CVE-2020-13428

7.8HIGH

Key Information:

Vendor
Videolan
Status
Vlc Media Player
Vendor
CVE Published:
8 June 2020

Summary

A heap-based buffer overflow in the hxxx_AnnexB_to_xVC function in modules/packetizer/hxxx_nal.c in VideoLAN VLC media player before 3.0.11 for macOS/iOS allows remote attackers to cause a denial of service (application crash) or execute arbitrary code via a crafted H.264 Annex-B video (.avi for example) file.

References

https://github.com/videolan/vlc/commits/master/modules/pa...
x_refsource_MISC
http://git.videolan.org/?p=vlc/vlc-3.0.git%3Ba=commit%3Bh...
x_refsource_MISC
https://github.com/videolan/vlc-3.0/releases/tag/3.0.11
x_refsource_CONFIRM

CVSS V3.1

Score:
7.8
Severity:
HIGH
Confidentiality:
High
Integrity:
High
Availability:
High
Attack Vector:
Local
Attack Complexity:
Low
Privileges Required:
None
User Interaction:
Required
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.