CVE-2020-13428
Summary
| CVE | CVE-2020-13428 |
|---|
| State | PUBLIC |
|---|
| Assigner | [email protected] |
|---|
| Source Priority | CVE Program / NVD first with legacy fallback |
|---|
| Published | 2020-06-08 19:15:00 UTC |
|---|
| Updated | 2023-11-07 03:16:00 UTC |
|---|
| Description | A heap-based buffer overflow in the hxxx_AnnexB_to_xVC function in modules/packetizer/hxxx_nal.c in VideoLAN VLC media player before 3.0.11 for macOS/iOS allows remote attackers to cause a denial of service (application crash) or execute arbitrary code via a crafted H.264 Annex-B video (.avi for example) file. |
|---|
NVD Known Affected Configurations (CPE 2.3)
References
| Reference | Source | Link | Tags |
|---|
| History for modules/packetizer/hxxx_nal.c - videolan/vlc · GitHub |
MISC |
github.com |
Patch, Third Party Advisory |
| git.videolan.org Git - vlc/vlc-3.0.git/commit |
MISC |
git.videolan.org |
Patch, Third Party Advisory |
| VideoLAN Security Bulletin VLC 3.0.11 - VideoLAN |
CONFIRM |
www.videolan.org |
|
| Release VLC media player 3.0.11 'Vetinari' · videolan/vlc-3.0 · GitHub |
CONFIRM |
github.com |
Release Notes, Third Party Advisory |
| Debian -- Security Information -- DSA-4704-1 vlc |
DEBIAN |
www.debian.org |
|
| git.videolan.org Git - vlc/vlc-3.0.git/commit |
|
git.videolan.org |
|
| CVE Program record |
CVE.ORG |
www.cve.org |
canonical |
| NVD vulnerability detail |
NVD |
nvd.nist.gov |
canonical, analysis |
No vendor comments have been submitted for this CVE.
Legacy QID Mappings
- 199556 Ubuntu Security Notification for VLC media player Vulnerabilities (USN-6180-1)
- 501267 Alpine Linux Security Update for vlc
- 750419 OpenSUSE Security Update for vlc (openSUSE-SU-2021:0091-1)
- 750425 OpenSUSE Security Update for vlc (openSUSE-SU-2021:0076-1)
