Action not permitted
Modal body text goes here.
Modal Title
Modal Body
CVE-2020-13428
Vulnerability from cvelistv5
Published
2020-06-08 18:13
Modified
2024-08-04 12:18
Severity ?
EPSS score ?
Summary
A heap-based buffer overflow in the hxxx_AnnexB_to_xVC function in modules/packetizer/hxxx_nal.c in VideoLAN VLC media player before 3.0.11 for macOS/iOS allows remote attackers to cause a denial of service (application crash) or execute arbitrary code via a crafted H.264 Annex-B video (.avi for example) file.
References
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-04T12:18:18.469Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_refsource_MISC", "x_transferred", ], url: "https://github.com/videolan/vlc/commits/master/modules/packetizer/hxxx_nal.c", }, { tags: [ "x_refsource_MISC", "x_transferred", ], url: "http://git.videolan.org/?p=vlc/vlc-3.0.git%3Ba=commit%3Bh=d5c43c21c747ff30ed19fcca745dea3481c733e0", }, { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "https://github.com/videolan/vlc-3.0/releases/tag/3.0.11", }, { name: "DSA-4704", tags: [ "vendor-advisory", "x_refsource_DEBIAN", "x_transferred", ], url: "https://www.debian.org/security/2020/dsa-4704", }, { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "https://www.videolan.org/security/sb-vlc3011.html", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "n/a", vendor: "n/a", versions: [ { status: "affected", version: "n/a", }, ], }, ], descriptions: [ { lang: "en", value: "A heap-based buffer overflow in the hxxx_AnnexB_to_xVC function in modules/packetizer/hxxx_nal.c in VideoLAN VLC media player before 3.0.11 for macOS/iOS allows remote attackers to cause a denial of service (application crash) or execute arbitrary code via a crafted H.264 Annex-B video (.avi for example) file.", }, ], problemTypes: [ { descriptions: [ { description: "n/a", lang: "en", type: "text", }, ], }, ], providerMetadata: { dateUpdated: "2020-06-19T15:04:24", orgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca", shortName: "mitre", }, references: [ { tags: [ "x_refsource_MISC", ], url: "https://github.com/videolan/vlc/commits/master/modules/packetizer/hxxx_nal.c", }, { tags: [ "x_refsource_MISC", ], url: "http://git.videolan.org/?p=vlc/vlc-3.0.git%3Ba=commit%3Bh=d5c43c21c747ff30ed19fcca745dea3481c733e0", }, { tags: [ "x_refsource_CONFIRM", ], url: "https://github.com/videolan/vlc-3.0/releases/tag/3.0.11", }, { name: "DSA-4704", tags: [ "vendor-advisory", "x_refsource_DEBIAN", ], url: "https://www.debian.org/security/2020/dsa-4704", }, { tags: [ "x_refsource_CONFIRM", ], url: "https://www.videolan.org/security/sb-vlc3011.html", }, ], x_legacyV4Record: { CVE_data_meta: { ASSIGNER: "cve@mitre.org", ID: "CVE-2020-13428", STATE: "PUBLIC", }, affects: { vendor: { vendor_data: [ { product: { product_data: [ { product_name: "n/a", version: { version_data: [ { version_value: "n/a", }, ], }, }, ], }, vendor_name: "n/a", }, ], }, }, data_format: "MITRE", data_type: "CVE", data_version: "4.0", description: { description_data: [ { lang: "eng", value: "A heap-based buffer overflow in the hxxx_AnnexB_to_xVC function in modules/packetizer/hxxx_nal.c in VideoLAN VLC media player before 3.0.11 for macOS/iOS allows remote attackers to cause a denial of service (application crash) or execute arbitrary code via a crafted H.264 Annex-B video (.avi for example) file.", }, ], }, problemtype: { problemtype_data: [ { description: [ { lang: "eng", value: "n/a", }, ], }, ], }, references: { reference_data: [ { name: "https://github.com/videolan/vlc/commits/master/modules/packetizer/hxxx_nal.c", refsource: "MISC", url: "https://github.com/videolan/vlc/commits/master/modules/packetizer/hxxx_nal.c", }, { name: "http://git.videolan.org/?p=vlc/vlc-3.0.git;a=commit;h=d5c43c21c747ff30ed19fcca745dea3481c733e0", refsource: "MISC", url: "http://git.videolan.org/?p=vlc/vlc-3.0.git;a=commit;h=d5c43c21c747ff30ed19fcca745dea3481c733e0", }, { name: "https://github.com/videolan/vlc-3.0/releases/tag/3.0.11", refsource: "CONFIRM", url: "https://github.com/videolan/vlc-3.0/releases/tag/3.0.11", }, { name: "DSA-4704", refsource: "DEBIAN", url: "https://www.debian.org/security/2020/dsa-4704", }, { name: "https://www.videolan.org/security/sb-vlc3011.html", refsource: "CONFIRM", url: "https://www.videolan.org/security/sb-vlc3011.html", }, ], }, }, }, }, cveMetadata: { assignerOrgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca", assignerShortName: "mitre", cveId: "CVE-2020-13428", datePublished: "2020-06-08T18:13:04", dateReserved: "2020-05-23T00:00:00", dateUpdated: "2024-08-04T12:18:18.469Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", "vulnerability-lookup:meta": { nvd: "{\"cve\":{\"id\":\"CVE-2020-13428\",\"sourceIdentifier\":\"cve@mitre.org\",\"published\":\"2020-06-08T19:15:10.580\",\"lastModified\":\"2024-11-21T05:01:14.460\",\"vulnStatus\":\"Modified\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"A heap-based buffer overflow in the hxxx_AnnexB_to_xVC function in modules/packetizer/hxxx_nal.c in VideoLAN VLC media player before 3.0.11 for macOS/iOS allows remote attackers to cause a denial of service (application crash) or execute arbitrary code via a crafted H.264 Annex-B video (.avi for example) file.\"},{\"lang\":\"es\",\"value\":\"Un desbordamiento del búfer en la región heap de la memoria en la función hxxx_AnnexB_to_xVC en el archivo modules/packetizer/hxxx_nal.c en el reproductor multimedia VideoLAN VLC en versines anteriores a la 3.0.11 para macOS/iOS permite a los atacantes remotos causar una denegación de servicio (bloqueo de la aplicación) o ejecutar un código arbitrario a través de un archivo de vídeo H.264 Anexo-B elaborado (.avi por ejemplo)\"}],\"metrics\":{\"cvssMetricV31\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H\",\"baseScore\":7.8,\"baseSeverity\":\"HIGH\",\"attackVector\":\"LOCAL\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"NONE\",\"userInteraction\":\"REQUIRED\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"HIGH\",\"integrityImpact\":\"HIGH\",\"availabilityImpact\":\"HIGH\"},\"exploitabilityScore\":1.8,\"impactScore\":5.9}],\"cvssMetricV2\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"2.0\",\"vectorString\":\"AV:N/AC:M/Au:N/C:P/I:P/A:P\",\"baseScore\":6.8,\"accessVector\":\"NETWORK\",\"accessComplexity\":\"MEDIUM\",\"authentication\":\"NONE\",\"confidentialityImpact\":\"PARTIAL\",\"integrityImpact\":\"PARTIAL\",\"availabilityImpact\":\"PARTIAL\"},\"baseSeverity\":\"MEDIUM\",\"exploitabilityScore\":8.6,\"impactScore\":6.4,\"acInsufInfo\":false,\"obtainAllPrivilege\":false,\"obtainUserPrivilege\":false,\"obtainOtherPrivilege\":false,\"userInteractionRequired\":true}]},\"weaknesses\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-787\"}]}],\"configurations\":[{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:videolan:vlc_media_player:*:*:*:*:*:iphone_os:*:*\",\"versionEndExcluding\":\"3.0.11\",\"matchCriteriaId\":\"02E30712-5A58-4DA5-95B5-6336DA1754F2\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:videolan:vlc_media_player:*:*:*:*:*:macos:*:*\",\"versionEndExcluding\":\"3.0.11\",\"matchCriteriaId\":\"472504D8-7E66-4B5E-B5FA-DCFC5D2D33FA\"}]}]},{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"DEECE5FC-CACF-4496-A3E7-164736409252\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:debian:debian_linux:10.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"07B237A9-69A3-4A9C-9DA0-4E06BD37AE73\"}]}]}],\"references\":[{\"url\":\"http://git.videolan.org/?p=vlc/vlc-3.0.git%3Ba=commit%3Bh=d5c43c21c747ff30ed19fcca745dea3481c733e0\",\"source\":\"cve@mitre.org\"},{\"url\":\"https://github.com/videolan/vlc-3.0/releases/tag/3.0.11\",\"source\":\"cve@mitre.org\",\"tags\":[\"Release Notes\",\"Third Party Advisory\"]},{\"url\":\"https://github.com/videolan/vlc/commits/master/modules/packetizer/hxxx_nal.c\",\"source\":\"cve@mitre.org\",\"tags\":[\"Patch\",\"Third Party Advisory\"]},{\"url\":\"https://www.debian.org/security/2020/dsa-4704\",\"source\":\"cve@mitre.org\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"https://www.videolan.org/security/sb-vlc3011.html\",\"source\":\"cve@mitre.org\",\"tags\":[\"Vendor Advisory\"]},{\"url\":\"http://git.videolan.org/?p=vlc/vlc-3.0.git%3Ba=commit%3Bh=d5c43c21c747ff30ed19fcca745dea3481c733e0\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"https://github.com/videolan/vlc-3.0/releases/tag/3.0.11\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Release Notes\",\"Third Party Advisory\"]},{\"url\":\"https://github.com/videolan/vlc/commits/master/modules/packetizer/hxxx_nal.c\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Patch\",\"Third Party Advisory\"]},{\"url\":\"https://www.debian.org/security/2020/dsa-4704\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"https://www.videolan.org/security/sb-vlc3011.html\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Vendor Advisory\"]}]}}", }, }
ghsa-2cf7-9933-4jgc
Vulnerability from github
Published
2022-05-24 17:19
Modified
2023-03-03 03:30
Severity ?
Details
A heap-based buffer overflow in the hxxx_AnnexB_to_xVC function in modules/packetizer/hxxx_nal.c in VideoLAN VLC media player through 3.2.8 for iOS, and through 3.0.10 for macOS, allows remote attackers to cause a denial of service (application crash) or execute arbitrary code via a crafted H.264 Annex-B video (.avi for example) file.
{ affected: [], aliases: [ "CVE-2020-13428", ], database_specific: { cwe_ids: [ "CWE-787", ], github_reviewed: false, github_reviewed_at: null, nvd_published_at: "2020-06-08T19:15:00Z", severity: "MODERATE", }, details: "A heap-based buffer overflow in the hxxx_AnnexB_to_xVC function in modules/packetizer/hxxx_nal.c in VideoLAN VLC media player through 3.2.8 for iOS, and through 3.0.10 for macOS, allows remote attackers to cause a denial of service (application crash) or execute arbitrary code via a crafted H.264 Annex-B video (.avi for example) file.", id: "GHSA-2cf7-9933-4jgc", modified: "2023-03-03T03:30:23Z", published: "2022-05-24T17:19:33Z", references: [ { type: "ADVISORY", url: "https://nvd.nist.gov/vuln/detail/CVE-2020-13428", }, { type: "WEB", url: "https://github.com/videolan/vlc-3.0/releases/tag/3.0.11", }, { type: "WEB", url: "https://github.com/videolan/vlc/commits/master/modules/packetizer/hxxx_nal.c", }, { type: "WEB", url: "https://www.debian.org/security/2020/dsa-4704", }, { type: "WEB", url: "https://www.videolan.org/security/sb-vlc3011.html", }, { type: "WEB", url: "http://git.videolan.org/?p=vlc/vlc-3.0.git;a=commit;h=d5c43c21c747ff30ed19fcca745dea3481c733e0", }, ], schema_version: "1.4.0", severity: [ { score: "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", type: "CVSS_V3", }, ], }
opensuse-su-2021:0076-1
Vulnerability from csaf_opensuse
Published
2021-01-16 10:06
Modified
2021-01-16 10:06
Summary
Security update for vlc
Notes
Title of the patch
Security update for vlc
Description of the patch
This update for vlc fixes the following issues:
Update to 3.0.11.1:
- CVE-2020-13428: Fixed heap-based buffer overflow in the hxxx_AnnexB_to_xVC () (boo#1172727)
- CVE-2020-26664: Fixed heap-based buffer overflow in EbmlTypeDispatcher:send () (boo#1180755)
Patchnames
openSUSE-2021-76
Terms of use
CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).
