav demuxer\n  * Fix a null dereference in the ASF demuxer (CVE-2019-14534)\n  * Fix a null dereference in the AVI demuxer\n  * Fix a division by zero in the CAF demuxer (CVE-2019-14498)\n  * Fix a division by zero in the ASF demuxer (CVE-2019-14535)\n- Disbale mod-plug for the time being: libmodplug 0.8.9 is not yet available.\n\n- Disable SDL_image (SDL 1.2) based codec. It is only a wrapper around some\n  image loading libraries (libpng, libjpeg, ...) which are either wrapped\n  by vlc itself (libpng_plugin.so) or via libavcodec (libavcodec_plugin.so).\n\nThis update was imported from the openSUSE:Leap:15.1:Update update project.",
        "title": "Description of the patch"
      },
      {
        "category": "details",
        "text": "openSUSE-2020-562",
        "title": "Patchnames"
      },
      {
        "category": "legal_disclaimer",
        "text": "CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).",
        "title": "Terms of use"
      }
    ],
    "publisher": {
      "category": "vendor",
      "contact_details": "https://www.suse.com/support/security/contact/",
      "name": "SUSE Product Security Team",
      "namespace": "https://www.suse.com/"
    },
    "references": [
      {
        "category": "external",
        "summary": "SUSE ratings",
        "url": "https://www.suse.com/support/security/rating/"
      },
      {
        "category": "self",
        "summary": "URL of this CSAF notice",
        "url": "https://ftp.suse.com/pub/projects/security/csaf/opensuse-su-2020_0562-1.json"
      },
      {
        "category": "self",
        "summary": "URL for openSUSE-SU-2020:0562-1",
        "url": "https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/ONU7H5UORTQ2UM2HDIPLR7AOGTPENU4H/"
      },
      {
        "category": "self",
        "summary": "E-Mail link for openSUSE-SU-2020:0562-1",
        "url": "https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/ONU7H5UORTQ2UM2HDIPLR7AOGTPENU4H/"
      },
      {
        "category": "self",
        "summary": "SUSE Bug 1142161",
        "url": "https://bugzilla.suse.com/1142161"
      },
      {
        "category": "self",
        "summary": "SUSE Bug 1146428",
        "url": "https://bugzilla.suse.com/1146428"
      },
      {
        "category": "self",
        "summary": "SUSE CVE CVE-2019-13602 page",
        "url": "https://www.suse.com/security/cve/CVE-2019-13602/"
      },
      {
        "category": "self",
        "summary": "SUSE CVE CVE-2019-13962 page",
        "url": "https://www.suse.com/security/cve/CVE-2019-13962/"
      },
      {
        "category": "self",
        "summary": "SUSE CVE CVE-2019-14437 page",
        "url": "https://www.suse.com/security/cve/CVE-2019-14437/"
      },
      {
        "category": "self",
        "summary": "SUSE CVE CVE-2019-14438 page",
        "url": "https://www.suse.com/security/cve/CVE-2019-14438/"
      },
      {
        "category": "self",
        "summary": "SUSE CVE CVE-2019-14498 page",
        "url": "https://www.suse.com/security/cve/CVE-2019-14498/"
      },
      {
        "category": "self",
        "summary": "SUSE CVE CVE-2019-14533 page",
        "url": "https://www.suse.com/security/cve/CVE-2019-14533/"
      },
      {
        "category": "self",
        "summary": "SUSE CVE CVE-2019-14534 page",
        "url": "https://www.suse.com/security/cve/CVE-2019-14534/"
      },
      {
        "category": "self",
        "summary": "SUSE CVE CVE-2019-14535 page",
        "url": "https://www.suse.com/security/cve/CVE-2019-14535/"
      },
      {
        "category": "self",
        "summary": "SUSE CVE CVE-2019-14776 page",
        "url": "https://www.suse.com/security/cve/CVE-2019-14776/"
      },
      {
        "category": "self",
        "summary": "SUSE CVE CVE-2019-14777 page",
        "url": "https://www.suse.com/security/cve/CVE-2019-14777/"
      },
      {
        "category": "self",
        "summary": "SUSE CVE CVE-2019-14778 page",
        "url": "https://www.suse.com/security/cve/CVE-2019-14778/"
      },
      {
        "category": "self",
        "summary": "SUSE CVE CVE-2019-14970 page",
        "url": "https://www.suse.com/security/cve/CVE-2019-14970/"
      }
    ],
    "title": "Security update for vlc",
    "tracking": {
      "current_release_date": "2020-04-29T06:03:33Z",
      "generator": {
        "date": "2020-04-29T06:03:33Z",
        "engine": {
          "name": "cve-database.git:bin/generate-csaf.pl",
          "version": "1"
        }
      },
      "id": "openSUSE-SU-2020:0562-1",
      "initial_release_date": "2020-04-29T06:03:33Z",
      "revision_history": [
        {
          "date": "2020-04-29T06:03:33Z",
          "number": "1",
          "summary": "Current version"
        }
      ],
      "status": "final",
      "version": "1"
    }
  },
  "product_tree": {
    "branches": [
      {
        "branches": [
          {
            "branches": [
              {
                "category": "product_version",
                "name": "vlc-lang-3.0.9.2-bp151.5.6.1.noarch",
                "product": {
                  "name": "vlc-lang-3.0.9.2-bp151.5.6.1.noarch",
                  "product_id": "vlc-lang-3.0.9.2-bp151.5.6.1.noarch"
                }
              }
            ],
            "category": "architecture",
            "name": "noarch"
          },
          {
            "branches": [
              {
                "category": "product_version",
                "name": "libvlc5-3.0.9.2-bp151.5.6.1.x86_64",
                "product": {
                  "name": "libvlc5-3.0.9.2-bp151.5.6.1.x86_64",
                  "product_id": "libvlc5-3.0.9.2-bp151.5.6.1.x86_64"
                }
              },
              {
                "category": "product_version",
                "name": "libvlccore9-3.0.9.2-bp151.5.6.1.x86_64",
                "product": {
                  "name": "libvlccore9-3.0.9.2-bp151.5.6.1.x86_64",
                  "product_id": "libvlccore9-3.0.9.2-bp151.5.6.1.x86_64"
                }
              },
              {
                "category": "product_version",
                "name": "vlc-3.0.9.2-bp151.5.6.1.x86_64",
                "product": {
                  "name": "vlc-3.0.9.2-bp151.5.6.1.x86_64",
                  "product_id": "vlc-3.0.9.2-bp151.5.6.1.x86_64"
                }
              },
              {
                "category": "product_version",
                "name": "vlc-codec-gstreamer-3.0.9.2-bp151.5.6.1.x86_64",
                "product": {
                  "name": "vlc-codec-gstreamer-3.0.9.2-bp151.5.6.1.x86_64",
                  "product_id": "vlc-codec-gstreamer-3.0.9.2-bp151.5.6.1.x86_64"
                }
              },
              {
                "category": "product_version",
                "name": "vlc-devel-3.0.9.2-bp151.5.6.1.x86_64",
                "product": {
                  "name": "vlc-devel-3.0.9.2-bp151.5.6.1.x86_64",
                  "product_id": "vlc-devel-3.0.9.2-bp151.5.6.1.x86_64"
                }
              },
              {
                "category": "product_version",
                "name": "vlc-jack-3.0.9.2-bp151.5.6.1.x86_64",
                "product": {
                  "name": "vlc-jack-3.0.9.2-bp151.5.6.1.x86_64",
                  "product_id": "vlc-jack-3.0.9.2-bp151.5.6.1.x86_64"
                }
              },
              {
                "category": "product_version",
                "name": "vlc-noX-3.0.9.2-bp151.5.6.1.x86_64",
                "product": {
                  "name": "vlc-noX-3.0.9.2-bp151.5.6.1.x86_64",
                  "product_id": "vlc-noX-3.0.9.2-bp151.5.6.1.x86_64"
                }
              },
              {
                "category": "product_version",
                "name": "vlc-opencv-3.0.9.2-bp151.5.6.1.x86_64",
                "product": {
                  "name": "vlc-opencv-3.0.9.2-bp151.5.6.1.x86_64",
                  "product_id": "vlc-opencv-3.0.9.2-bp151.5.6.1.x86_64"
                }
              },
              {
                "category": "product_version",
                "name": "vlc-qt-3.0.9.2-bp151.5.6.1.x86_64",
                "product": {
                  "name": "vlc-qt-3.0.9.2-bp151.5.6.1.x86_64",
                  "product_id": "vlc-qt-3.0.9.2-bp151.5.6.1.x86_64"
                }
              },
              {
                "category": "product_version",
                "name": "vlc-vdpau-3.0.9.2-bp151.5.6.1.x86_64",
                "product": {
                  "name": "vlc-vdpau-3.0.9.2-bp151.5.6.1.x86_64",
                  "product_id": "vlc-vdpau-3.0.9.2-bp151.5.6.1.x86_64"
                }
              }
            ],
            "category": "architecture",
            "name": "x86_64"
          },
          {
            "branches": [
              {
                "category": "product_name",
                "name": "SUSE Package Hub 15 SP1",
                "product": {
                  "name": "SUSE Package Hub 15 SP1",
                  "product_id": "SUSE Package Hub 15 SP1"
                }
              }
            ],
            "category": "product_family",
            "name": "SUSE Linux Enterprise"
          }
        ],
        "category": "vendor",
        "name": "SUSE"
      }
    ],
    "relationships": [
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "libvlc5-3.0.9.2-bp151.5.6.1.x86_64 as component of SUSE Package Hub 15 SP1",
          "product_id": "SUSE Package Hub 15 SP1:libvlc5-3.0.9.2-bp151.5.6.1.x86_64"
        },
        "product_reference": "libvlc5-3.0.9.2-bp151.5.6.1.x86_64",
        "relates_to_product_reference": "SUSE Package Hub 15 SP1"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "libvlccore9-3.0.9.2-bp151.5.6.1.x86_64 as component of SUSE Package Hub 15 SP1",
          "product_id": "SUSE Package Hub 15 SP1:libvlccore9-3.0.9.2-bp151.5.6.1.x86_64"
        },
        "product_reference": "libvlccore9-3.0.9.2-bp151.5.6.1.x86_64",
        "relates_to_product_reference": "SUSE Package Hub 15 SP1"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "vlc-3.0.9.2-bp151.5.6.1.x86_64 as component of SUSE Package Hub 15 SP1",
          "product_id": "SUSE Package Hub 15 SP1:vlc-3.0.9.2-bp151.5.6.1.x86_64"
        },
        "product_reference": "vlc-3.0.9.2-bp151.5.6.1.x86_64",
        "relates_to_product_reference": "SUSE Package Hub 15 SP1"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "vlc-codec-gstreamer-3.0.9.2-bp151.5.6.1.x86_64 as component of SUSE Package Hub 15 SP1",
          "product_id": "SUSE Package Hub 15 SP1:vlc-codec-gstreamer-3.0.9.2-bp151.5.6.1.x86_64"
        },
        "product_reference": "vlc-codec-gstreamer-3.0.9.2-bp151.5.6.1.x86_64",
        "relates_to_product_reference": "SUSE Package Hub 15 SP1"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "vlc-devel-3.0.9.2-bp151.5.6.1.x86_64 as component of SUSE Package Hub 15 SP1",
          "product_id": "SUSE Package Hub 15 SP1:vlc-devel-3.0.9.2-bp151.5.6.1.x86_64"
        },
        "product_reference": "vlc-devel-3.0.9.2-bp151.5.6.1.x86_64",
        "relates_to_product_reference": "SUSE Package Hub 15 SP1"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "vlc-jack-3.0.9.2-bp151.5.6.1.x86_64 as component of SUSE Package Hub 15 SP1",
          "product_id": "SUSE Package Hub 15 SP1:vlc-jack-3.0.9.2-bp151.5.6.1.x86_64"
        },
        "product_reference": "vlc-jack-3.0.9.2-bp151.5.6.1.x86_64",
        "relates_to_product_reference": "SUSE Package Hub 15 SP1"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "vlc-lang-3.0.9.2-bp151.5.6.1.noarch as component of SUSE Package Hub 15 SP1",
          "product_id": "SUSE Package Hub 15 SP1:vlc-lang-3.0.9.2-bp151.5.6.1.noarch"
        },
        "product_reference": "vlc-lang-3.0.9.2-bp151.5.6.1.noarch",
        "relates_to_product_reference": "SUSE Package Hub 15 SP1"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "vlc-noX-3.0.9.2-bp151.5.6.1.x86_64 as component of SUSE Package Hub 15 SP1",
          "product_id": "SUSE Package Hub 15 SP1:vlc-noX-3.0.9.2-bp151.5.6.1.x86_64"
        },
        "product_reference": "vlc-noX-3.0.9.2-bp151.5.6.1.x86_64",
        "relates_to_product_reference": "SUSE Package Hub 15 SP1"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "vlc-opencv-3.0.9.2-bp151.5.6.1.x86_64 as component of SUSE Package Hub 15 SP1",
          "product_id": "SUSE Package Hub 15 SP1:vlc-opencv-3.0.9.2-bp151.5.6.1.x86_64"
        },
        "product_reference": "vlc-opencv-3.0.9.2-bp151.5.6.1.x86_64",
        "relates_to_product_reference": "SUSE Package Hub 15 SP1"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "vlc-qt-3.0.9.2-bp151.5.6.1.x86_64 as component of SUSE Package Hub 15 SP1",
          "product_id": "SUSE Package Hub 15 SP1:vlc-qt-3.0.9.2-bp151.5.6.1.x86_64"
        },
        "product_reference": "vlc-qt-3.0.9.2-bp151.5.6.1.x86_64",
        "relates_to_product_reference": "SUSE Package Hub 15 SP1"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "vlc-vdpau-3.0.9.2-bp151.5.6.1.x86_64 as component of SUSE Package Hub 15 SP1",
          "product_id": "SUSE Package Hub 15 SP1:vlc-vdpau-3.0.9.2-bp151.5.6.1.x86_64"
        },
        "product_reference": "vlc-vdpau-3.0.9.2-bp151.5.6.1.x86_64",
        "relates_to_product_reference": "SUSE Package Hub 15 SP1"
      }
    ]
  },
  "vulnerabilities": [
    {
      "cve": "CVE-2019-13602",
      "ids": [
        {
          "system_name": "SUSE CVE Page",
          "text": "https://www.suse.com/security/cve/CVE-2019-13602"
        }
      ],
      "notes": [
        {
          "category": "general",
          "text": "An Integer Underflow in MP4_EIA608_Convert() in modules/demux/mp4/mp4.c in VideoLAN VLC media player through 3.0.7.1 allows remote attackers to cause a denial of service (heap-based buffer overflow and crash) or possibly have unspecified other impact via a crafted .mp4 file.",
          "title": "CVE description"
        }
      ],
      "product_status": {
        "recommended": [
          "SUSE Package Hub 15 SP1:libvlc5-3.0.9.2-bp151.5.6.1.x86_64",
          "SUSE Package Hub 15 SP1:libvlccore9-3.0.9.2-bp151.5.6.1.x86_64",
          "SUSE Package Hub 15 SP1:vlc-3.0.9.2-bp151.5.6.1.x86_64",
          "SUSE Package Hub 15 SP1:vlc-codec-gstreamer-3.0.9.2-bp151.5.6.1.x86_64",
          "SUSE Package Hub 15 SP1:vlc-devel-3.0.9.2-bp151.5.6.1.x86_64",
          "SUSE Package Hub 15 SP1:vlc-jack-3.0.9.2-bp151.5.6.1.x86_64",
          "SUSE Package Hub 15 SP1:vlc-lang-3.0.9.2-bp151.5.6.1.noarch",
          "SUSE Package Hub 15 SP1:vlc-noX-3.0.9.2-bp151.5.6.1.x86_64",
          "SUSE Package Hub 15 SP1:vlc-opencv-3.0.9.2-bp151.5.6.1.x86_64",
          "SUSE Package Hub 15 SP1:vlc-qt-3.0.9.2-bp151.5.6.1.x86_64",
          "SUSE Package Hub 15 SP1:vlc-vdpau-3.0.9.2-bp151.5.6.1.x86_64"
        ]
      },
      "references": [
        {
          "category": "external",
          "summary": "CVE-2019-13602",
          "url": "https://www.suse.com/security/cve/CVE-2019-13602"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1141522 for CVE-2019-13602",
          "url": "https://bugzilla.suse.com/1141522"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1146428 for CVE-2019-13602",
          "url": "https://bugzilla.suse.com/1146428"
        }
      ],
      "remediations": [
        {
          "category": "vendor_fix",
          "details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
          "product_ids": [
            "SUSE Package Hub 15 SP1:libvlc5-3.0.9.2-bp151.5.6.1.x86_64",
            "SUSE Package Hub 15 SP1:libvlccore9-3.0.9.2-bp151.5.6.1.x86_64",
            "SUSE Package Hub 15 SP1:vlc-3.0.9.2-bp151.5.6.1.x86_64",
            "SUSE Package Hub 15 SP1:vlc-codec-gstreamer-3.0.9.2-bp151.5.6.1.x86_64",
            "SUSE Package Hub 15 SP1:vlc-devel-3.0.9.2-bp151.5.6.1.x86_64",
            "SUSE Package Hub 15 SP1:vlc-jack-3.0.9.2-bp151.5.6.1.x86_64",
            "SUSE Package Hub 15 SP1:vlc-lang-3.0.9.2-bp151.5.6.1.noarch",
            "SUSE Package Hub 15 SP1:vlc-noX-3.0.9.2-bp151.5.6.1.x86_64",
            "SUSE Package Hub 15 SP1:vlc-opencv-3.0.9.2-bp151.5.6.1.x86_64",
            "SUSE Package Hub 15 SP1:vlc-qt-3.0.9.2-bp151.5.6.1.x86_64",
            "SUSE Package Hub 15 SP1:vlc-vdpau-3.0.9.2-bp151.5.6.1.x86_64"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 7.8,
            "baseSeverity": "HIGH",
            "vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
            "version": "3.0"
          },
          "products": [
            "SUSE Package Hub 15 SP1:libvlc5-3.0.9.2-bp151.5.6.1.x86_64",
            "SUSE Package Hub 15 SP1:libvlccore9-3.0.9.2-bp151.5.6.1.x86_64",
            "SUSE Package Hub 15 SP1:vlc-3.0.9.2-bp151.5.6.1.x86_64",
            "SUSE Package Hub 15 SP1:vlc-codec-gstreamer-3.0.9.2-bp151.5.6.1.x86_64",
            "SUSE Package Hub 15 SP1:vlc-devel-3.0.9.2-bp151.5.6.1.x86_64",
            "SUSE Package Hub 15 SP1:vlc-jack-3.0.9.2-bp151.5.6.1.x86_64",
            "SUSE Package Hub 15 SP1:vlc-lang-3.0.9.2-bp151.5.6.1.noarch",
            "SUSE Package Hub 15 SP1:vlc-noX-3.0.9.2-bp151.5.6.1.x86_64",
            "SUSE Package Hub 15 SP1:vlc-opencv-3.0.9.2-bp151.5.6.1.x86_64",
            "SUSE Package Hub 15 SP1:vlc-qt-3.0.9.2-bp151.5.6.1.x86_64",
            "SUSE Package Hub 15 SP1:vlc-vdpau-3.0.9.2-bp151.5.6.1.x86_64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "date": "2020-04-29T06:03:33Z",
          "details": "important"
        }
      ],
      "title": "CVE-2019-13602"
    },
    {
      "cve": "CVE-2019-13962",
      "ids": [
        {
          "system_name": "SUSE CVE Page",
          "text": "https://www.suse.com/security/cve/CVE-2019-13962"
        }
      ],
      "notes": [
        {
          "category": "general",
          "text": "lavc_CopyPicture in modules/codec/avcodec/video.c in VideoLAN VLC media player through 3.0.7 has a heap-based buffer over-read because it does not properly validate the width and height.",
          "title": "CVE description"
        }
      ],
      "product_status": {
        "recommended": [
          "SUSE Package Hub 15 SP1:libvlc5-3.0.9.2-bp151.5.6.1.x86_64",
          "SUSE Package Hub 15 SP1:libvlccore9-3.0.9.2-bp151.5.6.1.x86_64",
          "SUSE Package Hub 15 SP1:vlc-3.0.9.2-bp151.5.6.1.x86_64",
          "SUSE Package Hub 15 SP1:vlc-codec-gstreamer-3.0.9.2-bp151.5.6.1.x86_64",
          "SUSE Package Hub 15 SP1:vlc-devel-3.0.9.2-bp151.5.6.1.x86_64",
          "SUSE Package Hub 15 SP1:vlc-jack-3.0.9.2-bp151.5.6.1.x86_64",
          "SUSE Package Hub 15 SP1:vlc-lang-3.0.9.2-bp151.5.6.1.noarch",
          "SUSE Package Hub 15 SP1:vlc-noX-3.0.9.2-bp151.5.6.1.x86_64",
          "SUSE Package Hub 15 SP1:vlc-opencv-3.0.9.2-bp151.5.6.1.x86_64",
          "SUSE Package Hub 15 SP1:vlc-qt-3.0.9.2-bp151.5.6.1.x86_64",
          "SUSE Package Hub 15 SP1:vlc-vdpau-3.0.9.2-bp151.5.6.1.x86_64"
        ]
      },
      "references": [
        {
          "category": "external",
          "summary": "CVE-2019-13962",
          "url": "https://www.suse.com/security/cve/CVE-2019-13962"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1142161 for CVE-2019-13962",
          "url": "https://bugzilla.suse.com/1142161"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1146428 for CVE-2019-13962",
          "url": "https://bugzilla.suse.com/1146428"
        }
      ],
      "remediations": [
        {
          "category": "vendor_fix",
          "details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
          "product_ids": [
            "SUSE Package Hub 15 SP1:libvlc5-3.0.9.2-bp151.5.6.1.x86_64",
            "SUSE Package Hub 15 SP1:libvlccore9-3.0.9.2-bp151.5.6.1.x86_64",
            "SUSE Package Hub 15 SP1:vlc-3.0.9.2-bp151.5.6.1.x86_64",
            "SUSE Package Hub 15 SP1:vlc-codec-gstreamer-3.0.9.2-bp151.5.6.1.x86_64",
            "SUSE Package Hub 15 SP1:vlc-devel-3.0.9.2-bp151.5.6.1.x86_64",
            "SUSE Package Hub 15 SP1:vlc-jack-3.0.9.2-bp151.5.6.1.x86_64",
            "SUSE Package Hub 15 SP1:vlc-lang-3.0.9.2-bp151.5.6.1.noarch",
            "SUSE Package Hub 15 SP1:vlc-noX-3.0.9.2-bp151.5.6.1.x86_64",
            "SUSE Package Hub 15 SP1:vlc-opencv-3.0.9.2-bp151.5.6.1.x86_64",
            "SUSE Package Hub 15 SP1:vlc-qt-3.0.9.2-bp151.5.6.1.x86_64",
