Lucene search

[email protected]CVE-2019-13962

HistoryJul 18, 2019 - 8:15 p.m.

CVE-2019-13962

2019-07-1820:15:12

CWE-125

[email protected]

web.nvd.nist.gov

198

cve-2019-13962

videolan

vlc media player

heap-based buffer over-read

nvd

security vulnerability

avcodec

7.5 High

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

9.8 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

9.3 High

AI Score

Confidence

High

0.009 Low

EPSS

Percentile

82.9%

JSON

lavc_CopyPicture in modules/codec/avcodec/video.c in VideoLAN VLC media player through 3.0.7 has a heap-based buffer over-read because it does not properly validate the width and height.

Affected configurations

NVD

Node

videolanvlc_media_playerRange≤3.0.7

Node

opensusebackports_sleMatch15.0-

opensusebackports_sleMatch15.0sp1

opensuseleapMatch15.0

opensuseleapMatch15.1

Node

debiandebian_linuxMatch9.0

debiandebian_linuxMatch10.0

Node

canonicalubuntu_linuxMatch18.04lts

canonicalubuntu_linuxMatch19.04

CPENameOperatorVersion
videolan:vlc_media_playervideolan vlc media playerle3.0.7

CPE	Name	Operator	Version
videolan:vlc_media_player	videolan vlc media player	le	3.0.7

References

git.videolan.org/?p=vlc/vlc-3.0.git%3Ba=commit%3Bh=2b4f9d0b0e0861f262c90e9b9b94e7d53b864509

lists.opensuse.org/opensuse-security-announce/2019-08/msg00005.html

lists.opensuse.org/opensuse-security-announce/2019-08/msg00037.html

lists.opensuse.org/opensuse-security-announce/2019-08/msg00040.html

lists.opensuse.org/opensuse-security-announce/2019-08/msg00081.html

lists.opensuse.org/opensuse-security-announce/2020-04/msg00036.html

lists.opensuse.org/opensuse-security-announce/2020-04/msg00046.html

www.securityfocus.com/bid/109306

seclists.org/bugtraq/2019/Aug/36

security.gentoo.org/glsa/201909-02

trac.videolan.org/vlc/ticket/22240

usn.ubuntu.com/4131-1/

www.debian.org/security/2019/dsa-4504

7.5 High

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

9.8 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

9.3 High

AI Score

Confidence

High

0.009 Low

EPSS

Percentile

82.9%

JSON

Related for CVE-2019-13962

debiancve1 kaspersky1 ubuntucve1 nvd1 openvas10 attackerkb1 veracode1 osv2 alpinelinux1 prion1 cvelist1 nessus8 suse6 threatpost1 ubuntu1 debian1 freebsd1 mageia1 gentoo1