Your submission was sent successfully! Close

CVE-2020-13428

Published: 8 June 2020

A heap-based buffer overflow in the hxxx_AnnexB_to_xVC function in modules/packetizer/hxxx_nal.c in VideoLAN VLC media player before 3.0.11 for macOS/iOS allows remote attackers to cause a denial of service (application crash) or execute arbitrary code via a crafted H.264 Annex-B video (.avi for example) file.

Priority

Medium

CVSS 3 base score: 7.8

Status

Package Release Status
vlc
Launchpad, Ubuntu, Debian
bionic Needed

eoan Ignored
(reached end-of-life)
focal Needed

groovy Not vulnerable
(3.0.11-1)
hirsute Not vulnerable
(3.0.11-1)
impish Not vulnerable
(3.0.11-1)
jammy Not vulnerable
(3.0.11-1)
precise Does not exist

trusty Does not exist

upstream Needs triage

xenial Ignored
(end of standard support, was needed)