{ document: { aggregate_severity: { namespace: "https://www.suse.com/support/security/rating/", text: "important", }, category: "csaf_security_advisory", csaf_version: "2.0", distribution: { text: "Copyright 2024 SUSE LLC. All rights reserved.", tlp: { label: "WHITE", url: "https://www.first.org/tlp/", }, }, lang: "en", notes: [ { category: "summary", text: "Security update for vlc", title: "Title of the patch", }, { category: "description", text: "This update for vlc fixes the following issues:\n\nUpdate to 3.0.11.1:\n \n- CVE-2020-13428: Fixed heap-based buffer overflow in the hxxx_AnnexB_to_xVC () (boo#1172727)\n- CVE-2020-26664: Fixed heap-based buffer overflow in EbmlTypeDispatcher:send () (boo#1180755)\n", title: "Description of the patch", }, { category: "details", text: "openSUSE-2021-76", title: "Patchnames", }, { category: "legal_disclaimer", text: "CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).", title: "Terms of use", }, ], publisher: { category: "vendor", contact_details: "https://www.suse.com/support/security/contact/", name: "SUSE Product Security Team", namespace: "https://www.suse.com/", }, references: [ { category: "external", summary: "SUSE ratings", url: "https://www.suse.com/support/security/rating/", }, { category: "self", summary: "URL of this CSAF notice", url: "https://ftp.suse.com/pub/projects/security/csaf/opensuse-su-2021_0076-1.json", }, { category: "self", summary: "URL for openSUSE-SU-2021:0076-1", url: "https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/OD6C4CTIQTZF237437FPGD5AIRV33TET/", }, { category: "self", summary: "E-Mail link for openSUSE-SU-2021:0076-1", url: "https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/OD6C4CTIQTZF237437FPGD5AIRV33TET/", }, { category: "self", summary: "SUSE Bug 1133290", url: "https://bugzilla.suse.com/1133290", }, { category: "self", summary: "SUSE Bug 1172727", url: "https://bugzilla.suse.com/1172727", }, { category: "self", summary: "SUSE Bug 1180755", url: "https://bugzilla.suse.com/1180755", }, { category: "self", summary: "SUSE CVE CVE-2020-13428 page", url: "https://www.suse.com/security/cve/CVE-2020-13428/", }, { category: "self", summary: "SUSE CVE CVE-2020-26664 page", url: "https://www.suse.com/security/cve/CVE-2020-26664/", }, ], title: "Security update for vlc", tracking: { current_release_date: "2021-01-16T10:06:30Z", generator: { date: "2021-01-16T10:06:30Z", engine: { name: "cve-database.git:bin/generate-csaf.pl", version: "1", }, }, id: "openSUSE-SU-2021:0076-1", initial_release_date: "2021-01-16T10:06:30Z", revision_history: [ { date: "2021-01-16T10:06:30Z", number: "1", summary: "Current version", }, ], status: "final", version: "1", }, }, product_tree: { branches: [ { branches: [ { branches: [ { category: "product_version", name: "vlc-lang-3.0.11.1-lp151.6.12.1.noarch", product: { name: "vlc-lang-3.0.11.1-lp151.6.12.1.noarch", product_id: "vlc-lang-3.0.11.1-lp151.6.12.1.noarch", }, }, ], category: "architecture", name: "noarch", }, { branches: [ { category: "product_version", name: "libvlc5-3.0.11.1-lp151.6.12.1.x86_64", product: { name: "libvlc5-3.0.11.1-lp151.6.12.1.x86_64", product_id: "libvlc5-3.0.11.1-lp151.6.12.1.x86_64", }, }, { category: "product_version", name: "libvlccore9-3.0.11.1-lp151.6.12.1.x86_64", product: { name: "libvlccore9-3.0.11.1-lp151.6.12.1.x86_64", product_id: "libvlccore9-3.0.11.1-lp151.6.12.1.x86_64", }, }, { category: "product_version", name: "vlc-3.0.11.1-lp151.6.12.1.x86_64", product: { name: "vlc-3.0.11.1-lp151.6.12.1.x86_64", product_id: "vlc-3.0.11.1-lp151.6.12.1.x86_64", }, }, { category: "product_version", name: "vlc-codec-gstreamer-3.0.11.1-lp151.6.12.1.x86_64", product: { name: "vlc-codec-gstreamer-3.0.11.1-lp151.6.12.1.x86_64", product_id: "vlc-codec-gstreamer-3.0.11.1-lp151.6.12.1.x86_64", }, }, { category: "product_version", name: "vlc-devel-3.0.11.1-lp151.6.12.1.x86_64", product: { name: "vlc-devel-3.0.11.1-lp151.6.12.1.x86_64", product_id: "vlc-devel-3.0.11.1-lp151.6.12.1.x86_64", }, }, { category: "product_version", name: "vlc-jack-3.0.11.1-lp151.6.12.1.x86_64", product: { name: "vlc-jack-3.0.11.1-lp151.6.12.1.x86_64", product_id: "vlc-jack-3.0.11.1-lp151.6.12.1.x86_64", }, }, { category: "product_version", name: "vlc-noX-3.0.11.1-lp151.6.12.1.x86_64", product: { name: "vlc-noX-3.0.11.1-lp151.6.12.1.x86_64", product_id: "vlc-noX-3.0.11.1-lp151.6.12.1.x86_64", }, }, { category: "product_version", name: "vlc-opencv-3.0.11.1-lp151.6.12.1.x86_64", product: { name: "vlc-opencv-3.0.11.1-lp151.6.12.1.x86_64", product_id: "vlc-opencv-3.0.11.1-lp151.6.12.1.x86_64", }, }, { category: "product_version", name: "vlc-qt-3.0.11.1-lp151.6.12.1.x86_64", product: { name: "vlc-qt-3.0.11.1-lp151.6.12.1.x86_64", product_id: "vlc-qt-3.0.11.1-lp151.6.12.1.x86_64", }, }, { category: "product_version", name: "vlc-vdpau-3.0.11.1-lp151.6.12.1.x86_64", product: { name: "vlc-vdpau-3.0.11.1-lp151.6.12.1.x86_64", product_id: "vlc-vdpau-3.0.11.1-lp151.6.12.1.x86_64", }, }, ], category: "architecture", name: "x86_64", }, { branches: [ { category: "product_name", name: "openSUSE Leap 15.1", product: { name: "openSUSE Leap 15.1", product_id: "openSUSE Leap 15.1", product_identification_helper: { cpe: "cpe:/o:opensuse:leap:15.1", }, }, }, ], category: "product_family", name: "SUSE Linux Enterprise", }, ], category: "vendor", name: "SUSE", }, ], relationships: [ { category: "default_component_of", full_product_name: { name: "libvlc5-3.0.11.1-lp151.6.12.1.x86_64 as component of openSUSE Leap 15.1", product_id: "openSUSE Leap 15.1:libvlc5-3.0.11.1-lp151.6.12.1.x86_64", }, product_reference: "libvlc5-3.0.11.1-lp151.6.12.1.x86_64", relates_to_product_reference: "openSUSE Leap 15.1", }, { category: "default_component_of", full_product_name: { name: "libvlccore9-3.0.11.1-lp151.6.12.1.x86_64 as component of openSUSE Leap 15.1", product_id: "openSUSE Leap 15.1:libvlccore9-3.0.11.1-lp151.6.12.1.x86_64", }, product_reference: "libvlccore9-3.0.11.1-lp151.6.12.1.x86_64", relates_to_product_reference: "openSUSE Leap 15.1", }, { category: "default_component_of", full_product_name: { name: "vlc-3.0.11.1-lp151.6.12.1.x86_64 as component of openSUSE Leap 15.1", product_id: "openSUSE Leap 15.1:vlc-3.0.11.1-lp151.6.12.1.x86_64", }, product_reference: "vlc-3.0.11.1-lp151.6.12.1.x86_64", relates_to_product_reference: "openSUSE Leap 15.1", }, { category: "default_component_of", full_product_name: { name: "vlc-codec-gstreamer-3.0.11.1-lp151.6.12.1.x86_64 as component of openSUSE Leap 15.1", product_id: "openSUSE Leap 15.1:vlc-codec-gstreamer-3.0.11.1-lp151.6.12.1.x86_64", }, product_reference: "vlc-codec-gstreamer-3.0.11.1-lp151.6.12.1.x86_64", relates_to_product_reference: "openSUSE Leap 15.1", }, { category: "default_component_of", full_product_name: { name: "vlc-devel-3.0.11.1-lp151.6.12.1.x86_64 as component of openSUSE Leap 15.1", product_id: "openSUSE Leap 15.1:vlc-devel-3.0.11.1-lp151.6.12.1.x86_64", }, product_reference: "vlc-devel-3.0.11.1-lp151.6.12.1.x86_64", relates_to_product_reference: "openSUSE Leap 15.1", }, { category: "default_component_of", full_product_name: { name: "vlc-jack-3.0.11.1-lp151.6.12.1.x86_64 as component of openSUSE Leap 15.1", product_id: "openSUSE Leap 15.1:vlc-jack-3.0.11.1-lp151.6.12.1.x86_64", }, product_reference: "vlc-jack-3.0.11.1-lp151.6.12.1.x86_64", relates_to_product_reference: "openSUSE Leap 15.1", }, { category: "default_component_of", full_product_name: { name: "vlc-lang-3.0.11.1-lp151.6.12.1.noarch as component of openSUSE Leap 15.1", product_id: "openSUSE Leap 15.1:vlc-lang-3.0.11.1-lp151.6.12.1.noarch", }, product_reference: "vlc-lang-3.0.11.1-lp151.6.12.1.noarch", relates_to_product_reference: "openSUSE Leap 15.1", }, { category: "default_component_of", full_product_name: { name: "vlc-noX-3.0.11.1-lp151.6.12.1.x86_64 as component of openSUSE Leap 15.1", product_id: "openSUSE Leap 15.1:vlc-noX-3.0.11.1-lp151.6.12.1.x86_64", }, product_reference: "vlc-noX-3.0.11.1-lp151.6.12.1.x86_64", relates_to_product_reference: "openSUSE Leap 15.1", }, { category: "default_component_of", full_product_name: { name: "vlc-opencv-3.0.11.1-lp151.6.12.1.x86_64 as component of openSUSE Leap 15.1", product_id: "openSUSE Leap 15.1:vlc-opencv-3.0.11.1-lp151.6.12.1.x86_64", }, product_reference: "vlc-opencv-3.0.11.1-lp151.6.12.1.x86_64", relates_to_product_reference: "openSUSE Leap 15.1", }, { category: "default_component_of", full_product_name: { name: "vlc-qt-3.0.11.1-lp151.6.12.1.x86_64 as component of openSUSE Leap 15.1", product_id: "openSUSE Leap 15.1:vlc-qt-3.0.11.1-lp151.6.12.1.x86_64", }, product_reference: "vlc-qt-3.0.11.1-lp151.6.12.1.x86_64", relates_to_product_reference: "openSUSE Leap 15.1", }, { category: "default_component_of", full_product_name: { name: "vlc-vdpau-3.0.11.1-lp151.6.12.1.x86_64 as component of openSUSE Leap 15.1", product_id: "openSUSE Leap 15.1:vlc-vdpau-3.0.11.1-lp151.6.12.1.x86_64", }, product_reference: "vlc-vdpau-3.0.11.1-lp151.6.12.1.x86_64", relates_to_product_reference: "openSUSE Leap 15.1", }, ], }, vulnerabilities: [ { cve: "CVE-2020-13428", ids: [ { system_name: "SUSE CVE Page", text: "https://www.suse.com/security/cve/CVE-2020-13428", }, ], notes: [ { category: "general", text: "A heap-based buffer overflow in the hxxx_AnnexB_to_xVC function in modules/packetizer/hxxx_nal.c in VideoLAN VLC media player before 3.0.11 for macOS/iOS allows remote attackers to cause a denial of service (application crash) or execute arbitrary code via a crafted H.264 Annex-B video (.avi for example) file.", title: "CVE description", }, ], product_status: { recommended: [ "openSUSE Leap 15.1:libvlc5-3.0.11.1-lp151.6.12.1.x86_64", "openSUSE Leap 15.1:libvlccore9-3.0.11.1-lp151.6.12.1.x86_64", "openSUSE Leap 15.1:vlc-3.0.11.1-lp151.6.12.1.x86_64", "openSUSE Leap 15.1:vlc-codec-gstreamer-3.0.11.1-lp151.6.12.1.x86_64", "openSUSE Leap 15.1:vlc-devel-3.0.11.1-lp151.6.12.1.x86_64", "openSUSE Leap 15.1:vlc-jack-3.0.11.1-lp151.6.12.1.x86_64", "openSUSE Leap 15.1:vlc-lang-3.0.11.1-lp151.6.12.1.noarch", "openSUSE Leap 15.1:vlc-noX-3.0.11.1-lp151.6.12.1.x86_64", "openSUSE Leap 15.1:vlc-opencv-3.0.11.1-lp151.6.12.1.x86_64", "openSUSE Leap 15.1:vlc-qt-3.0.11.1-lp151.6.12.1.x86_64", "openSUSE Leap 15.1:vlc-vdpau-3.0.11.1-lp151.6.12.1.x86_64", ], }, references: [ { category: "external", summary: "CVE-2020-13428", url: "https://www.suse.com/security/cve/CVE-2020-13428", }, { category: "external", summary: "SUSE Bug 1172727 for CVE-2020-13428", url: "https://bugzilla.suse.com/1172727", }, ], remediations: [ { category: "vendor_fix", details: "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n", product_ids: [ "openSUSE Leap 15.1:libvlc5-3.0.11.1-lp151.6.12.1.x86_64", "openSUSE Leap 15.1:libvlccore9-3.0.11.1-lp151.6.12.1.x86_64", "openSUSE Leap 15.1:vlc-3.0.11.1-lp151.6.12.1.x86_64", "openSUSE Leap 15.1:vlc-codec-gstreamer-3.0.11.1-lp151.6.12.1.x86_64", "openSUSE Leap 15.1:vlc-devel-3.0.11.1-lp151.6.12.1.x86_64", "openSUSE Leap 15.1:vlc-jack-3.0.11.1-lp151.6.12.1.x86_64", "openSUSE Leap 15.1:vlc-lang-3.0.11.1-lp151.6.12.1.noarch", "openSUSE Leap 15.1:vlc-noX-3.0.11.1-lp151.6.12.1.x86_64", "openSUSE Leap 15.1:vlc-opencv-3.0.11.1-lp151.6.12.1.x86_64", "openSUSE Leap 15.1:vlc-qt-3.0.11.1-lp151.6.12.1.x86_64", "openSUSE Leap 15.1:vlc-vdpau-3.0.11.1-lp151.6.12.1.x86_64", ], }, ], scores: [ { cvss_v3: { baseScore: 7.8, baseSeverity: "HIGH", vectorString: "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", version: "3.1", }, products: [ "openSUSE Leap 15.1:libvlc5-3.0.11.1-lp151.6.12.1.x86_64", "openSUSE Leap 15.1:libvlccore9-3.0.11.1-lp151.6.12.1.x86_64", "openSUSE Leap 15.1:vlc-3.0.11.1-lp151.6.12.1.x86_64", "openSUSE Leap 15.1:vlc-codec-gstreamer-3.0.11.1-lp151.6.12.1.x86_64", "openSUSE Leap 15.1:vlc-devel-3.0.11.1-lp151.6.12.1.x86_64", "openSUSE Leap 15.1:vlc-jack-3.0.11.1-lp151.6.12.1.x86_64", "openSUSE Leap 15.1:vlc-lang-3.0.11.1-lp151.6.12.1.noarch", "openSUSE Leap 15.1:vlc-noX-3.0.11.1-lp151.6.12.1.x86_64", "openSUSE Leap 15.1:vlc-opencv-3.0.11.1-lp151.6.12.1.x86_64", "openSUSE Leap 15.1:vlc-qt-3.0.11.1-lp151.6.12.1.x86_64", "openSUSE Leap 15.1:vlc-vdpau-3.0.11.1-lp151.6.12.1.x86_64", ], }, ], threats: [ { category: "impact", date: "2021-01-16T10:06:30Z", details: "important", }, ], title: "CVE-2020-13428", }, { cve: "CVE-2020-26664", ids: [ { system_name: "SUSE CVE Page", text: "https://www.suse.com/security/cve/CVE-2020-26664", }, ], notes: [ { category: "general", text: "A vulnerability in EbmlTypeDispatcher::send in VideoLAN VLC media player 3.0.11 allows attackers to trigger a heap-based buffer overflow via a crafted .mkv file.", title: "CVE description", }, ], product_status: { recommended: [ "openSUSE Leap 15.1:libvlc5-3.0.11.1-lp151.6.12.1.x86_64", "openSUSE Leap 15.1:libvlccore9-3.0.11.1-lp151.6.12.1.x86_64", "openSUSE Leap 15.1:vlc-3.0.11.1-lp151.6.12.1.x86_64", "openSUSE Leap 15.1:vlc-codec-gstreamer-3.0.11.1-lp151.6.12.1.x86_64", "openSUSE Leap 15.1:vlc-devel-3.0.11.1-lp151.6.12.1.x86_64", "openSUSE Leap 15.1:vlc-jack-3.0.11.1-lp151.6.12.1.x86_64", "openSUSE Leap 15.1:vlc-lang-3.0.11.1-lp151.6.12.1.noarch", "openSUSE Leap 15.1:vlc-noX-3.0.11.1-lp151.6.12.1.x86_64", "openSUSE Leap 15.1:vlc-opencv-3.0.11.1-lp151.6.12.1.x86_64", "openSUSE Leap 15.1:vlc-qt-3.0.11.1-lp151.6.12.1.x86_64", "openSUSE Leap 15.1:vlc-vdpau-3.0.11.1-lp151.6.12.1.x86_64", ], }, references: [ { category: "external", summary: "CVE-2020-26664", url: "https://www.suse.com/security/cve/CVE-2020-26664", }, { category: "external", summary: "SUSE Bug 1180755 for CVE-2020-26664", url: "https://bugzilla.suse.com/1180755", }, ], remediations: [ { category: "vendor_fix", details: "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n", product_ids: [ "openSUSE Leap 15.1:libvlc5-3.0.11.1-lp151.6.12.1.x86_64", "openSUSE Leap 15.1:libvlccore9-3.0.11.1-lp151.6.12.1.x86_64", "openSUSE Leap 15.1:vlc-3.0.11.1-lp151.6.12.1.x86_64", "openSUSE Leap 15.1:vlc-codec-gstreamer-3.0.11.1-lp151.6.12.1.x86_64", "openSUSE Leap 15.1:vlc-devel-3.0.11.1-lp151.6.12.1.x86_64", "openSUSE Leap 15.1:vlc-jack-3.0.11.1-lp151.6.12.1.x86_64", "openSUSE Leap 15.1:vlc-lang-3.0.11.1-lp151.6.12.1.noarch", "openSUSE Leap 15.1:vlc-noX-3.0.11.1-lp151.6.12.1.x86_64", "openSUSE Leap 15.1:vlc-opencv-3.0.11.1-lp151.6.12.1.x86_64", "openSUSE Leap 15.1:vlc-qt-3.0.11.1-lp151.6.12.1.x86_64", "openSUSE Leap 15.1:vlc-vdpau-3.0.11.1-lp151.6.12.1.x86_64", ], }, ], scores: [ { cvss_v3: { baseScore: 7.8, baseSeverity: "HIGH", vectorString: "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", version: "3.1", }, products: [ "openSUSE Leap 15.1:libvlc5-3.0.11.1-lp151.6.12.1.x86_64", "openSUSE Leap 15.1:libvlccore9-3.0.11.1-lp151.6.12.1.x86_64", "openSUSE Leap 15.1:vlc-3.0.11.1-lp151.6.12.1.x86_64", "openSUSE Leap 15.1:vlc-codec-gstreamer-3.0.11.1-lp151.6.12.1.x86_64", "openSUSE Leap 15.1:vlc-devel-3.0.11.1-lp151.6.12.1.x86_64", "openSUSE Leap 15.1:vlc-jack-3.0.11.1-lp151.6.12.1.x86_64", "openSUSE Leap 15.1:vlc-lang-3.0.11.1-lp151.6.12.1.noarch", "openSUSE Leap 15.1:vlc-noX-3.0.11.1-lp151.6.12.1.x86_64", "openSUSE Leap 15.1:vlc-opencv-3.0.11.1-lp151.6.12.1.x86_64", "openSUSE Leap 15.1:vlc-qt-3.0.11.1-lp151.6.12.1.x86_64", "openSUSE Leap 15.1:vlc-vdpau-3.0.11.1-lp151.6.12.1.x86_64", ], }, ], threats: [ { category: "impact", date: "2021-01-16T10:06:30Z", details: "important", }, ], title: "CVE-2020-26664", }, ], }
opensuse-su-2021:0091-1
Vulnerability from csaf_opensuse
Published
2021-01-16 18:54
Modified
2021-01-16 18:54
Summary
Security update for vlc
Notes
Title of the patch
Security update for vlc
Description of the patch
This update for vlc fixes the following issues:
Update to 3.0.11.1:
- CVE-2020-13428: Fixed heap-based buffer overflow in the hxxx_AnnexB_to_xVC () (boo#1172727)
- CVE-2020-26664: Fixed heap-based buffer overflow in EbmlTypeDispatcher:send () (boo#1180755)
Patchnames
openSUSE-2021-91
Terms of use
CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).