            "SUSE Package Hub 15 SP1:vlc-vdpau-3.0.9.2-bp151.5.6.1.x86_64"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 9.8,
            "baseSeverity": "CRITICAL",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
            "version": "3.1"
          },
          "products": [
            "SUSE Package Hub 15 SP1:libvlc5-3.0.9.2-bp151.5.6.1.x86_64",
            "SUSE Package Hub 15 SP1:libvlccore9-3.0.9.2-bp151.5.6.1.x86_64",
            "SUSE Package Hub 15 SP1:vlc-3.0.9.2-bp151.5.6.1.x86_64",
            "SUSE Package Hub 15 SP1:vlc-codec-gstreamer-3.0.9.2-bp151.5.6.1.x86_64",
            "SUSE Package Hub 15 SP1:vlc-devel-3.0.9.2-bp151.5.6.1.x86_64",
            "SUSE Package Hub 15 SP1:vlc-jack-3.0.9.2-bp151.5.6.1.x86_64",
            "SUSE Package Hub 15 SP1:vlc-lang-3.0.9.2-bp151.5.6.1.noarch",
            "SUSE Package Hub 15 SP1:vlc-noX-3.0.9.2-bp151.5.6.1.x86_64",
            "SUSE Package Hub 15 SP1:vlc-opencv-3.0.9.2-bp151.5.6.1.x86_64",
            "SUSE Package Hub 15 SP1:vlc-qt-3.0.9.2-bp151.5.6.1.x86_64",
            "SUSE Package Hub 15 SP1:vlc-vdpau-3.0.9.2-bp151.5.6.1.x86_64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "date": "2020-04-29T06:03:33Z",
          "details": "critical"
        }
      ],
      "title": "CVE-2019-13962"
    },
    {
      "cve": "CVE-2019-14437",
      "ids": [
        {
          "system_name": "SUSE CVE Page",
          "text": "https://www.suse.com/security/cve/CVE-2019-14437"
        }
      ],
      "notes": [
        {
          "category": "general",
          "text": "The xiph_SplitHeaders function in modules/demux/xiph.h in VideoLAN VLC media player 3.0.7.1 does not check array bounds properly. As a result, a heap-based buffer over-read can be triggered via a crafted .ogg file.",
          "title": "CVE description"
        }
      ],
      "product_status": {
        "recommended": [
          "SUSE Package Hub 15 SP1:libvlc5-3.0.9.2-bp151.5.6.1.x86_64",
          "SUSE Package Hub 15 SP1:libvlccore9-3.0.9.2-bp151.5.6.1.x86_64",
          "SUSE Package Hub 15 SP1:vlc-3.0.9.2-bp151.5.6.1.x86_64",
          "SUSE Package Hub 15 SP1:vlc-codec-gstreamer-3.0.9.2-bp151.5.6.1.x86_64",
          "SUSE Package Hub 15 SP1:vlc-devel-3.0.9.2-bp151.5.6.1.x86_64",
          "SUSE Package Hub 15 SP1:vlc-jack-3.0.9.2-bp151.5.6.1.x86_64",
          "SUSE Package Hub 15 SP1:vlc-lang-3.0.9.2-bp151.5.6.1.noarch",
          "SUSE Package Hub 15 SP1:vlc-noX-3.0.9.2-bp151.5.6.1.x86_64",
          "SUSE Package Hub 15 SP1:vlc-opencv-3.0.9.2-bp151.5.6.1.x86_64",
          "SUSE Package Hub 15 SP1:vlc-qt-3.0.9.2-bp151.5.6.1.x86_64",
          "SUSE Package Hub 15 SP1:vlc-vdpau-3.0.9.2-bp151.5.6.1.x86_64"
        ]
      },
      "references": [
        {
          "category": "external",
          "summary": "CVE-2019-14437",
          "url": "https://www.suse.com/security/cve/CVE-2019-14437"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1146428 for CVE-2019-14437",
          "url": "https://bugzilla.suse.com/1146428"
        }
      ],
      "remediations": [
        {
          "category": "vendor_fix",
          "details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
          "product_ids": [
            "SUSE Package Hub 15 SP1:libvlc5-3.0.9.2-bp151.5.6.1.x86_64",
            "SUSE Package Hub 15 SP1:libvlccore9-3.0.9.2-bp151.5.6.1.x86_64",
            "SUSE Package Hub 15 SP1:vlc-3.0.9.2-bp151.5.6.1.x86_64",
            "SUSE Package Hub 15 SP1:vlc-codec-gstreamer-3.0.9.2-bp151.5.6.1.x86_64",
            "SUSE Package Hub 15 SP1:vlc-devel-3.0.9.2-bp151.5.6.1.x86_64",
            "SUSE Package Hub 15 SP1:vlc-jack-3.0.9.2-bp151.5.6.1.x86_64",
            "SUSE Package Hub 15 SP1:vlc-lang-3.0.9.2-bp151.5.6.1.noarch",
            "SUSE Package Hub 15 SP1:vlc-noX-3.0.9.2-bp151.5.6.1.x86_64",
            "SUSE Package Hub 15 SP1:vlc-opencv-3.0.9.2-bp151.5.6.1.x86_64",
            "SUSE Package Hub 15 SP1:vlc-qt-3.0.9.2-bp151.5.6.1.x86_64",
            "SUSE Package Hub 15 SP1:vlc-vdpau-3.0.9.2-bp151.5.6.1.x86_64"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 7.8,
            "baseSeverity": "HIGH",
            "vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
            "version": "3.0"
          },
          "products": [
            "SUSE Package Hub 15 SP1:libvlc5-3.0.9.2-bp151.5.6.1.x86_64",
            "SUSE Package Hub 15 SP1:libvlccore9-3.0.9.2-bp151.5.6.1.x86_64",
            "SUSE Package Hub 15 SP1:vlc-3.0.9.2-bp151.5.6.1.x86_64",
            "SUSE Package Hub 15 SP1:vlc-codec-gstreamer-3.0.9.2-bp151.5.6.1.x86_64",
            "SUSE Package Hub 15 SP1:vlc-devel-3.0.9.2-bp151.5.6.1.x86_64",
            "SUSE Package Hub 15 SP1:vlc-jack-3.0.9.2-bp151.5.6.1.x86_64",
            "SUSE Package Hub 15 SP1:vlc-lang-3.0.9.2-bp151.5.6.1.noarch",
            "SUSE Package Hub 15 SP1:vlc-noX-3.0.9.2-bp151.5.6.1.x86_64",
            "SUSE Package Hub 15 SP1:vlc-opencv-3.0.9.2-bp151.5.6.1.x86_64",
            "SUSE Package Hub 15 SP1:vlc-qt-3.0.9.2-bp151.5.6.1.x86_64",
            "SUSE Package Hub 15 SP1:vlc-vdpau-3.0.9.2-bp151.5.6.1.x86_64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "date": "2020-04-29T06:03:33Z",
          "details": "moderate"
        }
      ],
      "title": "CVE-2019-14437"
    },
    {
      "cve": "CVE-2019-14438",
      "ids": [
        {
          "system_name": "SUSE CVE Page",
          "text": "https://www.suse.com/security/cve/CVE-2019-14438"
        }
      ],
      "notes": [
        {
          "category": "general",
          "text": "A heap-based buffer over-read in xiph_PackHeaders() in modules/demux/xiph.h in VideoLAN VLC media player 3.0.7.1 allows remote attackers to trigger a heap-based buffer over-read via a crafted .ogg file.",
          "title": "CVE description"
        }
      ],
      "product_status": {
        "recommended": [
          "SUSE Package Hub 15 SP1:libvlc5-3.0.9.2-bp151.5.6.1.x86_64",
          "SUSE Package Hub 15 SP1:libvlccore9-3.0.9.2-bp151.5.6.1.x86_64",
          "SUSE Package Hub 15 SP1:vlc-3.0.9.2-bp151.5.6.1.x86_64",
          "SUSE Package Hub 15 SP1:vlc-codec-gstreamer-3.0.9.2-bp151.5.6.1.x86_64",
          "SUSE Package Hub 15 SP1:vlc-devel-3.0.9.2-bp151.5.6.1.x86_64",
          "SUSE Package Hub 15 SP1:vlc-jack-3.0.9.2-bp151.5.6.1.x86_64",
          "SUSE Package Hub 15 SP1:vlc-lang-3.0.9.2-bp151.5.6.1.noarch",
          "SUSE Package Hub 15 SP1:vlc-noX-3.0.9.2-bp151.5.6.1.x86_64",
          "SUSE Package Hub 15 SP1:vlc-opencv-3.0.9.2-bp151.5.6.1.x86_64",
          "SUSE Package Hub 15 SP1:vlc-qt-3.0.9.2-bp151.5.6.1.x86_64",
          "SUSE Package Hub 15 SP1:vlc-vdpau-3.0.9.2-bp151.5.6.1.x86_64"
        ]
      },
      "references": [
        {
          "category": "external",
          "summary": "CVE-2019-14438",
          "url": "https://www.suse.com/security/cve/CVE-2019-14438"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1146428 for CVE-2019-14438",
          "url": "https://bugzilla.suse.com/1146428"
        }
      ],
      "remediations": [
        {
          "category": "vendor_fix",
          "details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
          "product_ids": [
            "SUSE Package Hub 15 SP1:libvlc5-3.0.9.2-bp151.5.6.1.x86_64",
            "SUSE Package Hub 15 SP1:libvlccore9-3.0.9.2-bp151.5.6.1.x86_64",
            "SUSE Package Hub 15 SP1:vlc-3.0.9.2-bp151.5.6.1.x86_64",
            "SUSE Package Hub 15 SP1:vlc-codec-gstreamer-3.0.9.2-bp151.5.6.1.x86_64",
            "SUSE Package Hub 15 SP1:vlc-devel-3.0.9.2-bp151.5.6.1.x86_64",
            "SUSE Package Hub 15 SP1:vlc-jack-3.0.9.2-bp151.5.6.1.x86_64",
            "SUSE Package Hub 15 SP1:vlc-lang-3.0.9.2-bp151.5.6.1.noarch",
            "SUSE Package Hub 15 SP1:vlc-noX-3.0.9.2-bp151.5.6.1.x86_64",
            "SUSE Package Hub 15 SP1:vlc-opencv-3.0.9.2-bp151.5.6.1.x86_64",
            "SUSE Package Hub 15 SP1:vlc-qt-3.0.9.2-bp151.5.6.1.x86_64",
            "SUSE Package Hub 15 SP1:vlc-vdpau-3.0.9.2-bp151.5.6.1.x86_64"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 7.8,
            "baseSeverity": "HIGH",
            "vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
            "version": "3.0"
          },
          "products": [
            "SUSE Package Hub 15 SP1:libvlc5-3.0.9.2-bp151.5.6.1.x86_64",
            "SUSE Package Hub 15 SP1:libvlccore9-3.0.9.2-bp151.5.6.1.x86_64",
            "SUSE Package Hub 15 SP1:vlc-3.0.9.2-bp151.5.6.1.x86_64",
            "SUSE Package Hub 15 SP1:vlc-codec-gstreamer-3.0.9.2-bp151.5.6.1.x86_64",
            "SUSE Package Hub 15 SP1:vlc-devel-3.0.9.2-bp151.5.6.1.x86_64",
            "SUSE Package Hub 15 SP1:vlc-jack-3.0.9.2-bp151.5.6.1.x86_64",
            "SUSE Package Hub 15 SP1:vlc-lang-3.0.9.2-bp151.5.6.1.noarch",
            "SUSE Package Hub 15 SP1:vlc-noX-3.0.9.2-bp151.5.6.1.x86_64",
            "SUSE Package Hub 15 SP1:vlc-opencv-3.0.9.2-bp151.5.6.1.x86_64",
            "SUSE Package Hub 15 SP1:vlc-qt-3.0.9.2-bp151.5.6.1.x86_64",
            "SUSE Package Hub 15 SP1:vlc-vdpau-3.0.9.2-bp151.5.6.1.x86_64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "date": "2020-04-29T06:03:33Z",
          "details": "moderate"
        }
      ],
      "title": "CVE-2019-14438"
    },
    {
      "cve": "CVE-2019-14498",
      "ids": [
        {
          "system_name": "SUSE CVE Page",
          "text": "https://www.suse.com/security/cve/CVE-2019-14498"
        }
      ],
      "notes": [
        {
          "category": "general",
          "text": "A divide-by-zero error exists in the Control function of demux/caf.c in VideoLAN VLC media player 3.0.7.1. As a result, an FPE can be triggered via a crafted CAF file.",
          "title": "CVE description"
        }
      ],
      "product_status": {
        "recommended": [
          "SUSE Package Hub 15 SP1:libvlc5-3.0.9.2-bp151.5.6.1.x86_64",
          "SUSE Package Hub 15 SP1:libvlccore9-3.0.9.2-bp151.5.6.1.x86_64",
          "SUSE Package Hub 15 SP1:vlc-3.0.9.2-bp151.5.6.1.x86_64",
          "SUSE Package Hub 15 SP1:vlc-codec-gstreamer-3.0.9.2-bp151.5.6.1.x86_64",
          "SUSE Package Hub 15 SP1:vlc-devel-3.0.9.2-bp151.5.6.1.x86_64",
          "SUSE Package Hub 15 SP1:vlc-jack-3.0.9.2-bp151.5.6.1.x86_64",
          "SUSE Package Hub 15 SP1:vlc-lang-3.0.9.2-bp151.5.6.1.noarch",
          "SUSE Package Hub 15 SP1:vlc-noX-3.0.9.2-bp151.5.6.1.x86_64",
          "SUSE Package Hub 15 SP1:vlc-opencv-3.0.9.2-bp151.5.6.1.x86_64",
          "SUSE Package Hub 15 SP1:vlc-qt-3.0.9.2-bp151.5.6.1.x86_64",
          "SUSE Package Hub 15 SP1:vlc-vdpau-3.0.9.2-bp151.5.6.1.x86_64"
        ]
      },
      "references": [
        {
          "category": "external",
          "summary": "CVE-2019-14498",
          "url": "https://www.suse.com/security/cve/CVE-2019-14498"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1146428 for CVE-2019-14498",
          "url": "https://bugzilla.suse.com/1146428"
        }
      ],
      "remediations": [
        {
          "category": "vendor_fix",
          "details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
          "product_ids": [
            "SUSE Package Hub 15 SP1:libvlc5-3.0.9.2-bp151.5.6.1.x86_64",
            "SUSE Package Hub 15 SP1:libvlccore9-3.0.9.2-bp151.5.6.1.x86_64",
            "SUSE Package Hub 15 SP1:vlc-3.0.9.2-bp151.5.6.1.x86_64",
            "SUSE Package Hub 15 SP1:vlc-codec-gstreamer-3.0.9.2-bp151.5.6.1.x86_64",
            "SUSE Package Hub 15 SP1:vlc-devel-3.0.9.2-bp151.5.6.1.x86_64",
            "SUSE Package Hub 15 SP1:vlc-jack-3.0.9.2-bp151.5.6.1.x86_64",
            "SUSE Package Hub 15 SP1:vlc-lang-3.0.9.2-bp151.5.6.1.noarch",
            "SUSE Package Hub 15 SP1:vlc-noX-3.0.9.2-bp151.5.6.1.x86_64",
            "SUSE Package Hub 15 SP1:vlc-opencv-3.0.9.2-bp151.5.6.1.x86_64",
            "SUSE Package Hub 15 SP1:vlc-qt-3.0.9.2-bp151.5.6.1.x86_64",
            "SUSE Package Hub 15 SP1:vlc-vdpau-3.0.9.2-bp151.5.6.1.x86_64"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 7.8,
            "baseSeverity": "HIGH",
            "vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
            "version": "3.0"
          },
          "products": [
            "SUSE Package Hub 15 SP1:libvlc5-3.0.9.2-bp151.5.6.1.x86_64",
            "SUSE Package Hub 15 SP1:libvlccore9-3.0.9.2-bp151.5.6.1.x86_64",
            "SUSE Package Hub 15 SP1:vlc-3.0.9.2-bp151.5.6.1.x86_64",
            "SUSE Package Hub 15 SP1:vlc-codec-gstreamer-3.0.9.2-bp151.5.6.1.x86_64",
            "SUSE Package Hub 15 SP1:vlc-devel-3.0.9.2-bp151.5.6.1.x86_64",
            "SUSE Package Hub 15 SP1:vlc-jack-3.0.9.2-bp151.5.6.1.x86_64",
            "SUSE Package Hub 15 SP1:vlc-lang-3.0.9.2-bp151.5.6.1.noarch",
            "SUSE Package Hub 15 SP1:vlc-noX-3.0.9.2-bp151.5.6.1.x86_64",
            "SUSE Package Hub 15 SP1:vlc-opencv-3.0.9.2-bp151.5.6.1.x86_64",
            "SUSE Package Hub 15 SP1:vlc-qt-3.0.9.2-bp151.5.6.1.x86_64",
            "SUSE Package Hub 15 SP1:vlc-vdpau-3.0.9.2-bp151.5.6.1.x86_64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "date": "2020-04-29T06:03:33Z",
          "details": "moderate"
        }
      ],
      "title": "CVE-2019-14498"
    },
    {
      "cve": "CVE-2019-14533",
      "ids": [
        {
          "system_name": "SUSE CVE Page",
          "text": "https://www.suse.com/security/cve/CVE-2019-14533"
        }
      ],
      "notes": [
        {
          "category": "general",
          "text": "The Control function of demux/asf/asf.c in VideoLAN VLC media player 3.0.7.1 has a use-after-free.",
          "title": "CVE description"
        }
      ],
      "product_status": {
        "recommended": [
          "SUSE Package Hub 15 SP1:libvlc5-3.0.9.2-bp151.5.6.1.x86_64",
          "SUSE Package Hub 15 SP1:libvlccore9-3.0.9.2-bp151.5.6.1.x86_64",
          "SUSE Package Hub 15 SP1:vlc-3.0.9.2-bp151.5.6.1.x86_64",
          "SUSE Package Hub 15 SP1:vlc-codec-gstreamer-3.0.9.2-bp151.5.6.1.x86_64",
          "SUSE Package Hub 15 SP1:vlc-devel-3.0.9.2-bp151.5.6.1.x86_64",
          "SUSE Package Hub 15 SP1:vlc-jack-3.0.9.2-bp151.5.6.1.x86_64",
          "SUSE Package Hub 15 SP1:vlc-lang-3.0.9.2-bp151.5.6.1.noarch",
          "SUSE Package Hub 15 SP1:vlc-noX-3.0.9.2-bp151.5.6.1.x86_64",
          "SUSE Package Hub 15 SP1:vlc-opencv-3.0.9.2-bp151.5.6.1.x86_64",
          "SUSE Package Hub 15 SP1:vlc-qt-3.0.9.2-bp151.5.6.1.x86_64",
          "SUSE Package Hub 15 SP1:vlc-vdpau-3.0.9.2-bp151.5.6.1.x86_64"
        ]
      },
      "references": [
        {
          "category": "external",
          "summary": "CVE-2019-14533",
          "url": "https://www.suse.com/security/cve/CVE-2019-14533"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1146428 for CVE-2019-14533",
          "url": "https://bugzilla.suse.com/1146428"
        }
      ],
      "remediations": [
        {
          "category": "vendor_fix",
          "details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
          "product_ids": [
            "SUSE Package Hub 15 SP1:libvlc5-3.0.9.2-bp151.5.6.1.x86_64",
            "SUSE Package Hub 15 SP1:libvlccore9-3.0.9.2-bp151.5.6.1.x86_64",
            "SUSE Package Hub 15 SP1:vlc-3.0.9.2-bp151.5.6.1.x86_64",
            "SUSE Package Hub 15 SP1:vlc-codec-gstreamer-3.0.9.2-bp151.5.6.1.x86_64",
            "SUSE Package Hub 15 SP1:vlc-devel-3.0.9.2-bp151.5.6.1.x86_64",
            "SUSE Package Hub 15 SP1:vlc-jack-3.0.9.2-bp151.5.6.1.x86_64",
            "SUSE Package Hub 15 SP1:vlc-lang-3.0.9.2-bp151.5.6.1.noarch",
            "SUSE Package Hub 15 SP1:vlc-noX-3.0.9.2-bp151.5.6.1.x86_64",
            "SUSE Package Hub 15 SP1:vlc-opencv-3.0.9.2-bp151.5.6.1.x86_64",
            "SUSE Package Hub 15 SP1:vlc-qt-3.0.9.2-bp151.5.6.1.x86_64",
            "SUSE Package Hub 15 SP1:vlc-vdpau-3.0.9.2-bp151.5.6.1.x86_64"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 7.8,
            "baseSeverity": "HIGH",
            "vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
            "version": "3.0"
          },
          "products": [
            "SUSE Package Hub 15 SP1:libvlc5-3.0.9.2-bp151.5.6.1.x86_64",
            "SUSE Package Hub 15 SP1:libvlccore9-3.0.9.2-bp151.5.6.1.x86_64",
            "SUSE Package Hub 15 SP1:vlc-3.0.9.2-bp151.5.6.1.x86_64",
            "SUSE Package Hub 15 SP1:vlc-codec-gstreamer-3.0.9.2-bp151.5.6.1.x86_64",
            "SUSE Package Hub 15 SP1:vlc-devel-3.0.9.2-bp151.5.6.1.x86_64",
            "SUSE Package Hub 15 SP1:vlc-jack-3.0.9.2-bp151.5.6.1.x86_64",
            "SUSE Package Hub 15 SP1:vlc-lang-3.0.9.2-bp151.5.6.1.noarch",
            "SUSE Package Hub 15 SP1:vlc-noX-3.0.9.2-bp151.5.6.1.x86_64",
            "SUSE Package Hub 15 SP1:vlc-opencv-3.0.9.2-bp151.5.6.1.x86_64",
            "SUSE Package Hub 15 SP1:vlc-qt-3.0.9.2-bp151.5.6.1.x86_64",
            "SUSE Package Hub 15 SP1:vlc-vdpau-3.0.9.2-bp151.5.6.1.x86_64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "date": "2020-04-29T06:03:33Z",
          "details": "moderate"
        }
      ],
      "title": "CVE-2019-14533"
    },
    {
      "cve": "CVE-2019-14534",
      "ids": [
        {
          "system_name": "SUSE CVE Page",
          "text": "https://www.suse.com/security/cve/CVE-2019-14534"
        }
      ],
      "notes": [
        {
          "category": "general",
          "text": "In VideoLAN VLC media player 3.0.7.1, there is a NULL pointer dereference at the function SeekPercent of demux/asf/asf.c that will lead to a denial of service attack.",
          "title": "CVE description"
        }
      ],
      "product_status": {
        "recommended": [
          "SUSE Package Hub 15 SP1:libvlc5-3.0.9.2-bp151.5.6.1.x86_64",
          "SUSE Package Hub 15 SP1:libvlccore9-3.0.9.2-bp151.5.6.1.x86_64",
          "SUSE Package Hub 15 SP1:vlc-3.0.9.2-bp151.5.6.1.x86_64",
          "SUSE Package Hub 15 SP1:vlc-codec-gstreamer-3.0.9.2-bp151.5.6.1.x86_64",
          "SUSE Package Hub 15 SP1:vlc-devel-3.0.9.2-bp151.5.6.1.x86_64",
          "SUSE Package Hub 15 SP1:vlc-jack-3.0.9.2-bp151.5.6.1.x86_64",
          "SUSE Package Hub 15 SP1:vlc-lang-3.0.9.2-bp151.5.6.1.noarch",
          "SUSE Package Hub 15 SP1:vlc-noX-3.0.9.2-bp151.5.6.1.x86_64",
          "SUSE Package Hub 15 SP1:vlc-opencv-3.0.9.2-bp151.5.6.1.x86_64",
          "SUSE Package Hub 15 SP1:vlc-qt-3.0.9.2-bp151.5.6.1.x86_64",
          "SUSE Package Hub 15 SP1:vlc-vdpau-3.0.9.2-bp151.5.6.1.x86_64"
        ]
      },
      "references": [
        {
          "category": "external",
          "summary": "CVE-2019-14534",
          "url": "https://www.suse.com/security/cve/CVE-2019-14534"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1146428 for CVE-2019-14534",
          "url": "https://bugzilla.suse.com/1146428"
        }
      ],
      "remediations": [
        {
          "category": "vendor_fix",
          "details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
          "product_ids": [
            "SUSE Package Hub 15 SP1:libvlc5-3.0.9.2-bp151.5.6.1.x86_64",
            "SUSE Package Hub 15 SP1:libvlccore9-3.0.9.2-bp151.5.6.1.x86_64",
            "SUSE Package Hub 15 SP1:vlc-3.0.9.2-bp151.5.6.1.x86_64",
            "SUSE Package Hub 15 SP1:vlc-codec-gstreamer-3.0.9.2-bp151.5.6.1.x86_64",
            "SUSE Package Hub 15 SP1:vlc-devel-3.0.9.2-bp151.5.6.1.x86_64",
            "SUSE Package Hub 15 SP1:vlc-jack-3.0.9.2-bp151.5.6.1.x86_64",
            "SUSE Package Hub 15 SP1:vlc-lang-3.0.9.2-bp151.5.6.1.noarch",
            "SUSE Package Hub 15 SP1:vlc-noX-3.0.9.2-bp151.5.6.1.x86_64",
            "SUSE Package Hub 15 SP1:vlc-opencv-3.0.9.2-bp151.5.6.1.x86_64",
            "SUSE Package Hub 15 SP1:vlc-qt-3.0.9.2-bp151.5.6.1.x86_64",
            "SUSE Package Hub 15 SP1:vlc-vdpau-3.0.9.2-bp151.5.6.1.x86_64"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 5.5,
            "baseSeverity": "MEDIUM",
            "vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
            "version": "3.0"
          },
          "products": [
            "SUSE Package Hub 15 SP1:libvlc5-3.0.9.2-bp151.5.6.1.x86_64",
            "SUSE Package Hub 15 SP1:libvlccore9-3.0.9.2-bp151.5.6.1.x86_64",
            "SUSE Package Hub 15 SP1:vlc-3.0.9.2-bp151.5.6.1.x86_64",
            "SUSE Package Hub 15 SP1:vlc-codec-gstreamer-3.0.9.2-bp151.5.6.1.x86_64",
