|
Line 60
Link Here
|
|
|
61 |
<vuln vid="77896891-b08a-11ea-937b-b42e99a1b9c3"> |
| 62 |
<topic>vlc heap-based buffer overflow</topic> |
| 63 |
<affects> |
| 64 |
<package> |
| 65 |
<name>vlc</name> |
| 66 |
<range><lt>3.0.11</lt></range> |
| 67 |
</package> |
| 68 |
</affects> |
| 69 |
<description> |
| 70 |
<body xmlns="http://www.w3.org/1999/xhtml"> |
| 71 |
<p>Thomas Guillem reports:</p> |
| 72 |
<blockquote cite="http://git.videolan.org/?p=vlc/vlc-3.0.git;a=commit;h=d5c43c21c747ff30ed19fcca745dea3481c733e0"> |
| 73 |
<p>A heap-based buffer overflow in the hxxx_AnnexB_to_xVC function in modules/packetizer/hxxx_nal.c in VideoLAN VLC media player before 3.0.11 |
| 74 |
allows remote attackers to cause a denial of service (application crash) or execute arbitrary code via a crafted H.264 Annex-B video (.avi for example) file.</p> |
| 75 |
</blockquote> |
| 76 |
</body> |
| 77 |
</description> |
| 78 |
<references> |
| 79 |
<url>https://nvd.nist.gov/vuln/detail/CVE-2020-13428</url> |
| 80 |
<cvename>CVE-2020-13428</cvename> |
| 81 |
</references> |
| 82 |
<dates> |
| 83 |
<discovery>2020-05-27</discovery> |
| 84 |
<entry>2020-06-17</entry> |
| 85 |
</dates> |
| 86 |
</vuln> |
| 87 |
|