Описание
Security update for vlc
This update for vlc fixes the following issues:
Update to 3.0.11.1:
- CVE-2020-13428: Fixed heap-based buffer overflow in the hxxx_AnnexB_to_xVC () (boo#1172727)
- CVE-2020-26664: Fixed heap-based buffer overflow in EbmlTypeDispatcher:send () (boo#1180755)
Список пакетов
openSUSE Leap 15.2
libvlc5-3.0.11.1-lp152.2.9.1
libvlccore9-3.0.11.1-lp152.2.9.1
vlc-3.0.11.1-lp152.2.9.1
vlc-codec-gstreamer-3.0.11.1-lp152.2.9.1
vlc-devel-3.0.11.1-lp152.2.9.1
vlc-jack-3.0.11.1-lp152.2.9.1
vlc-lang-3.0.11.1-lp152.2.9.1
vlc-noX-3.0.11.1-lp152.2.9.1
vlc-opencv-3.0.11.1-lp152.2.9.1
vlc-qt-3.0.11.1-lp152.2.9.1
vlc-vdpau-3.0.11.1-lp152.2.9.1
Ссылки
- E-Mail link for openSUSE-SU-2021:0091-1
- SUSE Security Ratings
- SUSE Bug 1133290
- SUSE Bug 1172727
- SUSE Bug 1180755
- SUSE CVE CVE-2020-13428 page
- SUSE CVE CVE-2020-26664 page
Описание
A heap-based buffer overflow in the hxxx_AnnexB_to_xVC function in modules/packetizer/hxxx_nal.c in VideoLAN VLC media player before 3.0.11 for macOS/iOS allows remote attackers to cause a denial of service (application crash) or execute arbitrary code via a crafted H.264 Annex-B video (.avi for example) file.
Затронутые продукты
openSUSE Leap 15.2:libvlc5-3.0.11.1-lp152.2.9.1
openSUSE Leap 15.2:libvlccore9-3.0.11.1-lp152.2.9.1
openSUSE Leap 15.2:vlc-3.0.11.1-lp152.2.9.1
openSUSE Leap 15.2:vlc-codec-gstreamer-3.0.11.1-lp152.2.9.1
Ссылки
- CVE-2020-13428
- SUSE Bug 1172727
Описание
A vulnerability in EbmlTypeDispatcher::send in VideoLAN VLC media player 3.0.11 allows attackers to trigger a heap-based buffer overflow via a crafted .mkv file.
Затронутые продукты
openSUSE Leap 15.2:libvlc5-3.0.11.1-lp152.2.9.1
openSUSE Leap 15.2:libvlccore9-3.0.11.1-lp152.2.9.1
openSUSE Leap 15.2:vlc-3.0.11.1-lp152.2.9.1
openSUSE Leap 15.2:vlc-codec-gstreamer-3.0.11.1-lp152.2.9.1
Ссылки
- CVE-2020-26664
- SUSE Bug 1180755