Lucene search

K
veracodeVeracode Vulnerability DatabaseVERACODE:27112
HistorySep 21, 2020 - 6:36 a.m.

Information Disclosure

2020-09-2106:36:04
Veracode Vulnerability Database
sca.analysiscenter.veracode.com
14
vlc media player
caf demuxer
information disclosure
memory leak
denial of service
infoleak
security vulnerability
bionic

EPSS

0.529

Percentile

97.6%

vlc:bionic is vulnerable to information disclosure. The CAF demuxer in modules/demux/caf.c in VideoLAN VLC media player 3.0.4 may read memory from an uninitialized pointer when processing magic cookies in CAF files, because a ReadKukiChunk() cast converts a return value to an unsigned int even if that value is negative. This could result in a denial of service and/or a potential infoleak.