CVE-2019-13615 — Out-of-bounds Read in VLC Media Player

CWE-125 — Out-of-bounds Read8 documents7 sources

Severity

5.5MEDIUMNVD

EPSS

0.3%

top 45.50%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Matroska Libebml Videolan VLC Media Player

Timeline

PublishedJul 16

Latest updateMay 24

Description

libebml before 1.3.6, as used in the MKV module in VideoLAN VLC Media Player binaries before 3.0.3, has a heap-based buffer over-read in EbmlElement::FindNextElement.

CVSS vector

CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:HExploitability: 1.8 | Impact: 3.6

Affected Packages2 packages

▶NVDvideolan/vlc_media_player< 3.0.3

▶Debianmatroska/libebml< 1.3.6-1+3

🔴Vulnerability Details

GHSA

GHSA-fmvc-w48w-5hrr: VideoLAN VLC media player 3↗2022-05-24

▶

CVEList

CVE-2019-13615: libebml before 1↗2019-07-16

▶

OSV

CVE-2019-13615: libebml before 1↗2019-07-16

▶

📋Vendor Advisories

Ubuntu

libEBML vulnerability↗2019-07-25

▶

Debian

CVE-2019-13615: libebml - libebml before 1.3.6, as used in the MKV module in VideoLAN VLC Media Player bin...↗2019

▶

💬Community

Bugzilla

CVE-2019-13615 libebml: could be made to crash if it opened a specially crafted file↗2019-07-31

▶

Bugzilla

CVE-2019-13615 libebml: could be made to crash if it opened a specially crafted file [epel-all]↗2019-07-31

▶