Описание
A heap-based buffer overflow in the hxxx_AnnexB_to_xVC function in modules/packetizer/hxxx_nal.c in VideoLAN VLC media player before 3.0.11 for macOS/iOS allows remote attackers to cause a denial of service (application crash) or execute arbitrary code via a crafted H.264 Annex-B video (.avi for example) file.
Ссылки
- Release NotesThird Party Advisory
- PatchThird Party Advisory
- Third Party Advisory
- Vendor Advisory
- Release NotesThird Party Advisory
- PatchThird Party Advisory
- Third Party Advisory
- Vendor Advisory
Уязвимые конфигурации
Одно из
Одно из
EPSS
7.8 High
CVSS3
6.8 Medium
CVSS2
Дефекты
Связанные уязвимости
A heap-based buffer overflow in the hxxx_AnnexB_to_xVC function in modules/packetizer/hxxx_nal.c in VideoLAN VLC media player before 3.0.11 for macOS/iOS allows remote attackers to cause a denial of service (application crash) or execute arbitrary code via a crafted H.264 Annex-B video (.avi for example) file.
A heap-based buffer overflow in the hxxx_AnnexB_to_xVC function in mod ...
A heap-based buffer overflow in the hxxx_AnnexB_to_xVC function in modules/packetizer/hxxx_nal.c in VideoLAN VLC media player through 3.2.8 for iOS, and through 3.0.10 for macOS, allows remote attackers to cause a denial of service (application crash) or execute arbitrary code via a crafted H.264 Annex-B video (.avi for example) file.
Уязвимость функции hxxx_AnnexB_to_xVC() программы-медиапроигрывателя Videolan VLC, позволяющая нарушителю выполнить произвольный код
EPSS
7.8 High
CVSS3
6.8 Medium
CVSS2