CVE-2019-13602

Priority
Description
An Integer Underflow in MP4_EIA608_Convert() in modules/demux/mp4/mp4.c in
VideoLAN VLC media player through 3.0.7.1 allows remote attackers to cause
a denial of service (heap-based buffer overflow and crash) or possibly have
unspecified other impact via a crafted .mp4 file.
Package
Source: vlc (LP Ubuntu Debian)
Upstream:released (3.0.7.1-2)
Ubuntu 12.04 ESM (Precise Pangolin):DNE
Ubuntu 14.04 ESM (Trusty Tahr):DNE
Ubuntu 16.04 LTS (Xenial Xerus):needed
Ubuntu 18.04 LTS (Bionic Beaver):released (3.0.7.1-0ubuntu18.04.1)
Ubuntu 19.04 (Disco Dingo):released (3.0.7.1-0ubuntu19.04.1)
Ubuntu 19.10 (Eoan):not-affected (3.0.7.1-3)
Patches:
Upstream:https://git.videolan.org/?p=vlc.git;a=commit;h=8e8e0d72447f8378244f5b4a3dcde036dbeb1491
Upstream:https://git.videolan.org/?p=vlc.git;a=commit;h=b2b157076d9e94df34502dd8df0787deb940e938
More Information

Updated: 2019-07-25 15:14:32 UTC (commit 0c38e75b8d43dd7ad92f324bd0f8d6f41db1b4f0)