CVE-2019-19721

Published: 15 May 2020

An off-by-one error in the DecodeBlock function in codec/sdl_image.c in VideoLAN VLC media player before 3.0.9 allows remote attackers to cause a denial of service (memory corruption) via a crafted image file. NOTE: this may be related to the SDL_Image product.

Priority

CVSS 3 base score: 7.8

Status

Package	Release	Status
vlc Launchpad, Ubuntu, Debian	bionic	Needs triage
	eoan	Ignored (reached end-of-life)
	focal	Not vulnerable (3.0.9.2-1)
	groovy	Ignored (reached end-of-life)
	hirsute	Ignored (reached end-of-life)
	impish	Ignored (reached end-of-life)
	jammy	Needs triage
	precise	Does not exist
	trusty	Does not exist
	upstream	Needs triage
	xenial	Ignored (end of standard support, was needs-triage)

References

https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-19721
http://hg.libsdl.org/SDL_image/
https://bugs.gentoo.org/721940
https://git.videolan.org/?p=vlc/vlc-3.0.git;a=commit;h=72afe7ebd8305bf4f5360293b8621cde52ec506b
https://www.videolan.org/security/
NVD
Launchpad
Debian

Join the discussion

Ubuntu security updates mailing list
Security announcements mailing list

Canonical is offering Extended Security Maintenance

Canonical is offering Ubuntu Extended Security Maintenance (ESM) for security fixes and essential packages.

Find out more about ESM ›

Security

CVE-2019-19721

Low

Status

References

Join the discussion

Canonical is offering Extended Security Maintenance

Further reading