CVE-2019-13962

CRITICAL

lavc_CopyPicture in modules/codec/avcodec/video.c in VideoLAN VLC media player through 3.0.7 has a heap-based buffer over-read because it does not properly validate the width and height.

CVSS v3.1 Score

9.8
CRITICAL
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Attack Vector
NETWORK
Complexity
LOW
Privileges
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality
HIGH
Integrity
HIGH
Availability
HIGH
Published: 7/18/2019Modified: 11/21/2024

Related Intelligence (1)

CRITICALSupply Chain

ABB Ability Camera Connect

<p><a href="https://github.com/cisagov/CSAF/blob/develop/csaf_files/OT/white/2026/icsa-26-146-05.json"><strong>View CSAF</strong></a></p> <h2>Summary</h2> <p><strong>ABB is aware of public reports of vulnerabilities in a 3rd party component VLC media player Version 2.2.4 which was delivered together with the installation package of Camera Connect Version 1.5.0.14 and below. An update is available

CVE-2024-46461CVE-2023-47360
CISA Advisories

References (26)

http://git.videolan.org/?p=vlc/vlc-3.0.git%3Ba=commit%3Bh=2b4f9d0b0e0861f262c90e9b9b94e7d53b864509http://lists.opensuse.org/opensuse-security-announce/2019-08/msg00005.htmlMailing ListThird Party Advisoryhttp://lists.opensuse.org/opensuse-security-announce/2019-08/msg00037.htmlMailing ListThird Party Advisoryhttp://lists.opensuse.org/opensuse-security-announce/2019-08/msg00040.htmlMailing ListThird Party Advisoryhttp://lists.opensuse.org/opensuse-security-announce/2019-08/msg00081.htmlMailing ListThird Party Advisoryhttp://lists.opensuse.org/opensuse-security-announce/2020-04/msg00036.htmlMailing ListThird Party Advisoryhttp://lists.opensuse.org/opensuse-security-announce/2020-04/msg00046.htmlMailing ListThird Party Advisoryhttp://www.securityfocus.com/bid/109306Broken Linkhttps://seclists.org/bugtraq/2019/Aug/36Mailing ListThird Party Advisoryhttps://security.gentoo.org/glsa/201909-02Third Party Advisoryhttps://trac.videolan.org/vlc/ticket/22240ExploitVendor Advisoryhttps://usn.ubuntu.com/4131-1/Third Party Advisoryhttps://www.debian.org/security/2019/dsa-4504Third Party Advisoryhttp://git.videolan.org/?p=vlc/vlc-3.0.git%3Ba=commit%3Bh=2b4f9d0b0e0861f262c90e9b9b94e7d53b864509http://lists.opensuse.org/opensuse-security-announce/2019-08/msg00005.htmlMailing ListThird Party Advisoryhttp://lists.opensuse.org/opensuse-security-announce/2019-08/msg00037.htmlMailing ListThird Party Advisoryhttp://lists.opensuse.org/opensuse-security-announce/2019-08/msg00040.htmlMailing ListThird Party Advisoryhttp://lists.opensuse.org/opensuse-security-announce/2019-08/msg00081.htmlMailing ListThird Party Advisoryhttp://lists.opensuse.org/opensuse-security-announce/2020-04/msg00036.htmlMailing ListThird Party Advisoryhttp://lists.opensuse.org/opensuse-security-announce/2020-04/msg00046.htmlMailing ListThird Party Advisoryhttp://www.securityfocus.com/bid/109306Broken Linkhttps://seclists.org/bugtraq/2019/Aug/36Mailing ListThird Party Advisoryhttps://security.gentoo.org/glsa/201909-02Third Party Advisoryhttps://trac.videolan.org/vlc/ticket/22240ExploitVendor Advisoryhttps://usn.ubuntu.com/4131-1/Third Party Advisoryhttps://www.debian.org/security/2019/dsa-4504Third Party Advisory