            "SUSE Package Hub 15 SP1:vlc-devel-3.0.9.2-bp151.5.6.1.x86_64",
            "SUSE Package Hub 15 SP1:vlc-jack-3.0.9.2-bp151.5.6.1.x86_64",
            "SUSE Package Hub 15 SP1:vlc-lang-3.0.9.2-bp151.5.6.1.noarch",
            "SUSE Package Hub 15 SP1:vlc-noX-3.0.9.2-bp151.5.6.1.x86_64",
            "SUSE Package Hub 15 SP1:vlc-opencv-3.0.9.2-bp151.5.6.1.x86_64",
            "SUSE Package Hub 15 SP1:vlc-qt-3.0.9.2-bp151.5.6.1.x86_64",
            "SUSE Package Hub 15 SP1:vlc-vdpau-3.0.9.2-bp151.5.6.1.x86_64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "date": "2020-04-29T06:03:33Z",
          "details": "moderate"
        }
      ],
      "title": "CVE-2019-14534"
    },
    {
      "cve": "CVE-2019-14535",
      "ids": [
        {
          "system_name": "SUSE CVE Page",
          "text": "https://www.suse.com/security/cve/CVE-2019-14535"
        }
      ],
      "notes": [
        {
          "category": "general",
          "text": "A divide-by-zero error exists in the SeekIndex function of demux/asf/asf.c in VideoLAN VLC media player 3.0.7.1. As a result, an FPE can be triggered via a crafted WMV file.",
          "title": "CVE description"
        }
      ],
      "product_status": {
        "recommended": [
          "SUSE Package Hub 15 SP1:libvlc5-3.0.9.2-bp151.5.6.1.x86_64",
          "SUSE Package Hub 15 SP1:libvlccore9-3.0.9.2-bp151.5.6.1.x86_64",
          "SUSE Package Hub 15 SP1:vlc-3.0.9.2-bp151.5.6.1.x86_64",
          "SUSE Package Hub 15 SP1:vlc-codec-gstreamer-3.0.9.2-bp151.5.6.1.x86_64",
          "SUSE Package Hub 15 SP1:vlc-devel-3.0.9.2-bp151.5.6.1.x86_64",
          "SUSE Package Hub 15 SP1:vlc-jack-3.0.9.2-bp151.5.6.1.x86_64",
          "SUSE Package Hub 15 SP1:vlc-lang-3.0.9.2-bp151.5.6.1.noarch",
          "SUSE Package Hub 15 SP1:vlc-noX-3.0.9.2-bp151.5.6.1.x86_64",
          "SUSE Package Hub 15 SP1:vlc-opencv-3.0.9.2-bp151.5.6.1.x86_64",
          "SUSE Package Hub 15 SP1:vlc-qt-3.0.9.2-bp151.5.6.1.x86_64",
          "SUSE Package Hub 15 SP1:vlc-vdpau-3.0.9.2-bp151.5.6.1.x86_64"
        ]
      },
      "references": [
        {
          "category": "external",
          "summary": "CVE-2019-14535",
          "url": "https://www.suse.com/security/cve/CVE-2019-14535"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1146428 for CVE-2019-14535",
          "url": "https://bugzilla.suse.com/1146428"
        }
      ],
      "remediations": [
        {
          "category": "vendor_fix",
          "details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
          "product_ids": [
            "SUSE Package Hub 15 SP1:libvlc5-3.0.9.2-bp151.5.6.1.x86_64",
            "SUSE Package Hub 15 SP1:libvlccore9-3.0.9.2-bp151.5.6.1.x86_64",
            "SUSE Package Hub 15 SP1:vlc-3.0.9.2-bp151.5.6.1.x86_64",
            "SUSE Package Hub 15 SP1:vlc-codec-gstreamer-3.0.9.2-bp151.5.6.1.x86_64",
            "SUSE Package Hub 15 SP1:vlc-devel-3.0.9.2-bp151.5.6.1.x86_64",
            "SUSE Package Hub 15 SP1:vlc-jack-3.0.9.2-bp151.5.6.1.x86_64",
            "SUSE Package Hub 15 SP1:vlc-lang-3.0.9.2-bp151.5.6.1.noarch",
            "SUSE Package Hub 15 SP1:vlc-noX-3.0.9.2-bp151.5.6.1.x86_64",
            "SUSE Package Hub 15 SP1:vlc-opencv-3.0.9.2-bp151.5.6.1.x86_64",
            "SUSE Package Hub 15 SP1:vlc-qt-3.0.9.2-bp151.5.6.1.x86_64",
            "SUSE Package Hub 15 SP1:vlc-vdpau-3.0.9.2-bp151.5.6.1.x86_64"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 7.8,
            "baseSeverity": "HIGH",
            "vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
            "version": "3.0"
          },
          "products": [
            "SUSE Package Hub 15 SP1:libvlc5-3.0.9.2-bp151.5.6.1.x86_64",
            "SUSE Package Hub 15 SP1:libvlccore9-3.0.9.2-bp151.5.6.1.x86_64",
            "SUSE Package Hub 15 SP1:vlc-3.0.9.2-bp151.5.6.1.x86_64",
            "SUSE Package Hub 15 SP1:vlc-codec-gstreamer-3.0.9.2-bp151.5.6.1.x86_64",
            "SUSE Package Hub 15 SP1:vlc-devel-3.0.9.2-bp151.5.6.1.x86_64",
            "SUSE Package Hub 15 SP1:vlc-jack-3.0.9.2-bp151.5.6.1.x86_64",
            "SUSE Package Hub 15 SP1:vlc-lang-3.0.9.2-bp151.5.6.1.noarch",
            "SUSE Package Hub 15 SP1:vlc-noX-3.0.9.2-bp151.5.6.1.x86_64",
            "SUSE Package Hub 15 SP1:vlc-opencv-3.0.9.2-bp151.5.6.1.x86_64",
            "SUSE Package Hub 15 SP1:vlc-qt-3.0.9.2-bp151.5.6.1.x86_64",
            "SUSE Package Hub 15 SP1:vlc-vdpau-3.0.9.2-bp151.5.6.1.x86_64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "date": "2020-04-29T06:03:33Z",
          "details": "moderate"
        }
      ],
      "title": "CVE-2019-14535"
    },
    {
      "cve": "CVE-2019-14776",
      "ids": [
        {
          "system_name": "SUSE CVE Page",
          "text": "https://www.suse.com/security/cve/CVE-2019-14776"
        }
      ],
      "notes": [
        {
          "category": "general",
          "text": "A heap-based buffer over-read exists in DemuxInit() in demux/asf/asf.c in VideoLAN VLC media player 3.0.7.1 via a crafted .mkv file.",
          "title": "CVE description"
        }
      ],
      "product_status": {
        "recommended": [
          "SUSE Package Hub 15 SP1:libvlc5-3.0.9.2-bp151.5.6.1.x86_64",
          "SUSE Package Hub 15 SP1:libvlccore9-3.0.9.2-bp151.5.6.1.x86_64",
          "SUSE Package Hub 15 SP1:vlc-3.0.9.2-bp151.5.6.1.x86_64",
          "SUSE Package Hub 15 SP1:vlc-codec-gstreamer-3.0.9.2-bp151.5.6.1.x86_64",
          "SUSE Package Hub 15 SP1:vlc-devel-3.0.9.2-bp151.5.6.1.x86_64",
          "SUSE Package Hub 15 SP1:vlc-jack-3.0.9.2-bp151.5.6.1.x86_64",
          "SUSE Package Hub 15 SP1:vlc-lang-3.0.9.2-bp151.5.6.1.noarch",
          "SUSE Package Hub 15 SP1:vlc-noX-3.0.9.2-bp151.5.6.1.x86_64",
          "SUSE Package Hub 15 SP1:vlc-opencv-3.0.9.2-bp151.5.6.1.x86_64",
          "SUSE Package Hub 15 SP1:vlc-qt-3.0.9.2-bp151.5.6.1.x86_64",
          "SUSE Package Hub 15 SP1:vlc-vdpau-3.0.9.2-bp151.5.6.1.x86_64"
        ]
      },
      "references": [
        {
          "category": "external",
          "summary": "CVE-2019-14776",
          "url": "https://www.suse.com/security/cve/CVE-2019-14776"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1146428 for CVE-2019-14776",
          "url": "https://bugzilla.suse.com/1146428"
        }
      ],
      "remediations": [
        {
          "category": "vendor_fix",
          "details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
          "product_ids": [
            "SUSE Package Hub 15 SP1:libvlc5-3.0.9.2-bp151.5.6.1.x86_64",
            "SUSE Package Hub 15 SP1:libvlccore9-3.0.9.2-bp151.5.6.1.x86_64",
            "SUSE Package Hub 15 SP1:vlc-3.0.9.2-bp151.5.6.1.x86_64",
            "SUSE Package Hub 15 SP1:vlc-codec-gstreamer-3.0.9.2-bp151.5.6.1.x86_64",
            "SUSE Package Hub 15 SP1:vlc-devel-3.0.9.2-bp151.5.6.1.x86_64",
            "SUSE Package Hub 15 SP1:vlc-jack-3.0.9.2-bp151.5.6.1.x86_64",
            "SUSE Package Hub 15 SP1:vlc-lang-3.0.9.2-bp151.5.6.1.noarch",
            "SUSE Package Hub 15 SP1:vlc-noX-3.0.9.2-bp151.5.6.1.x86_64",
            "SUSE Package Hub 15 SP1:vlc-opencv-3.0.9.2-bp151.5.6.1.x86_64",
            "SUSE Package Hub 15 SP1:vlc-qt-3.0.9.2-bp151.5.6.1.x86_64",
            "SUSE Package Hub 15 SP1:vlc-vdpau-3.0.9.2-bp151.5.6.1.x86_64"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 7.8,
            "baseSeverity": "HIGH",
            "vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
            "version": "3.0"
          },
          "products": [
            "SUSE Package Hub 15 SP1:libvlc5-3.0.9.2-bp151.5.6.1.x86_64",
            "SUSE Package Hub 15 SP1:libvlccore9-3.0.9.2-bp151.5.6.1.x86_64",
            "SUSE Package Hub 15 SP1:vlc-3.0.9.2-bp151.5.6.1.x86_64",
            "SUSE Package Hub 15 SP1:vlc-codec-gstreamer-3.0.9.2-bp151.5.6.1.x86_64",
            "SUSE Package Hub 15 SP1:vlc-devel-3.0.9.2-bp151.5.6.1.x86_64",
            "SUSE Package Hub 15 SP1:vlc-jack-3.0.9.2-bp151.5.6.1.x86_64",
            "SUSE Package Hub 15 SP1:vlc-lang-3.0.9.2-bp151.5.6.1.noarch",
            "SUSE Package Hub 15 SP1:vlc-noX-3.0.9.2-bp151.5.6.1.x86_64",
            "SUSE Package Hub 15 SP1:vlc-opencv-3.0.9.2-bp151.5.6.1.x86_64",
            "SUSE Package Hub 15 SP1:vlc-qt-3.0.9.2-bp151.5.6.1.x86_64",
            "SUSE Package Hub 15 SP1:vlc-vdpau-3.0.9.2-bp151.5.6.1.x86_64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "date": "2020-04-29T06:03:33Z",
          "details": "moderate"
        }
      ],
      "title": "CVE-2019-14776"
    },
    {
      "cve": "CVE-2019-14777",
      "ids": [
        {
          "system_name": "SUSE CVE Page",
          "text": "https://www.suse.com/security/cve/CVE-2019-14777"
        }
      ],
      "notes": [
        {
          "category": "general",
          "text": "The Control function of demux/mkv/mkv.cpp in VideoLAN VLC media player 3.0.7.1 has a use-after-free.",
          "title": "CVE description"
        }
      ],
      "product_status": {
        "recommended": [
          "SUSE Package Hub 15 SP1:libvlc5-3.0.9.2-bp151.5.6.1.x86_64",
          "SUSE Package Hub 15 SP1:libvlccore9-3.0.9.2-bp151.5.6.1.x86_64",
          "SUSE Package Hub 15 SP1:vlc-3.0.9.2-bp151.5.6.1.x86_64",
          "SUSE Package Hub 15 SP1:vlc-codec-gstreamer-3.0.9.2-bp151.5.6.1.x86_64",
          "SUSE Package Hub 15 SP1:vlc-devel-3.0.9.2-bp151.5.6.1.x86_64",
          "SUSE Package Hub 15 SP1:vlc-jack-3.0.9.2-bp151.5.6.1.x86_64",
          "SUSE Package Hub 15 SP1:vlc-lang-3.0.9.2-bp151.5.6.1.noarch",
          "SUSE Package Hub 15 SP1:vlc-noX-3.0.9.2-bp151.5.6.1.x86_64",
          "SUSE Package Hub 15 SP1:vlc-opencv-3.0.9.2-bp151.5.6.1.x86_64",
          "SUSE Package Hub 15 SP1:vlc-qt-3.0.9.2-bp151.5.6.1.x86_64",
          "SUSE Package Hub 15 SP1:vlc-vdpau-3.0.9.2-bp151.5.6.1.x86_64"
        ]
      },
      "references": [
        {
          "category": "external",
          "summary": "CVE-2019-14777",
          "url": "https://www.suse.com/security/cve/CVE-2019-14777"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1146428 for CVE-2019-14777",
          "url": "https://bugzilla.suse.com/1146428"
        }
      ],
      "remediations": [
        {
          "category": "vendor_fix",
          "details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
          "product_ids": [
            "SUSE Package Hub 15 SP1:libvlc5-3.0.9.2-bp151.5.6.1.x86_64",
            "SUSE Package Hub 15 SP1:libvlccore9-3.0.9.2-bp151.5.6.1.x86_64",
            "SUSE Package Hub 15 SP1:vlc-3.0.9.2-bp151.5.6.1.x86_64",
            "SUSE Package Hub 15 SP1:vlc-codec-gstreamer-3.0.9.2-bp151.5.6.1.x86_64",
            "SUSE Package Hub 15 SP1:vlc-devel-3.0.9.2-bp151.5.6.1.x86_64",
            "SUSE Package Hub 15 SP1:vlc-jack-3.0.9.2-bp151.5.6.1.x86_64",
            "SUSE Package Hub 15 SP1:vlc-lang-3.0.9.2-bp151.5.6.1.noarch",
            "SUSE Package Hub 15 SP1:vlc-noX-3.0.9.2-bp151.5.6.1.x86_64",
            "SUSE Package Hub 15 SP1:vlc-opencv-3.0.9.2-bp151.5.6.1.x86_64",
            "SUSE Package Hub 15 SP1:vlc-qt-3.0.9.2-bp151.5.6.1.x86_64",
            "SUSE Package Hub 15 SP1:vlc-vdpau-3.0.9.2-bp151.5.6.1.x86_64"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 7.8,
            "baseSeverity": "HIGH",
            "vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
            "version": "3.0"
          },
          "products": [
            "SUSE Package Hub 15 SP1:libvlc5-3.0.9.2-bp151.5.6.1.x86_64",
            "SUSE Package Hub 15 SP1:libvlccore9-3.0.9.2-bp151.5.6.1.x86_64",
            "SUSE Package Hub 15 SP1:vlc-3.0.9.2-bp151.5.6.1.x86_64",
            "SUSE Package Hub 15 SP1:vlc-codec-gstreamer-3.0.9.2-bp151.5.6.1.x86_64",
            "SUSE Package Hub 15 SP1:vlc-devel-3.0.9.2-bp151.5.6.1.x86_64",
            "SUSE Package Hub 15 SP1:vlc-jack-3.0.9.2-bp151.5.6.1.x86_64",
            "SUSE Package Hub 15 SP1:vlc-lang-3.0.9.2-bp151.5.6.1.noarch",
            "SUSE Package Hub 15 SP1:vlc-noX-3.0.9.2-bp151.5.6.1.x86_64",
            "SUSE Package Hub 15 SP1:vlc-opencv-3.0.9.2-bp151.5.6.1.x86_64",
            "SUSE Package Hub 15 SP1:vlc-qt-3.0.9.2-bp151.5.6.1.x86_64",
            "SUSE Package Hub 15 SP1:vlc-vdpau-3.0.9.2-bp151.5.6.1.x86_64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "date": "2020-04-29T06:03:33Z",
          "details": "moderate"
        }
      ],
      "title": "CVE-2019-14777"
    },
    {
      "cve": "CVE-2019-14778",
      "ids": [
        {
          "system_name": "SUSE CVE Page",
          "text": "https://www.suse.com/security/cve/CVE-2019-14778"
        }
      ],
      "notes": [
        {
          "category": "general",
          "text": "The mkv::virtual_segment_c::seek method of demux/mkv/virtual_segment.cpp in VideoLAN VLC media player 3.0.7.1 has a use-after-free.",
          "title": "CVE description"
        }
      ],
      "product_status": {
        "recommended": [
          "SUSE Package Hub 15 SP1:libvlc5-3.0.9.2-bp151.5.6.1.x86_64",
          "SUSE Package Hub 15 SP1:libvlccore9-3.0.9.2-bp151.5.6.1.x86_64",
          "SUSE Package Hub 15 SP1:vlc-3.0.9.2-bp151.5.6.1.x86_64",
          "SUSE Package Hub 15 SP1:vlc-codec-gstreamer-3.0.9.2-bp151.5.6.1.x86_64",
          "SUSE Package Hub 15 SP1:vlc-devel-3.0.9.2-bp151.5.6.1.x86_64",
          "SUSE Package Hub 15 SP1:vlc-jack-3.0.9.2-bp151.5.6.1.x86_64",
          "SUSE Package Hub 15 SP1:vlc-lang-3.0.9.2-bp151.5.6.1.noarch",
          "SUSE Package Hub 15 SP1:vlc-noX-3.0.9.2-bp151.5.6.1.x86_64",
          "SUSE Package Hub 15 SP1:vlc-opencv-3.0.9.2-bp151.5.6.1.x86_64",
          "SUSE Package Hub 15 SP1:vlc-qt-3.0.9.2-bp151.5.6.1.x86_64",
          "SUSE Package Hub 15 SP1:vlc-vdpau-3.0.9.2-bp151.5.6.1.x86_64"
        ]
      },
      "references": [
        {
          "category": "external",
          "summary": "CVE-2019-14778",
          "url": "https://www.suse.com/security/cve/CVE-2019-14778"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1146428 for CVE-2019-14778",
          "url": "https://bugzilla.suse.com/1146428"
        }
      ],
      "remediations": [
        {
          "category": "vendor_fix",
          "details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
          "product_ids": [
            "SUSE Package Hub 15 SP1:libvlc5-3.0.9.2-bp151.5.6.1.x86_64",
            "SUSE Package Hub 15 SP1:libvlccore9-3.0.9.2-bp151.5.6.1.x86_64",
            "SUSE Package Hub 15 SP1:vlc-3.0.9.2-bp151.5.6.1.x86_64",
            "SUSE Package Hub 15 SP1:vlc-codec-gstreamer-3.0.9.2-bp151.5.6.1.x86_64",
            "SUSE Package Hub 15 SP1:vlc-devel-3.0.9.2-bp151.5.6.1.x86_64",
            "SUSE Package Hub 15 SP1:vlc-jack-3.0.9.2-bp151.5.6.1.x86_64",
            "SUSE Package Hub 15 SP1:vlc-lang-3.0.9.2-bp151.5.6.1.noarch",
            "SUSE Package Hub 15 SP1:vlc-noX-3.0.9.2-bp151.5.6.1.x86_64",
            "SUSE Package Hub 15 SP1:vlc-opencv-3.0.9.2-bp151.5.6.1.x86_64",
            "SUSE Package Hub 15 SP1:vlc-qt-3.0.9.2-bp151.5.6.1.x86_64",
            "SUSE Package Hub 15 SP1:vlc-vdpau-3.0.9.2-bp151.5.6.1.x86_64"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 7.8,
            "baseSeverity": "HIGH",
            "vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
            "version": "3.0"
          },
          "products": [
            "SUSE Package Hub 15 SP1:libvlc5-3.0.9.2-bp151.5.6.1.x86_64",
            "SUSE Package Hub 15 SP1:libvlccore9-3.0.9.2-bp151.5.6.1.x86_64",
            "SUSE Package Hub 15 SP1:vlc-3.0.9.2-bp151.5.6.1.x86_64",
            "SUSE Package Hub 15 SP1:vlc-codec-gstreamer-3.0.9.2-bp151.5.6.1.x86_64",
            "SUSE Package Hub 15 SP1:vlc-devel-3.0.9.2-bp151.5.6.1.x86_64",
            "SUSE Package Hub 15 SP1:vlc-jack-3.0.9.2-bp151.5.6.1.x86_64",
            "SUSE Package Hub 15 SP1:vlc-lang-3.0.9.2-bp151.5.6.1.noarch",
            "SUSE Package Hub 15 SP1:vlc-noX-3.0.9.2-bp151.5.6.1.x86_64",
            "SUSE Package Hub 15 SP1:vlc-opencv-3.0.9.2-bp151.5.6.1.x86_64",
            "SUSE Package Hub 15 SP1:vlc-qt-3.0.9.2-bp151.5.6.1.x86_64",
            "SUSE Package Hub 15 SP1:vlc-vdpau-3.0.9.2-bp151.5.6.1.x86_64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "date": "2020-04-29T06:03:33Z",
          "details": "moderate"
        }
      ],
      "title": "CVE-2019-14778"
    },
    {
      "cve": "CVE-2019-14970",
      "ids": [
        {
          "system_name": "SUSE CVE Page",
          "text": "https://www.suse.com/security/cve/CVE-2019-14970"
        }
      ],
      "notes": [
        {
          "category": "general",
          "text": "A vulnerability in mkv::event_thread_t in VideoLAN VLC media player 3.0.7.1 allows remote attackers to trigger a heap-based buffer overflow via a crafted .mkv file.",
          "title": "CVE description"
        }
      ],
      "product_status": {
        "recommended": [
          "SUSE Package Hub 15 SP1:libvlc5-3.0.9.2-bp151.5.6.1.x86_64",
          "SUSE Package Hub 15 SP1:libvlccore9-3.0.9.2-bp151.5.6.1.x86_64",
          "SUSE Package Hub 15 SP1:vlc-3.0.9.2-bp151.5.6.1.x86_64",
          "SUSE Package Hub 15 SP1:vlc-codec-gstreamer-3.0.9.2-bp151.5.6.1.x86_64",
          "SUSE Package Hub 15 SP1:vlc-devel-3.0.9.2-bp151.5.6.1.x86_64",
          "SUSE Package Hub 15 SP1:vlc-jack-3.0.9.2-bp151.5.6.1.x86_64",
          "SUSE Package Hub 15 SP1:vlc-lang-3.0.9.2-bp151.5.6.1.noarch",
          "SUSE Package Hub 15 SP1:vlc-noX-3.0.9.2-bp151.5.6.1.x86_64",
          "SUSE Package Hub 15 SP1:vlc-opencv-3.0.9.2-bp151.5.6.1.x86_64",
          "SUSE Package Hub 15 SP1:vlc-qt-3.0.9.2-bp151.5.6.1.x86_64",
          "SUSE Package Hub 15 SP1:vlc-vdpau-3.0.9.2-bp151.5.6.1.x86_64"
        ]
      },
      "references": [
        {
          "category": "external",
          "summary": "CVE-2019-14970",
          "url": "https://www.suse.com/security/cve/CVE-2019-14970"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1146428 for CVE-2019-14970",
          "url": "https://bugzilla.suse.com/1146428"
        }
      ],
      "remediations": [
        {
          "category": "vendor_fix",
          "details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
          "product_ids": [
            "SUSE Package Hub 15 SP1:libvlc5-3.0.9.2-bp151.5.6.1.x86_64",
            "SUSE Package Hub 15 SP1:libvlccore9-3.0.9.2-bp151.5.6.1.x86_64",
            "SUSE Package Hub 15 SP1:vlc-3.0.9.2-bp151.5.6.1.x86_64",
            "SUSE Package Hub 15 SP1:vlc-codec-gstreamer-3.0.9.2-bp151.5.6.1.x86_64",
            "SUSE Package Hub 15 SP1:vlc-devel-3.0.9.2-bp151.5.6.1.x86_64",
            "SUSE Package Hub 15 SP1:vlc-jack-3.0.9.2-bp151.5.6.1.x86_64",
            "SUSE Package Hub 15 SP1:vlc-lang-3.0.9.2-bp151.5.6.1.noarch",
            "SUSE Package Hub 15 SP1:vlc-noX-3.0.9.2-bp151.5.6.1.x86_64",
            "SUSE Package Hub 15 SP1:vlc-opencv-3.0.9.2-bp151.5.6.1.x86_64",
            "SUSE Package Hub 15 SP1:vlc-qt-3.0.9.2-bp151.5.6.1.x86_64",
            "SUSE Package Hub 15 SP1:vlc-vdpau-3.0.9.2-bp151.5.6.1.x86_64"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 7.8,
            "baseSeverity": "HIGH",
            "vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
            "version": "3.0"
          },
          "products": [
            "SUSE Package Hub 15 SP1:libvlc5-3.0.9.2-bp151.5.6.1.x86_64",
            "SUSE Package Hub 15 SP1:libvlccore9-3.0.9.2-bp151.5.6.1.x86_64",
            "SUSE Package Hub 15 SP1:vlc-3.0.9.2-bp151.5.6.1.x86_64",
            "SUSE Package Hub 15 SP1:vlc-codec-gstreamer-3.0.9.2-bp151.5.6.1.x86_64",
            "SUSE Package Hub 15 SP1:vlc-devel-3.0.9.2-bp151.5.6.1.x86_64",
            "SUSE Package Hub 15 SP1:vlc-jack-3.0.9.2-bp151.5.6.1.x86_64",
            "SUSE Package Hub 15 SP1:vlc-lang-3.0.9.2-bp151.5.6.1.noarch",
            "SUSE Package Hub 15 SP1:vlc-noX-3.0.9.2-bp151.5.6.1.x86_64",
            "SUSE Package Hub 15 SP1:vlc-opencv-3.0.9.2-bp151.5.6.1.x86_64",
            "SUSE Package Hub 15 SP1:vlc-qt-3.0.9.2-bp151.5.6.1.x86_64",
            "SUSE Package Hub 15 SP1:vlc-vdpau-3.0.9.2-bp151.5.6.1.x86_64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "date": "2020-04-29T06:03:33Z",
          "details": "moderate"
        }
      ],
      "title": "CVE-2019-14970"
    }
  ]
}

