Veracode Vulnerability DatabaseVERACODE:26835Arbitrary Code Execution
7.8 High
CVSS3
Attack Vector
LOCAL
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
REQUIRED
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
6.8 Medium
CVSS2
Access Vector
NETWORK
Access Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:M/Au:N/C:P/I:P/A:P
vlc is vulnerable to arbitrary code execution. The vulnerability exists through an integer underflow in MP4_EIA608_Convert() in modules/demux/mp4/mp4.c.
| CPE | Name | Operator | Version |
|---|---|---|---|
| vlc:bionic | eq | 3.0.1 | |
| vlc:bionic | eq | 3.0.1 |
References
lists.opensuse.org/opensuse-security-announce/2019-08/msg00005.html
lists.opensuse.org/opensuse-security-announce/2019-08/msg00037.html
lists.opensuse.org/opensuse-security-announce/2019-08/msg00040.html
lists.opensuse.org/opensuse-security-announce/2019-08/msg00081.html
lists.opensuse.org/opensuse-security-announce/2020-04/msg00036.html
lists.opensuse.org/opensuse-security-announce/2020-04/msg00046.html
www.securityfocus.com/bid/109158
git.videolan.org/?p=vlc.git;a=commit;h=8e8e0d72447f8378244f5b4a3dcde036dbeb1491
git.videolan.org/?p=vlc.git;a=commit;h=b2b157076d9e94df34502dd8df0787deb940e938
seclists.org/bugtraq/2019/Aug/36
security.gentoo.org/glsa/201909-02
usn.ubuntu.com/4074-1/
www.debian.org/security/2019/dsa-4504
Related
7.8 High
CVSS3
Attack Vector
LOCAL
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
REQUIRED
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
6.8 Medium
CVSS2
Access Vector
NETWORK
Access Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:M/Au:N/C:P/I:P/A:P