CVE-2019-13962
published 2019-07-18CVE-2019-13962: lavc_CopyPicture in modules/codec/avcodec/video.c in VideoLAN VLC media player through 3.0.7 has a heap-based buffer over-read because it does not properly…
critical9.8CVSS 3.1
AVNACLPRNUINSUCHIHAH
lavc_CopyPicture in modules/codec/avcodec/video.c in VideoLAN VLC media player through 3.0.7 has a heap-based buffer over-read because it does not properly validate the width and height.
Affected
13 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| canonical | ubuntu_linux | — | — |
| canonical | ubuntu_linux | — | — |
| debian | debian_linux | — | — |
| debian | debian_linux | — | — |
| debian | vlc | < vlc 3.0.8-1 (bookworm) | vlc 3.0.8-1 (bookworm) |
| opensuse | backports_sle | — | — |
| opensuse | leap | — | — |
| opensuse | leap | — | — |
| videolan | vlc_media_player | <= 3.0.7 | — |
| videolan | vlc_media_player | >= 0 < 3.0.8-1 | 3.0.8-1 |
| videolan | vlc_media_player | >= 0 < 3.0.8-1 | 3.0.8-1 |
| videolan | vlc_media_player | >= 0 < 3.0.8-1 | 3.0.8-1 |
| videolan | vlc_media_player | >= 0 < 3.0.8-1 | 3.0.8-1 |
CVSS provenance
nvdv3.19.8CRITICALCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
osv9.8CRITICAL