CVE-2019-14778 (GCVE-0-2019-14778)

Vulnerability from cvelistv5

Published

2019-08-29 18:47

Modified

2024-08-05 00:26

Severity ?

CWE

Summary

The mkv::virtual_segment_c::seek method of demux/mkv/virtual_segment.cpp in VideoLAN VLC media player 3.0.7.1 has a use-after-free.

References

►

URL

Tags

	http://git.videolan.org/?p=vlc.git&a=search&h=refs/heads/master&st=commit&s=cve-2019	x_refsource_CONFIRM
	https://www.debian.org/security/2019/dsa-4504	vendor-advisory, x_refsource_DEBIAN
	https://seclists.org/bugtraq/2019/Aug/36	mailing-list, x_refsource_BUGTRAQ
	https://www.videolan.org/security/sb-vlc308.html	x_refsource_CONFIRM
	https://security.gentoo.org/glsa/201909-02	vendor-advisory, x_refsource_GENTOO
	https://usn.ubuntu.com/4131-1/	vendor-advisory, x_refsource_UBUNTU
	http://lists.opensuse.org/opensuse-security-announce/2020-04/msg00036.html	vendor-advisory, x_refsource_SUSE
	http://lists.opensuse.org/opensuse-security-announce/2020-04/msg00046.html	vendor-advisory, x_refsource_SUSE

Impacted products

	Vendor	Product	Version
	n/a	n/a	Version: n/a

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-05T00:26:38.642Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://git.videolan.org/?p=vlc.git\u0026a=search\u0026h=refs/heads/master\u0026st=commit\u0026s=cve-2019"
          },
          {
            "name": "DSA-4504",
            "tags": [
              "vendor-advisory",
              "x_refsource_DEBIAN",
              "x_transferred"
            ],
            "url": "https://www.debian.org/security/2019/dsa-4504"
          },
          {
            "name": "20190821 [SECURITY] [DSA 4504-1] vlc security update",
            "tags": [
              "mailing-list",
              "x_refsource_BUGTRAQ",
              "x_transferred"
            ],
            "url": "https://seclists.org/bugtraq/2019/Aug/36"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://www.videolan.org/security/sb-vlc308.html"
          },
          {
            "name": "GLSA-201909-02",
            "tags": [
              "vendor-advisory",
              "x_refsource_GENTOO",
              "x_transferred"
            ],
            "url": "https://security.gentoo.org/glsa/201909-02"
          },
          {
            "name": "USN-4131-1",
            "tags": [
              "vendor-advisory",
              "x_refsource_UBUNTU",
              "x_transferred"
            ],
            "url": "https://usn.ubuntu.com/4131-1/"
          },
          {
            "name": "openSUSE-SU-2020:0545",
            "tags": [
              "vendor-advisory",
              "x_refsource_SUSE",
              "x_transferred"
            ],
            "url": "http://lists.opensuse.org/opensuse-security-announce/2020-04/msg00036.html"
          },
          {
            "name": "openSUSE-SU-2020:0562",
            "tags": [
              "vendor-advisory",
              "x_refsource_SUSE",
              "x_transferred"
            ],
            "url": "http://lists.opensuse.org/opensuse-security-announce/2020-04/msg00046.html"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "datePublic": "2019-08-14T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "The mkv::virtual_segment_c::seek method of demux/mkv/virtual_segment.cpp in VideoLAN VLC media player 3.0.7.1 has a use-after-free."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2020-04-29T11:06:11",
        "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "shortName": "mitre"
      },
      "references": [
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://git.videolan.org/?p=vlc.git\u0026a=search\u0026h=refs/heads/master\u0026st=commit\u0026s=cve-2019"
        },
        {
          "name": "DSA-4504",
          "tags": [
            "vendor-advisory",
            "x_refsource_DEBIAN"
          ],
          "url": "https://www.debian.org/security/2019/dsa-4504"
        },
        {
          "name": "20190821 [SECURITY] [DSA 4504-1] vlc security update",
          "tags": [
            "mailing-list",
            "x_refsource_BUGTRAQ"
          ],
          "url": "https://seclists.org/bugtraq/2019/Aug/36"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://www.videolan.org/security/sb-vlc308.html"
        },
        {
          "name": "GLSA-201909-02",
          "tags": [
            "vendor-advisory",
            "x_refsource_GENTOO"
          ],
          "url": "https://security.gentoo.org/glsa/201909-02"
        },
        {
          "name": "USN-4131-1",
          "tags": [
            "vendor-advisory",
            "x_refsource_UBUNTU"
          ],
          "url": "https://usn.ubuntu.com/4131-1/"
        },
        {
          "name": "openSUSE-SU-2020:0545",
          "tags": [
            "vendor-advisory",
            "x_refsource_SUSE"
          ],
          "url": "http://lists.opensuse.org/opensuse-security-announce/2020-04/msg00036.html"
        },
        {
          "name": "openSUSE-SU-2020:0562",
          "tags": [
            "vendor-advisory",
            "x_refsource_SUSE"
          ],
          "url": "http://lists.opensuse.org/opensuse-security-announce/2020-04/msg00046.html"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "cve@mitre.org",
          "ID": "CVE-2019-14778",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "n/a",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "The mkv::virtual_segment_c::seek method of demux/mkv/virtual_segment.cpp in VideoLAN VLC media player 3.0.7.1 has a use-after-free."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "n/a"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "http://git.videolan.org/?p=vlc.git\u0026a=search\u0026h=refs/heads/master\u0026st=commit\u0026s=cve-2019",
              "refsource": "CONFIRM",
              "url": "http://git.videolan.org/?p=vlc.git\u0026a=search\u0026h=refs/heads/master\u0026st=commit\u0026s=cve-2019"
            },
            {
              "name": "DSA-4504",
              "refsource": "DEBIAN",
              "url": "https://www.debian.org/security/2019/dsa-4504"
            },
            {
              "name": "20190821 [SECURITY] [DSA 4504-1] vlc security update",
              "refsource": "BUGTRAQ",
              "url": "https://seclists.org/bugtraq/2019/Aug/36"
            },
            {
              "name": "https://www.videolan.org/security/sb-vlc308.html",
              "refsource": "CONFIRM",
              "url": "https://www.videolan.org/security/sb-vlc308.html"
            },
            {
              "name": "GLSA-201909-02",
              "refsource": "GENTOO",
              "url": "https://security.gentoo.org/glsa/201909-02"
            },
            {
              "name": "USN-4131-1",
              "refsource": "UBUNTU",
              "url": "https://usn.ubuntu.com/4131-1/"
            },
            {
              "name": "openSUSE-SU-2020:0545",
              "refsource": "SUSE",
              "url": "http://lists.opensuse.org/opensuse-security-announce/2020-04/msg00036.html"
            },
            {
              "name": "openSUSE-SU-2020:0562",
              "refsource": "SUSE",
              "url": "http://lists.opensuse.org/opensuse-security-announce/2020-04/msg00046.html"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
    "assignerShortName": "mitre",
    "cveId": "CVE-2019-14778",
    "datePublished": "2019-08-29T18:47:41",
    "dateReserved": "2019-08-08T00:00:00",
    "dateUpdated": "2024-08-05T00:26:38.642Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2019-14534 (GCVE-0-2019-14534)

Vulnerability from cvelistv5

Published

2019-08-29 18:41

Modified

2024-08-05 00:19

Severity ?

CWE

Summary

In VideoLAN VLC media player 3.0.7.1, there is a NULL pointer dereference at the function SeekPercent of demux/asf/asf.c that will lead to a denial of service attack.

