FreeBSD VuXML: Documenting security issues in FreeBSD and the FreeBSD Ports Collection

vlc heap-based buffer overflow

Affected packages
vlc < 3.0.11,4

Details

VuXML ID 77896891-b08a-11ea-937b-b42e99a1b9c3
Discovery 2020-05-27
Entry 2020-06-17

Thomas Guillem reports:

A heap-based buffer overflow in the hxxx_AnnexB_to_xVC function in modules/packetizer/hxxx_nal.c in VideoLAN VLC media player before 3.0.11 allows remote attackers to cause a denial of service (application crash) or execute arbitrary code via a crafted H.264 Annex-B video (.avi for example) file.

[source]

References

CVE Name CVE-2020-13428
URL https://nvd.nist.gov/vuln/detail/CVE-2020-13428

Copyright © 2003-2005 Jacques Vidrine and contributors.
Please see the source of this document for full copyright information.