A heap-based buffer overflow in the hxxx_AnnexB_to_xVC function in modules/packetizer/hxxx_nal.c in VideoLAN VLC media player before 3.0.11 for macOS/iOS allows remote attackers to cause a denial of service (application crash) or execute arbitrary code via a crafted H.264 Annex-B video (.avi for example) file.
CPE | Name | Operator | Version |
---|---|---|---|
debian_linux | eq | 9.0 | |
debian_linux | eq | 10.0 | |
vlc_media_player | lt | 3.0.11 | |
vlc_media_player | lt | 3.0.11 |