Headline
CVE-2020-13428: Release VLC media player 3.0.11 'Vetinari' · videolan/vlc-3.0
A heap-based buffer overflow in the hxxx_AnnexB_to_xVC function in modules/packetizer/hxxx_nal.c in VideoLAN VLC media player before 3.0.11 for macOS/iOS allows remote attackers to cause a denial of service (application crash) or execute arbitrary code via a crafted H.264 Annex-B video (.avi for example) file.
This is the twelfth release of VLC 3.0 branch, named "Vetinari", in reference to the Lord Patrician from Discworld.
This updates contains various fixes and improvements:
- Fixes a regression with some encrypted HLS streams
- Fixes HLS live stream playback regression
- Fixes imprecise seeking in m4a files
- Fixes resampling on Android
- Fixes a potential crash on startup on macOS
- Fixes a crash when listing blurays mount points on macOS
- Avoids unnecessary permision warnings on macOS
- Fixes AAC playback regressions
Additionanally, it fixes the security issue reported as CVE-2020-13428, and bumps libarchive to 3.4.2 as a result of CVE-2020-9308 & CVE-2019-19221
Check our NEWS file for more details!
Assets 2
2020-06-04T14:42:26Z
2020-06-04T14:42:26Z
Related news
Ubuntu Security Notice 6180-1 - It was discovered that VLC could be made to read out of bounds when decoding image files. If a user were tricked into opening a crafted image file, a remote attacker could possibly use this issue to cause VLC to crash, leading to a denial of service. This issue only affected Ubuntu 16.04 LTS and Ubuntu 18.04 LTS. It was discovered that VLC could be made to write out of bounds when processing H.264 video files. If a user were tricked into opening a crafted H.264 video file, a remote attacker could possibly use this issue to cause VLC to crash, leading to a denial of service, or possibly execute arbitrary code. This issue only affected Ubuntu 18.04 LTS and Ubuntu 20.04 LTS.
In Libarchive 3.4.0, archive_wstring_append_from_mbs in archive_string.c has an out-of-bounds read because of an incorrect mbrtowc or mbtowc call. For example, bsdtar crashes via a crafted archive.