Heap-Based Buffer Overflow in VideoLAN VLC Media Player
CVE-2019-14970

7.8HIGH

Key Information:

Vendor

Videolan
Status
Vlc Media Player
Vendor
CVE Published:
29 August 2019

What is CVE-2019-14970?

A vulnerability exists in VideoLAN's VLC Media Player 3.0.7.1, where a crafted .mkv file can lead to a heap-based buffer overflow. This flaw allows remote attackers to execute arbitrary code, potentially compromising the affected system. Users are urged to update their VLC installations to mitigate the risk associated with this vulnerability. Several advisories from Debian, Ubuntu, Gentoo, and openSUSE have been published outlining the details and providing guidance for addressing this issue.

References

http://git.videolan.org/?p=vlc.git&a=search&h=refs/heads/...
x_refsource_CONFIRM
https://www.debian.org/security/2019/dsa-4504
vendor-advisoryx_refsource_DEBIAN
https://seclists.org/bugtraq/2019/Aug/36
mailing-listx_refsource_BUGTRAQ

CVSS V3.1

Score:
7.8
Severity:
HIGH
Confidentiality:
High
Integrity:
High
Availability:
High
Attack Vector:
Local
Attack Complexity:
Low
Privileges Required:
None
User Interaction:
Required
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.
CVE-2019-14970 : Heap-Based Buffer Overflow in VideoLAN VLC Media Player