CVE-2019-19721Off-by-one Error in VLC Media Player

CWE-193Off-by-one ErrorCWE-787Out-of-bounds Write7 documents6 sources
Severity
7.8HIGHNVD
EPSS
1.3%
top 20.22%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
1
Videolan VLC Media Player
Timeline
PublishedMay 15
Latest updateJun 20

Description

An off-by-one error in the DecodeBlock function in codec/sdl_image.c in VideoLAN VLC media player before 3.0.9 allows remote attackers to cause a denial of service (memory corruption) via a crafted image file. NOTE: this may be related to the SDL_Image product.

CVSS vector

CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:HExploitability: 1.8 | Impact: 5.9

Affected Packages3 packages

Debianvideolan/vlc_media_player< 3.0.9.2-1+3
Ubuntuvideolan/vlc_media_player< 2.2.2-5ubuntu0.16.04.5+esm2+3

Patches

Patch: bugs.gentoo.orgPatch: bugs.gentoo.org

🔴Vulnerability Details

4
OSV
vlc vulnerabilities2023-06-20
GHSA
GHSA-2wrf-hf7j-cx32: An off-by-one error in the DecodeBlock function in codec/sdl_image2022-05-24
OSV
CVE-2019-19721: An off-by-one error in the DecodeBlock function in codec/sdl_image2020-05-15
CVEList
CVE-2019-19721: An off-by-one error in the DecodeBlock function in codec/sdl_image2020-05-15

📋Vendor Advisories

2
Ubuntu
VLC media player vulnerabilities2023-06-20
Debian
CVE-2019-19721: vlc - An off-by-one error in the DecodeBlock function in codec/sdl_image.c in VideoLAN...2019
CVE-2019-19721 — Off-by-one Error in VLC Media Player | cvebase