References

►

URL

Tags

	http://git.videolan.org/?p=vlc.git&a=search&h=refs/heads/master&st=commit&s=cve-2019	x_refsource_CONFIRM
	https://www.debian.org/security/2019/dsa-4504	vendor-advisory, x_refsource_DEBIAN
	https://seclists.org/bugtraq/2019/Aug/36	mailing-list, x_refsource_BUGTRAQ
	https://www.videolan.org/security/sb-vlc308.html	x_refsource_CONFIRM
	https://security.gentoo.org/glsa/201909-02	vendor-advisory, x_refsource_GENTOO
	https://usn.ubuntu.com/4131-1/	vendor-advisory, x_refsource_UBUNTU
	http://lists.opensuse.org/opensuse-security-announce/2020-04/msg00036.html	vendor-advisory, x_refsource_SUSE
	http://lists.opensuse.org/opensuse-security-announce/2020-04/msg00046.html	vendor-advisory, x_refsource_SUSE

Impacted products

	Vendor	Product	Version
	n/a	n/a	Version: n/a

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-05T00:19:41.192Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://git.videolan.org/?p=vlc.git\u0026a=search\u0026h=refs/heads/master\u0026st=commit\u0026s=cve-2019"
          },
          {
            "name": "DSA-4504",
            "tags": [
              "vendor-advisory",
              "x_refsource_DEBIAN",
              "x_transferred"
            ],
            "url": "https://www.debian.org/security/2019/dsa-4504"
          },
          {
            "name": "20190821 [SECURITY] [DSA 4504-1] vlc security update",
            "tags": [
              "mailing-list",
              "x_refsource_BUGTRAQ",
              "x_transferred"
            ],
            "url": "https://seclists.org/bugtraq/2019/Aug/36"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://www.videolan.org/security/sb-vlc308.html"
          },
          {
            "name": "GLSA-201909-02",
            "tags": [
              "vendor-advisory",
              "x_refsource_GENTOO",
              "x_transferred"
            ],
            "url": "https://security.gentoo.org/glsa/201909-02"
          },
          {
            "name": "USN-4131-1",
            "tags": [
              "vendor-advisory",
              "x_refsource_UBUNTU",
              "x_transferred"
            ],
            "url": "https://usn.ubuntu.com/4131-1/"
          },
          {
            "name": "openSUSE-SU-2020:0545",
            "tags": [
              "vendor-advisory",
              "x_refsource_SUSE",
              "x_transferred"
            ],
            "url": "http://lists.opensuse.org/opensuse-security-announce/2020-04/msg00036.html"
          },
          {
            "name": "openSUSE-SU-2020:0562",
            "tags": [
              "vendor-advisory",
              "x_refsource_SUSE",
              "x_transferred"
            ],
            "url": "http://lists.opensuse.org/opensuse-security-announce/2020-04/msg00046.html"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "datePublic": "2019-08-14T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "In VideoLAN VLC media player 3.0.7.1, there is a NULL pointer dereference at the function SeekPercent of demux/asf/asf.c that will lead to a denial of service attack."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2020-04-29T11:06:13",
        "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "shortName": "mitre"
      },
      "references": [
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://git.videolan.org/?p=vlc.git\u0026a=search\u0026h=refs/heads/master\u0026st=commit\u0026s=cve-2019"
        },
        {
          "name": "DSA-4504",
          "tags": [
            "vendor-advisory",
            "x_refsource_DEBIAN"
          ],
          "url": "https://www.debian.org/security/2019/dsa-4504"
        },
        {
          "name": "20190821 [SECURITY] [DSA 4504-1] vlc security update",
          "tags": [
            "mailing-list",
            "x_refsource_BUGTRAQ"
          ],
          "url": "https://seclists.org/bugtraq/2019/Aug/36"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://www.videolan.org/security/sb-vlc308.html"
        },
        {
          "name": "GLSA-201909-02",
          "tags": [
            "vendor-advisory",
            "x_refsource_GENTOO"
          ],
          "url": "https://security.gentoo.org/glsa/201909-02"
        },
        {
          "name": "USN-4131-1",
          "tags": [
            "vendor-advisory",
            "x_refsource_UBUNTU"
          ],
          "url": "https://usn.ubuntu.com/4131-1/"
        },
        {
          "name": "openSUSE-SU-2020:0545",
          "tags": [
            "vendor-advisory",
            "x_refsource_SUSE"
          ],
          "url": "http://lists.opensuse.org/opensuse-security-announce/2020-04/msg00036.html"
        },
        {
          "name": "openSUSE-SU-2020:0562",
          "tags": [
            "vendor-advisory",
            "x_refsource_SUSE"
          ],
          "url": "http://lists.opensuse.org/opensuse-security-announce/2020-04/msg00046.html"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "cve@mitre.org",
          "ID": "CVE-2019-14534",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "n/a",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "In VideoLAN VLC media player 3.0.7.1, there is a NULL pointer dereference at the function SeekPercent of demux/asf/asf.c that will lead to a denial of service attack."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "n/a"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "http://git.videolan.org/?p=vlc.git\u0026a=search\u0026h=refs/heads/master\u0026st=commit\u0026s=cve-2019",
              "refsource": "CONFIRM",
              "url": "http://git.videolan.org/?p=vlc.git\u0026a=search\u0026h=refs/heads/master\u0026st=commit\u0026s=cve-2019"
            },
            {
              "name": "DSA-4504",
              "refsource": "DEBIAN",
              "url": "https://www.debian.org/security/2019/dsa-4504"
            },
            {
              "name": "20190821 [SECURITY] [DSA 4504-1] vlc security update",
              "refsource": "BUGTRAQ",
              "url": "https://seclists.org/bugtraq/2019/Aug/36"
            },
            {
              "name": "https://www.videolan.org/security/sb-vlc308.html",
              "refsource": "CONFIRM",
              "url": "https://www.videolan.org/security/sb-vlc308.html"
            },
            {
              "name": "GLSA-201909-02",
              "refsource": "GENTOO",
              "url": "https://security.gentoo.org/glsa/201909-02"
            },
            {
              "name": "USN-4131-1",
              "refsource": "UBUNTU",
              "url": "https://usn.ubuntu.com/4131-1/"
            },
            {
              "name": "openSUSE-SU-2020:0545",
              "refsource": "SUSE",
              "url": "http://lists.opensuse.org/opensuse-security-announce/2020-04/msg00036.html"
            },
            {
              "name": "openSUSE-SU-2020:0562",
              "refsource": "SUSE",
              "url": "http://lists.opensuse.org/opensuse-security-announce/2020-04/msg00046.html"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
    "assignerShortName": "mitre",
    "cveId": "CVE-2019-14534",
    "datePublished": "2019-08-29T18:41:33",
    "dateReserved": "2019-08-02T00:00:00",
    "dateUpdated": "2024-08-05T00:19:41.192Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2019-14438 (GCVE-0-2019-14438)

Vulnerability from cvelistv5

Published

2019-08-29 17:33

Modified

2024-08-05 00:19

Severity ?

CWE

Summary

A heap-based buffer over-read in xiph_PackHeaders() in modules/demux/xiph.h in VideoLAN VLC media player 3.0.7.1 allows remote attackers to trigger a heap-based buffer over-read via a crafted .ogg file.

References

►

URL

Tags

	http://git.videolan.org/?p=vlc.git&a=search&h=refs%2Fheads%2Fmaster&st=commit&s=cve-2019	x_refsource_CONFIRM
	https://www.debian.org/security/2019/dsa-4504	vendor-advisory, x_refsource_DEBIAN
	https://seclists.org/bugtraq/2019/Aug/36	mailing-list, x_refsource_BUGTRAQ
	https://www.videolan.org/security/sb-vlc308.html	x_refsource_CONFIRM
	https://security.gentoo.org/glsa/201909-02	vendor-advisory, x_refsource_GENTOO
	https://usn.ubuntu.com/4131-1/	vendor-advisory, x_refsource_UBUNTU
	http://lists.opensuse.org/opensuse-security-announce/2020-04/msg00036.html	vendor-advisory, x_refsource_SUSE
	http://lists.opensuse.org/opensuse-security-announce/2020-04/msg00046.html	vendor-advisory, x_refsource_SUSE

Impacted products

	Vendor	Product	Version
	n/a	n/a	Version: n/a

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-05T00:19:41.375Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://git.videolan.org/?p=vlc.git\u0026a=search\u0026h=refs%2Fheads%2Fmaster\u0026st=commit\u0026s=cve-2019"
          },
          {
            "name": "DSA-4504",
            "tags": [
              "vendor-advisory",
              "x_refsource_DEBIAN",
              "x_transferred"
            ],
            "url": "https://www.debian.org/security/2019/dsa-4504"
          },
          {
            "name": "20190821 [SECURITY] [DSA 4504-1] vlc security update",
            "tags": [
              "mailing-list",
              "x_refsource_BUGTRAQ",
              "x_transferred"
            ],
            "url": "https://seclists.org/bugtraq/2019/Aug/36"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://www.videolan.org/security/sb-vlc308.html"
          },
          {
            "name": "GLSA-201909-02",
            "tags": [
              "vendor-advisory",
              "x_refsource_GENTOO",
              "x_transferred"
            ],
            "url": "https://security.gentoo.org/glsa/201909-02"
          },
          {
            "name": "USN-4131-1",
            "tags": [
              "vendor-advisory",
              "x_refsource_UBUNTU",
              "x_transferred"
            ],
            "url": "https://usn.ubuntu.com/4131-1/"
          },
          {
            "name": "openSUSE-SU-2020:0545",
            "tags": [
              "vendor-advisory",
              "x_refsource_SUSE",
              "x_transferred"
            ],
            "url": "http://lists.opensuse.org/opensuse-security-announce/2020-04/msg00036.html"
          },
          {
            "name": "openSUSE-SU-2020:0562",
            "tags": [
              "vendor-advisory",
              "x_refsource_SUSE",
              "x_transferred"
            ],
            "url": "http://lists.opensuse.org/opensuse-security-announce/2020-04/msg00046.html"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "datePublic": "2019-08-14T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "A heap-based buffer over-read in xiph_PackHeaders() in modules/demux/xiph.h in VideoLAN VLC media player 3.0.7.1 allows remote attackers to trigger a heap-based buffer over-read via a crafted .ogg file."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2020-04-29T11:06:10",
        "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "shortName": "mitre"
      },
      "references": [
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://git.videolan.org/?p=vlc.git\u0026a=search\u0026h=refs%2Fheads%2Fmaster\u0026st=commit\u0026s=cve-2019"
        },
        {
          "name": "DSA-4504",
          "tags": [
            "vendor-advisory",
            "x_refsource_DEBIAN"
          ],
          "url": "https://www.debian.org/security/2019/dsa-4504"
        },
        {
          "name": "20190821 [SECURITY] [DSA 4504-1] vlc security update",
          "tags": [
            "mailing-list",
            "x_refsource_BUGTRAQ"
          ],
          "url": "https://seclists.org/bugtraq/2019/Aug/36"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://www.videolan.org/security/sb-vlc308.html"
        },
        {
          "name": "GLSA-201909-02",
          "tags": [
            "vendor-advisory",
            "x_refsource_GENTOO"
          ],
          "url": "https://security.gentoo.org/glsa/201909-02"
        },
        {
          "name": "USN-4131-1",
          "tags": [
            "vendor-advisory",
            "x_refsource_UBUNTU"
          ],
          "url": "https://usn.ubuntu.com/4131-1/"
        },
        {
          "name": "openSUSE-SU-2020:0545",
          "tags": [
            "vendor-advisory",
            "x_refsource_SUSE"
          ],
          "url": "http://lists.opensuse.org/opensuse-security-announce/2020-04/msg00036.html"
        },
        {
          "name": "openSUSE-SU-2020:0562",
          "tags": [
            "vendor-advisory",
            "x_refsource_SUSE"
          ],
          "url": "http://lists.opensuse.org/opensuse-security-announce/2020-04/msg00046.html"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "cve@mitre.org",
          "ID": "CVE-2019-14438",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "n/a",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "A heap-based buffer over-read in xiph_PackHeaders() in modules/demux/xiph.h in VideoLAN VLC media player 3.0.7.1 allows remote attackers to trigger a heap-based buffer over-read via a crafted .ogg file."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "n/a"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "http://git.videolan.org/?p=vlc.git\u0026a=search\u0026h=refs%2Fheads%2Fmaster\u0026st=commit\u0026s=cve-2019",
              "refsource": "CONFIRM",
              "url": "http://git.videolan.org/?p=vlc.git\u0026a=search\u0026h=refs%2Fheads%2Fmaster\u0026st=commit\u0026s=cve-2019"
            },
            {
              "name": "DSA-4504",
              "refsource": "DEBIAN",
              "url": "https://www.debian.org/security/2019/dsa-4504"
            },
            {
              "name": "20190821 [SECURITY] [DSA 4504-1] vlc security update",
              "refsource": "BUGTRAQ",
              "url": "https://seclists.org/bugtraq/2019/Aug/36"
            },
            {
              "name": "https://www.videolan.org/security/sb-vlc308.html",
              "refsource": "CONFIRM",
              "url": "https://www.videolan.org/security/sb-vlc308.html"
            },
            {
              "name": "GLSA-201909-02",
              "refsource": "GENTOO",
              "url": "https://security.gentoo.org/glsa/201909-02"
            },
            {
              "name": "USN-4131-1",
              "refsource": "UBUNTU",
              "url": "https://usn.ubuntu.com/4131-1/"
            },
            {
              "name": "openSUSE-SU-2020:0545",
              "refsource": "SUSE",
              "url": "http://lists.opensuse.org/opensuse-security-announce/2020-04/msg00036.html"
            },
            {
              "name": "openSUSE-SU-2020:0562",
              "refsource": "SUSE",
              "url": "http://lists.opensuse.org/opensuse-security-announce/2020-04/msg00046.html"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
    "assignerShortName": "mitre",
    "cveId": "CVE-2019-14438",
    "datePublished": "2019-08-29T17:33:21",
    "dateReserved": "2019-07-29T00:00:00",
    "dateUpdated": "2024-08-05T00:19:41.375Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2019-14970 (GCVE-0-2019-14970)

Vulnerability from cvelistv5

Published

2019-08-29 18:55

Modified

2024-08-05 00:34

Severity ?

CWE

Summary

A vulnerability in mkv::event_thread_t in VideoLAN VLC media player 3.0.7.1 allows remote attackers to trigger a heap-based buffer overflow via a crafted .mkv file.

References

►

URL

Tags

	http://git.videolan.org/?p=vlc.git&a=search&h=refs/heads/master&st=commit&s=cve-2019	x_refsource_CONFIRM
	https://www.debian.org/security/2019/dsa-4504	vendor-advisory, x_refsource_DEBIAN
	https://seclists.org/bugtraq/2019/Aug/36	mailing-list, x_refsource_BUGTRAQ
	https://www.videolan.org/security/sb-vlc308.html	x_refsource_CONFIRM
	https://security.gentoo.org/glsa/201909-02	vendor-advisory, x_refsource_GENTOO
	https://usn.ubuntu.com/4131-1/	vendor-advisory, x_refsource_UBUNTU
	http://lists.opensuse.org/opensuse-security-announce/2020-04/msg00036.html	vendor-advisory, x_refsource_SUSE
	http://lists.opensuse.org/opensuse-security-announce/2020-04/msg00046.html	vendor-advisory, x_refsource_SUSE

Impacted products

	Vendor	Product	Version
	n/a	n/a	Version: n/a

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-05T00:34:52.669Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://git.videolan.org/?p=vlc.git\u0026a=search\u0026h=refs/heads/master\u0026st=commit\u0026s=cve-2019"
          },
          {
            "name": "DSA-4504",
            "tags": [
              "vendor-advisory",
              "x_refsource_DEBIAN",
              "x_transferred"
            ],
            "url": "https://www.debian.org/security/2019/dsa-4504"
          },
          {
            "name": "20190821 [SECURITY] [DSA 4504-1] vlc security update",
            "tags": [
              "mailing-list",
              "x_refsource_BUGTRAQ",
              "x_transferred"
            ],
            "url": "https://seclists.org/bugtraq/2019/Aug/36"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://www.videolan.org/security/sb-vlc308.html"
          },
          {
            "name": "GLSA-201909-02",
            "tags": [
              "vendor-advisory",
              "x_refsource_GENTOO",
              "x_transferred"
            ],
            "url": "https://security.gentoo.org/glsa/201909-02"
          },
          {
            "name": "USN-4131-1",
            "tags": [
              "vendor-advisory",
              "x_refsource_UBUNTU",
              "x_transferred"
            ],
            "url": "https://usn.ubuntu.com/4131-1/"
          },
          {
            "name": "openSUSE-SU-2020:0545",
            "tags": [
              "vendor-advisory",
              "x_refsource_SUSE",
              "x_transferred"
            ],
            "url": "http://lists.opensuse.org/opensuse-security-announce/2020-04/msg00036.html"
          },
          {
            "name": "openSUSE-SU-2020:0562",
            "tags": [
              "vendor-advisory",
              "x_refsource_SUSE",
              "x_transferred"
            ],
            "url": "http://lists.opensuse.org/opensuse-security-announce/2020-04/msg00046.html"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "datePublic": "2019-08-14T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "A vulnerability in mkv::event_thread_t in VideoLAN VLC media player 3.0.7.1 allows remote attackers to trigger a heap-based buffer overflow via a crafted .mkv file."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2020-04-29T11:06:12",
        "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "shortName": "mitre"
      },
      "references": [
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://git.videolan.org/?p=vlc.git\u0026a=search\u0026h=refs/heads/master\u0026st=commit\u0026s=cve-2019"
        },
        {
          "name": "DSA-4504",
          "tags": [
            "vendor-advisory",
            "x_refsource_DEBIAN"
          ],
          "url": "https://www.debian.org/security/2019/dsa-4504"
        },
        {
          "name": "20190821 [SECURITY] [DSA 4504-1] vlc security update",
          "tags": [
            "mailing-list",
            "x_refsource_BUGTRAQ"
          ],
          "url": "https://seclists.org/bugtraq/2019/Aug/36"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://www.videolan.org/security/sb-vlc308.html"
        },
        {
          "name": "GLSA-201909-02",
          "tags": [
            "vendor-advisory",
            "x_refsource_GENTOO"
          ],
          "url": "https://security.gentoo.org/glsa/201909-02"
        },
        {
          "name": "USN-4131-1",
          "tags": [
            "vendor-advisory",
            "x_refsource_UBUNTU"
          ],
          "url": "https://usn.ubuntu.com/4131-1/"
        },
        {
          "name": "openSUSE-SU-2020:0545",
          "tags": [
            "vendor-advisory",
            "x_refsource_SUSE"
          ],
          "url": "http://lists.opensuse.org/opensuse-security-announce/2020-04/msg00036.html"
        },
        {
          "name": "openSUSE-SU-2020:0562",
          "tags": [
            "vendor-advisory",
            "x_refsource_SUSE"
          ],
          "url": "http://lists.opensuse.org/opensuse-security-announce/2020-04/msg00046.html"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "cve@mitre.org",
          "ID": "CVE-2019-14970",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "n/a",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "A vulnerability in mkv::event_thread_t in VideoLAN VLC media player 3.0.7.1 allows remote attackers to trigger a heap-based buffer overflow via a crafted .mkv file."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "n/a"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "http://git.videolan.org/?p=vlc.git\u0026a=search\u0026h=refs/heads/master\u0026st=commit\u0026s=cve-2019",
              "refsource": "CONFIRM",
              "url": "http://git.videolan.org/?p=vlc.git\u0026a=search\u0026h=refs/heads/master\u0026st=commit\u0026s=cve-2019"
            },
            {
              "name": "DSA-4504",
              "refsource": "DEBIAN",
              "url": "https://www.debian.org/security/2019/dsa-4504"
            },
            {
              "name": "20190821 [SECURITY] [DSA 4504-1] vlc security update",
              "refsource": "BUGTRAQ",
              "url": "https://seclists.org/bugtraq/2019/Aug/36"
            },
            {
              "name": "https://www.videolan.org/security/sb-vlc308.html",
              "refsource": "CONFIRM",
              "url": "https://www.videolan.org/security/sb-vlc308.html"
            },
            {
              "name": "GLSA-201909-02",
              "refsource": "GENTOO",
              "url": "https://security.gentoo.org/glsa/201909-02"
            },
            {
              "name": "USN-4131-1",
              "refsource": "UBUNTU",
              "url": "https://usn.ubuntu.com/4131-1/"
            },
            {
              "name": "openSUSE-SU-2020:0545",
              "refsource": "SUSE",
              "url": "http://lists.opensuse.org/opensuse-security-announce/2020-04/msg00036.html"
            },
            {
              "name": "openSUSE-SU-2020:0562",
              "refsource": "SUSE",
              "url": "http://lists.opensuse.org/opensuse-security-announce/2020-04/msg00046.html"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
    "assignerShortName": "mitre",
    "cveId": "CVE-2019-14970",
    "datePublished": "2019-08-29T18:55:11",
    "dateReserved": "2019-08-12T00:00:00",
    "dateUpdated": "2024-08-05T00:34:52.669Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2019-13962 (GCVE-0-2019-13962)

Vulnerability from cvelistv5

Published

2019-07-18 19:58

Modified

2024-08-05 00:05

Severity ?

CWE

Summary

lavc_CopyPicture in modules/codec/avcodec/video.c in VideoLAN VLC media player through 3.0.7 has a heap-based buffer over-read because it does not properly validate the width and height.

