Alerts This Week
Warning Icon 1 923
Alerts This Week
Warning Icon 1 923

Mageia: 2020-0272 Moderate: VLC Buffer Overflow Affects Mageia 7

mageia
Calendar Grey July 4, 2020
Dist Mageia Esm H88
Revised VLC versions tackle heap overflow issues, resolving significant security vulnerability in Mageia's distribution.
Updated vlc packages fixes security vulnerability: A heap-based buffer overflow in the hxxx_AnnexB_to_xVC function in modules/packetizer/hxxx_nal.c in VideoLAN VLC media player be...

Summary

Updated vlc packages fixes security vulnerability:
A heap-based buffer overflow in the hxxx_AnnexB_to_xVC function in modules/packetizer/hxxx_nal.c in VideoLAN VLC media player before 3.0.11 allows remote attackers to cause a denial of service (application crash) or execute arbitrary code via a crafted H.264 Annex-B video (.avi for example) file (CVE-2020-13428).
The vlc package has been updated to version 3.0.11, fixing this issue and other bugs.

References

- https://bugs.mageia.org/show_bug.cgi?id=26809

- ;a=blob;f=NEWS;h=5a61ba26cec611bbc045fb235d40eba9e0a88ccf;hb=dc0c5ced7230e5660142302c7c1aef6cc14f3564

- https://www.cve.org/CVERecord?id=CVE-2020-13428

Topics%20covered

Topics Covered

security advisory denial of service heap overflow Mageia VLC media player

Resolution

SRPMS

- 7/core/vlc-3.0.11-1.mga7

Severity
important
Lowest
Low
Medium
High
Critical

Publication date: 04 Jul 2020
URL: https://advisories.mageia.org/MGASA-2020-0272.html
Type: security
CVE: CVE-2020-13428

Topics%20covered

Topics Covered

security advisory denial of service heap overflow Mageia VLC media player

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.

Your message here