Advisories ยป MGASA-2020-0272

Updated vlc packages fix security vulnerability

Publication date: 04 Jul 2020
Type: security
Affected Mageia releases : 7
CVE: CVE-2020-13428


Updated vlc packages fixes security vulnerability:

A heap-based buffer overflow in the hxxx_AnnexB_to_xVC function in
modules/packetizer/hxxx_nal.c in VideoLAN VLC media player before 3.0.11
allows remote attackers to cause a denial of service (application crash)
or execute arbitrary code via a crafted H.264 Annex-B video (.avi for
example) file (CVE-2020-13428).

The vlc package has been updated to version 3.0.11, fixing this issue and
other bugs.