References

►

URL

Tags

	http://git.videolan.org/?p=vlc/vlc-3.0.git%3Ba=commit%3Bh=2b4f9d0b0e0861f262c90e9b9b94e7d53b864509	x_refsource_MISC
	https://trac.videolan.org/vlc/ticket/22240	x_refsource_MISC
	http://www.securityfocus.com/bid/109306	vdb-entry, x_refsource_BID
	http://lists.opensuse.org/opensuse-security-announce/2019-08/msg00005.html	vendor-advisory, x_refsource_SUSE
	http://lists.opensuse.org/opensuse-security-announce/2019-08/msg00040.html	vendor-advisory, x_refsource_SUSE
	http://lists.opensuse.org/opensuse-security-announce/2019-08/msg00037.html	vendor-advisory, x_refsource_SUSE
	https://www.debian.org/security/2019/dsa-4504	vendor-advisory, x_refsource_DEBIAN
	https://seclists.org/bugtraq/2019/Aug/36	mailing-list, x_refsource_BUGTRAQ
	http://lists.opensuse.org/opensuse-security-announce/2019-08/msg00081.html	vendor-advisory, x_refsource_SUSE
	https://security.gentoo.org/glsa/201909-02	vendor-advisory, x_refsource_GENTOO
	https://usn.ubuntu.com/4131-1/	vendor-advisory, x_refsource_UBUNTU
	http://lists.opensuse.org/opensuse-security-announce/2020-04/msg00036.html	vendor-advisory, x_refsource_SUSE
	http://lists.opensuse.org/opensuse-security-announce/2020-04/msg00046.html	vendor-advisory, x_refsource_SUSE

Impacted products

	Vendor	Product	Version
	n/a	n/a	Version: n/a

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-05T00:05:43.976Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "http://git.videolan.org/?p=vlc/vlc-3.0.git%3Ba=commit%3Bh=2b4f9d0b0e0861f262c90e9b9b94e7d53b864509"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://trac.videolan.org/vlc/ticket/22240"
          },
          {
            "name": "109306",
            "tags": [
              "vdb-entry",
              "x_refsource_BID",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/bid/109306"
          },
          {
            "name": "openSUSE-SU-2019:1840",
            "tags": [
              "vendor-advisory",
              "x_refsource_SUSE",
              "x_transferred"
            ],
            "url": "http://lists.opensuse.org/opensuse-security-announce/2019-08/msg00005.html"
          },
          {
            "name": "openSUSE-SU-2019:1909",
            "tags": [
              "vendor-advisory",
              "x_refsource_SUSE",
              "x_transferred"
            ],
            "url": "http://lists.opensuse.org/opensuse-security-announce/2019-08/msg00040.html"
          },
          {
            "name": "openSUSE-SU-2019:1897",
            "tags": [
              "vendor-advisory",
              "x_refsource_SUSE",
              "x_transferred"
            ],
            "url": "http://lists.opensuse.org/opensuse-security-announce/2019-08/msg00037.html"
          },
          {
            "name": "DSA-4504",
            "tags": [
              "vendor-advisory",
              "x_refsource_DEBIAN",
              "x_transferred"
            ],
            "url": "https://www.debian.org/security/2019/dsa-4504"
          },
          {
            "name": "20190821 [SECURITY] [DSA 4504-1] vlc security update",
            "tags": [
              "mailing-list",
              "x_refsource_BUGTRAQ",
              "x_transferred"
            ],
            "url": "https://seclists.org/bugtraq/2019/Aug/36"
          },
          {
            "name": "openSUSE-SU-2019:2015",
            "tags": [
              "vendor-advisory",
              "x_refsource_SUSE",
              "x_transferred"
            ],
            "url": "http://lists.opensuse.org/opensuse-security-announce/2019-08/msg00081.html"
          },
          {
            "name": "GLSA-201909-02",
            "tags": [
              "vendor-advisory",
              "x_refsource_GENTOO",
              "x_transferred"
            ],
            "url": "https://security.gentoo.org/glsa/201909-02"
          },
          {
            "name": "USN-4131-1",
            "tags": [
              "vendor-advisory",
              "x_refsource_UBUNTU",
              "x_transferred"
            ],
            "url": "https://usn.ubuntu.com/4131-1/"
          },
          {
            "name": "openSUSE-SU-2020:0545",
            "tags": [
              "vendor-advisory",
              "x_refsource_SUSE",
              "x_transferred"
            ],
            "url": "http://lists.opensuse.org/opensuse-security-announce/2020-04/msg00036.html"
          },
          {
            "name": "openSUSE-SU-2020:0562",
            "tags": [
              "vendor-advisory",
              "x_refsource_SUSE",
              "x_transferred"
            ],
            "url": "http://lists.opensuse.org/opensuse-security-announce/2020-04/msg00046.html"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "lavc_CopyPicture in modules/codec/avcodec/video.c in VideoLAN VLC media player through 3.0.7 has a heap-based buffer over-read because it does not properly validate the width and height."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2020-04-29T11:06:08",
        "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "shortName": "mitre"
      },
      "references": [
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "http://git.videolan.org/?p=vlc/vlc-3.0.git%3Ba=commit%3Bh=2b4f9d0b0e0861f262c90e9b9b94e7d53b864509"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://trac.videolan.org/vlc/ticket/22240"
        },
        {
          "name": "109306",
          "tags": [
            "vdb-entry",
            "x_refsource_BID"
          ],
          "url": "http://www.securityfocus.com/bid/109306"
        },
        {
          "name": "openSUSE-SU-2019:1840",
          "tags": [
            "vendor-advisory",
            "x_refsource_SUSE"
          ],
          "url": "http://lists.opensuse.org/opensuse-security-announce/2019-08/msg00005.html"
        },
        {
          "name": "openSUSE-SU-2019:1909",
          "tags": [
            "vendor-advisory",
            "x_refsource_SUSE"
          ],
          "url": "http://lists.opensuse.org/opensuse-security-announce/2019-08/msg00040.html"
        },
        {
          "name": "openSUSE-SU-2019:1897",
          "tags": [
            "vendor-advisory",
            "x_refsource_SUSE"
          ],
          "url": "http://lists.opensuse.org/opensuse-security-announce/2019-08/msg00037.html"
        },
        {
          "name": "DSA-4504",
          "tags": [
            "vendor-advisory",
            "x_refsource_DEBIAN"
          ],
          "url": "https://www.debian.org/security/2019/dsa-4504"
        },
        {
          "name": "20190821 [SECURITY] [DSA 4504-1] vlc security update",
          "tags": [
            "mailing-list",
            "x_refsource_BUGTRAQ"
          ],
          "url": "https://seclists.org/bugtraq/2019/Aug/36"
        },
        {
          "name": "openSUSE-SU-2019:2015",
          "tags": [
            "vendor-advisory",
            "x_refsource_SUSE"
          ],
          "url": "http://lists.opensuse.org/opensuse-security-announce/2019-08/msg00081.html"
        },
        {
          "name": "GLSA-201909-02",
          "tags": [
            "vendor-advisory",
            "x_refsource_GENTOO"
          ],
          "url": "https://security.gentoo.org/glsa/201909-02"
        },
        {
          "name": "USN-4131-1",
          "tags": [
            "vendor-advisory",
            "x_refsource_UBUNTU"
          ],
          "url": "https://usn.ubuntu.com/4131-1/"
        },
        {
          "name": "openSUSE-SU-2020:0545",
          "tags": [
            "vendor-advisory",
            "x_refsource_SUSE"
          ],
          "url": "http://lists.opensuse.org/opensuse-security-announce/2020-04/msg00036.html"
        },
        {
          "name": "openSUSE-SU-2020:0562",
          "tags": [
            "vendor-advisory",
            "x_refsource_SUSE"
          ],
          "url": "http://lists.opensuse.org/opensuse-security-announce/2020-04/msg00046.html"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "cve@mitre.org",
          "ID": "CVE-2019-13962",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "n/a",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "lavc_CopyPicture in modules/codec/avcodec/video.c in VideoLAN VLC media player through 3.0.7 has a heap-based buffer over-read because it does not properly validate the width and height."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "n/a"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "http://git.videolan.org/?p=vlc/vlc-3.0.git;a=commit;h=2b4f9d0b0e0861f262c90e9b9b94e7d53b864509",
              "refsource": "MISC",
              "url": "http://git.videolan.org/?p=vlc/vlc-3.0.git;a=commit;h=2b4f9d0b0e0861f262c90e9b9b94e7d53b864509"
            },
            {
              "name": "https://trac.videolan.org/vlc/ticket/22240",
              "refsource": "MISC",
              "url": "https://trac.videolan.org/vlc/ticket/22240"
            },
            {
              "name": "109306",
              "refsource": "BID",
              "url": "http://www.securityfocus.com/bid/109306"
            },
            {
              "name": "openSUSE-SU-2019:1840",
              "refsource": "SUSE",
              "url": "http://lists.opensuse.org/opensuse-security-announce/2019-08/msg00005.html"
            },
            {
              "name": "openSUSE-SU-2019:1909",
              "refsource": "SUSE",
              "url": "http://lists.opensuse.org/opensuse-security-announce/2019-08/msg00040.html"
            },
            {
              "name": "openSUSE-SU-2019:1897",
              "refsource": "SUSE",
              "url": "http://lists.opensuse.org/opensuse-security-announce/2019-08/msg00037.html"
            },
            {
              "name": "DSA-4504",
              "refsource": "DEBIAN",
              "url": "https://www.debian.org/security/2019/dsa-4504"
            },
            {
              "name": "20190821 [SECURITY] [DSA 4504-1] vlc security update",
              "refsource": "BUGTRAQ",
              "url": "https://seclists.org/bugtraq/2019/Aug/36"
            },
            {
              "name": "openSUSE-SU-2019:2015",
              "refsource": "SUSE",
              "url": "http://lists.opensuse.org/opensuse-security-announce/2019-08/msg00081.html"
            },
            {
              "name": "GLSA-201909-02",
              "refsource": "GENTOO",
              "url": "https://security.gentoo.org/glsa/201909-02"
            },
            {
              "name": "USN-4131-1",
              "refsource": "UBUNTU",
              "url": "https://usn.ubuntu.com/4131-1/"
            },
            {
              "name": "openSUSE-SU-2020:0545",
              "refsource": "SUSE",
              "url": "http://lists.opensuse.org/opensuse-security-announce/2020-04/msg00036.html"
            },
            {
              "name": "openSUSE-SU-2020:0562",
              "refsource": "SUSE",
              "url": "http://lists.opensuse.org/opensuse-security-announce/2020-04/msg00046.html"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
    "assignerShortName": "mitre",
    "cveId": "CVE-2019-13962",
    "datePublished": "2019-07-18T19:58:30",
    "dateReserved": "2019-07-18T00:00:00",
    "dateUpdated": "2024-08-05T00:05:43.976Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2019-14535 (GCVE-0-2019-14535)

Vulnerability from cvelistv5

Published

2019-08-29 17:38

Modified

2024-08-05 00:19

Severity ?

CWE

Summary

A divide-by-zero error exists in the SeekIndex function of demux/asf/asf.c in VideoLAN VLC media player 3.0.7.1. As a result, an FPE can be triggered via a crafted WMV file.

References

►

URL

Tags

	http://git.videolan.org/?p=vlc.git&a=search&h=refs/heads/master&st=commit&s=cve-2019	x_refsource_CONFIRM
	https://www.debian.org/security/2019/dsa-4504	vendor-advisory, x_refsource_DEBIAN
	https://seclists.org/bugtraq/2019/Aug/36	mailing-list, x_refsource_BUGTRAQ
	https://www.videolan.org/security/sb-vlc308.html	x_refsource_CONFIRM
	https://security.gentoo.org/glsa/201909-02	vendor-advisory, x_refsource_GENTOO
	https://usn.ubuntu.com/4131-1/	vendor-advisory, x_refsource_UBUNTU
	http://lists.opensuse.org/opensuse-security-announce/2020-04/msg00036.html	vendor-advisory, x_refsource_SUSE
	http://lists.opensuse.org/opensuse-security-announce/2020-04/msg00046.html	vendor-advisory, x_refsource_SUSE

Impacted products

	Vendor	Product	Version
	n/a	n/a	Version: n/a

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-05T00:19:41.378Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://git.videolan.org/?p=vlc.git\u0026a=search\u0026h=refs/heads/master\u0026st=commit\u0026s=cve-2019"
          },
          {
            "name": "DSA-4504",
            "tags": [
              "vendor-advisory",
              "x_refsource_DEBIAN",
              "x_transferred"
            ],
            "url": "https://www.debian.org/security/2019/dsa-4504"
          },
          {
            "name": "20190821 [SECURITY] [DSA 4504-1] vlc security update",
            "tags": [
              "mailing-list",
              "x_refsource_BUGTRAQ",
              "x_transferred"
            ],
            "url": "https://seclists.org/bugtraq/2019/Aug/36"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://www.videolan.org/security/sb-vlc308.html"
          },
          {
            "name": "GLSA-201909-02",
            "tags": [
              "vendor-advisory",
              "x_refsource_GENTOO",
              "x_transferred"
            ],
            "url": "https://security.gentoo.org/glsa/201909-02"
          },
          {
            "name": "USN-4131-1",
            "tags": [
              "vendor-advisory",
              "x_refsource_UBUNTU",
              "x_transferred"
            ],
            "url": "https://usn.ubuntu.com/4131-1/"
          },
          {
            "name": "openSUSE-SU-2020:0545",
            "tags": [
              "vendor-advisory",
              "x_refsource_SUSE",
              "x_transferred"
            ],
            "url": "http://lists.opensuse.org/opensuse-security-announce/2020-04/msg00036.html"
          },
          {
            "name": "openSUSE-SU-2020:0562",
            "tags": [
              "vendor-advisory",
              "x_refsource_SUSE",
              "x_transferred"
            ],
            "url": "http://lists.opensuse.org/opensuse-security-announce/2020-04/msg00046.html"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "datePublic": "2019-08-14T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "A divide-by-zero error exists in the SeekIndex function of demux/asf/asf.c in VideoLAN VLC media player 3.0.7.1. As a result, an FPE can be triggered via a crafted WMV file."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2020-04-29T11:06:13",
        "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "shortName": "mitre"
      },
      "references": [
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://git.videolan.org/?p=vlc.git\u0026a=search\u0026h=refs/heads/master\u0026st=commit\u0026s=cve-2019"
        },
        {
          "name": "DSA-4504",
          "tags": [
            "vendor-advisory",
            "x_refsource_DEBIAN"
          ],
          "url": "https://www.debian.org/security/2019/dsa-4504"
        },
        {
          "name": "20190821 [SECURITY] [DSA 4504-1] vlc security update",
          "tags": [
            "mailing-list",
            "x_refsource_BUGTRAQ"
          ],
          "url": "https://seclists.org/bugtraq/2019/Aug/36"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://www.videolan.org/security/sb-vlc308.html"
        },
        {
          "name": "GLSA-201909-02",
          "tags": [
            "vendor-advisory",
            "x_refsource_GENTOO"
          ],
          "url": "https://security.gentoo.org/glsa/201909-02"
        },
        {
          "name": "USN-4131-1",
          "tags": [
            "vendor-advisory",
            "x_refsource_UBUNTU"
          ],
          "url": "https://usn.ubuntu.com/4131-1/"
        },
        {
          "name": "openSUSE-SU-2020:0545",
          "tags": [
            "vendor-advisory",
            "x_refsource_SUSE"
          ],
          "url": "http://lists.opensuse.org/opensuse-security-announce/2020-04/msg00036.html"
        },
        {
          "name": "openSUSE-SU-2020:0562",
          "tags": [
            "vendor-advisory",
            "x_refsource_SUSE"
          ],
          "url": "http://lists.opensuse.org/opensuse-security-announce/2020-04/msg00046.html"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "cve@mitre.org",
          "ID": "CVE-2019-14535",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "n/a",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "A divide-by-zero error exists in the SeekIndex function of demux/asf/asf.c in VideoLAN VLC media player 3.0.7.1. As a result, an FPE can be triggered via a crafted WMV file."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "n/a"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "http://git.videolan.org/?p=vlc.git\u0026a=search\u0026h=refs/heads/master\u0026st=commit\u0026s=cve-2019",
              "refsource": "CONFIRM",
              "url": "http://git.videolan.org/?p=vlc.git\u0026a=search\u0026h=refs/heads/master\u0026st=commit\u0026s=cve-2019"
            },
            {
              "name": "DSA-4504",
              "refsource": "DEBIAN",
              "url": "https://www.debian.org/security/2019/dsa-4504"
            },
            {
              "name": "20190821 [SECURITY] [DSA 4504-1] vlc security update",
              "refsource": "BUGTRAQ",
              "url": "https://seclists.org/bugtraq/2019/Aug/36"
            },
            {
              "name": "https://www.videolan.org/security/sb-vlc308.html",
              "refsource": "CONFIRM",
              "url": "https://www.videolan.org/security/sb-vlc308.html"
            },
            {
              "name": "GLSA-201909-02",
              "refsource": "GENTOO",
              "url": "https://security.gentoo.org/glsa/201909-02"
            },
            {
              "name": "USN-4131-1",
              "refsource": "UBUNTU",
              "url": "https://usn.ubuntu.com/4131-1/"
            },
            {
              "name": "openSUSE-SU-2020:0545",
              "refsource": "SUSE",
              "url": "http://lists.opensuse.org/opensuse-security-announce/2020-04/msg00036.html"
            },
            {
              "name": "openSUSE-SU-2020:0562",
              "refsource": "SUSE",
              "url": "http://lists.opensuse.org/opensuse-security-announce/2020-04/msg00046.html"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
    "assignerShortName": "mitre",
    "cveId": "CVE-2019-14535",
    "datePublished": "2019-08-29T17:38:30",
    "dateReserved": "2019-08-02T00:00:00",
    "dateUpdated": "2024-08-05T00:19:41.378Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2019-14776 (GCVE-0-2019-14776)

Vulnerability from cvelistv5

Published

2019-08-29 18:45

Modified

2024-08-05 00:26

Severity ?

CWE

Summary

A heap-based buffer over-read exists in DemuxInit() in demux/asf/asf.c in VideoLAN VLC media player 3.0.7.1 via a crafted .mkv file.

References

►

URL

Tags

	http://git.videolan.org/?p=vlc.git&a=search&h=refs/heads/master&st=commit&s=cve-2019	x_refsource_CONFIRM
	https://www.debian.org/security/2019/dsa-4504	vendor-advisory, x_refsource_DEBIAN
	https://seclists.org/bugtraq/2019/Aug/36	mailing-list, x_refsource_BUGTRAQ
	https://www.videolan.org/security/sb-vlc308.html	x_refsource_CONFIRM
	https://security.gentoo.org/glsa/201909-02	vendor-advisory, x_refsource_GENTOO
	https://usn.ubuntu.com/4131-1/	vendor-advisory, x_refsource_UBUNTU
	http://lists.opensuse.org/opensuse-security-announce/2020-04/msg00036.html	vendor-advisory, x_refsource_SUSE
	http://lists.opensuse.org/opensuse-security-announce/2020-04/msg00046.html	vendor-advisory, x_refsource_SUSE

Impacted products

	Vendor	Product	Version
	n/a	n/a	Version: n/a

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-05T00:26:38.930Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://git.videolan.org/?p=vlc.git\u0026a=search\u0026h=refs/heads/master\u0026st=commit\u0026s=cve-2019"
          },
          {
            "name": "DSA-4504",
            "tags": [
              "vendor-advisory",
              "x_refsource_DEBIAN",
              "x_transferred"
            ],
            "url": "https://www.debian.org/security/2019/dsa-4504"
          },
          {
            "name": "20190821 [SECURITY] [DSA 4504-1] vlc security update",
            "tags": [
              "mailing-list",
              "x_refsource_BUGTRAQ",
              "x_transferred"
            ],
            "url": "https://seclists.org/bugtraq/2019/Aug/36"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://www.videolan.org/security/sb-vlc308.html"
          },
          {
            "name": "GLSA-201909-02",
            "tags": [
              "vendor-advisory",
              "x_refsource_GENTOO",
              "x_transferred"
            ],
            "url": "https://security.gentoo.org/glsa/201909-02"
          },
          {
            "name": "USN-4131-1",
            "tags": [
              "vendor-advisory",
              "x_refsource_UBUNTU",
              "x_transferred"
            ],
            "url": "https://usn.ubuntu.com/4131-1/"
          },
          {
            "name": "openSUSE-SU-2020:0545",
            "tags": [
              "vendor-advisory",
              "x_refsource_SUSE",
              "x_transferred"
            ],
            "url": "http://lists.opensuse.org/opensuse-security-announce/2020-04/msg00036.html"
          },
          {
            "name": "openSUSE-SU-2020:0562",
            "tags": [
              "vendor-advisory",
              "x_refsource_SUSE",
              "x_transferred"
            ],
            "url": "http://lists.opensuse.org/opensuse-security-announce/2020-04/msg00046.html"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "datePublic": "2019-08-14T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "A heap-based buffer over-read exists in DemuxInit() in demux/asf/asf.c in VideoLAN VLC media player 3.0.7.1 via a crafted .mkv file."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2020-04-29T11:06:10",
        "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "shortName": "mitre"
      },
      "references": [
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://git.videolan.org/?p=vlc.git\u0026a=search\u0026h=refs/heads/master\u0026st=commit\u0026s=cve-2019"
        },
        {
          "name": "DSA-4504",
          "tags": [
            "vendor-advisory",
            "x_refsource_DEBIAN"
          ],
          "url": "https://www.debian.org/security/2019/dsa-4504"
        },
        {
          "name": "20190821 [SECURITY] [DSA 4504-1] vlc security update",
          "tags": [
            "mailing-list",
            "x_refsource_BUGTRAQ"
          ],
          "url": "https://seclists.org/bugtraq/2019/Aug/36"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://www.videolan.org/security/sb-vlc308.html"
        },
        {
          "name": "GLSA-201909-02",
          "tags": [
            "vendor-advisory",
            "x_refsource_GENTOO"
          ],
          "url": "https://security.gentoo.org/glsa/201909-02"
        },
        {
          "name": "USN-4131-1",
          "tags": [
            "vendor-advisory",
            "x_refsource_UBUNTU"
          ],
          "url": "https://usn.ubuntu.com/4131-1/"
        },
        {
          "name": "openSUSE-SU-2020:0545",
          "tags": [
            "vendor-advisory",
            "x_refsource_SUSE"
          ],
          "url": "http://lists.opensuse.org/opensuse-security-announce/2020-04/msg00036.html"
        },
        {
          "name": "openSUSE-SU-2020:0562",
          "tags": [
            "vendor-advisory",
            "x_refsource_SUSE"
          ],
          "url": "http://lists.opensuse.org/opensuse-security-announce/2020-04/msg00046.html"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "cve@mitre.org",
          "ID": "CVE-2019-14776",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "n/a",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "A heap-based buffer over-read exists in DemuxInit() in demux/asf/asf.c in VideoLAN VLC media player 3.0.7.1 via a crafted .mkv file."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "n/a"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "http://git.videolan.org/?p=vlc.git\u0026a=search\u0026h=refs/heads/master\u0026st=commit\u0026s=cve-2019",
              "refsource": "CONFIRM",
              "url": "http://git.videolan.org/?p=vlc.git\u0026a=search\u0026h=refs/heads/master\u0026st=commit\u0026s=cve-2019"
            },
            {
              "name": "DSA-4504",
              "refsource": "DEBIAN",
              "url": "https://www.debian.org/security/2019/dsa-4504"
            },
            {
              "name": "20190821 [SECURITY] [DSA 4504-1] vlc security update",
              "refsource": "BUGTRAQ",
              "url": "https://seclists.org/bugtraq/2019/Aug/36"
            },
            {
              "name": "https://www.videolan.org/security/sb-vlc308.html",
              "refsource": "CONFIRM",
              "url": "https://www.videolan.org/security/sb-vlc308.html"
            },
            {
              "name": "GLSA-201909-02",
              "refsource": "GENTOO",
              "url": "https://security.gentoo.org/glsa/201909-02"
            },
            {
              "name": "USN-4131-1",
              "refsource": "UBUNTU",
              "url": "https://usn.ubuntu.com/4131-1/"
            },
            {
              "name": "openSUSE-SU-2020:0545",
              "refsource": "SUSE",
              "url": "http://lists.opensuse.org/opensuse-security-announce/2020-04/msg00036.html"
            },
            {
              "name": "openSUSE-SU-2020:0562",
              "refsource": "SUSE",
              "url": "http://lists.opensuse.org/opensuse-security-announce/2020-04/msg00046.html"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
    "assignerShortName": "mitre",
    "cveId": "CVE-2019-14776",
    "datePublished": "2019-08-29T18:45:48",
    "dateReserved": "2019-08-08T00:00:00",
    "dateUpdated": "2024-08-05T00:26:38.930Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2019-14533 (GCVE-0-2019-14533)

Vulnerability from cvelistv5

Published

2019-08-29 18:43

Modified

2024-08-05 00:19

Severity ?

