Security
Headlines
HeadlinesLatestCVEs

Headline

CVE-2020-13428: Release VLC media player 3.0.11 'Vetinari' · videolan/vlc-3.0

A heap-based buffer overflow in the hxxx_AnnexB_to_xVC function in modules/packetizer/hxxx_nal.c in VideoLAN VLC media player before 3.0.11 for macOS/iOS allows remote attackers to cause a denial of service (application crash) or execute arbitrary code via a crafted H.264 Annex-B video (.avi for example) file.

CVE
Open in Source
#ios#android#mac#dos#buffer_overflow

This is the twelfth release of VLC 3.0 branch, named "Vetinari", in reference to the Lord Patrician from Discworld.

This updates contains various fixes and improvements:

  • Fixes a regression with some encrypted HLS streams
  • Fixes HLS live stream playback regression
  • Fixes imprecise seeking in m4a files
  • Fixes resampling on Android
  • Fixes a potential crash on startup on macOS
  • Fixes a crash when listing blurays mount points on macOS
  • Avoids unnecessary permision warnings on macOS
  • Fixes AAC playback regressions

Additionanally, it fixes the security issue reported as CVE-2020-13428, and bumps libarchive to 3.4.2 as a result of CVE-2020-9308 & CVE-2019-19221

Check our NEWS file for more details!

Assets 2

  • 2020-06-04T14:42:26Z

  • 2020-06-04T14:42:26Z

Related news

Ubuntu Security Notice USN-6180-1

Ubuntu Security Notice 6180-1 - It was discovered that VLC could be made to read out of bounds when decoding image files. If a user were tricked into opening a crafted image file, a remote attacker could possibly use this issue to cause VLC to crash, leading to a denial of service. This issue only affected Ubuntu 16.04 LTS and Ubuntu 18.04 LTS. It was discovered that VLC could be made to write out of bounds when processing H.264 video files. If a user were tricked into opening a crafted H.264 video file, a remote attacker could possibly use this issue to cause VLC to crash, leading to a denial of service, or possibly execute arbitrary code. This issue only affected Ubuntu 18.04 LTS and Ubuntu 20.04 LTS.

CVE-2019-19221: Bugfix and optimize archive_wstring_append_from_mbs() · libarchive/libarchive@22b1db9

In Libarchive 3.4.0, archive_wstring_append_from_mbs in archive_string.c has an out-of-bounds read because of an incorrect mbrtowc or mbtowc call. For example, bsdtar crashes via a crafted archive.

CVE: Latest News

CVE-2023-50976: Transactions API Authorization by oleiman · Pull Request #14969 · redpanda-data/redpanda
CVE
CVE-2023-6905
CVE
CVE-2023-6903
CVE
CVE-2023-6904
CVE
CVE-2023-3907
CVE