CVE-2019-13962

Published: 18 July 2019

lavc_CopyPicture in modules/codec/avcodec/video.c in VideoLAN VLC media player through 3.0.7 has a heap-based buffer over-read because it does not properly validate the width and height.

Priority

Low

CVSS 3 base score: 9.8

Status

Package Release Status
vlc
Launchpad, Ubuntu, Debian
Upstream
Released (3.0.8)
Ubuntu 20.10 (Groovy Gorilla) Not vulnerable
(3.0.8-2)
Ubuntu 20.04 LTS (Focal Fossa) Not vulnerable
(3.0.8-2)
Ubuntu 18.04 LTS (Bionic Beaver)
Released (3.0.8-0ubuntu18.04.1)
Ubuntu 16.04 LTS (Xenial Xerus) Needed

Ubuntu 14.04 ESM (Trusty Tahr) Does not exist

Patches:
Upstream: http://git.videolan.org/?p=vlc/vlc-3.0.git;a=commit;h=2b4f9d0b0e0861f262c90e9b9b94e7d53b864509