CWE

Summary

The Control function of demux/asf/asf.c in VideoLAN VLC media player 3.0.7.1 has a use-after-free.

References

►

URL

Tags

	http://git.videolan.org/?p=vlc.git&a=search&h=refs/heads/master&st=commit&s=cve-2019	x_refsource_CONFIRM
	https://www.debian.org/security/2019/dsa-4504	vendor-advisory, x_refsource_DEBIAN
	https://seclists.org/bugtraq/2019/Aug/36	mailing-list, x_refsource_BUGTRAQ
	https://www.videolan.org/security/sb-vlc308.html	x_refsource_CONFIRM
	https://security.gentoo.org/glsa/201909-02	vendor-advisory, x_refsource_GENTOO
	https://usn.ubuntu.com/4131-1/	vendor-advisory, x_refsource_UBUNTU
	http://lists.opensuse.org/opensuse-security-announce/2020-04/msg00036.html	vendor-advisory, x_refsource_SUSE
	http://lists.opensuse.org/opensuse-security-announce/2020-04/msg00046.html	vendor-advisory, x_refsource_SUSE

Impacted products

	Vendor	Product	Version
	n/a	n/a	Version: n/a

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-05T00:19:41.197Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://git.videolan.org/?p=vlc.git\u0026a=search\u0026h=refs/heads/master\u0026st=commit\u0026s=cve-2019"
          },
          {
            "name": "DSA-4504",
            "tags": [
              "vendor-advisory",
              "x_refsource_DEBIAN",
              "x_transferred"
            ],
            "url": "https://www.debian.org/security/2019/dsa-4504"
          },
          {
            "name": "20190821 [SECURITY] [DSA 4504-1] vlc security update",
            "tags": [
              "mailing-list",
              "x_refsource_BUGTRAQ",
              "x_transferred"
            ],
            "url": "https://seclists.org/bugtraq/2019/Aug/36"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://www.videolan.org/security/sb-vlc308.html"
          },
          {
            "name": "GLSA-201909-02",
            "tags": [
              "vendor-advisory",
              "x_refsource_GENTOO",
              "x_transferred"
            ],
            "url": "https://security.gentoo.org/glsa/201909-02"
          },
          {
            "name": "USN-4131-1",
            "tags": [
              "vendor-advisory",
              "x_refsource_UBUNTU",
              "x_transferred"
            ],
            "url": "https://usn.ubuntu.com/4131-1/"
          },
          {
            "name": "openSUSE-SU-2020:0545",
            "tags": [
              "vendor-advisory",
              "x_refsource_SUSE",
              "x_transferred"
            ],
            "url": "http://lists.opensuse.org/opensuse-security-announce/2020-04/msg00036.html"
          },
          {
            "name": "openSUSE-SU-2020:0562",
            "tags": [
              "vendor-advisory",
              "x_refsource_SUSE",
              "x_transferred"
            ],
            "url": "http://lists.opensuse.org/opensuse-security-announce/2020-04/msg00046.html"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "datePublic": "2019-08-14T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "The Control function of demux/asf/asf.c in VideoLAN VLC media player 3.0.7.1 has a use-after-free."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2020-04-29T11:06:08",
        "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "shortName": "mitre"
      },
      "references": [
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://git.videolan.org/?p=vlc.git\u0026a=search\u0026h=refs/heads/master\u0026st=commit\u0026s=cve-2019"
        },
        {
          "name": "DSA-4504",
          "tags": [
            "vendor-advisory",
            "x_refsource_DEBIAN"
          ],
          "url": "https://www.debian.org/security/2019/dsa-4504"
        },
        {
          "name": "20190821 [SECURITY] [DSA 4504-1] vlc security update",
          "tags": [
            "mailing-list",
            "x_refsource_BUGTRAQ"
          ],
          "url": "https://seclists.org/bugtraq/2019/Aug/36"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://www.videolan.org/security/sb-vlc308.html"
        },
        {
          "name": "GLSA-201909-02",
          "tags": [
            "vendor-advisory",
            "x_refsource_GENTOO"
          ],
          "url": "https://security.gentoo.org/glsa/201909-02"
        },
        {
          "name": "USN-4131-1",
          "tags": [
            "vendor-advisory",
            "x_refsource_UBUNTU"
          ],
          "url": "https://usn.ubuntu.com/4131-1/"
        },
        {
          "name": "openSUSE-SU-2020:0545",
          "tags": [
            "vendor-advisory",
            "x_refsource_SUSE"
          ],
          "url": "http://lists.opensuse.org/opensuse-security-announce/2020-04/msg00036.html"
        },
        {
          "name": "openSUSE-SU-2020:0562",
          "tags": [
            "vendor-advisory",
            "x_refsource_SUSE"
          ],
          "url": "http://lists.opensuse.org/opensuse-security-announce/2020-04/msg00046.html"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "cve@mitre.org",
          "ID": "CVE-2019-14533",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "n/a",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "The Control function of demux/asf/asf.c in VideoLAN VLC media player 3.0.7.1 has a use-after-free."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "n/a"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "http://git.videolan.org/?p=vlc.git\u0026a=search\u0026h=refs/heads/master\u0026st=commit\u0026s=cve-2019",
              "refsource": "CONFIRM",
              "url": "http://git.videolan.org/?p=vlc.git\u0026a=search\u0026h=refs/heads/master\u0026st=commit\u0026s=cve-2019"
            },
            {
              "name": "DSA-4504",
              "refsource": "DEBIAN",
              "url": "https://www.debian.org/security/2019/dsa-4504"
            },
            {
              "name": "20190821 [SECURITY] [DSA 4504-1] vlc security update",
              "refsource": "BUGTRAQ",
              "url": "https://seclists.org/bugtraq/2019/Aug/36"
            },
            {
              "name": "https://www.videolan.org/security/sb-vlc308.html",
              "refsource": "CONFIRM",
              "url": "https://www.videolan.org/security/sb-vlc308.html"
            },
            {
              "name": "GLSA-201909-02",
              "refsource": "GENTOO",
              "url": "https://security.gentoo.org/glsa/201909-02"
            },
            {
              "name": "USN-4131-1",
              "refsource": "UBUNTU",
              "url": "https://usn.ubuntu.com/4131-1/"
            },
            {
              "name": "openSUSE-SU-2020:0545",
              "refsource": "SUSE",
              "url": "http://lists.opensuse.org/opensuse-security-announce/2020-04/msg00036.html"
            },
            {
              "name": "openSUSE-SU-2020:0562",
              "refsource": "SUSE",
              "url": "http://lists.opensuse.org/opensuse-security-announce/2020-04/msg00046.html"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
    "assignerShortName": "mitre",
    "cveId": "CVE-2019-14533",
    "datePublished": "2019-08-29T18:43:45",
    "dateReserved": "2019-08-02T00:00:00",
    "dateUpdated": "2024-08-05T00:19:41.197Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2019-14437 (GCVE-0-2019-14437)

Vulnerability from cvelistv5

Published

2019-08-29 17:30

Modified

2024-08-05 00:19

Severity ?

CWE

Summary

The xiph_SplitHeaders function in modules/demux/xiph.h in VideoLAN VLC media player 3.0.7.1 does not check array bounds properly. As a result, a heap-based buffer over-read can be triggered via a crafted .ogg file.

References

►

URL

Tags

	http://git.videolan.org/?p=vlc.git&a=search&h=refs%2Fheads%2Fmaster&st=commit&s=cve-2019	x_refsource_CONFIRM
	https://www.debian.org/security/2019/dsa-4504	vendor-advisory, x_refsource_DEBIAN
	https://seclists.org/bugtraq/2019/Aug/36	mailing-list, x_refsource_BUGTRAQ
	https://www.videolan.org/security/sb-vlc308.html	x_refsource_CONFIRM
	https://security.gentoo.org/glsa/201909-02	vendor-advisory, x_refsource_GENTOO
	https://usn.ubuntu.com/4131-1/	vendor-advisory, x_refsource_UBUNTU
	http://lists.opensuse.org/opensuse-security-announce/2020-04/msg00036.html	vendor-advisory, x_refsource_SUSE
	http://lists.opensuse.org/opensuse-security-announce/2020-04/msg00046.html	vendor-advisory, x_refsource_SUSE

Impacted products

	Vendor	Product	Version
	n/a	n/a	Version: n/a

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-05T00:19:41.036Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://git.videolan.org/?p=vlc.git\u0026a=search\u0026h=refs%2Fheads%2Fmaster\u0026st=commit\u0026s=cve-2019"
          },
          {
            "name": "DSA-4504",
            "tags": [
              "vendor-advisory",
              "x_refsource_DEBIAN",
              "x_transferred"
            ],
            "url": "https://www.debian.org/security/2019/dsa-4504"
          },
          {
            "name": "20190821 [SECURITY] [DSA 4504-1] vlc security update",
            "tags": [
              "mailing-list",
              "x_refsource_BUGTRAQ",
              "x_transferred"
            ],
            "url": "https://seclists.org/bugtraq/2019/Aug/36"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://www.videolan.org/security/sb-vlc308.html"
          },
          {
            "name": "GLSA-201909-02",
            "tags": [
              "vendor-advisory",
              "x_refsource_GENTOO",
              "x_transferred"
            ],
            "url": "https://security.gentoo.org/glsa/201909-02"
          },
          {
            "name": "USN-4131-1",
            "tags": [
              "vendor-advisory",
              "x_refsource_UBUNTU",
              "x_transferred"
            ],
            "url": "https://usn.ubuntu.com/4131-1/"
          },
          {
            "name": "openSUSE-SU-2020:0545",
            "tags": [
              "vendor-advisory",
              "x_refsource_SUSE",
              "x_transferred"
            ],
            "url": "http://lists.opensuse.org/opensuse-security-announce/2020-04/msg00036.html"
          },
          {
            "name": "openSUSE-SU-2020:0562",
            "tags": [
              "vendor-advisory",
              "x_refsource_SUSE",
              "x_transferred"
            ],
            "url": "http://lists.opensuse.org/opensuse-security-announce/2020-04/msg00046.html"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "datePublic": "2019-08-14T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "The xiph_SplitHeaders function in modules/demux/xiph.h in VideoLAN VLC media player 3.0.7.1 does not check array bounds properly. As a result, a heap-based buffer over-read can be triggered via a crafted .ogg file."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2020-04-29T11:06:07",
        "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "shortName": "mitre"
      },
      "references": [
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://git.videolan.org/?p=vlc.git\u0026a=search\u0026h=refs%2Fheads%2Fmaster\u0026st=commit\u0026s=cve-2019"
        },
        {
          "name": "DSA-4504",
          "tags": [
            "vendor-advisory",
            "x_refsource_DEBIAN"
          ],
          "url": "https://www.debian.org/security/2019/dsa-4504"
        },
        {
          "name": "20190821 [SECURITY] [DSA 4504-1] vlc security update",
          "tags": [
            "mailing-list",
            "x_refsource_BUGTRAQ"
          ],
          "url": "https://seclists.org/bugtraq/2019/Aug/36"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://www.videolan.org/security/sb-vlc308.html"
        },
        {
          "name": "GLSA-201909-02",
          "tags": [
            "vendor-advisory",
            "x_refsource_GENTOO"
          ],
          "url": "https://security.gentoo.org/glsa/201909-02"
        },
        {
          "name": "USN-4131-1",
          "tags": [
            "vendor-advisory",
            "x_refsource_UBUNTU"
          ],
          "url": "https://usn.ubuntu.com/4131-1/"
        },
        {
          "name": "openSUSE-SU-2020:0545",
          "tags": [
            "vendor-advisory",
            "x_refsource_SUSE"
          ],
          "url": "http://lists.opensuse.org/opensuse-security-announce/2020-04/msg00036.html"
        },
        {
          "name": "openSUSE-SU-2020:0562",
          "tags": [
            "vendor-advisory",
            "x_refsource_SUSE"
          ],
          "url": "http://lists.opensuse.org/opensuse-security-announce/2020-04/msg00046.html"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "cve@mitre.org",
          "ID": "CVE-2019-14437",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "n/a",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "The xiph_SplitHeaders function in modules/demux/xiph.h in VideoLAN VLC media player 3.0.7.1 does not check array bounds properly. As a result, a heap-based buffer over-read can be triggered via a crafted .ogg file."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "n/a"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "http://git.videolan.org/?p=vlc.git\u0026a=search\u0026h=refs%2Fheads%2Fmaster\u0026st=commit\u0026s=cve-2019",
              "refsource": "CONFIRM",
              "url": "http://git.videolan.org/?p=vlc.git\u0026a=search\u0026h=refs%2Fheads%2Fmaster\u0026st=commit\u0026s=cve-2019"
            },
            {
              "name": "DSA-4504",
              "refsource": "DEBIAN",
              "url": "https://www.debian.org/security/2019/dsa-4504"
            },
            {
              "name": "20190821 [SECURITY] [DSA 4504-1] vlc security update",
              "refsource": "BUGTRAQ",
              "url": "https://seclists.org/bugtraq/2019/Aug/36"
            },
            {
              "name": "https://www.videolan.org/security/sb-vlc308.html",
              "refsource": "CONFIRM",
              "url": "https://www.videolan.org/security/sb-vlc308.html"
            },
            {
              "name": "GLSA-201909-02",
              "refsource": "GENTOO",
              "url": "https://security.gentoo.org/glsa/201909-02"
            },
            {
              "name": "USN-4131-1",
              "refsource": "UBUNTU",
              "url": "https://usn.ubuntu.com/4131-1/"
            },
            {
              "name": "openSUSE-SU-2020:0545",
              "refsource": "SUSE",
              "url": "http://lists.opensuse.org/opensuse-security-announce/2020-04/msg00036.html"
            },
            {
              "name": "openSUSE-SU-2020:0562",
              "refsource": "SUSE",
              "url": "http://lists.opensuse.org/opensuse-security-announce/2020-04/msg00046.html"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
    "assignerShortName": "mitre",
    "cveId": "CVE-2019-14437",
    "datePublished": "2019-08-29T17:30:37",
    "dateReserved": "2019-07-29T00:00:00",
    "dateUpdated": "2024-08-05T00:19:41.036Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2019-13602 (GCVE-0-2019-13602)

Vulnerability from cvelistv5

Published

2019-07-14 21:00

Modified

2024-08-04 23:57

Severity ?

CWE

Summary

An Integer Underflow in MP4_EIA608_Convert() in modules/demux/mp4/mp4.c in VideoLAN VLC media player through 3.0.7.1 allows remote attackers to cause a denial of service (heap-based buffer overflow and crash) or possibly have unspecified other impact via a crafted .mp4 file.

References

►

URL

Tags

	https://git.videolan.org/?p=vlc.git%3Ba=commit%3Bh=8e8e0d72447f8378244f5b4a3dcde036dbeb1491	x_refsource_MISC
	https://git.videolan.org/?p=vlc.git%3Ba=commit%3Bh=b2b157076d9e94df34502dd8df0787deb940e938	x_refsource_MISC
	http://www.securityfocus.com/bid/109158	vdb-entry, x_refsource_BID
	https://usn.ubuntu.com/4074-1/	vendor-advisory, x_refsource_UBUNTU
	http://lists.opensuse.org/opensuse-security-announce/2019-08/msg00005.html	vendor-advisory, x_refsource_SUSE
	http://lists.opensuse.org/opensuse-security-announce/2019-08/msg00040.html	vendor-advisory, x_refsource_SUSE
	http://lists.opensuse.org/opensuse-security-announce/2019-08/msg00037.html	vendor-advisory, x_refsource_SUSE
	https://www.debian.org/security/2019/dsa-4504	vendor-advisory, x_refsource_DEBIAN
	https://seclists.org/bugtraq/2019/Aug/36	mailing-list, x_refsource_BUGTRAQ
	http://lists.opensuse.org/opensuse-security-announce/2019-08/msg00081.html	vendor-advisory, x_refsource_SUSE
	https://security.gentoo.org/glsa/201909-02	vendor-advisory, x_refsource_GENTOO
	http://lists.opensuse.org/opensuse-security-announce/2020-04/msg00036.html	vendor-advisory, x_refsource_SUSE
	http://lists.opensuse.org/opensuse-security-announce/2020-04/msg00046.html	vendor-advisory, x_refsource_SUSE