{ document: { aggregate_severity: { namespace: "https://www.suse.com/support/security/rating/", text: "important", }, category: "csaf_security_advisory", csaf_version: "2.0", distribution: { text: "Copyright 2024 SUSE LLC. All rights reserved.", tlp: { label: "WHITE", url: "https://www.first.org/tlp/", }, }, lang: "en", notes: [ { category: "summary", text: "Security update for vlc", title: "Title of the patch", }, { category: "description", text: "This update for vlc fixes the following issues:\n\nUpdate to 3.0.11.1:\n \n- CVE-2020-13428: Fixed heap-based buffer overflow in the hxxx_AnnexB_to_xVC () (boo#1172727)\n- CVE-2020-26664: Fixed heap-based buffer overflow in EbmlTypeDispatcher:send () (boo#1180755)\n", title: "Description of the patch", }, { category: "details", text: "openSUSE-2021-91", title: "Patchnames", }, { category: "legal_disclaimer", text: "CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).", title: "Terms of use", }, ], publisher: { category: "vendor", contact_details: "https://www.suse.com/support/security/contact/", name: "SUSE Product Security Team", namespace: "https://www.suse.com/", }, references: [ { category: "external", summary: "SUSE ratings", url: "https://www.suse.com/support/security/rating/", }, { category: "self", summary: "URL of this CSAF notice", url: "https://ftp.suse.com/pub/projects/security/csaf/opensuse-su-2021_0091-1.json", }, { category: "self", summary: "URL for openSUSE-SU-2021:0091-1", url: "https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/KIZQCEFFNAB3CPF433JKRUT3ZM2EDM33/", }, { category: "self", summary: "E-Mail link for openSUSE-SU-2021:0091-1", url: "https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/KIZQCEFFNAB3CPF433JKRUT3ZM2EDM33/", }, { category: "self", summary: "SUSE Bug 1133290", url: "https://bugzilla.suse.com/1133290", }, { category: "self", summary: "SUSE Bug 1172727", url: "https://bugzilla.suse.com/1172727", }, { category: "self", summary: "SUSE Bug 1180755", url: "https://bugzilla.suse.com/1180755", }, { category: "self", summary: "SUSE CVE CVE-2020-13428 page", url: "https://www.suse.com/security/cve/CVE-2020-13428/", }, { category: "self", summary: "SUSE CVE CVE-2020-26664 page", url: "https://www.suse.com/security/cve/CVE-2020-26664/", }, ], title: "Security update for vlc", tracking: { current_release_date: "2021-01-16T18:54:28Z", generator: { date: "2021-01-16T18:54:28Z", engine: { name: "cve-database.git:bin/generate-csaf.pl", version: "1", }, }, id: "openSUSE-SU-2021:0091-1", initial_release_date: "2021-01-16T18:54:28Z", revision_history: [ { date: "2021-01-16T18:54:28Z", number: "1", summary: "Current version", }, ], status: "final", version: "1", }, }, product_tree: { branches: [ { branches: [ { branches: [ { category: "product_version", name: "vlc-lang-3.0.11.1-lp152.2.9.1.noarch", product: { name: "vlc-lang-3.0.11.1-lp152.2.9.1.noarch", product_id: "vlc-lang-3.0.11.1-lp152.2.9.1.noarch", }, }, ], category: "architecture", name: "noarch", }, { branches: [ { category: "product_version", name: "libvlc5-3.0.11.1-lp152.2.9.1.x86_64", product: { name: "libvlc5-3.0.11.1-lp152.2.9.1.x86_64", product_id: "libvlc5-3.0.11.1-lp152.2.9.1.x86_64", }, }, { category: "product_version", name: "libvlccore9-3.0.11.1-lp152.2.9.1.x86_64", product: { name: "libvlccore9-3.0.11.1-lp152.2.9.1.x86_64", product_id: "libvlccore9-3.0.11.1-lp152.2.9.1.x86_64", }, }, { category: "product_version", name: "vlc-3.0.11.1-lp152.2.9.1.x86_64", product: { name: "vlc-3.0.11.1-lp152.2.9.1.x86_64", product_id: "vlc-3.0.11.1-lp152.2.9.1.x86_64", }, }, { category: "product_version", name: "vlc-codec-gstreamer-3.0.11.1-lp152.2.9.1.x86_64", product: { name: "vlc-codec-gstreamer-3.0.11.1-lp152.2.9.1.x86_64", product_id: "vlc-codec-gstreamer-3.0.11.1-lp152.2.9.1.x86_64", }, }, { category: "product_version", name: "vlc-devel-3.0.11.1-lp152.2.9.1.x86_64", product: { name: "vlc-devel-3.0.11.1-lp152.2.9.1.x86_64", product_id: "vlc-devel-3.0.11.1-lp152.2.9.1.x86_64", }, }, { category: "product_version", name: "vlc-jack-3.0.11.1-lp152.2.9.1.x86_64", product: { name: "vlc-jack-3.0.11.1-lp152.2.9.1.x86_64", product_id: "vlc-jack-3.0.11.1-lp152.2.9.1.x86_64", }, }, { category: "product_version", name: "vlc-noX-3.0.11.1-lp152.2.9.1.x86_64", product: { name: "vlc-noX-3.0.11.1-lp152.2.9.1.x86_64", product_id: "vlc-noX-3.0.11.1-lp152.2.9.1.x86_64", }, }, { category: "product_version", name: "vlc-opencv-3.0.11.1-lp152.2.9.1.x86_64", product: { name: "vlc-opencv-3.0.11.1-lp152.2.9.1.x86_64", product_id: "vlc-opencv-3.0.11.1-lp152.2.9.1.x86_64", }, }, { category: "product_version", name: "vlc-qt-3.0.11.1-lp152.2.9.1.x86_64", product: { name: "vlc-qt-3.0.11.1-lp152.2.9.1.x86_64", product_id: "vlc-qt-3.0.11.1-lp152.2.9.1.x86_64", }, }, { category: "product_version", name: "vlc-vdpau-3.0.11.1-lp152.2.9.1.x86_64", product: { name: "vlc-vdpau-3.0.11.1-lp152.2.9.1.x86_64", product_id: "vlc-vdpau-3.0.11.1-lp152.2.9.1.x86_64", }, }, ], category: "architecture", name: "x86_64", }, { branches: [ { category: "product_name", name: "openSUSE Leap 15.2", product: { name: "openSUSE Leap 15.2", product_id: "openSUSE Leap 15.2", product_identification_helper: { cpe: "cpe:/o:opensuse:leap:15.2", }, }, }, ], category: "product_family", name: "SUSE Linux Enterprise", }, ], category: "vendor", name: "SUSE", }, ], relationships: [ { category: "default_component_of", full_product_name: { name: "libvlc5-3.0.11.1-lp152.2.9.1.x86_64 as component of openSUSE Leap 15.2", product_id: "openSUSE Leap 15.2:libvlc5-3.0.11.1-lp152.2.9.1.x86_64", }, product_reference: "libvlc5-3.0.11.1-lp152.2.9.1.x86_64", relates_to_product_reference: "openSUSE Leap 15.2", }, { category: "default_component_of", full_product_name: { name: "libvlccore9-3.0.11.1-lp152.2.9.1.x86_64 as component of openSUSE Leap 15.2", product_id: "openSUSE Leap 15.2:libvlccore9-3.0.11.1-lp152.2.9.1.x86_64", }, product_reference: "libvlccore9-3.0.11.1-lp152.2.9.1.x86_64", relates_to_product_reference: "openSUSE Leap 15.2", }, { category: "default_component_of", full_product_name: { name: "vlc-3.0.11.1-lp152.2.9.1.x86_64 as component of openSUSE Leap 15.2", product_id: "openSUSE Leap 15.2:vlc-3.0.11.1-lp152.2.9.1.x86_64", }, product_reference: "vlc-3.0.11.1-lp152.2.9.1.x86_64", relates_to_product_reference: "openSUSE Leap 15.2", }, { category: "default_component_of", full_product_name: { name: "vlc-codec-gstreamer-3.0.11.1-lp152.2.9.1.x86_64 as component of openSUSE Leap 15.2", product_id: "openSUSE Leap 15.2:vlc-codec-gstreamer-3.0.11.1-lp152.2.9.1.x86_64", }, product_reference: "vlc-codec-gstreamer-3.0.11.1-lp152.2.9.1.x86_64", relates_to_product_reference: "openSUSE Leap 15.2", }, { category: "default_component_of", full_product_name: { name: "vlc-devel-3.0.11.1-lp152.2.9.1.x86_64 as component of openSUSE Leap 15.2", product_id: "openSUSE Leap 15.2:vlc-devel-3.0.11.1-lp152.2.9.1.x86_64", }, product_reference: "vlc-devel-3.0.11.1-lp152.2.9.1.x86_64", relates_to_product_reference: "openSUSE Leap 15.2", }, { category: "default_component_of", full_product_name: { name: "vlc-jack-3.0.11.1-lp152.2.9.1.x86_64 as component of openSUSE Leap 15.2", product_id: "openSUSE Leap 15.2:vlc-jack-3.0.11.1-lp152.2.9.1.x86_64", }, product_reference: "vlc-jack-3.0.11.1-lp152.2.9.1.x86_64", relates_to_product_reference: "openSUSE Leap 15.2", }, { category: "default_component_of", full_product_name: { name: "vlc-lang-3.0.11.1-lp152.2.9.1.noarch as component of openSUSE Leap 15.2", product_id: "openSUSE Leap 15.2:vlc-lang-3.0.11.1-lp152.2.9.1.noarch", }, product_reference: "vlc-lang-3.0.11.1-lp152.2.9.1.noarch", relates_to_product_reference: "openSUSE Leap 15.2", }, { category: "default_component_of", full_product_name: { name: "vlc-noX-3.0.11.1-lp152.2.9.1.x86_64 as component of openSUSE Leap 15.2", product_id: "openSUSE Leap 15.2:vlc-noX-3.0.11.1-lp152.2.9.1.x86_64", }, product_reference: "vlc-noX-3.0.11.1-lp152.2.9.1.x86_64", relates_to_product_reference: "openSUSE Leap 15.2", }, { category: "default_component_of", full_product_name: { name: "vlc-opencv-3.0.11.1-lp152.2.9.1.x86_64 as component of openSUSE Leap 15.2", product_id: "openSUSE Leap 15.2:vlc-opencv-3.0.11.1-lp152.2.9.1.x86_64", }, product_reference: "vlc-opencv-3.0.11.1-lp152.2.9.1.x86_64", relates_to_product_reference: "openSUSE Leap 15.2", }, { category: "default_component_of", full_product_name: { name: "vlc-qt-3.0.11.1-lp152.2.9.1.x86_64 as component of openSUSE Leap 15.2", product_id: "openSUSE Leap 15.2:vlc-qt-3.0.11.1-lp152.2.9.1.x86_64", }, product_reference: "vlc-qt-3.0.11.1-lp152.2.9.1.x86_64", relates_to_product_reference: "openSUSE Leap 15.2", }, { category: "default_component_of", full_product_name: { name: "vlc-vdpau-3.0.11.1-lp152.2.9.1.x86_64 as component of openSUSE Leap 15.2", product_id: "openSUSE Leap 15.2:vlc-vdpau-3.0.11.1-lp152.2.9.1.x86_64", }, product_reference: "vlc-vdpau-3.0.11.1-lp152.2.9.1.x86_64", relates_to_product_reference: "openSUSE Leap 15.2", }, ], }, vulnerabilities: [ { cve: "CVE-2020-13428", ids: [ { system_name: "SUSE CVE Page", text: "https://www.suse.com/security/cve/CVE-2020-13428", }, ], notes: [ { category: "general", text: "A heap-based buffer overflow in the hxxx_AnnexB_to_xVC function in modules/packetizer/hxxx_nal.c in VideoLAN VLC media player before 3.0.11 for macOS/iOS allows remote attackers to cause a denial of service (application crash) or execute arbitrary code via a crafted H.264 Annex-B video (.avi for example) file.", title: "CVE description", }, ], product_status: { recommended: [ "openSUSE Leap 15.2:libvlc5-3.0.11.1-lp152.2.9.1.x86_64", "openSUSE Leap 15.2:libvlccore9-3.0.11.1-lp152.2.9.1.x86_64", "openSUSE Leap 15.2:vlc-3.0.11.1-lp152.2.9.1.x86_64", "openSUSE Leap 15.2:vlc-codec-gstreamer-3.0.11.1-lp152.2.9.1.x86_64", "openSUSE Leap 15.2:vlc-devel-3.0.11.1-lp152.2.9.1.x86_64", "openSUSE Leap 15.2:vlc-jack-3.0.11.1-lp152.2.9.1.x86_64", "openSUSE Leap 15.2:vlc-lang-3.0.11.1-lp152.2.9.1.noarch", "openSUSE Leap 15.2:vlc-noX-3.0.11.1-lp152.2.9.1.x86_64", "openSUSE Leap 15.2:vlc-opencv-3.0.11.1-lp152.2.9.1.x86_64", "openSUSE Leap 15.2:vlc-qt-3.0.11.1-lp152.2.9.1.x86_64", "openSUSE Leap 15.2:vlc-vdpau-3.0.11.1-lp152.2.9.1.x86_64", ], }, references: [ { category: "external", summary: "CVE-2020-13428", url: "https://www.suse.com/security/cve/CVE-2020-13428", }, { category: "external", summary: "SUSE Bug 1172727 for CVE-2020-13428", url: "https://bugzilla.suse.com/1172727", }, ], remediations: [ { category: "vendor_fix", details: "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n", product_ids: [ "openSUSE Leap 15.2:libvlc5-3.0.11.1-lp152.2.9.1.x86_64", "openSUSE Leap 15.2:libvlccore9-3.0.11.1-lp152.2.9.1.x86_64", "openSUSE Leap 15.2:vlc-3.0.11.1-lp152.2.9.1.x86_64", "openSUSE Leap 15.2:vlc-codec-gstreamer-3.0.11.1-lp152.2.9.1.x86_64", "openSUSE Leap 15.2:vlc-devel-3.0.11.1-lp152.2.9.1.x86_64", "openSUSE Leap 15.2:vlc-jack-3.0.11.1-lp152.2.9.1.x86_64", "openSUSE Leap 15.2:vlc-lang-3.0.11.1-lp152.2.9.1.noarch", "openSUSE Leap 15.2:vlc-noX-3.0.11.1-lp152.2.9.1.x86_64", "openSUSE Leap 15.2:vlc-opencv-3.0.11.1-lp152.2.9.1.x86_64", "openSUSE Leap 15.2:vlc-qt-3.0.11.1-lp152.2.9.1.x86_64", "openSUSE Leap 15.2:vlc-vdpau-3.0.11.1-lp152.2.9.1.x86_64", ], }, ], scores: [ { cvss_v3: { baseScore: 7.8, baseSeverity: "HIGH", vectorString: "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", version: "3.1", }, products: [ "openSUSE Leap 15.2:libvlc5-3.0.11.1-lp152.2.9.1.x86_64", "openSUSE Leap 