FreshPorts - VuXML

This page displays vulnerability information about FreeBSD Ports.

The VUXML data was last processed by FreshPorts on 2024-03-29 07:54:42 UTC

List all Vulnerabilities, by package

List all Vulnerabilities, by date

k68

These are the vulnerabilities relating to the commit you have selected:

VuXML IDDescription
77896891-b08a-11ea-937b-b42e99a1b9c3vlc heap-based buffer overflow

Thomas Guillem reports:

A heap-based buffer overflow in the hxxx_AnnexB_to_xVC function in modules/packetizer/hxxx_nal.c in VideoLAN VLC media player before 3.0.11 allows remote attackers to cause a denial of service (application crash) or execute arbitrary code via a crafted H.264 Annex-B video (.avi for example) file.


Discovery 2020-05-27
Entry 2020-06-17
vlc
< 3.0.11,4

https://nvd.nist.gov/vuln/detail/CVE-2020-13428
CVE-2020-13428
4a10902f-8a48-11ea-8668-e0d55e2a8bf9vlc -- Multiple vulnerabilities fixed in VLC media player

VideoLAN reports:

Details

A remote user could:

  • Create a specifically crafted image file that could trigger an out of bounds read
  • Send a specifically crafter request to the microdns service discovery, potentially triggering various memory management issues

Impact

If successful, a malicious third party could trigger either a crash of VLC or an arbitratry code execution with the privileges of the target user.

While these issues in themselves are most likely to just crash the player, we can't exclude that they could be combined to leak user informations or remotely execute code. ASLR and DEP help reduce the likelyness of code execution, but may be bypassed.

We have not seen exploits performing code execution through these vulnerabilities

CVE-2019-19721 affects VLC 3.0.8 and earlier, and only reads 1 byte out of bound


Discovery 2020-04-01
Entry 2020-04-29
vlc
< 3.0.10,4

https://www.videolan.org/security/sb-vlc309.html
f2144530-936f-11e9-8fc4-5404a68ad561vlc -- Buffer overflow vulnerability

zhangyang reports:

The ReadFrame function in the avi.c file uses a variable i_width_bytes, which is obtained directly from the file. It is a signed integer. It does not do a strict check before the memory operation(memmove, memcpy), which may cause a buffer overflow.


Discovery 2019-01-23
Entry 2019-06-20
vlc
< 3.0.7,4

CVE-2019-5439
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-5439
https://hackerone.com/reports/484398
5b218581-9372-11e9-8fc4-5404a68ad561vlc -- Double free in Matroska demuxer

The VLC project reports:

mkv: Fix potential double free


Discovery 2019-05-20
Entry 2019-06-20
vlc
< 3.0.7.1,4

CVE-2019-12874
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-12874
http://git.videolan.org/?p=vlc.git;a=commit;h=81023659c7de5ac2637b4a879195efef50846102
795442e7-c355-11e9-8224-5404a68ad561vlc -- multiple vulnerabilities

The VLC project reports:

Security: * Fix a buffer overflow in the MKV demuxer (CVE-2019-14970) * Fix a read buffer overflow in the avcodec decoder (CVE-2019-13962) * Fix a read buffer overflow in the FAAD decoder * Fix a read buffer overflow in the OGG demuxer (CVE-2019-14437, CVE-2019-14438) * Fix a read buffer overflow in the ASF demuxer (CVE-2019-14776) * Fix a use after free in the MKV demuxer (CVE-2019-14777, CVE-2019-14778) * Fix a use after free in the ASF demuxer (CVE-2019-14533) * Fix a couple of integer underflows in the MP4 demuxer (CVE-2019-13602) * Fix a null dereference in the dvdnav demuxer * Fix a null dereference in the ASF demuxer (CVE-2019-14534) * Fix a null dereference in the AVI demuxer * Fix a division by zero in the CAF demuxer (CVE-2019-14498) * Fix a division by zero in the ASF demuxer (CVE-2019-14535)


Discovery 2019-07-14
Entry 2019-08-20
vlc
< 3.0.8,4

https://www.videolan.org/developers/vlc-branch/NEWS
CVE-2019-13602
CVE-2019-13962
CVE-2019-14437
CVE-2019-14438
CVE-2019-14498
CVE-2019-14533
CVE-2019-14534
CVE-2019-14535
CVE-2019-14776
CVE-2019-14777
CVE-2019-14778
CVE-2019-14970