Your submission was sent successfully! Close

CVE-2019-13962

Published: 18 July 2019

lavc_CopyPicture in modules/codec/avcodec/video.c in VideoLAN VLC media player through 3.0.7 has a heap-based buffer over-read because it does not properly validate the width and height.

Priority

Low

CVSS 3 base score: 9.8

Status

Package Release Status
vlc
Launchpad, Ubuntu, Debian
bionic
Released (3.0.8-0ubuntu18.04.1)
disco
Released (3.0.8-0ubuntu19.04.1)
eoan Not vulnerable
(3.0.8-2)
focal Not vulnerable
(3.0.8-2)
groovy Not vulnerable
(3.0.8-2)
hirsute Not vulnerable
(3.0.8-2)
impish Not vulnerable
(3.0.8-2)
jammy Not vulnerable
(3.0.8-2)
precise Does not exist

trusty Does not exist

upstream
Released (3.0.8)
xenial Ignored
(end of standard support, was needed)