15.2:libvlccore9-3.0.11.1-lp152.2.9.1.x86_64", "openSUSE Leap 15.2:vlc-3.0.11.1-lp152.2.9.1.x86_64", "openSUSE Leap 15.2:vlc-codec-gstreamer-3.0.11.1-lp152.2.9.1.x86_64", "openSUSE Leap 15.2:vlc-devel-3.0.11.1-lp152.2.9.1.x86_64", "openSUSE Leap 15.2:vlc-jack-3.0.11.1-lp152.2.9.1.x86_64", "openSUSE Leap 15.2:vlc-lang-3.0.11.1-lp152.2.9.1.noarch", "openSUSE Leap 15.2:vlc-noX-3.0.11.1-lp152.2.9.1.x86_64", "openSUSE Leap 15.2:vlc-opencv-3.0.11.1-lp152.2.9.1.x86_64", "openSUSE Leap 15.2:vlc-qt-3.0.11.1-lp152.2.9.1.x86_64", "openSUSE Leap 15.2:vlc-vdpau-3.0.11.1-lp152.2.9.1.x86_64", ], }, ], threats: [ { category: "impact", date: "2021-01-16T18:54:28Z", details: "important", }, ], title: "CVE-2020-13428", }, { cve: "CVE-2020-26664", ids: [ { system_name: "SUSE CVE Page", text: "https://www.suse.com/security/cve/CVE-2020-26664", }, ], notes: [ { category: "general", text: "A vulnerability in EbmlTypeDispatcher::send in VideoLAN VLC media player 3.0.11 allows attackers to trigger a heap-based buffer overflow via a crafted .mkv file.", title: "CVE description", }, ], product_status: { recommended: [ "openSUSE Leap 15.2:libvlc5-3.0.11.1-lp152.2.9.1.x86_64", "openSUSE Leap 15.2:libvlccore9-3.0.11.1-lp152.2.9.1.x86_64", "openSUSE Leap 15.2:vlc-3.0.11.1-lp152.2.9.1.x86_64", "openSUSE Leap 15.2:vlc-codec-gstreamer-3.0.11.1-lp152.2.9.1.x86_64", "openSUSE Leap 15.2:vlc-devel-3.0.11.1-lp152.2.9.1.x86_64", "openSUSE Leap 15.2:vlc-jack-3.0.11.1-lp152.2.9.1.x86_64", "openSUSE Leap 15.2:vlc-lang-3.0.11.1-lp152.2.9.1.noarch", "openSUSE Leap 15.2:vlc-noX-3.0.11.1-lp152.2.9.1.x86_64", "openSUSE Leap 15.2:vlc-opencv-3.0.11.1-lp152.2.9.1.x86_64", "openSUSE Leap 15.2:vlc-qt-3.0.11.1-lp152.2.9.1.x86_64", "openSUSE Leap 15.2:vlc-vdpau-3.0.11.1-lp152.2.9.1.x86_64", ], }, references: [ { category: "external", summary: "CVE-2020-26664", url: "https://www.suse.com/security/cve/CVE-2020-26664", }, { category: "external", summary: "SUSE Bug 1180755 for CVE-2020-26664", url: "https://bugzilla.suse.com/1180755", }, ], remediations: [ { category: "vendor_fix", details: "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n", product_ids: [ "openSUSE Leap 15.2:libvlc5-3.0.11.1-lp152.2.9.1.x86_64", "openSUSE Leap 15.2:libvlccore9-3.0.11.1-lp152.2.9.1.x86_64", "openSUSE Leap 15.2:vlc-3.0.11.1-lp152.2.9.1.x86_64", "openSUSE Leap 15.2:vlc-codec-gstreamer-3.0.11.1-lp152.2.9.1.x86_64", "openSUSE Leap 15.2:vlc-devel-3.0.11.1-lp152.2.9.1.x86_64", "openSUSE Leap 15.2:vlc-jack-3.0.11.1-lp152.2.9.1.x86_64", "openSUSE Leap 15.2:vlc-lang-3.0.11.1-lp152.2.9.1.noarch", "openSUSE Leap 15.2:vlc-noX-3.0.11.1-lp152.2.9.1.x86_64", "openSUSE Leap 15.2:vlc-opencv-3.0.11.1-lp152.2.9.1.x86_64", "openSUSE Leap 15.2:vlc-qt-3.0.11.1-lp152.2.9.1.x86_64", "openSUSE Leap 15.2:vlc-vdpau-3.0.11.1-lp152.2.9.1.x86_64", ], }, ], scores: [ { cvss_v3: { baseScore: 7.8, baseSeverity: "HIGH", vectorString: "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", version: "3.1", }, products: [ "openSUSE Leap 15.2:libvlc5-3.0.11.1-lp152.2.9.1.x86_64", "openSUSE Leap 15.2:libvlccore9-3.0.11.1-lp152.2.9.1.x86_64", "openSUSE Leap 15.2:vlc-3.0.11.1-lp152.2.9.1.x86_64", "openSUSE Leap 15.2:vlc-codec-gstreamer-3.0.11.1-lp152.2.9.1.x86_64", "openSUSE Leap 15.2:vlc-devel-3.0.11.1-lp152.2.9.1.x86_64", "openSUSE Leap 15.2:vlc-jack-3.0.11.1-lp152.2.9.1.x86_64", "openSUSE Leap 15.2:vlc-lang-3.0.11.1-lp152.2.9.1.noarch", "openSUSE Leap 15.2:vlc-noX-3.0.11.1-lp152.2.9.1.x86_64", "openSUSE Leap 15.2:vlc-opencv-3.0.11.1-lp152.2.9.1.x86_64", "openSUSE Leap 15.2:vlc-qt-3.0.11.1-lp152.2.9.1.x86_64", "openSUSE Leap 15.2:vlc-vdpau-3.0.11.1-lp152.2.9.1.x86_64", ], }, ], threats: [ { category: "impact", date: "2021-01-16T18:54:28Z", details: "important", }, ], title: "CVE-2020-26664", }, ], }
opensuse-su-2021:0122-1
Vulnerability from csaf_opensuse
Published
2021-01-19 23:23
Modified
2021-01-19 23:23
Summary
Security update for vlc
Notes
Title of the patch
Security update for vlc
Description of the patch
This update for vlc fixes the following issues:
Update to 3.0.11.1:
- CVE-2020-13428: Fixed heap-based buffer overflow in the hxxx_AnnexB_to_xVC () (boo#1172727)
- CVE-2020-26664: Fixed heap-based buffer overflow in EbmlTypeDispatcher:send () (boo#1180755)
This update was imported from the openSUSE:Leap:15.2:Update update project.
Patchnames
openSUSE-2021-122
Terms of use
CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).
{ document: { aggregate_severity: { namespace: "https://www.suse.com/support/security/rating/", text: "important", }, category: "csaf_security_advisory", csaf_version: "2.0", distribution: { text: "Copyright 2024 SUSE LLC. All rights reserved.", tlp: { label: "WHITE", url: "https://www.first.org/tlp/", }, }, lang: "en", notes: [ { category: "summary", text: "Security update for vlc", title: "Title of the patch", }, { category: "description", text: "This update for vlc fixes the following issues:\n\nUpdate to 3.0.11.1:\n \n- CVE-2020-13428: Fixed heap-based buffer overflow in the hxxx_AnnexB_to_xVC () (boo#1172727)\n- CVE-2020-26664: Fixed heap-based buffer overflow in EbmlTypeDispatcher:send () (boo#1180755)\n\nThis update was imported from the openSUSE:Leap:15.2:Update update project.", title: "Description of the patch", }, { category: "details", text: "openSUSE-2021-122", title: "Patchnames", }, { category: "legal_disclaimer", text: "CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).", title: "Terms of use", }, ], publisher: { category: "vendor", contact_details: "https://www.suse.com/support/security/contact/", name: "SUSE Product Security Team", namespace: "https://www.suse.com/", }, references: [ { category: "external", summary: "SUSE ratings", url: "https://www.suse.com/support/security/rating/", }, { category: "self", summary: "URL of this CSAF notice", url: "https://ftp.suse.com/pub/projects/security/csaf/opensuse-su-2021_0122-1.json", }, { category: "self", summary: "URL for openSUSE-SU-2021:0122-1", url: "https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/YJCT5WYFJXXNRF5NSC7LOIHN7BD5UKVV/", }, { category: "self", summary: "E-Mail link for openSUSE-SU-2021:0122-1", url: "https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/YJCT5WYFJXXNRF5NSC7LOIHN7BD5UKVV/", }, { category: "self", summary: "SUSE Bug 1133290", url: "https://bugzilla.suse.com/1133290", }, { category: "self", summary: "SUSE Bug 1172727", url: "https://bugzilla.suse.com/1172727", }, { category: "self", summary: "SUSE Bug 1180755", url: "https://bugzilla.suse.com/1180755", }, { category: "self", summary: "SUSE CVE CVE-2020-13428 page", url: "https://www.suse.com/security/cve/CVE-2020-13428/", }, { category: "self", summary: "SUSE CVE CVE-2020-26664 page", url: "https://www.suse.com/security/cve/CVE-2020-26664/", }, ], title: "Security update for vlc", tracking: { current_release_date: "2021-01-19T23:23:58Z", generator: { date: "2021-01-19T23:23:58Z", engine: { name: "cve-database.git:bin/generate-csaf.pl", version: "1", }, }, id: "openSUSE-SU-2021:0122-1", initial_release_date: "2021-01-19T23:23:58Z", revision_history: [ { date: "2021-01-19T23:23:58Z", number: "1", summary: "Current version", }, ], status: "final", version: "1", }, }, product_tree: { branches: [ { branches: [ { branches: [ { category: "product_version", name: "libvlc5-3.0.11.1-bp152.2.9.1.aarch64", product: { name: "libvlc5-3.0.11.1-bp152.2.9.1.aarch64", product_id: "libvlc5-3.0.11.1-bp152.2.9.1.aarch64", }, }, { category: "product_version", name: "libvlccore9-3.0.11.1-bp152.2.9.1.aarch64", product: { name: "libvlccore9-3.0.11.1-bp152.2.9.1.aarch64", product_id: "libvlccore9-3.0.11.1-bp152.2.9.1.aarch64", }, }, { category: "product_version", name: "vlc-3.0.11.1-bp152.2.9.1.aarch64", product: { name: "vlc-3.0.11.1-bp152.2.9.1.aarch64", product_id: "vlc-3.0.11.1-bp152.2.9.1.aarch64", }, }, { category: "product_version", name: "vlc-codec-gstreamer-3.0.11.1-bp152.2.9.1.aarch64", product: { name: "vlc-codec-gstreamer-3.0.11.1-bp152.2.9.1.aarch64", product_id: "vlc-codec-gstreamer-3.0.11.1-bp152.2.9.1.aarch64", }, }, { category: "product_version", name: "vlc-devel-3.0.11.1-bp152.2.9.1.aarch64", product: { name: "vlc-devel-3.0.11.1-bp152.2.9.1.aarch64", product_id: "vlc-devel-3.0.11.1-bp152.2.9.1.aarch64", }, }, { category: "product_version", name: "vlc-jack-3.0.11.1-bp152.2.9.1.aarch64", product: { name: "vlc-jack-3.0.11.1-bp152.2.9.1.aarch64", product_id: "vlc-jack-3.0.11.1-bp152.2.9.1.aarch64", }, }, { category: "product_version", name: "vlc-noX-3.0.11.1-bp152.2.9.1.aarch64", product: { name: "vlc-noX-3.0.11.1-bp152.2.9.1.aarch64", product_id: "vlc-noX-3.0.11.1-bp152.2.9.1.aarch64", }, }, { category: "product_version", name: "vlc-opencv-3.0.11.1-bp152.2.9.1.aarch64", product: { name: "vlc-opencv-3.0.11.1-bp152.2.9.1.aarch64", product_id: "vlc-opencv-3.0.11.1-bp152.2.9.1.aarch64", }, }, { category: "product_version", name: "vlc-qt-3.0.11.1-bp152.2.9.1.aarch64", product: { name: "vlc-qt-3.0.11.1-bp152.2.9.1.aarch64", product_id: "vlc-qt-3.0.11.1-bp152.2.9.1.aarch64", }, }, { category: "product_version", name: "vlc-vdpau-3.0.11.1-bp152.2.9.1.aarch64", product: { name: "vlc-vdpau-3.0.11.1-bp152.2.9.1.aarch64", product_id: "vlc-vdpau-3.0.11.1-bp152.2.9.1.aarch64", }, }, ], category: "architecture", name: "aarch64", }, { branches: [ { category: "product_version", name: "vlc-lang-3.0.11.1-bp152.2.9.1.noarch", product: { name: "vlc-lang-3.0.11.1-bp152.2.9.1.noarch", product_id: "vlc-lang-3.0.11.1-bp152.2.9.1.noarch", }, }, ], category: "architecture", name: "noarch", }, { branches: [ { category: "product_version", name: "libvlc5-3.0.11.1-bp152.2.9.1.ppc64le", product: { name: "libvlc5-3.0.11.1-bp152.2.9.1.ppc64le", product_id: "libvlc5-3.0.11.1-bp152.2.9.1.ppc64le", }, }, { category: "product_version", name: "libvlccore9-3.0.11.1-bp152.2.9.1.ppc64le", product: { name: "libvlccore9-3.0.11.1-bp152.2.9.1.ppc64le", product_id: "libvlccore9-3.0.11.1-bp152.2.9.1.ppc64le", }, }, { category: "product_version", name: "vlc-3.0.11.1-bp152.2.9.1.ppc64le", product: { name: "vlc-3.0.11.1-bp152.2.9.1.ppc64le", product_id: "vlc-3.0.11.1-bp152.2.9.1.ppc64le", }, }, { category: "product_version", name: "vlc-codec-gstreamer-3.0.11.1-bp152.2.9.1.ppc64le", product: { name: "vlc-codec-gstreamer-3.0.11.1-bp152.2.9.1.ppc64le", product_id: "vlc-codec-gstreamer-3.0.11.1-bp152.2.9.1.ppc64le", }, }, { category: "product_version", name: "vlc-devel-3.0.11.1-bp152.2.9.1.ppc64le", product: { name: "vlc-devel-3.0.11.1-bp152.2.9.1.ppc64le", product_id: "vlc-devel-3.0.11.1-bp152.2.9.1.ppc64le", }, }, { category: "product_version", name: "vlc-jack-3.0.11.1-bp152.2.9.1.ppc64le", product: { name: "vlc-jack-3.0.11.1-bp152.2.9.1.ppc64le", product_id: "vlc-jack-3.0.11.1-bp152.2.9.1.ppc64le", }, }, { category: "product_version", name: "vlc-noX-3.0.11.1-bp152.2.9.1.ppc64le", product: { name: "vlc-noX-3.0.11.1-bp152.2.9.1.ppc64le", product_id: "vlc-noX-3.0.11.1-bp152.2.9.1.ppc64le", }, }, { category: "product_version", name: "vlc-opencv-3.0.11.1-bp152.2.9.1.ppc64le", product: { name: "vlc-opencv-3.0.11.1-bp152.2.9.1.ppc64le", product_id: "vlc-opencv-3.0.11.1-bp152.2.9.1.ppc64le", }, }, { category: "product_version", name: "vlc-qt-3.0.11.1-bp152.2.9.1.ppc64le", product: { name: "vlc-qt-3.0.11.1-bp152.2.9.1.ppc64le", product_id: "vlc-qt-3.0.11.1-bp152.2.9.1.ppc64le", }, }, { category: "product_version", name: "vlc-vdpau-3.0.11.1-bp152.2.9.1.ppc64le", product: { name: "vlc-vdpau-3.0.11.1-bp152.2.9.1.ppc64le", product_id: "vlc-vdpau-3.0.11.1-bp152.2.9.1.ppc64le", }, }, ], category: "architecture", name: "ppc64le", }, { branches: [ { category: "product_version", name: "libvlc5-3.0.11.1-bp152.2.9.1.s390x", product: { name: "libvlc5-3.0.11.1-bp152.2.9.1.s390x", product_id: "libvlc5-3.0.11.1-bp152.2.9.1.s390x", }, }, { category: "product_version", name: "libvlccore9-3.0.11.1-bp152.2.9.1.s390x", product: { name: "libvlccore9-3.0.11.1-bp152.2.9.1.s390x", product_id: "libvlccore9-3.0.11.1-bp152.2.9.1.s390x", }, }, { category: "product_version", name: "vlc-3.0.11.1-bp152.2.9.1.s390x", product: { name: "vlc-3.0.11.1-bp152.2.9.1.s390x", product_id: "vlc-3.0.11.1-bp152.2.9.1.s390x", }, }, { category: "product_version", name: "vlc-codec-gstreamer-3.0.11.1-bp152.2.9.1.s390x", product: { name: "vlc-codec-gstreamer-3.0.11.1-bp152.2.9.1.s390x", product_id: "vlc-codec-gstreamer-3.0.11.1-bp152.2.9.1.s390x", }, }, { category: "product_version", name: "vlc-devel-3.0.11.1-bp152.2.9.1.s390x", product: { name: "vlc-devel-3.0.11.1-bp152.2.9.1.s390x", product_id: "vlc-devel-3.0.11.1-bp152.2.9.1.s390x", }, }, { category: "product_version", name: "vlc-jack-3.0.11.1-bp152.2.9.1.s390x", product: { name: "vlc-jack-3.0.11.1-bp152.2.9.1.s390x", product_id: "vlc-jack-3.0.11.1-bp152.2.9.1.s390x", }, }, { category: "product_version", name: "vlc-noX-3.0.11.1-bp152.2.9.1.s390x", product: { name: "vlc-noX-3.0.11.1-bp152.2.9.1.s390x", product_id: "vlc-noX-3.0.11.1-bp152.2.9.1.s390x", }, }, { category: "product_version", name: "vlc-opencv-3.0.11.1-bp152.2.9.1.s390x", product: { name: "vlc-opencv-3.0.11.1-bp152.2.9.1.s390x", product_id: "vlc-opencv-3.0.11.1-bp152.2.9.1.s390x", }, }, { category: "product_version", name: "vlc-qt-3.0.11.1-bp152.2.9.1.s390x", product: { name: "vlc-qt-3.0.11.1-bp152.2.9.1.s390x", product_id: "vlc-qt-3.0.11.1-bp152.2.9.1.s390x", }, }, { category: "product_version", name: "vlc-vdpau-3.0.11.1-bp152.2.9.1.s390x", product: { name: "vlc-vdpau-3.0.11.1-bp152.2.9.1.s390x", product_id: "vlc-vdpau-3.0.11.1-bp152.2.9.1.s390x", }, }, ], category: "architecture", name: "s390x", }, { branches: [ { category: "product_version", name: "libvlc5-3.0.11.1-bp152.2.9.1.x86_64", product: { name: "libvlc5-3.0.11.1-bp152.2.9.1.x86_64", product_id: "libvlc5-3.0.11.1-bp152.2.9.1.x86_64", }, }, { category: "product_version", name: "libvlccore9-3.0.11.1-bp152.2.9.1.x86_64", product: { name: "libvlccore9-3.0.11.1-bp152.2.9.1.x86_64", product_id: "libvlccore9-3.0.11.1-bp152.2.9.1.x86_64", }, }, { category: "product_version", name: "vlc-3.0.11.1-bp152.2.9.1.x86_64", product: { name: "vlc-3.0.11.1-bp152.2.9.1.x86_64", product_id: "vlc-3.0.11.1-bp152.2.9.1.x86_64", }, }, { category: "product_version", name: "vlc-codec-gstreamer-3.0.11.1-bp152.2.9.1.x86_64", product: { name: "vlc-codec-gstreamer-3.0.11.1-bp152.2.9.1.x86_64", product_id: "vlc-codec-gstreamer-3.0.11.1-bp152.2.9.1.x86_64", }, }, { category: "product_version", name: "vlc-devel-3.0.11.1-bp152.2.9.1.x86_64", product: { name: "vlc-devel-3.0.11.1-bp152.2.9.1.x86_64", product_id: "vlc-devel-3.0.11.1-bp152.2.9.1.x86_64", }, }, { category: "product_version", name: "vlc-jack-3.0.11.1-bp152.2.9.1.x86_64", product: { name: "vlc-jack-3.0.11.1-bp152.2.9.1.x86_64", product_id: "vlc-jack-3.0.11.1-bp152.2.9.1.x86_64", }, }, { category: "product_version", name: "vlc-noX-3.0.11.1-bp152.2.9.1.x86_64", product: { name: "vlc-noX-3.0.11.1-bp152.2.9.1.x86_64", product_id: "vlc-noX-3.0.11.1-bp152.2.9.1.x86_64", }, }, { category: "product_version", name: "vlc-opencv-3.0.11.1-bp152.2.9.1.x86_64", product: { name: "vlc-opencv-3.0.11.1-bp152.2.9.1.x86_64", product_id: "vlc-opencv-3.0.11.1-bp152.2.9.1.x86_64", }, }, { category: "product_version", name: "vlc-qt-3.0.11.1-bp152.2.9.1.x86_64", product: { name: "vlc-qt-3.0.11.1-bp152.2.9.1.x86_64", product_id: "vlc-qt-3.0.11.1-bp152.2.9.1.x86_64", }, }, { category: "product_version", name: "vlc-vdpau-3.0.11.1-bp152.2.9.1.x86_64", product: { name: "vlc-vdpau-3.0.11.1-bp152.2.9.1.x86_64", product_id: "vlc-vdpau-3.0.11.1-bp152.2.9.1.x86_64", }, }, ], category: "architecture", name: "x86_64", }, { branches: [ { category: "product_name", name: "SUSE Package Hub 15 SP2", product: { name: "SUSE Package Hub 15 SP2", product_id: "SUSE Package Hub 15 SP2", }, }, ], category: "product_family", name: "SUSE Linux Enterprise", }, ], category: "vendor", name: "SUSE", }, ], relationships: [ { category: "default_component_of", full_product_name: { name: "libvlc5-3.0.11.1-bp152.2.9.1.aarch64 as component of SUSE Package Hub 15 SP2", product_id: "SUSE Package Hub 15 SP2:libvlc5-3.0.11.1-bp152.2.9.1.aarch64", }, product_reference: "libvlc5-3.0.11.1-bp152.2.9.1.aarch64", relates_to_product_reference: "SUSE Package Hub 15 SP2", }, { category: "default_component_of", full_product_name: { name: "libvlc5-3.0.11.1-bp152.2.9.1.ppc64le as component of SUSE Package Hub 15 SP2", product_id: "SUSE Package Hub 15 SP2:libvlc5-3.0.11.1-bp152.2.9.1.ppc64le", }, product_reference: "libvlc5-3.0.11.1-bp152.2.9.1.ppc64le", relates_to_product_reference: "SUSE Package Hub 15 SP2", }, { category: "default_component_of", full_product_name: { name: "libvlc5-3.0.11.1-bp152.2.9.1.s390x as component of SUSE Package Hub 15 SP2", product_id: "SUSE Package Hub 15 SP2:libvlc5-3.0.11.1-bp152.2.9.1.s390x", }, product_reference: "libvlc5-3.0.11.1-bp152.2.9.1.s390x", relates_to_product_reference: "SUSE Package Hub 15 SP2", }, { category: "default_component_of", full_product_name: { name: "libvlc5-3.0.11.1-bp152.2.9.1.x86_64 as component of SUSE Package Hub 15 SP2", product_id: "SUSE Package Hub 15 SP2:libvlc5-3.0.11.1-bp152.2.9.1.x86_64", }, product_reference: "libvlc5-3.0.11.1-bp152.2.9.1.x86_64", relates_to_product_reference: "SUSE Package Hub 15 SP2", }, { category: "default_component_of", full_product_name: { name: "libvlccore9-3.0.11.1-bp152.2.9.1.aarch64 as component of SUSE Package Hub 15 SP2", product_id: "SUSE Package Hub 15 SP2:libvlccore9-3.0.11.1-bp152.2.9.1.aarch64", }, product_reference: "libvlccore9-3.0.11.1-bp152.2.9.1.aarch64", relates_to_product_reference: "SUSE Package Hub 15 SP2", }, { category: "default_component_of", full_product_name: { name: "libvlccore9-3.0.11.1-bp152.2.9.1.ppc64le as component of SUSE Package Hub 15 SP2", product_id: "SUSE Package Hub 15 SP2:libvlccore9-3.0.11.1-bp152.2.9.1.ppc64le", }, product_reference: "libvlccore9-3.0.11.1-bp152.2.9.1.ppc64le", relates_to_product_reference: "SUSE Package Hub 15 SP2", }, { category: "default_component_of", full_product_name: { name: "libvlccore9-3.0.11.1-bp152.2.9.1.s390x as component of SUSE Package Hub 15 SP2", product_id: "SUSE Package Hub 15 SP2:libvlccore9-3.0.11.1-bp152.2.9.1.s390x", }, product_reference: "libvlccore9-3.0.11.1-bp152.2.9.1.s390x", relates_to_product_reference: "SUSE Package Hub 15 SP2", }, { category: "default_component_of", full_product_name: { name: "libvlccore9-3.0.11.1-bp152.2.9.1.x86_64 as component of SUSE Package Hub 15 SP2", product_id: "SUSE Package Hub 15 SP2:libvlccore9-3.0.11.1-bp152.2.9.1.x86_64", }, product_reference: "libvlccore9-3.0.11.1-bp152.2.9.1.x86_64", relates_to_product_reference: "SUSE Package Hub 15 SP2", }, { category: "default_component_of", full_product_name: { name: "vlc-3.0.11.1-bp152.2.9.1.aarch64 as component of SUSE Package Hub 15 SP2", product_id: "SUSE Package Hub 15 SP2:vlc-3.0.11.1-bp152.2.9.1.aarch64", }, product_reference: "vlc-3.0.11.1-bp152.2.9.1.aarch64", relates_to_product_reference: "SUSE Package Hub 15 SP2", }, { category: "default_component_of", full_product_name: { name: "vlc-3.0.11.1-bp152.2.9.1.ppc64le as component of SUSE Package Hub 15 SP2", product_id: "SUSE Package Hub 15 SP2:vlc-3.0.11.1-bp152.2.9.1.ppc64le", }, product_reference: "vlc-3.0.11.1-bp152.2.9.1.ppc64le", relates_to_product_reference: "SUSE Package Hub 15 SP2", }, { category: "default_component_of", full_product_name: { name: "vlc-3.0.11.1-bp152.2.9.1.s390x as component of SUSE Package Hub 15 SP2", product_id: "SUSE Package Hub 15 SP2:vlc-3.0.11.1-bp152.2.9.1.s390x", }, product_reference: "vlc-3.0.11.1-bp152.2.9.1.s390x", relates_to_product_reference: "SUSE Package Hub 15 SP2", }, { category: "default_component_of", full_product_name: { name: "vlc-3.0.11.1-bp152.2.9.1.x86_64 as component of SUSE Package Hub 15 SP2", product_id: "SUSE Package Hub 15 SP2:vlc-3.0.11.1-bp152.2.9.1.x86_64", }, product_reference: "vlc-3.0.11.1-bp152.2.9.1.x86_64", relates_to_product_reference: "SUSE Package Hub 15 SP2", }, { category: "default_component_of", full_product_name: { name: "vlc-codec-gstreamer-3.0.11.1-bp152.2.9.1.aarch64 as component of SUSE Package Hub 15 SP2", product_id: "SUSE Package Hub 15 SP2:vlc-codec-gstreamer-3.0.11.1-bp152.2.9.1.aarch64", }, product_reference: "vlc-codec-gstreamer-3.0.11.1-bp152.2.9.1.aarch64", relates_to_product_reference: "SUSE Package Hub 15 SP2", }, { category: "default_component_of", full_product_name: { name: "vlc-codec-gstreamer-3.0.11.1-bp152.2.9.1.ppc64le as component of SUSE Package Hub 15 SP2", product_id: "SUSE Package Hub 15 SP2:vlc-codec-gstreamer-3.0.11.1-bp152.2.9.1.ppc64le", }, product_reference: "vlc-codec-gstreamer-3.0.11.1-bp152.2.9.1.ppc64le", relates_to_product_reference: "SUSE Package Hub 15 SP2", }, { category: "default_component_of", full_product_name: { name: "vlc-codec-gstreamer-3.0.11.1-bp152.2.9.1.s390x as component of SUSE Package Hub 15 SP2", product_id: "SUSE Package Hub 15 SP2:vlc-codec-gstreamer-3.0.11.1-bp152.2.9.1.s390x", }, product_reference: "vlc-codec-gstreamer-3.0.11.1-bp152.2.9.1.s390x", relates_to_product_reference: "SUSE Package Hub 15 SP2", }, { category: "default_component_of", full_product_name: { name: "vlc-codec-gstreamer-3.0.11.1-bp152.2.9.1.x86_64 as component of SUSE Package Hub 15 SP2", product_id: "SUSE Package Hub 15 SP2:vlc-codec-gstreamer-3.0.11.1-bp152.2.9.1.x86_64", }, product_reference: "vlc-codec-gstreamer-3.0.11.1-bp152.2.9.1.x86_64", relates_to_product_reference: "SUSE Package Hub 15 SP2", }, { category: "default_component_of", full_product_name: { name: "vlc-devel-3.0.11.1-bp152.2.9.1.aarch64 as component of SUSE Package Hub 15 SP2", product_id: "SUSE Package Hub 15 SP2:vlc-devel-3.0.11.1-bp152.2.9.1.aarch64", }, product_reference: "vlc-devel-3.0.11.1-bp152.2.9.1.aarch64", relates_to_product_reference: "SUSE Package Hub 15 SP2", }, { category: "default_component_of", full_product_name: { name: "vlc-devel-3.0.11.1-bp152.2.9.1.ppc64le as component of SUSE Package Hub 15 SP2", product_id: "SUSE Package Hub 15 SP2:vlc-devel-3.0.11.1-bp152.2.9.1.ppc64le", }, product_reference: "vlc-devel-3.0.11.1-bp152.2.9.1.ppc64le", relates_to_product_reference: "SUSE Package Hub 15 SP2", }, { category: "default_component_of", full_product_name: { name: "vlc-devel-3.0.11.1-bp152.2.9.1.s390x as component of SUSE Package Hub 15 SP2", product_id: "SUSE Package Hub 15 SP2:vlc-devel-3.0.11.1-bp152.2.9.1.s390x", }, product_reference: "vlc-devel-3.0.11.1-bp152.2.9.1.s390x", relates_to_product_reference: "SUSE Package Hub 15 SP2", }, { category: "default_component_of", full_product_name: { name: "vlc-devel-3.0.11.1-bp152.2.9.1.x86_64 as component of SUSE Package Hub 15 SP2", product_id: "SUSE Package Hub 15 SP2:vlc-devel-3.0.11.1-bp152.2.9.1.x86_64", }, product_reference: "vlc-devel-3.0.11.1-bp152.2.9.1.x86_64", relates_to_product_reference: "SUSE Package Hub 15 SP2", }, { category: "default_component_of", full_product_name: { name: "vlc-jack-3.0.11.1-bp152.2.9.1.aarch64 as component of SUSE Package Hub 15 SP2", product_id: "SUSE Package Hub 15 SP2:vlc-jack-3.0.11.1-bp152.2.9.1.aarch64", }, product_reference: "vlc-jack-3.0.11.1-bp152.2.9.1.aarch64", relates_to_product_reference: "SUSE Package Hub 15 SP2", }, { category: "default_component_of", full_product_name: { name: "vlc-jack-3.0.11.1-bp152.2.9.1.ppc64le as component of SUSE Package Hub 15 SP2", product_id: "SUSE Package Hub 15 SP2:vlc-jack-3.0.11.1-bp152.2.9.1.ppc64le", }, product_reference: "vlc-jack-3.0.11.1-bp152.2.9.1.ppc64le", relates_to_product_reference: "SUSE Package Hub 15 SP2", }, { category: "default_component_of", full_product_name: { name: "vlc-jack-3.0.11.1-bp152.2.9.1.s390x as component of SUSE Package Hub 15 SP2", product_id: "SUSE Package Hub 15 SP2:vlc-jack-3.0.11.1-bp152.2.9.1.s390x", }, product_reference: "vlc-jack-3.0.11.1-bp152.2.9.1.s390x", relates_to_product_reference: "SUSE Package Hub 15 SP2", }, { category: "default_component_of", full_product_name: { name: "vlc-jack-3.0.11.1-bp152.2.9.1.x86_64 as component of SUSE Package Hub 15 SP2", product_id: "SUSE Package Hub 15 SP2:vlc-jack-3.0.11.1-bp152.2.9.1.x86_64", }, product_reference: "vlc-jack-3.0.11.1-bp152.2.9.1.x86_64", relates_to_product_reference: "SUSE Package Hub 15 SP2", }, { category: "default_component_of", full_product_name: { name: "vlc-lang-3.0.11.1-bp152.2.9.1.noarch as component of SUSE Package Hub 15 SP2", product_id: "SUSE Package Hub 15 SP2:vlc-lang-3.0.11.1-bp152.2.9.1.noarch", }, product_reference: "vlc-lang-3.0.11.1-bp152.2.9.1.noarch", relates_to_product_reference: "SUSE Package Hub 15 SP2", }, { category: "default_component_of", full_product_name: { name: "vlc-noX-3.0.11.1-bp152.2.9.1.aarch64 as component of SUSE Package Hub 15 SP2", product_id: "SUSE Package Hub 15 SP2:vlc-noX-3.0.11.1-bp152.2.9.1.aarch64", }, product_reference: "vlc-noX-3.0.11.1-bp152.2.9.1.aarch64", relates_to_product_reference: "SUSE Package Hub 15 SP2", }, { category: "default_component_of", full_product_name: { name: "vlc-noX-3.0.11.1-bp152.2.9.1.ppc64le as component of SUSE Package Hub 15 SP2", product_id: "SUSE Package Hub 15 SP2:vlc-noX-3.0.11.1-bp152.2.9.1.ppc64le", }, product_reference: "vlc-noX-3.0.11.1-bp152.2.9.1.ppc64le", relates_to_product_reference: "SUSE Package Hub 15 SP2", }, { category: "default_component_of", full_product_name: { name: "vlc-noX-3.0.11.1-bp152.2.9.1.s390x as component of SUSE Package Hub 15 SP2", product_id: "SUSE Package Hub 15 SP2:vlc-noX-3.0.11.1-bp152.2.9.1.s390x", }, product_reference: "vlc-noX-3.0.11.1-bp152.2.9.1.s390x", relates_to_product_reference: "SUSE Package Hub 15 SP2", }, { category: "default_component_of", full_product_name: { name: "vlc-noX-3.0.11.1-bp152.2.9.1.x86_64 as component of SUSE Package Hub 15 SP2", product_id: "SUSE Package Hub 15 SP2:vlc-noX-3.0.11.1-bp152.2.9.1.x86_64", }, product_reference: "vlc-noX-3.0.11.1-bp152.2.9.1.x86_64", relates_to_product_reference: "SUSE Package Hub 15 SP2", }, { category: "default_component_of", full_product_name: { name: "vlc-opencv-3.0.11.1-bp152.2.9.1.aarch64 as component of SUSE Package Hub 15 SP2", product_id: "SUSE Package Hub 15 SP2:vlc-opencv-3.0.11.1-bp152.2.9.1.aarch64", }, product_reference: "vlc-opencv-3.0.11.1-bp152.2.9.1.aarch64", relates_to_product_reference: "SUSE Package Hub 15 SP2", }, { category: "default_component_of", full_product_name: { name: "vlc-opencv-3.0.11.1-bp152.2.9.1.ppc64le as component of SUSE Package Hub 15 SP2", product_id: "SUSE Package Hub 15 SP2:vlc-opencv-3.0.11.1-bp152.2.9.1.ppc64le", }, product_reference: "vlc-opencv-3.0.11.1-bp152.2.9.1.ppc64le", relates_to_product_reference: "SUSE Package Hub 15 SP2", }, { category: "default_component_of", full_product_name: { name: "vlc-opencv-3.0.11.1-bp152.2.9.1.s390x as component of SUSE Package Hub 15 SP2", product_id: "SUSE Package Hub 15 SP2:vlc-opencv-3.0.11.1-bp152.2.9.1.s390x", }, product_reference: "vlc-opencv-3.0.11.1-bp152.2.9.1.s390x", relates_to_product_reference: "SUSE Package Hub 15 SP2", }, { category: "default_component_of", full_product_name: { name: "vlc-opencv-3.0.11.1-bp152.2.9.1.x86_64 as component of SUSE Package Hub 15 SP2", product_id: "SUSE Package Hub 15 SP2:vlc-opencv-3.0.11.1-bp152.2.9.1.x86_64", }, product_reference: "vlc-opencv-3.0.11.1-bp152.2.9.1.x86_64", relates_to_product_reference: "SUSE Package Hub 15 SP2", }, { category: "default_component_of", full_product_name: { name: "vlc-qt-3.0.11.1-bp152.2.9.1.aarch64 as component of SUSE Package Hub 15 SP2", product_id: "SUSE Package Hub 15 SP2:vlc-qt-3.0.11.1-bp152.2.9.1.aarch64", }, product_reference: "vlc-qt-3.0.11.1-bp152.2.9.1.aarch64", relates_to_product_reference: "SUSE Package Hub 15 SP2", }, { category: "default_component_of", full_product_name: { name: "vlc-qt-3.0.11.1-bp152.2.9.1.ppc64le as component of SUSE Package Hub 15 SP2", product_id: "SUSE Package Hub 15 SP2:vlc-qt-3.0.11.1-bp152.2.9.1.ppc64le", }, product_reference: "vlc-qt-3.0.11.1-bp152.2.9.1.ppc64le", relates_to_product_reference: "SUSE Package Hub 15 SP2", }, { category: "default_component_of", full_product_name: { name: "vlc-qt-3.0.11.1-bp152.2.9.1.s390x as component of SUSE Package Hub 15 SP2", product_id: "SUSE Package Hub 15 SP2:vlc-qt-3.0.11.1-bp152.2.9.1.s390x", }, product_reference: "vlc-qt-3.0.11.1-bp152.2.9.1.s390x", relates_to_product_reference: "SUSE Package Hub 15 SP2", }, { category: "default_component_of", full_product_name: { name: "vlc-qt-3.0.11.1-bp152.2.9.1.x86_64 as component of SUSE Package Hub 15 SP2", product_id: "SUSE Package Hub 15 SP2:vlc-qt-3.0.11.1-bp152.2.9.1.x86_64", }, product_reference: "vlc-qt-3.0.11.1-bp152.2.9.1.x86_64", relates_to_product_reference: "SUSE Package Hub 15 SP2", }, { category: "default_component_of", full_product_name: { name: "vlc-vdpau-3.0.11.1-bp152.2.9.1.aarch64 as component of SUSE Package Hub 15 SP2", product_id: "SUSE Package Hub 15 SP2:vlc-vdpau-3.0.11.1-bp152.2.9.1.aarch64", }, product_reference: "vlc-vdpau-3.0.11.1-bp152.2.9.1.aarch64", relates_to_product_reference: "SUSE Package Hub 15 SP2", }, { category: "default_component_of", full_product_name: { name: "vlc-vdpau-3.0.11.1-bp152.2.9.1.ppc64le as component of SUSE Package Hub 15 SP2", product_id: "SUSE Package Hub 15 SP2:vlc-vdpau-3.0.11.1-bp152.2.9.1.ppc64le", }, product_reference: "vlc-vdpau-3.0.11.1-bp152.2.9.1.ppc64le", relates_to_product_reference: "SUSE Package Hub 15 SP2", }, { category: "default_component_of", full_product_name: { name: "vlc-vdpau-3.0.11.1-bp152.2.9.1.s390x as component of SUSE Package Hub 15 SP2", product_id: "SUSE Package Hub 15 SP2:vlc-vdpau-3.0.11.1-bp152.2.9.1.s390x", }, product_reference: "vlc-vdpau-3.0.11.1-bp152.2.9.1.s390x", relates_to_product_reference: "SUSE Package Hub 15 SP2", }, { category: "default_component_of", full_product_name: { name: "vlc-vdpau-3.0.11.1-bp152.2.9.1.x86_64 as component of SUSE Package Hub 15 SP2", product_id: "SUSE Package Hub 15 SP2:vlc-vdpau-3.0.11.1-bp152.2.9.1.x86_64", }, product_reference: "vlc-vdpau-3.0.11.1-bp152.2.9.1.x86_64", relates_to_product_reference: "SUSE Package Hub 15 SP2", }, ], }, vulnerabilities: [ { cve: "CVE-2020-13428", ids: [ { system_name: "SUSE CVE Page", text: "https://www.suse.com/security/cve/CVE-2020-13428", }, ], notes: [ { category: "general", text: "A heap-based buffer overflow in the hxxx_AnnexB_to_xVC function in modules/packetizer/hxxx_nal.c in VideoLAN VLC media player before 3.0.11 for macOS/iOS allows remote attackers to cause a denial of service (application crash) or execute arbitrary code via a crafted H.264 Annex-B video (.avi for example) file.", title: "CVE description", }, ], product_status: { recommended: [ "SUSE Package Hub 15 SP2:libvlc5-3.0.11.1-bp152.2.9.1.aarch64", "SUSE Package Hub 15 SP2:libvlc5-3.0.11.1-bp152.2.9.1.ppc64le", "SUSE Package Hub 15 SP2:libvlc5-3.0.11.1-bp152.2.9.1.s390x", "SUSE Package Hub 15 SP2:libvlc5-3.0.11.1-bp152.2.9.1.x86_64", "SUSE Package Hub 15 SP2:libvlccore9-3.0.11.1-bp152.2.9.1.aarch64", "SUSE Package Hub 15 SP2:libvlccore9-3.0.11.1-bp152.2.9.1.ppc64le", "SUSE Package Hub 15 SP2:libvlccore9-3.0.11.1-bp152.2.9.1.s390x", "SUSE Package Hub 15 SP2:libvlccore9-3.0.11.1-bp152.2.9.1.x86_64", "SUSE Package Hub 15 SP2:vlc-3.0.11.1-bp152.2.9.1.aarch64", "SUSE Package Hub 15 SP2:vlc-3.0.11.1-bp152.2.9.1.ppc64le", "SUSE Package Hub 15 SP2:vlc-3.0.11.1-bp152.2.9.1.s390x", "SUSE Package Hub 15 SP2:vlc-3.0.11.1-bp152.2.9.1.x86_64", "SUSE Package Hub 15 SP2:vlc-codec-gstreamer-3.0.11.1-bp152.2.9.1.aarch64", "SUSE Package Hub 15 SP2:vlc-codec-gstreamer-3.0.11.1-bp152.2.9.1.ppc64le", "SUSE Package Hub 15 SP2:vlc-codec-gstreamer-3.0.11.1-bp152.2.9.1.s390x", "SUSE Package Hub 15 SP2:vlc-codec-gstreamer-3.0.11.1-bp152.2.9.1.x86_64", "SUSE Package Hub 15 SP2:vlc-devel-3.0.11.1-bp152.2.9.1.aarch64", "SUSE Package Hub 15 SP2:vlc-devel-3.0.11.1-bp152.2.9.1.ppc64le", "SUSE Package Hub 15 SP2:vlc-devel-3.0.11.1-bp152.2.9.1.s390x", "SUSE Package Hub 15 SP2:vlc-devel-3.0.11.1-bp152.2.9.1.x86_64", "SUSE Package Hub 15 SP2:vlc-jack-3.0.11.1-bp152.2.9.1.aarch64", "SUSE Package Hub 15 SP2:vlc-jack-3.0.11.1-bp152.2.9.1.ppc64le", "SUSE Package Hub 15 SP2:vlc-jack-3.0.11.1-bp152.2.9.1.s390x", "SUSE Package Hub 15 SP2:vlc-jack-3.0.11.1-bp152.2.9.1.x86_64", "SUSE Package Hub 15 SP2:vlc-lang-3.0.11.1-bp152.2.9.1.noarch", "SUSE Package Hub 15 SP2:vlc-noX-3.0.11.1-bp152.2.9.1.aarch64", "SUSE Package Hub 15 SP2:vlc-noX-3.0.11.1-bp152.2.9.1.ppc64le", "SUSE Package Hub 15 SP2:vlc-noX-3.0.11.1-bp152.2.9.1.s390x", "SUSE Package Hub 15 SP2:vlc-noX-3.0.11.1-bp152.2.9.1.x86_64", "SUSE Package Hub 15 SP2:vlc-opencv-3.0.11.1-bp152.2.9.1.aarch64", "SUSE Package Hub 15 SP2:vlc-opencv-3.0.11.1-bp152.2.9.1.ppc64le", "SUSE Package Hub 15 SP2:vlc-opencv-3.0.11.1-bp152.2.9.1.s390x", "SUSE Package Hub 15 SP2:vlc-opencv-3.0.11.1-bp152.2.9.1.x86_64", "SUSE Package Hub 15 SP2:vlc-qt-3.0.11.1-bp152.2.9.1.aarch64", "SUSE Package Hub 15 SP2:vlc-qt-3.0.11.1-bp152.2.9.1.ppc64le", "SUSE Package Hub 15 SP2:vlc-qt-3.0.11.1-bp152.2.9.1.s390x", "SUSE Package Hub 15 SP2:vlc-qt-3.0.11.1-bp152.2.9.1.x86_64", "SUSE Package Hub 15 SP2:vlc-vdpau-3.0.11.1-bp152.2.9.1.aarch64", "SUSE Package Hub 15 SP2:vlc-vdpau-3.0.11.1-bp152.2.9.1.ppc64le", "SUSE Package Hub 15 SP2:vlc-vdpau-3.0.11.1-bp152.2.9.1.s390x", "SUSE Package Hub 15 SP2:vlc-vdpau-3.0.11.1-bp152.2.9.1.x86_64", ], }, references: [ { category: "external", summary: "CVE-2020-13428", url: "https://www.suse.com/security/cve/CVE-2020-13428", }, { category: "external", summary: "SUSE Bug 1172727 for CVE-2020-13428", url: "https://bugzilla.suse.com/1172727", }, ], remediations: [ { category: "vendor_fix", details: "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n", product_ids: [ "SUSE Package Hub 15 SP2:libvlc5-3.0.11.1-bp152.2.9.1.aarch64", "SUSE Package Hub 15 SP2:libvlc5-3.0.11.1-bp152.2.9.1.ppc64le", "SUSE Package Hub 15 SP2:libvlc5-3.0.11.1-bp152.2.9.1.s390x", "SUSE Package Hub 15 SP2:libvlc5-3.0.11.1-bp152.2.9.1.x86_64", "SUSE Package Hub 15 SP2:libvlccore9-3.0.11.1-bp152.2.9.1.aarch64", "SUSE Package Hub 15 SP2:libvlccore9-3.0.11.1-bp152.2.9.1.ppc64le", "SUSE Package Hub 15 SP2:libvlccore9-3.0.11.1-bp152.2.9.1.s390x", "SUSE Package Hub 15 SP2:libvlccore9-3.0.11.1-bp152.2.9.1.x86_64", "SUSE Package Hub 15 SP2:vlc-3.0.11.1-bp152.2.9.1.aarch64", "SUSE Package Hub 15 SP2:vlc-3.0.11.1-bp152.2.9.1.ppc64le", "SUSE Package Hub 15 SP2:vlc-3.0.11.1-bp152.2.9.1.s390x", "SUSE Package Hub 15 SP2:vlc-3.0.11.1-bp152.2.9.1.x86_64", "SUSE Package Hub 15 SP2:vlc-codec-gstreamer-3.0.11.1-bp152.2.9.1.aarch64", "SUSE