SB2020042385 - OpenSUSE Linux update for vlc

CSH
CYBERSECURITY HELP
Sign In REGISTER

Main Vulnerability Database SB2020042385

SB2020042385 - OpenSUSE Linux update for vlc

Published: April 23, 2020

Security Bulletin ID SB2020042385
Severity
Medium
Patch available
YES
Number of vulnerabilities 12
Exploitation vector Remote access
Highest impact Code execution

Breakdown by Severity

Medium 17% Low 83%
  • Low
  • Medium
  • High
  • Critical

Description

This security bulletin contains information about 12 secuirty vulnerabilities.


1) Integer underflow (CVE-ID: CVE-2019-13602)

The vulnerability allows a remote attacker to perform a denial of service (DoS) attacks on the target system.

The vulnerability exists due to a boundary error in the "MP4_EIA608_Convert()" function in the "modules/demux/mp4/mp4.c" file. A remote attacker can trick the victim to open a specially crafted .mp4 file, trigger integer underflow and crash the affected application.



2) Out-of-bounds read (CVE-ID: CVE-2019-13962)

The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.

The vulnerability exists due to heap-based buffer over-read because the application does not properly validate the width and height properties in lavc_CopyPicture function in modules/codec/avcodec/video.c. A remote attacker can perform a denial of service attack.


3) Use-after-free (CVE-ID: CVE-2019-14437)

The vulnerability allows a local non-authenticated attacker to execute arbitrary code.

The xiph_SplitHeaders function in modules/demux/xiph.h in VideoLAN VLC media player 3.0.7.1 does not check array bounds properly. As a result, a heap-based buffer over-read can be triggered via a crafted .ogg file.


4) Out-of-bounds read (CVE-ID: CVE-2019-14438)

The vulnerability allows a local non-authenticated attacker to execute arbitrary code.

A heap-based buffer over-read in xiph_PackHeaders() in modules/demux/xiph.h in VideoLAN VLC media player 3.0.7.1 allows remote attackers to trigger a heap-based buffer over-read via a crafted .ogg file.


5) Division by zero (CVE-ID: CVE-2019-14498)

The vulnerability allows a local non-authenticated attacker to execute arbitrary code.

A divide-by-zero error exists in the Control function of demux/caf.c in VideoLAN VLC media player 3.0.7.1. As a result, an FPE can be triggered via a crafted CAF file.


6) Use-after-free (CVE-ID: CVE-2019-14533)

The vulnerability allows a local non-authenticated attacker to execute arbitrary code.

The Control function of demux/asf/asf.c in VideoLAN VLC media player 3.0.7.1 has a use-after-free.


7) NULL pointer dereference (CVE-ID: CVE-2019-14534)

The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.

The vulnerability exists due to a NULL pointer dreference error in the SeekPercent() function in demux/asf/asf.c. A remote attacker can use a specially crfated media file to perform denial of service (DoS) attack.


8) Division by zero (CVE-ID: CVE-2019-14535)

The vulnerability allows a local non-authenticated attacker to execute arbitrary code.

A divide-by-zero error exists in the SeekIndex function of demux/asf/asf.c in VideoLAN VLC media player 3.0.7.1. As a result, an FPE can be triggered via a crafted WMV file.


9) Out-of-bounds read (CVE-ID: CVE-2019-14776)

The vulnerability allows a remote attacker to gain access to potentially sensitive information.

The vulnerability exists due to a boundary condition in DemuxInit() in demux/asf/asf.c in VideoLAN VLC media player 3.0.7.1 via a crafted .mkv file. A remote attacker can pass specially crafted data to the application, trigger out-of-bounds read error and read contents of memory on the system.


10) Use-after-free (CVE-ID: CVE-2019-14777)

The vulnerability allows a local non-authenticated attacker to execute arbitrary code.

The Control function of demux/mkv/mkv.cpp in VideoLAN VLC media player 3.0.7.1 has a use-after-free.


11) Use-after-free (CVE-ID: CVE-2019-14778)

The vulnerability allows a local non-authenticated attacker to execute arbitrary code.

The mkv::virtual_segment_c::seek method of demux/mkv/virtual_segment.cpp in VideoLAN VLC media player 3.0.7.1 has a use-after-free.


12) Heap-based buffer overflow (CVE-ID: CVE-2019-14970)

The vulnerability allows a remote attacker to execute arbitrary code on the target system.

The vulnerability exists due to a boundary error in A vulnerability in mkv::event_thread_t in VideoLAN VLC media player 3.0.7.1. A remote attacker can use a crafted .mkv file. to trigger heap-based buffer overflow and execute arbitrary code on the target system.

Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.


Remediation

Install update from vendor's website.

References