Impacted products

	Vendor	Product	Version
	n/a	n/a	Version: n/a

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-04T23:57:39.451Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://git.videolan.org/?p=vlc.git%3Ba=commit%3Bh=8e8e0d72447f8378244f5b4a3dcde036dbeb1491"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://git.videolan.org/?p=vlc.git%3Ba=commit%3Bh=b2b157076d9e94df34502dd8df0787deb940e938"
          },
          {
            "name": "109158",
            "tags": [
              "vdb-entry",
              "x_refsource_BID",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/bid/109158"
          },
          {
            "name": "USN-4074-1",
            "tags": [
              "vendor-advisory",
              "x_refsource_UBUNTU",
              "x_transferred"
            ],
            "url": "https://usn.ubuntu.com/4074-1/"
          },
          {
            "name": "openSUSE-SU-2019:1840",
            "tags": [
              "vendor-advisory",
              "x_refsource_SUSE",
              "x_transferred"
            ],
            "url": "http://lists.opensuse.org/opensuse-security-announce/2019-08/msg00005.html"
          },
          {
            "name": "openSUSE-SU-2019:1909",
            "tags": [
              "vendor-advisory",
              "x_refsource_SUSE",
              "x_transferred"
            ],
            "url": "http://lists.opensuse.org/opensuse-security-announce/2019-08/msg00040.html"
          },
          {
            "name": "openSUSE-SU-2019:1897",
            "tags": [
              "vendor-advisory",
              "x_refsource_SUSE",
              "x_transferred"
            ],
            "url": "http://lists.opensuse.org/opensuse-security-announce/2019-08/msg00037.html"
          },
          {
            "name": "DSA-4504",
            "tags": [
              "vendor-advisory",
              "x_refsource_DEBIAN",
              "x_transferred"
            ],
            "url": "https://www.debian.org/security/2019/dsa-4504"
          },
          {
            "name": "20190821 [SECURITY] [DSA 4504-1] vlc security update",
            "tags": [
              "mailing-list",
              "x_refsource_BUGTRAQ",
              "x_transferred"
            ],
            "url": "https://seclists.org/bugtraq/2019/Aug/36"
          },
          {
            "name": "openSUSE-SU-2019:2015",
            "tags": [
              "vendor-advisory",
              "x_refsource_SUSE",
              "x_transferred"
            ],
            "url": "http://lists.opensuse.org/opensuse-security-announce/2019-08/msg00081.html"
          },
          {
            "name": "GLSA-201909-02",
            "tags": [
              "vendor-advisory",
              "x_refsource_GENTOO",
              "x_transferred"
            ],
            "url": "https://security.gentoo.org/glsa/201909-02"
          },
          {
            "name": "openSUSE-SU-2020:0545",
            "tags": [
              "vendor-advisory",
              "x_refsource_SUSE",
              "x_transferred"
            ],
            "url": "http://lists.opensuse.org/opensuse-security-announce/2020-04/msg00036.html"
          },
          {
            "name": "openSUSE-SU-2020:0562",
            "tags": [
              "vendor-advisory",
              "x_refsource_SUSE",
              "x_transferred"
            ],
            "url": "http://lists.opensuse.org/opensuse-security-announce/2020-04/msg00046.html"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "An Integer Underflow in MP4_EIA608_Convert() in modules/demux/mp4/mp4.c in VideoLAN VLC media player through 3.0.7.1 allows remote attackers to cause a denial of service (heap-based buffer overflow and crash) or possibly have unspecified other impact via a crafted .mp4 file."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2020-04-29T11:06:14",
        "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "shortName": "mitre"
      },
      "references": [
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://git.videolan.org/?p=vlc.git%3Ba=commit%3Bh=8e8e0d72447f8378244f5b4a3dcde036dbeb1491"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://git.videolan.org/?p=vlc.git%3Ba=commit%3Bh=b2b157076d9e94df34502dd8df0787deb940e938"
        },
        {
          "name": "109158",
          "tags": [
            "vdb-entry",
            "x_refsource_BID"
          ],
          "url": "http://www.securityfocus.com/bid/109158"
        },
        {
          "name": "USN-4074-1",
          "tags": [
            "vendor-advisory",
            "x_refsource_UBUNTU"
          ],
          "url": "https://usn.ubuntu.com/4074-1/"
        },
        {
          "name": "openSUSE-SU-2019:1840",
          "tags": [
            "vendor-advisory",
            "x_refsource_SUSE"
          ],
          "url": "http://lists.opensuse.org/opensuse-security-announce/2019-08/msg00005.html"
        },
        {
          "name": "openSUSE-SU-2019:1909",
          "tags": [
            "vendor-advisory",
            "x_refsource_SUSE"
          ],
          "url": "http://lists.opensuse.org/opensuse-security-announce/2019-08/msg00040.html"
        },
        {
          "name": "openSUSE-SU-2019:1897",
          "tags": [
            "vendor-advisory",
            "x_refsource_SUSE"
          ],
          "url": "http://lists.opensuse.org/opensuse-security-announce/2019-08/msg00037.html"
        },
        {
          "name": "DSA-4504",
          "tags": [
            "vendor-advisory",
            "x_refsource_DEBIAN"
          ],
          "url": "https://www.debian.org/security/2019/dsa-4504"
        },
        {
          "name": "20190821 [SECURITY] [DSA 4504-1] vlc security update",
          "tags": [
            "mailing-list",
            "x_refsource_BUGTRAQ"
          ],
          "url": "https://seclists.org/bugtraq/2019/Aug/36"
        },
        {
          "name": "openSUSE-SU-2019:2015",
          "tags": [
            "vendor-advisory",
            "x_refsource_SUSE"
          ],
          "url": "http://lists.opensuse.org/opensuse-security-announce/2019-08/msg00081.html"
        },
        {
          "name": "GLSA-201909-02",
          "tags": [
            "vendor-advisory",
            "x_refsource_GENTOO"
          ],
          "url": "https://security.gentoo.org/glsa/201909-02"
        },
        {
          "name": "openSUSE-SU-2020:0545",
          "tags": [
            "vendor-advisory",
            "x_refsource_SUSE"
          ],
          "url": "http://lists.opensuse.org/opensuse-security-announce/2020-04/msg00036.html"
        },
        {
          "name": "openSUSE-SU-2020:0562",
          "tags": [
            "vendor-advisory",
            "x_refsource_SUSE"
          ],
          "url": "http://lists.opensuse.org/opensuse-security-announce/2020-04/msg00046.html"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "cve@mitre.org",
          "ID": "CVE-2019-13602",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "n/a",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "An Integer Underflow in MP4_EIA608_Convert() in modules/demux/mp4/mp4.c in VideoLAN VLC media player through 3.0.7.1 allows remote attackers to cause a denial of service (heap-based buffer overflow and crash) or possibly have unspecified other impact via a crafted .mp4 file."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "n/a"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "https://git.videolan.org/?p=vlc.git;a=commit;h=8e8e0d72447f8378244f5b4a3dcde036dbeb1491",
              "refsource": "MISC",
              "url": "https://git.videolan.org/?p=vlc.git;a=commit;h=8e8e0d72447f8378244f5b4a3dcde036dbeb1491"
            },
            {
              "name": "https://git.videolan.org/?p=vlc.git;a=commit;h=b2b157076d9e94df34502dd8df0787deb940e938",
              "refsource": "MISC",
              "url": "https://git.videolan.org/?p=vlc.git;a=commit;h=b2b157076d9e94df34502dd8df0787deb940e938"
            },
            {
              "name": "109158",
              "refsource": "BID",
              "url": "http://www.securityfocus.com/bid/109158"
            },
            {
              "name": "USN-4074-1",
              "refsource": "UBUNTU",
              "url": "https://usn.ubuntu.com/4074-1/"
            },
            {
              "name": "openSUSE-SU-2019:1840",
              "refsource": "SUSE",
              "url": "http://lists.opensuse.org/opensuse-security-announce/2019-08/msg00005.html"
            },
            {
              "name": "openSUSE-SU-2019:1909",
              "refsource": "SUSE",
              "url": "http://lists.opensuse.org/opensuse-security-announce/2019-08/msg00040.html"
            },
            {
              "name": "openSUSE-SU-2019:1897",
              "refsource": "SUSE",
              "url": "http://lists.opensuse.org/opensuse-security-announce/2019-08/msg00037.html"
            },
            {
              "name": "DSA-4504",
              "refsource": "DEBIAN",
              "url": "https://www.debian.org/security/2019/dsa-4504"
            },
            {
              "name": "20190821 [SECURITY] [DSA 4504-1] vlc security update",
              "refsource": "BUGTRAQ",
              "url": "https://seclists.org/bugtraq/2019/Aug/36"
            },
            {
              "name": "openSUSE-SU-2019:2015",
              "refsource": "SUSE",
              "url": "http://lists.opensuse.org/opensuse-security-announce/2019-08/msg00081.html"
            },
            {
              "name": "GLSA-201909-02",
              "refsource": "GENTOO",
              "url": "https://security.gentoo.org/glsa/201909-02"
            },
            {
              "name": "openSUSE-SU-2020:0545",
              "refsource": "SUSE",
              "url": "http://lists.opensuse.org/opensuse-security-announce/2020-04/msg00036.html"
            },
            {
              "name": "openSUSE-SU-2020:0562",
              "refsource": "SUSE",
              "url": "http://lists.opensuse.org/opensuse-security-announce/2020-04/msg00046.html"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
    "assignerShortName": "mitre",
    "cveId": "CVE-2019-13602",
    "datePublished": "2019-07-14T21:00:27",
    "dateReserved": "2019-07-14T00:00:00",
    "dateUpdated": "2024-08-04T23:57:39.451Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2019-14777 (GCVE-0-2019-14777)

Vulnerability from cvelistv5

Published

2019-08-29 18:53

Modified

2024-08-05 00:26

Severity ?

CWE

Summary

The Control function of demux/mkv/mkv.cpp in VideoLAN VLC media player 3.0.7.1 has a use-after-free.

References

►

URL

Tags

	http://git.videolan.org/?p=vlc.git&a=search&h=refs/heads/master&st=commit&s=cve-2019	x_refsource_CONFIRM
	https://www.debian.org/security/2019/dsa-4504	vendor-advisory, x_refsource_DEBIAN
	https://seclists.org/bugtraq/2019/Aug/36	mailing-list, x_refsource_BUGTRAQ
	https://www.videolan.org/security/sb-vlc308.html	x_refsource_CONFIRM
	https://security.gentoo.org/glsa/201909-02	vendor-advisory, x_refsource_GENTOO
	https://usn.ubuntu.com/4131-1/	vendor-advisory, x_refsource_UBUNTU
	http://lists.opensuse.org/opensuse-security-announce/2020-04/msg00036.html	vendor-advisory, x_refsource_SUSE
	http://lists.opensuse.org/opensuse-security-announce/2020-04/msg00046.html	vendor-advisory, x_refsource_SUSE

Impacted products

	Vendor	Product	Version
	n/a	n/a	Version: n/a

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-05T00:26:39.056Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://git.videolan.org/?p=vlc.git\u0026a=search\u0026h=refs/heads/master\u0026st=commit\u0026s=cve-2019"
          },
          {
            "name": "DSA-4504",
            "tags": [
              "vendor-advisory",
              "x_refsource_DEBIAN",
              "x_transferred"
            ],
            "url": "https://www.debian.org/security/2019/dsa-4504"
          },
          {
            "name": "20190821 [SECURITY] [DSA 4504-1] vlc security update",
            "tags": [
              "mailing-list",
              "x_refsource_BUGTRAQ",
              "x_transferred"
            ],
            "url": "https://seclists.org/bugtraq/2019/Aug/36"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://www.videolan.org/security/sb-vlc308.html"
          },
          {
            "name": "GLSA-201909-02",
            "tags": [
              "vendor-advisory",
              "x_refsource_GENTOO",
              "x_transferred"
            ],
            "url": "https://security.gentoo.org/glsa/201909-02"
          },
          {
            "name": "USN-4131-1",
            "tags": [
              "vendor-advisory",
              "x_refsource_UBUNTU",
              "x_transferred"
            ],
            "url": "https://usn.ubuntu.com/4131-1/"
          },
          {
            "name": "openSUSE-SU-2020:0545",
            "tags": [
              "vendor-advisory",
              "x_refsource_SUSE",
              "x_transferred"
            ],
            "url": "http://lists.opensuse.org/opensuse-security-announce/2020-04/msg00036.html"
          },
          {
            "name": "openSUSE-SU-2020:0562",
            "tags": [
              "vendor-advisory",
              "x_refsource_SUSE",
              "x_transferred"
            ],
            "url": "http://lists.opensuse.org/opensuse-security-announce/2020-04/msg00046.html"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "datePublic": "2019-08-14T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "The Control function of demux/mkv/mkv.cpp in VideoLAN VLC media player 3.0.7.1 has a use-after-free."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2020-04-29T11:06:06",
        "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "shortName": "mitre"
      },
      "references": [
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://git.videolan.org/?p=vlc.git\u0026a=search\u0026h=refs/heads/master\u0026st=commit\u0026s=cve-2019"
        },
        {
          "name": "DSA-4504",
          "tags": [
            "vendor-advisory",
            "x_refsource_DEBIAN"
          ],
          "url": "https://www.debian.org/security/2019/dsa-4504"
        },
        {
          "name": "20190821 [SECURITY] [DSA 4504-1] vlc security update",
          "tags": [
            "mailing-list",
            "x_refsource_BUGTRAQ"
          ],
          "url": "https://seclists.org/bugtraq/2019/Aug/36"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://www.videolan.org/security/sb-vlc308.html"
        },
        {
          "name": "GLSA-201909-02",
          "tags": [
            "vendor-advisory",
            "x_refsource_GENTOO"
          ],
          "url": "https://security.gentoo.org/glsa/201909-02"
        },
        {
          "name": "USN-4131-1",
          "tags": [
            "vendor-advisory",
            "x_refsource_UBUNTU"
          ],
          "url": "https://usn.ubuntu.com/4131-1/"
        },
        {
          "name": "openSUSE-SU-2020:0545",
          "tags": [
            "vendor-advisory",
            "x_refsource_SUSE"
          ],
          "url": "http://lists.opensuse.org/opensuse-security-announce/2020-04/msg00036.html"
        },
        {
          "name": "openSUSE-SU-2020:0562",
          "tags": [
            "vendor-advisory",
            "x_refsource_SUSE"
          ],
          "url": "http://lists.opensuse.org/opensuse-security-announce/2020-04/msg00046.html"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "cve@mitre.org",
          "ID": "CVE-2019-14777",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "n/a",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "The Control function of demux/mkv/mkv.cpp in VideoLAN VLC media player 3.0.7.1 has a use-after-free."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "n/a"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "http://git.videolan.org/?p=vlc.git\u0026a=search\u0026h=refs/heads/master\u0026st=commit\u0026s=cve-2019",
              "refsource": "CONFIRM",
              "url": "http://git.videolan.org/?p=vlc.git\u0026a=search\u0026h=refs/heads/master\u0026st=commit\u0026s=cve-2019"
            },
            {
              "name": "DSA-4504",
              "refsource": "DEBIAN",
              "url": "https://www.debian.org/security/2019/dsa-4504"
            },
            {
              "name": "20190821 [SECURITY] [DSA 4504-1] vlc security update",
              "refsource": "BUGTRAQ",
              "url": "https://seclists.org/bugtraq/2019/Aug/36"
            },
            {
              "name": "https://www.videolan.org/security/sb-vlc308.html",
              "refsource": "CONFIRM",
              "url": "https://www.videolan.org/security/sb-vlc308.html"
            },
            {
              "name": "GLSA-201909-02",
              "refsource": "GENTOO",
              "url": "https://security.gentoo.org/glsa/201909-02"
            },
            {
              "name": "USN-4131-1",
              "refsource": "UBUNTU",
              "url": "https://usn.ubuntu.com/4131-1/"
            },
            {
              "name": "openSUSE-SU-2020:0545",
              "refsource": "SUSE",
              "url": "http://lists.opensuse.org/opensuse-security-announce/2020-04/msg00036.html"
            },
            {
              "name": "openSUSE-SU-2020:0562",
              "refsource": "SUSE",
              "url": "http://lists.opensuse.org/opensuse-security-announce/2020-04/msg00046.html"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
    "assignerShortName": "mitre",
    "cveId": "CVE-2019-14777",
    "datePublished": "2019-08-29T18:53:08",
    "dateReserved": "2019-08-08T00:00:00",
    "dateUpdated": "2024-08-05T00:26:39.056Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2019-14498 (GCVE-0-2019-14498)

Vulnerability from cvelistv5

Published

2019-08-29 17:35

Modified

2024-08-05 00:19

Severity ?

CWE

Summary

A divide-by-zero error exists in the Control function of demux/caf.c in VideoLAN VLC media player 3.0.7.1. As a result, an FPE can be triggered via a crafted CAF file.

References

►

URL

Tags

	http://git.videolan.org/?p=vlc.git&a=search&h=refs/heads/master&st=commit&s=cve-2019	x_refsource_CONFIRM
	https://www.debian.org/security/2019/dsa-4504	vendor-advisory, x_refsource_DEBIAN
	https://seclists.org/bugtraq/2019/Aug/36	mailing-list, x_refsource_BUGTRAQ
	https://www.videolan.org/security/sb-vlc308.html	x_refsource_CONFIRM
	https://security.gentoo.org/glsa/201909-02	vendor-advisory, x_refsource_GENTOO
	https://usn.ubuntu.com/4131-1/	vendor-advisory, x_refsource_UBUNTU
	http://lists.opensuse.org/opensuse-security-announce/2020-04/msg00036.html	vendor-advisory, x_refsource_SUSE
	http://lists.opensuse.org/opensuse-security-announce/2020-04/msg00046.html	vendor-advisory, x_refsource_SUSE

Impacted products

	Vendor	Product	Version
	n/a	n/a	Version: n/a

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-05T00:19:41.193Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://git.videolan.org/?p=vlc.git\u0026a=search\u0026h=refs/heads/master\u0026st=commit\u0026s=cve-2019"
          },
          {
            "name": "DSA-4504",
            "tags": [
              "vendor-advisory",
              "x_refsource_DEBIAN",
              "x_transferred"
            ],
            "url": "https://www.debian.org/security/2019/dsa-4504"
          },
          {
            "name": "20190821 [SECURITY] [DSA 4504-1] vlc security update",
            "tags": [
              "mailing-list",
              "x_refsource_BUGTRAQ",
              "x_transferred"
            ],
            "url": "https://seclists.org/bugtraq/2019/Aug/36"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://www.videolan.org/security/sb-vlc308.html"
          },
          {
            "name": "GLSA-201909-02",
            "tags": [
              "vendor-advisory",
              "x_refsource_GENTOO",
              "x_transferred"
            ],
            "url": "https://security.gentoo.org/glsa/201909-02"
          },
          {
            "name": "USN-4131-1",
            "tags": [
              "vendor-advisory",
              "x_refsource_UBUNTU",
              "x_transferred"
            ],
            "url": "https://usn.ubuntu.com/4131-1/"
          },
          {
            "name": "openSUSE-SU-2020:0545",
            "tags": [
              "vendor-advisory",
              "x_refsource_SUSE",
              "x_transferred"
            ],
            "url": "http://lists.opensuse.org/opensuse-security-announce/2020-04/msg00036.html"
          },
          {
            "name": "openSUSE-SU-2020:0562",
            "tags": [
              "vendor-advisory",
              "x_refsource_SUSE",
              "x_transferred"
            ],
            "url": "http://lists.opensuse.org/opensuse-security-announce/2020-04/msg00046.html"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "datePublic": "2019-08-14T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "A divide-by-zero error exists in the Control function of demux/caf.c in VideoLAN VLC media player 3.0.7.1. As a result, an FPE can be triggered via a crafted CAF file."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2020-04-29T11:06:09",
        "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "shortName": "mitre"
      },
      "references": [
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://git.videolan.org/?p=vlc.git\u0026a=search\u0026h=refs/heads/master\u0026st=commit\u0026s=cve-2019"
        },
        {
          "name": "DSA-4504",
          "tags": [
            "vendor-advisory",
            "x_refsource_DEBIAN"
          ],
          "url": "https://www.debian.org/security/2019/dsa-4504"
        },
        {
          "name": "20190821 [SECURITY] [DSA 4504-1] vlc security update",
          "tags": [
            "mailing-list",
            "x_refsource_BUGTRAQ"
          ],
          "url": "https://seclists.org/bugtraq/2019/Aug/36"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://www.videolan.org/security/sb-vlc308.html"
        },
        {
          "name": "GLSA-201909-02",
          "tags": [
            "vendor-advisory",
            "x_refsource_GENTOO"
          ],
          "url": "https://security.gentoo.org/glsa/201909-02"
        },
        {
          "name": "USN-4131-1",
          "tags": [
            "vendor-advisory",
            "x_refsource_UBUNTU"
          ],
          "url": "https://usn.ubuntu.com/4131-1/"
        },
        {
          "name": "openSUSE-SU-2020:0545",
          "tags": [
            "vendor-advisory",
            "x_refsource_SUSE"
          ],
          "url": "http://lists.opensuse.org/opensuse-security-announce/2020-04/msg00036.html"
        },
        {
          "name": "openSUSE-SU-2020:0562",
          "tags": [
            "vendor-advisory",
            "x_refsource_SUSE"
          ],
          "url": "http://lists.opensuse.org/opensuse-security-announce/2020-04/msg00046.html"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "cve@mitre.org",
          "ID": "CVE-2019-14498",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "n/a",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "A divide-by-zero error exists in the Control function of demux/caf.c in VideoLAN VLC media player 3.0.7.1. As a result, an FPE can be triggered via a crafted CAF file."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "n/a"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "http://git.videolan.org/?p=vlc.git\u0026a=search\u0026h=refs/heads/master\u0026st=commit\u0026s=cve-2019",
              "refsource": "CONFIRM",
              "url": "http://git.videolan.org/?p=vlc.git\u0026a=search\u0026h=refs/heads/master\u0026st=commit\u0026s=cve-2019"
            },
            {
              "name": "DSA-4504",
              "refsource": "DEBIAN",
              "url": "https://www.debian.org/security/2019/dsa-4504"
            },
            {
              "name": "20190821 [SECURITY] [DSA 4504-1] vlc security update",
              "refsource": "BUGTRAQ",
              "url": "https://seclists.org/bugtraq/2019/Aug/36"
            },
            {
              "name": "https://www.videolan.org/security/sb-vlc308.html",
              "refsource": "CONFIRM",
              "url": "https://www.videolan.org/security/sb-vlc308.html"
            },
            {
              "name": "GLSA-201909-02",
              "refsource": "GENTOO",
              "url": "https://security.gentoo.org/glsa/201909-02"
            },
            {
              "name": "USN-4131-1",
              "refsource": "UBUNTU",
              "url": "https://usn.ubuntu.com/4131-1/"
            },
            {
              "name": "openSUSE-SU-2020:0545",
              "refsource": "SUSE",
              "url": "http://lists.opensuse.org/opensuse-security-announce/2020-04/msg00036.html"
            },
            {
              "name": "openSUSE-SU-2020:0562",
              "refsource": "SUSE",
              "url": "http://lists.opensuse.org/opensuse-security-announce/2020-04/msg00046.html"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
    "assignerShortName": "mitre",
    "cveId": "CVE-2019-14498",
    "datePublished": "2019-08-29T17:35:50",
    "dateReserved": "2019-08-01T00:00:00",
    "dateUpdated": "2024-08-05T00:19:41.193Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

Tags

Taxonomy of the tags.

All sightings related to this event Export sightings related to this event

Sightings

Author	Source	Type	Date

Nomenclature

Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
Confirmed: The vulnerability is confirmed from an analyst perspective.
Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
Patched: This vulnerability was successfully patched by the user reporting the sighting.
Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
Not confirmed: The user expresses doubt about the veracity of the vulnerability.
Not patched: This vulnerability was not successfully patched by the user reporting the sighting.

Action not permitted

opensuse-su-2020:0562-1

Vulnerability from csaf_opensuse

CVE-2019-14778 (GCVE-0-2019-14778)

Vulnerability from cvelistv5

CVE-2019-14534 (GCVE-0-2019-14534)

Vulnerability from cvelistv5

CVE-2019-14438 (GCVE-0-2019-14438)

Vulnerability from cvelistv5

CVE-2019-14970 (GCVE-0-2019-14970)

Vulnerability from cvelistv5

CVE-2019-13962 (GCVE-0-2019-13962)

Vulnerability from cvelistv5

CVE-2019-14535 (GCVE-0-2019-14535)

Vulnerability from cvelistv5

CVE-2019-14776 (GCVE-0-2019-14776)

Vulnerability from cvelistv5

CVE-2019-14533 (GCVE-0-2019-14533)

Vulnerability from cvelistv5

CVE-2019-14437 (GCVE-0-2019-14437)

Vulnerability from cvelistv5

CVE-2019-13602 (GCVE-0-2019-13602)

Vulnerability from cvelistv5

CVE-2019-14777 (GCVE-0-2019-14777)

Vulnerability from cvelistv5

CVE-2019-14498 (GCVE-0-2019-14498)

Vulnerability from cvelistv5

Tags

Sightings

Nomenclature