Package Hub 15 SP2:vlc-codec-gstreamer-3.0.11.1-bp152.2.9.1.ppc64le", "SUSE Package Hub 15 SP2:vlc-codec-gstreamer-3.0.11.1-bp152.2.9.1.s390x", "SUSE Package Hub 15 SP2:vlc-codec-gstreamer-3.0.11.1-bp152.2.9.1.x86_64", "SUSE Package Hub 15 SP2:vlc-devel-3.0.11.1-bp152.2.9.1.aarch64", "SUSE Package Hub 15 SP2:vlc-devel-3.0.11.1-bp152.2.9.1.ppc64le", "SUSE Package Hub 15 SP2:vlc-devel-3.0.11.1-bp152.2.9.1.s390x", "SUSE Package Hub 15 SP2:vlc-devel-3.0.11.1-bp152.2.9.1.x86_64", "SUSE Package Hub 15 SP2:vlc-jack-3.0.11.1-bp152.2.9.1.aarch64", "SUSE Package Hub 15 SP2:vlc-jack-3.0.11.1-bp152.2.9.1.ppc64le", "SUSE Package Hub 15 SP2:vlc-jack-3.0.11.1-bp152.2.9.1.s390x", "SUSE Package Hub 15 SP2:vlc-jack-3.0.11.1-bp152.2.9.1.x86_64", "SUSE Package Hub 15 SP2:vlc-lang-3.0.11.1-bp152.2.9.1.noarch", "SUSE Package Hub 15 SP2:vlc-noX-3.0.11.1-bp152.2.9.1.aarch64", "SUSE Package Hub 15 SP2:vlc-noX-3.0.11.1-bp152.2.9.1.ppc64le", "SUSE Package Hub 15 SP2:vlc-noX-3.0.11.1-bp152.2.9.1.s390x", "SUSE Package Hub 15 SP2:vlc-noX-3.0.11.1-bp152.2.9.1.x86_64", "SUSE Package Hub 15 SP2:vlc-opencv-3.0.11.1-bp152.2.9.1.aarch64", "SUSE Package Hub 15 SP2:vlc-opencv-3.0.11.1-bp152.2.9.1.ppc64le", "SUSE Package Hub 15 SP2:vlc-opencv-3.0.11.1-bp152.2.9.1.s390x", "SUSE Package Hub 15 SP2:vlc-opencv-3.0.11.1-bp152.2.9.1.x86_64", "SUSE Package Hub 15 SP2:vlc-qt-3.0.11.1-bp152.2.9.1.aarch64", "SUSE Package Hub 15 SP2:vlc-qt-3.0.11.1-bp152.2.9.1.ppc64le", "SUSE Package Hub 15 SP2:vlc-qt-3.0.11.1-bp152.2.9.1.s390x", "SUSE Package Hub 15 SP2:vlc-qt-3.0.11.1-bp152.2.9.1.x86_64", "SUSE Package Hub 15 SP2:vlc-vdpau-3.0.11.1-bp152.2.9.1.aarch64", "SUSE Package Hub 15 SP2:vlc-vdpau-3.0.11.1-bp152.2.9.1.ppc64le", "SUSE Package Hub 15 SP2:vlc-vdpau-3.0.11.1-bp152.2.9.1.s390x", "SUSE Package Hub 15 SP2:vlc-vdpau-3.0.11.1-bp152.2.9.1.x86_64", ], }, ], scores: [ { cvss_v3: { baseScore: 7.8, baseSeverity: "HIGH", vectorString: "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", version: "3.1", }, products: [ "SUSE Package Hub 15 SP2:libvlc5-3.0.11.1-bp152.2.9.1.aarch64", "SUSE Package Hub 15 SP2:libvlc5-3.0.11.1-bp152.2.9.1.ppc64le", "SUSE Package Hub 15 SP2:libvlc5-3.0.11.1-bp152.2.9.1.s390x", "SUSE Package Hub 15 SP2:libvlc5-3.0.11.1-bp152.2.9.1.x86_64", "SUSE Package Hub 15 SP2:libvlccore9-3.0.11.1-bp152.2.9.1.aarch64", "SUSE Package Hub 15 SP2:libvlccore9-3.0.11.1-bp152.2.9.1.ppc64le", "SUSE Package Hub 15 SP2:libvlccore9-3.0.11.1-bp152.2.9.1.s390x", "SUSE Package Hub 15 SP2:libvlccore9-3.0.11.1-bp152.2.9.1.x86_64", "SUSE Package Hub 15 SP2:vlc-3.0.11.1-bp152.2.9.1.aarch64", "SUSE Package Hub 15 SP2:vlc-3.0.11.1-bp152.2.9.1.ppc64le", "SUSE Package Hub 15 SP2:vlc-3.0.11.1-bp152.2.9.1.s390x", "SUSE Package Hub 15 SP2:vlc-3.0.11.1-bp152.2.9.1.x86_64", "SUSE Package Hub 15 SP2:vlc-codec-gstreamer-3.0.11.1-bp152.2.9.1.aarch64", "SUSE Package Hub 15 SP2:vlc-codec-gstreamer-3.0.11.1-bp152.2.9.1.ppc64le", "SUSE Package Hub 15 SP2:vlc-codec-gstreamer-3.0.11.1-bp152.2.9.1.s390x", "SUSE Package Hub 15 SP2:vlc-codec-gstreamer-3.0.11.1-bp152.2.9.1.x86_64", "SUSE Package Hub 15 SP2:vlc-devel-3.0.11.1-bp152.2.9.1.aarch64", "SUSE Package Hub 15 SP2:vlc-devel-3.0.11.1-bp152.2.9.1.ppc64le", "SUSE Package Hub 15 SP2:vlc-devel-3.0.11.1-bp152.2.9.1.s390x", "SUSE Package Hub 15 SP2:vlc-devel-3.0.11.1-bp152.2.9.1.x86_64", "SUSE Package Hub 15 SP2:vlc-jack-3.0.11.1-bp152.2.9.1.aarch64", "SUSE Package Hub 15 SP2:vlc-jack-3.0.11.1-bp152.2.9.1.ppc64le", "SUSE Package Hub 15 SP2:vlc-jack-3.0.11.1-bp152.2.9.1.s390x", "SUSE Package Hub 15 SP2:vlc-jack-3.0.11.1-bp152.2.9.1.x86_64", "SUSE Package Hub 15 SP2:vlc-lang-3.0.11.1-bp152.2.9.1.noarch", "SUSE Package Hub 15 SP2:vlc-noX-3.0.11.1-bp152.2.9.1.aarch64", "SUSE Package Hub 15 SP2:vlc-noX-3.0.11.1-bp152.2.9.1.ppc64le", "SUSE Package Hub 15 SP2:vlc-noX-3.0.11.1-bp152.2.9.1.s390x", "SUSE Package Hub 15 SP2:vlc-noX-3.0.11.1-bp152.2.9.1.x86_64", "SUSE Package Hub 15 SP2:vlc-opencv-3.0.11.1-bp152.2.9.1.aarch64", "SUSE Package Hub 15 SP2:vlc-opencv-3.0.11.1-bp152.2.9.1.ppc64le", "SUSE Package Hub 15 SP2:vlc-opencv-3.0.11.1-bp152.2.9.1.s390x", "SUSE Package Hub 15 SP2:vlc-opencv-3.0.11.1-bp152.2.9.1.x86_64", "SUSE Package Hub 15 SP2:vlc-qt-3.0.11.1-bp152.2.9.1.aarch64", "SUSE Package Hub 15 SP2:vlc-qt-3.0.11.1-bp152.2.9.1.ppc64le", "SUSE Package Hub 15 SP2:vlc-qt-3.0.11.1-bp152.2.9.1.s390x", "SUSE Package Hub 15 SP2:vlc-qt-3.0.11.1-bp152.2.9.1.x86_64", "SUSE Package Hub 15 SP2:vlc-vdpau-3.0.11.1-bp152.2.9.1.aarch64", "SUSE Package Hub 15 SP2:vlc-vdpau-3.0.11.1-bp152.2.9.1.ppc64le", "SUSE Package Hub 15 SP2:vlc-vdpau-3.0.11.1-bp152.2.9.1.s390x", "SUSE Package Hub 15 SP2:vlc-vdpau-3.0.11.1-bp152.2.9.1.x86_64", ], }, ], threats: [ { category: "impact", date: "2021-01-19T23:23:58Z", details: "important", }, ], title: "CVE-2020-13428", }, { cve: "CVE-2020-26664", ids: [ { system_name: "SUSE CVE Page", text: "https://www.suse.com/security/cve/CVE-2020-26664", }, ], notes: [ { category: "general", text: "A vulnerability in EbmlTypeDispatcher::send in VideoLAN VLC media player 3.0.11 allows attackers to trigger a heap-based buffer overflow via a crafted .mkv file.", title: "CVE description", }, ], product_status: { recommended: [ "SUSE Package Hub 15 SP2:libvlc5-3.0.11.1-bp152.2.9.1.aarch64", "SUSE Package Hub 15 SP2:libvlc5-3.0.11.1-bp152.2.9.1.ppc64le", "SUSE Package Hub 15 SP2:libvlc5-3.0.11.1-bp152.2.9.1.s390x", "SUSE Package Hub 15 SP2:libvlc5-3.0.11.1-bp152.2.9.1.x86_64", "SUSE Package Hub 15 SP2:libvlccore9-3.0.11.1-bp152.2.9.1.aarch64", "SUSE Package Hub 15 SP2:libvlccore9-3.0.11.1-bp152.2.9.1.ppc64le", "SUSE Package Hub 15 SP2:libvlccore9-3.0.11.1-bp152.2.9.1.s390x", "SUSE Package Hub 15 SP2:libvlccore9-3.0.11.1-bp152.2.9.1.x86_64", "SUSE Package Hub 15 SP2:vlc-3.0.11.1-bp152.2.9.1.aarch64", "SUSE Package Hub 15 SP2:vlc-3.0.11.1-bp152.2.9.1.ppc64le", "SUSE Package Hub 15 SP2:vlc-3.0.11.1-bp152.2.9.1.s390x", "SUSE Package Hub 15 SP2:vlc-3.0.11.1-bp152.2.9.1.x86_64", "SUSE Package Hub 15 SP2:vlc-codec-gstreamer-3.0.11.1-bp152.2.9.1.aarch64", "SUSE Package Hub 15 SP2:vlc-codec-gstreamer-3.0.11.1-bp152.2.9.1.ppc64le", "SUSE Package Hub 15 SP2:vlc-codec-gstreamer-3.0.11.1-bp152.2.9.1.s390x", "SUSE Package Hub 15 SP2:vlc-codec-gstreamer-3.0.11.1-bp152.2.9.1.x86_64", "SUSE Package Hub 15 SP2:vlc-devel-3.0.11.1-bp152.2.9.1.aarch64", "SUSE Package Hub 15 SP2:vlc-devel-3.0.11.1-bp152.2.9.1.ppc64le", "SUSE Package Hub 15 SP2:vlc-devel-3.0.11.1-bp152.2.9.1.s390x", "SUSE Package Hub 15 SP2:vlc-devel-3.0.11.1-bp152.2.9.1.x86_64", "SUSE Package Hub 15 SP2:vlc-jack-3.0.11.1-bp152.2.9.1.aarch64", "SUSE Package Hub 15 SP2:vlc-jack-3.0.11.1-bp152.2.9.1.ppc64le", "SUSE Package Hub 15 SP2:vlc-jack-3.0.11.1-bp152.2.9.1.s390x", "SUSE Package Hub 15 SP2:vlc-jack-3.0.11.1-bp152.2.9.1.x86_64", "SUSE Package Hub 15 SP2:vlc-lang-3.0.11.1-bp152.2.9.1.noarch", "SUSE Package Hub 15 SP2:vlc-noX-3.0.11.1-bp152.2.9.1.aarch64", "SUSE Package Hub 15 SP2:vlc-noX-3.0.11.1-bp152.2.9.1.ppc64le", "SUSE Package Hub 15 SP2:vlc-noX-3.0.11.1-bp152.2.9.1.s390x", "SUSE Package Hub 15 SP2:vlc-noX-3.0.11.1-bp152.2.9.1.x86_64", "SUSE Package Hub 15 SP2:vlc-opencv-3.0.11.1-bp152.2.9.1.aarch64", "SUSE Package Hub 15 SP2:vlc-opencv-3.0.11.1-bp152.2.9.1.ppc64le", "SUSE Package Hub 15 SP2:vlc-opencv-3.0.11.1-bp152.2.9.1.s390x", "SUSE Package Hub 15 SP2:vlc-opencv-3.0.11.1-bp152.2.9.1.x86_64", "SUSE Package Hub 15 SP2:vlc-qt-3.0.11.1-bp152.2.9.1.aarch64", "SUSE Package Hub 15 SP2:vlc-qt-3.0.11.1-bp152.2.9.1.ppc64le", "SUSE Package Hub 15 SP2:vlc-qt-3.0.11.1-bp152.2.9.1.s390x", "SUSE Package Hub 15 SP2:vlc-qt-3.0.11.1-bp152.2.9.1.x86_64", "SUSE Package Hub 15 SP2:vlc-vdpau-3.0.11.1-bp152.2.9.1.aarch64", "SUSE Package Hub 15 SP2:vlc-vdpau-3.0.11.1-bp152.2.9.1.ppc64le", "SUSE Package Hub 15 SP2:vlc-vdpau-3.0.11.1-bp152.2.9.1.s390x", "SUSE Package Hub 15 SP2:vlc-vdpau-3.0.11.1-bp152.2.9.1.x86_64", ], }, references: [ { category: "external", summary: "CVE-2020-26664", url: "https://www.suse.com/security/cve/CVE-2020-26664", }, { category: "external", summary: "SUSE Bug 1180755 for CVE-2020-26664", url: "https://bugzilla.suse.com/1180755", }, ], remediations: [ { category: "vendor_fix", details: "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n", product_ids: [ "SUSE Package Hub 15 SP2:libvlc5-3.0.11.1-bp152.2.9.1.aarch64", "SUSE Package Hub 15 SP2:libvlc5-3.0.11.1-bp152.2.9.1.ppc64le", "SUSE Package Hub 15 SP2:libvlc5-3.0.11.1-bp152.2.9.1.s390x", "SUSE Package Hub 15 SP2:libvlc5-3.0.11.1-bp152.2.9.1.x86_64", "SUSE Package Hub 15 SP2:libvlccore9-3.0.11.1-bp152.2.9.1.aarch64", "SUSE Package Hub 15 SP2:libvlccore9-3.0.11.1-bp152.2.9.1.ppc64le", "SUSE Package Hub 15 SP2:libvlccore9-3.0.11.1-bp152.2.9.1.s390x", "SUSE Package Hub 15 SP2:libvlccore9-3.0.11.1-bp152.2.9.1.x86_64", "SUSE Package Hub 15 SP2:vlc-3.0.11.1-bp152.2.9.1.aarch64", "SUSE Package Hub 15 SP2:vlc-3.0.11.1-bp152.2.9.1.ppc64le", "SUSE Package Hub 15 SP2:vlc-3.0.11.1-bp152.2.9.1.s390x", "SUSE Package Hub 15 SP2:vlc-3.0.11.1-bp152.2.9.1.x86_64", "SUSE Package Hub 15 SP2:vlc-codec-gstreamer-3.0.11.1-bp152.2.9.1.aarch64", "SUSE Package Hub 15 SP2:vlc-codec-gstreamer-3.0.11.1-bp152.2.9.1.ppc64le", "SUSE Package Hub 15 SP2:vlc-codec-gstreamer-3.0.11.1-bp152.2.9.1.s390x", "SUSE Package Hub 15 SP2:vlc-codec-gstreamer-3.0.11.1-bp152.2.9.1.x86_64", "SUSE Package Hub 15 SP2:vlc-devel-3.0.11.1-bp152.2.9.1.aarch64", "SUSE Package Hub 15 SP2:vlc-devel-3.0.11.1-bp152.2.9.1.ppc64le", "SUSE Package Hub 15 SP2:vlc-devel-3.0.11.1-bp152.2.9.1.s390x", "SUSE Package Hub 15 SP2:vlc-devel-3.0.11.1-bp152.2.9.1.x86_64", "SUSE Package Hub 15 SP2:vlc-jack-3.0.11.1-bp152.2.9.1.aarch64", "SUSE Package Hub 15 SP2:vlc-jack-3.0.11.1-bp152.2.9.1.ppc64le", "SUSE Package Hub 15 SP2:vlc-jack-3.0.11.1-bp152.2.9.1.s390x", "SUSE Package Hub 15 SP2:vlc-jack-3.0.11.1-bp152.2.9.1.x86_64", "SUSE Package Hub 15 SP2:vlc-lang-3.0.11.1-bp152.2.9.1.noarch", "SUSE Package Hub 15 SP2:vlc-noX-3.0.11.1-bp152.2.9.1.aarch64", "SUSE Package Hub 15 SP2:vlc-noX-3.0.11.1-bp152.2.9.1.ppc64le", "SUSE Package Hub 15 SP2:vlc-noX-3.0.11.1-bp152.2.9.1.s390x", "SUSE Package Hub 15 SP2:vlc-noX-3.0.11.1-bp152.2.9.1.x86_64", "SUSE Package Hub 15 SP2:vlc-opencv-3.0.11.1-bp152.2.9.1.aarch64", "SUSE Package Hub 15 SP2:vlc-opencv-3.0.11.1-bp152.2.9.1.ppc64le", "SUSE Package Hub 15 SP2:vlc-opencv-3.0.11.1-bp152.2.9.1.s390x", "SUSE Package Hub 15 SP2:vlc-opencv-3.0.11.1-bp152.2.9.1.x86_64", "SUSE Package Hub 15 SP2:vlc-qt-3.0.11.1-bp152.2.9.1.aarch64", "SUSE Package Hub 15 SP2:vlc-qt-3.0.11.1-bp152.2.9.1.ppc64le", "SUSE Package Hub 15 SP2:vlc-qt-3.0.11.1-bp152.2.9.1.s390x", "SUSE Package Hub 15 SP2:vlc-qt-3.0.11.1-bp152.2.9.1.x86_64", "SUSE Package Hub 15 SP2:vlc-vdpau-3.0.11.1-bp152.2.9.1.aarch64", "SUSE Package Hub 15 SP2:vlc-vdpau-3.0.11.1-bp152.2.9.1.ppc64le", "SUSE Package Hub 15 SP2:vlc-vdpau-3.0.11.1-bp152.2.9.1.s390x", "SUSE Package Hub 15 SP2:vlc-vdpau-3.0.11.1-bp152.2.9.1.x86_64", ], }, ], scores: [ { cvss_v3: { baseScore: 7.8, baseSeverity: "HIGH", vectorString: "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", version: "3.1", }, products: [ "SUSE Package Hub 15 SP2:libvlc5-3.0.11.1-bp152.2.9.1.aarch64", "SUSE Package Hub 15 SP2:libvlc5-3.0.11.1-bp152.2.9.1.ppc64le", "SUSE Package Hub 15 SP2:libvlc5-3.0.11.1-bp152.2.9.1.s390x", "SUSE Package Hub 15 SP2:libvlc5-3.0.11.1-bp152.2.9.1.x86_64", "SUSE Package Hub 15 SP2:libvlccore9-3.0.11.1-bp152.2.9.1.aarch64", "SUSE Package Hub 15 SP2:libvlccore9-3.0.11.1-bp152.2.9.1.ppc64le", "SUSE