PublicDateAtUSN: 2019-06-13
Candidate: CVE-2019-5439
PublicDate: 2019-06-13 16:29:00 UTC
References:
 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-5439
 https://hackerone.com/reports/484398
 http://www.jbkempf.com/blog/post/2019/VLC-3.0.7-and-security
 https://ubuntu.com/security/notices/USN-4074-1
Description:
 A Buffer Overflow in VLC Media Player < 3.0.7 causes a crash which can
 possibly be further developed into a remote code execution exploit.
Ubuntu-Description:
Notes:
Bugs:
 http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=930276
Priority: medium
Discovered-by:
Assigned-to:
CVSS:
 nvd: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H [6.5 MEDIUM]


Patches_vlc:
upstream_vlc: released (3.0.7-1)
precise/esm_vlc: DNE
trusty_vlc: ignored (out of standard support)
trusty/esm_vlc: DNE
xenial_vlc: ignored (end of standard support, was needed)
bionic_vlc: released (3.0.7.1-0ubuntu18.04.1)
cosmic_vlc: ignored (reached end-of-life)
disco_vlc: released (3.0.7.1-0ubuntu19.04.1)
eoan_vlc: not-affected (3.0.7-1)
focal_vlc: not-affected (3.0.7-1)
groovy_vlc: not-affected (3.0.7-1)
hirsute_vlc: not-affected (3.0.7-1)
impish_vlc: not-affected (3.0.7-1)
jammy_vlc: not-affected (3.0.7-1)
devel_vlc: not-affected (3.0.7-1)