First published: Thu Jul 18 2019(Updated: )
lavc_CopyPicture in modules/codec/avcodec/video.c in VideoLAN VLC media player through 3.0.7 has a heap-based buffer over-read because it does not properly validate the width and height.
Credit: cve@mitre.org cve@mitre.org
Affected Software | Affected Version | How to fix |
---|---|---|
Videolan Vlc Media Player | <=3.0.7 | |
openSUSE Backports SLE | =15.0 | |
openSUSE Backports SLE | =15.0-sp1 | |
openSUSE Leap | =15.0 | |
openSUSE Leap | =15.1 | |
Debian Debian Linux | =9.0 | |
Debian Debian Linux | =10.0 | |
Canonical Ubuntu Linux | =18.04 | |
Canonical Ubuntu Linux | =19.04 | |
ubuntu/vlc | <3.0.8-0ubuntu18.04.1 | 3.0.8-0ubuntu18.04.1 |
ubuntu/vlc | <3.0.8-0ubuntu19.04.1 | 3.0.8-0ubuntu19.04.1 |
ubuntu/vlc | <3.0.8 | 3.0.8 |
debian/vlc | 3.0.17.4-0+deb10u1 3.0.20-0+deb10u1 3.0.20-0+deb11u1 3.0.20-0+deb12u1 3.0.20-1 |
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
CVE-2019-13962 is a vulnerability in the VideoLAN VLC media player that allows for a heap-based buffer over-read.
CVE-2019-13962 has a severity rating of 9.8, which is considered critical.
The affected software for CVE-2019-13962 includes VideoLAN VLC media player versions up to 3.0.7.
You can fix CVE-2019-13962 by updating to VLC media player version 3.0.8 or later.
You can find more information about CVE-2019-13962 in the references provided.