Advisories » MGASA-2020-0272

Updated vlc packages fix security vulnerability

Publication date: 04 Jul 2020
Modification date: 04 Jul 2020
Type: security
Affected Mageia releases : 7
CVE: CVE-2020-13428

Description

Updated vlc packages fixes security vulnerability:

A heap-based buffer overflow in the hxxx_AnnexB_to_xVC function in
modules/packetizer/hxxx_nal.c in VideoLAN VLC media player before 3.0.11
allows remote attackers to cause a denial of service (application crash)
or execute arbitrary code via a crafted H.264 Annex-B video (.avi for
example) file (CVE-2020-13428).

The vlc package has been updated to version 3.0.11, fixing this issue and
other bugs.
                

References

• https://bugs.mageia.org/show_bug.cgi?id=26809
• https://git.videolan.org/?p=vlc/vlc-3.0.git;a=blob;f=NEWS;h=5a61ba26cec611bbc045fb235d40eba9e0a88ccf;hb=dc0c5ced7230e5660142302c7c1aef6cc14f3564
• https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-13428

SRPMS

7/core

• vlc-3.0.11-1.mga7