CVE-2019-13962

Published: 18 July 2019

lavc_CopyPicture in modules/codec/avcodec/video.c in VideoLAN VLC media player through 3.0.7 has a heap-based buffer over-read because it does not properly validate the width and height.

Priority

CVSS 3 base score: 9.8

Status

Package	Release	Status
vlc Launchpad, Ubuntu, Debian	bionic	Released (3.0.8-0ubuntu18.04.1)
	disco	Released (3.0.8-0ubuntu19.04.1)
	eoan	Not vulnerable (3.0.8-2)
	focal	Not vulnerable (3.0.8-2)
	groovy	Not vulnerable (3.0.8-2)
	hirsute	Not vulnerable (3.0.8-2)
	impish	Not vulnerable (3.0.8-2)
	jammy	Not vulnerable (3.0.8-2)
	precise	Does not exist
	trusty	Does not exist
	upstream	Released (3.0.8)
	xenial	Ignored (end of standard support, was needed)

References

https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-13962
https://ubuntu.com/security/notices/USN-4131-1
NVD
Launchpad
Debian

Bugs

https://trac.videolan.org/vlc/ticket/22240

Join the discussion

Ubuntu security updates mailing list
Security announcements mailing list

Canonical is offering Extended Security Maintenance

Canonical is offering Ubuntu Extended Security Maintenance (ESM) for security fixes and essential packages.

Find out more about ESM ›