ALT-PU-2018-2982-1
Closed vulnerabilities
Published: 2018-12-06
BDU:2019-01262
Уязвимость демультиплексера CAF медиа плеера VideoLAN VLC, связанная с доступом к неинициализированному указателю, позволяющая нарушителю вызвать отказ в обслуживании и/или получить доступ к конфиденциальным данным
Severity: CRITICAL (9.1)
Vector: AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H
References:
Published: 2018-12-05
Modified: 2024-11-21
Modified: 2024-11-21
CVE-2018-19857
The CAF demuxer in modules/demux/caf.c in VideoLAN VLC media player 3.0.4 may read memory from an uninitialized pointer when processing magic cookies in CAF files, because a ReadKukiChunk() cast converts a return value to an unsigned int even if that value is negative. This could result in a denial of service and/or a potential infoleak.
Severity: CRITICAL (9.1)
Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H
References:
- openSUSE-SU-2019:1840
- openSUSE-SU-2019:1840
- openSUSE-SU-2019:1897
- openSUSE-SU-2019:1897
- openSUSE-SU-2019:1909
- openSUSE-SU-2019:1909
- openSUSE-SU-2019:2015
- openSUSE-SU-2019:2015
- 106130
- 106130
- https://dyntopia.com/advisories/013-vlc
- https://dyntopia.com/advisories/013-vlc
- https://git.videolan.org/?p=vlc.git%3Ba=commit%3Bh=0cc5ea748ee5ff7705dde61ab15dff8f58be39d0
- https://git.videolan.org/?p=vlc.git%3Ba=commit%3Bh=0cc5ea748ee5ff7705dde61ab15dff8f58be39d0
- USN-4074-1
- USN-4074-1
- DSA-4366
- DSA-4366