FreeBSD VuXML: Documenting security issues in FreeBSD and the FreeBSD Ports Collection

vlc -- multiple vulnerabilities

Affected packages
vlc < 3.0.8,4

Details

VuXML ID 795442e7-c355-11e9-8224-5404a68ad561
Discovery 2019-07-14
Entry 2019-08-20

The VLC project reports:

Security: * Fix a buffer overflow in the MKV demuxer (CVE-2019-14970) * Fix a read buffer overflow in the avcodec decoder (CVE-2019-13962) * Fix a read buffer overflow in the FAAD decoder * Fix a read buffer overflow in the OGG demuxer (CVE-2019-14437, CVE-2019-14438) * Fix a read buffer overflow in the ASF demuxer (CVE-2019-14776) * Fix a use after free in the MKV demuxer (CVE-2019-14777, CVE-2019-14778) * Fix a use after free in the ASF demuxer (CVE-2019-14533) * Fix a couple of integer underflows in the MP4 demuxer (CVE-2019-13602) * Fix a null dereference in the dvdnav demuxer * Fix a null dereference in the ASF demuxer (CVE-2019-14534) * Fix a null dereference in the AVI demuxer * Fix a division by zero in the CAF demuxer (CVE-2019-14498) * Fix a division by zero in the ASF demuxer (CVE-2019-14535)

References

CVE Name CVE-2019-13602
CVE Name CVE-2019-13962
CVE Name CVE-2019-14437
CVE Name CVE-2019-14438
CVE Name CVE-2019-14498
CVE Name CVE-2019-14533
CVE Name CVE-2019-14534
CVE Name CVE-2019-14535
CVE Name CVE-2019-14776
CVE Name CVE-2019-14777
CVE Name CVE-2019-14778
CVE Name CVE-2019-14970
URL https://www.videolan.org/developers/vlc-branch/NEWS