Описание
The CAF demuxer in modules/demux/caf.c in VideoLAN VLC media player 3.0.4 may read memory from an uninitialized pointer when processing magic cookies in CAF files, because a ReadKukiChunk() cast converts a return value to an unsigned int even if that value is negative. This could result in a denial of service and/or a potential infoleak.
| Релиз | Статус | Примечание |
|---|---|---|
| bionic | released | 3.0.7.1-0ubuntu18.04.1 |
| cosmic | ignored | end of life |
| devel | not-affected | 3.0.7.1-3 |
| disco | not-affected | 3.0.6-1 |
| eoan | not-affected | 3.0.7.1-3 |
| esm-apps/bionic | released | 3.0.7.1-0ubuntu18.04.1 |
| esm-apps/focal | not-affected | 3.0.7.1-3 |
| esm-apps/jammy | not-affected | 3.0.7.1-3 |
| esm-apps/noble | not-affected | 3.0.7.1-3 |
| esm-apps/xenial | needed |
Показывать по
6.4 Medium
CVSS2
9.1 Critical
CVSS3
Связанные уязвимости
The CAF demuxer in modules/demux/caf.c in VideoLAN VLC media player 3.0.4 may read memory from an uninitialized pointer when processing magic cookies in CAF files, because a ReadKukiChunk() cast converts a return value to an unsigned int even if that value is negative. This could result in a denial of service and/or a potential infoleak.
The CAF demuxer in modules/demux/caf.c in VideoLAN VLC media player 3. ...
The CAF demuxer in modules/demux/caf.c in VideoLAN VLC media player 3.0.4 may read memory from an uninitialized pointer when processing magic cookies in CAF files, because a ReadKukiChunk() cast converts a return value to an unsigned int even if that value is negative. This could result in a denial of service and/or a potential infoleak.
Уязвимость демультиплексера CAF медиа плеера VideoLAN VLC, связанная с доступом к неинициализированному указателю, позволяющая нарушителю вызвать отказ в обслуживании и/или получить доступ к конфиденциальным данным
6.4 Medium
CVSS2
9.1 Critical
CVSS3