Package Hub 15 SP2:libvlccore9-3.0.11.1-bp152.2.9.1.s390x", "SUSE Package Hub 15 SP2:libvlccore9-3.0.11.1-bp152.2.9.1.x86_64", "SUSE Package Hub 15 SP2:vlc-3.0.11.1-bp152.2.9.1.aarch64", "SUSE Package Hub 15 SP2:vlc-3.0.11.1-bp152.2.9.1.ppc64le", "SUSE Package Hub 15 SP2:vlc-3.0.11.1-bp152.2.9.1.s390x", "SUSE Package Hub 15 SP2:vlc-3.0.11.1-bp152.2.9.1.x86_64", "SUSE Package Hub 15 SP2:vlc-codec-gstreamer-3.0.11.1-bp152.2.9.1.aarch64", "SUSE Package Hub 15 SP2:vlc-codec-gstreamer-3.0.11.1-bp152.2.9.1.ppc64le", "SUSE Package Hub 15 SP2:vlc-codec-gstreamer-3.0.11.1-bp152.2.9.1.s390x", "SUSE Package Hub 15 SP2:vlc-codec-gstreamer-3.0.11.1-bp152.2.9.1.x86_64", "SUSE Package Hub 15 SP2:vlc-devel-3.0.11.1-bp152.2.9.1.aarch64", "SUSE Package Hub 15 SP2:vlc-devel-3.0.11.1-bp152.2.9.1.ppc64le", "SUSE Package Hub 15 SP2:vlc-devel-3.0.11.1-bp152.2.9.1.s390x", "SUSE Package Hub 15 SP2:vlc-devel-3.0.11.1-bp152.2.9.1.x86_64", "SUSE Package Hub 15 SP2:vlc-jack-3.0.11.1-bp152.2.9.1.aarch64", "SUSE Package Hub 15 SP2:vlc-jack-3.0.11.1-bp152.2.9.1.ppc64le", "SUSE Package Hub 15 SP2:vlc-jack-3.0.11.1-bp152.2.9.1.s390x", "SUSE Package Hub 15 SP2:vlc-jack-3.0.11.1-bp152.2.9.1.x86_64", "SUSE Package Hub 15 SP2:vlc-lang-3.0.11.1-bp152.2.9.1.noarch", "SUSE Package Hub 15 SP2:vlc-noX-3.0.11.1-bp152.2.9.1.aarch64", "SUSE Package Hub 15 SP2:vlc-noX-3.0.11.1-bp152.2.9.1.ppc64le", "SUSE Package Hub 15 SP2:vlc-noX-3.0.11.1-bp152.2.9.1.s390x", "SUSE Package Hub 15 SP2:vlc-noX-3.0.11.1-bp152.2.9.1.x86_64", "SUSE Package Hub 15 SP2:vlc-opencv-3.0.11.1-bp152.2.9.1.aarch64", "SUSE Package Hub 15 SP2:vlc-opencv-3.0.11.1-bp152.2.9.1.ppc64le", "SUSE Package Hub 15 SP2:vlc-opencv-3.0.11.1-bp152.2.9.1.s390x", "SUSE Package Hub 15 SP2:vlc-opencv-3.0.11.1-bp152.2.9.1.x86_64", "SUSE Package Hub 15 SP2:vlc-qt-3.0.11.1-bp152.2.9.1.aarch64", "SUSE Package Hub 15 SP2:vlc-qt-3.0.11.1-bp152.2.9.1.ppc64le", "SUSE Package Hub 15 SP2:vlc-qt-3.0.11.1-bp152.2.9.1.s390x", "SUSE Package Hub 15 SP2:vlc-qt-3.0.11.1-bp152.2.9.1.x86_64", "SUSE Package Hub 15 SP2:vlc-vdpau-3.0.11.1-bp152.2.9.1.aarch64", "SUSE Package Hub 15 SP2:vlc-vdpau-3.0.11.1-bp152.2.9.1.ppc64le", "SUSE Package Hub 15 SP2:vlc-vdpau-3.0.11.1-bp152.2.9.1.s390x", "SUSE Package Hub 15 SP2:vlc-vdpau-3.0.11.1-bp152.2.9.1.x86_64", ], }, ], threats: [ { category: "impact", date: "2021-01-19T23:23:58Z", details: "important", }, ], title: "CVE-2020-26664", }, ], }
opensuse-su-2024:11502-1
Vulnerability from csaf_opensuse
Published
2024-06-15 00:00
Modified
2024-06-15 00:00
Summary
libvlc5-3.0.16-1.5 on GA media
Notes
Title of the patch
libvlc5-3.0.16-1.5 on GA media
Description of the patch
These are all security issues fixed in the libvlc5-3.0.16-1.5 package on the GA media of openSUSE Tumbleweed.
Patchnames
openSUSE-Tumbleweed-2024-11502
Terms of use
CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).
{ document: { aggregate_severity: { namespace: "https://www.suse.com/support/security/rating/", text: "moderate", }, category: "csaf_security_advisory", csaf_version: "2.0", distribution: { text: "Copyright 2024 SUSE LLC. All rights reserved.", tlp: { label: "WHITE", url: "https://www.first.org/tlp/", }, }, lang: "en", notes: [ { category: "summary", text: "libvlc5-3.0.16-1.5 on GA media", title: "Title of the patch", }, { category: "description", text: "These are all security issues fixed in the libvlc5-3.0.16-1.5 package on the GA media of openSUSE Tumbleweed.", title: "Description of the patch", }, { category: "details", text: "openSUSE-Tumbleweed-2024-11502", title: "Patchnames", }, { category: "legal_disclaimer", text: "CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).", title: "Terms of use", }, ], publisher: { category: "vendor", contact_details: "https://www.suse.com/support/security/contact/", name: "SUSE Product Security Team", namespace: "https://www.suse.com/", }, references: [ { category: "external", summary: "SUSE ratings", url: "https://www.suse.com/support/security/rating/", }, { category: "self", summary: "URL of this CSAF notice", url: "https://ftp.suse.com/pub/projects/security/csaf/opensuse-su-2024_11502-1.json", }, { category: "self", summary: "SUSE CVE CVE-2017-10699 page", url: "https://www.suse.com/security/cve/CVE-2017-10699/", }, { category: "self", summary: "SUSE CVE CVE-2017-9300 page", url: "https://www.suse.com/security/cve/CVE-2017-9300/", }, { category: "self", summary: "SUSE CVE CVE-2018-19857 page", url: "https://www.suse.com/security/cve/CVE-2018-19857/", }, { category: "self", summary: "SUSE CVE CVE-2019-13602 page", url: "https://www.suse.com/security/cve/CVE-2019-13602/", }, { category: "self", summary: "SUSE CVE CVE-2019-13962 page", url: "https://www.suse.com/security/cve/CVE-2019-13962/", }, { category: "self", summary: "SUSE CVE CVE-2019-14437 page", url: "https://www.suse.com/security/cve/CVE-2019-14437/", }, { category: "self", summary: "SUSE CVE CVE-2019-14498 page", url: "https://www.suse.com/security/cve/CVE-2019-14498/", }, { category: "self", summary: "SUSE CVE CVE-2019-14533 page", url: "https://www.suse.com/security/cve/CVE-2019-14533/", }, { category: "self", summary: "SUSE CVE CVE-2019-14534 page", url: "https://www.suse.com/security/cve/CVE-2019-14534/", }, { category: "self", summary: "SUSE CVE CVE-2019-14535 page", url: "https://www.suse.com/security/cve/CVE-2019-14535/", }, { category: "self", summary: "SUSE CVE CVE-2019-14776 page", url: "https://www.suse.com/security/cve/CVE-2019-14776/", }, { category: "self", summary: "SUSE CVE CVE-2019-14777 page", url: "https://www.suse.com/security/cve/CVE-2019-14777/", }, { category: "self", summary: "SUSE CVE CVE-2019-14970 page", url: "https://www.suse.com/security/cve/CVE-2019-14970/", }, { category: "self", summary: "SUSE CVE CVE-2019-5439 page", url: "https://www.suse.com/security/cve/CVE-2019-5439/", }, { category: "self", summary: "SUSE CVE CVE-2019-5460 page", url: "https://www.suse.com/security/cve/CVE-2019-5460/", }, { category: "self", summary: "SUSE CVE CVE-2020-13428 page", url: "https://www.suse.com/security/cve/CVE-2020-13428/", }, { category: "self", summary: "SUSE CVE CVE-2020-26664 page", url: "https://www.suse.com/security/cve/CVE-2020-26664/", }, ], title: "libvlc5-3.0.16-1.5 on GA media", tracking: { current_release_date: "2024-06-15T00:00:00Z", generator: { date: "2024-06-15T00:00:00Z", engine: { name: "cve-database.git:bin/generate-csaf.pl", version: "1", }, }, id: "openSUSE-SU-2024:11502-1", initial_release_date: "2024-06-15T00:00:00Z", revision_history: [ { date: "2024-06-15T00:00:00Z", number: "1", summary: "Current version", }, ], status: "final", version: "1", }, }, product_tree: { branches: [ { branches: [ { branches: [ { category: "product_version", name: "libvlc5-3.0.16-1.5.aarch64", product: { name: "libvlc5-3.0.16-1.5.aarch64", product_id: "libvlc5-3.0.16-1.5.aarch64", }, }, { category: "product_version", name: "libvlccore9-3.0.16-1.5.aarch64", product: { name: "libvlccore9-3.0.16-1.5.aarch64", product_id: "libvlccore9-3.0.16-1.5.aarch64", }, }, { category: "product_version", name: "vlc-3.0.16-1.5.aarch64", product: { name: "vlc-3.0.16-1.5.aarch64", product_id: "vlc-3.0.16-1.5.aarch64", }, }, { category: "product_version", name: "vlc-codec-gstreamer-3.0.16-1.5.aarch64", product: { name: "vlc-codec-gstreamer-3.0.16-1.5.aarch64", product_id: "vlc-codec-gstreamer-3.0.16-1.5.aarch64", }, }, { category: "product_version", name: "vlc-devel-3.0.16-1.5.aarch64", product: { name: "vlc-devel-3.0.16-1.5.aarch64", product_id: "vlc-devel-3.0.16-1.5.aarch64", }, }, { category: "product_version", name: "vlc-jack-3.0.16-1.5.aarch64", product: { name: "vlc-jack-3.0.16-1.5.aarch64", product_id: "vlc-jack-3.0.16-1.5.aarch64", }, }, { category: "product_version", name: "vlc-lang-3.0.16-1.5.aarch64", product: { name: "vlc-lang-3.0.16-1.5.aarch64", product_id: "vlc-lang-3.0.16-1.5.aarch64", }, }, { category: "product_version", name: "vlc-noX-3.0.16-1.5.aarch64", product: { name: "vlc-noX-3.0.16-1.5.aarch64", product_id: "vlc-noX-3.0.16-1.5.aarch64", }, }, { category: "product_version", name: "vlc-opencv-3.0.16-1.5.aarch64", product: { name: "vlc-opencv-3.0.16-1.5.aarch64", product_id: "vlc-opencv-3.0.16-1.5.aarch64", }, }, { category: "product_version", name: "vlc-qt-3.0.16-1.5.aarch64", product: { name: "vlc-qt-3.0.16-1.5.aarch64", product_id: "vlc-qt-3.0.16-1.5.aarch64", }, }, { category: "product_version", name: "vlc-vdpau-3.0.16-1.5.aarch64", product: { name: "vlc-vdpau-3.0.16-1.5.aarch64", product_id: "vlc-vdpau-3.0.16-1.5.aarch64", }, }, ], category: "architecture", name: "aarch64", }, { branches: [ { category: "product_version", name: "libvlc5-3.0.16-1.5.ppc64le", product: { name: "libvlc5-3.0.16-1.5.ppc64le", product_id: "libvlc5-3.0.16-1.5.ppc64le", }, }, { category: "product_version", name: "libvlccore9-3.0.16-1.5.ppc64le", product: { name: "libvlccore9-3.0.16-1.5.ppc64le", product_id: "libvlccore9-3.0.16-1.5.ppc64le", }, }, { category: "product_version", name: "vlc-3.0.16-1.5.ppc64le", product: { name: "vlc-3.0.16-1.5.ppc64le", product_id: "vlc-3.0.16-1.5.ppc64le", }, }, { category: "product_version", name: "vlc-codec-gstreamer-3.0.16-1.5.ppc64le", product: { name: "vlc-codec-gstreamer-3.0.16-1.5.ppc64le", product_id: "vlc-codec-gstreamer-3.0.16-1.5.ppc64le", }, }, { category: "product_version", name: "vlc-devel-3.0.16-1.5.ppc64le", product: { name: "vlc-devel-3.0.16-1.5.ppc64le", product_id: "vlc-devel-3.0.16-1.5.ppc64le", }, }, { category: "product_version", name: "vlc-jack-3.0.16-1.5.ppc64le", product: { name: "vlc-jack-3.0.16-1.5.ppc64le", product_id: "vlc-jack-3.0.16-1.5.ppc64le", }, }, { category: "product_version", name: "vlc-lang-3.0.16-1.5.ppc64le", product: { name: "vlc-lang-3.0.16-1.5.ppc64le", product_id: "vlc-lang-3.0.16-1.5.ppc64le", }, }, { category: "product_version", name: "vlc-noX-3.0.16-1.5.ppc64le", product: { name: "vlc-noX-3.0.16-1.5.ppc64le", product_id: "vlc-noX-3.0.16-1.5.ppc64le", }, }, { category: "product_version", name: "vlc-opencv-3.0.16-1.5.ppc64le", product: { name: "vlc-opencv-3.0.16-1.5.ppc64le", product_id: "vlc-opencv-3.0.16-1.5.ppc64le", }, }, { category: "product_version", name: "vlc-qt-3.0.16-1.5.ppc64le", product: { name: "vlc-qt-3.0.16-1.5.ppc64le", product_id: "vlc-qt-3.0.16-1.5.ppc64le", }, }, { category: "product_version", name: "vlc-vdpau-3.0.16-1.5.ppc64le", product: { name: "vlc-vdpau-3.0.16-1.5.ppc64le", product_id: "vlc-vdpau-3.0.16-1.5.ppc64le", }, }, ], category: "architecture", name: "ppc64le", }, { branches: [ { category: "product_version", name: "libvlc5-3.0.16-1.5.s390x", product: { name: "libvlc5-3.0.16-1.5.s390x", product_id: "libvlc5-3.0.16-1.5.s390x", }, }, { category: "product_version", name: "libvlccore9-3.0.16-1.5.s390x", product: { name: "libvlccore9-3.0.16-1.5.s390x", product_id: "libvlccore9-3.0.16-1.5.s390x", }, }, { category: "product_version", name: "vlc-3.0.16-1.5.s390x", product: { name: "vlc-3.0.16-1.5.s390x", product_id: "vlc-3.0.16-1.5.s390x", }, }, { category: "product_version", name: "vlc-codec-gstreamer-3.0.16-1.5.s390x", product: { name: "vlc-codec-gstreamer-3.0.16-1.5.s390x", product_id: "vlc-codec-gstreamer-3.0.16-1.5.s390x", }, }, { category: "product_version", name: "vlc-devel-3.0.16-1.5.s390x", product: { name: "vlc-devel-3.0.16-1.5.s390x", product_id: "vlc-devel-3.0.16-1.5.s390x", }, }, { category: "product_version", name: "vlc-jack-3.0.16-1.5.s390x", product: { name: "vlc-jack-3.0.16-1.5.s390x", product_id: "vlc-jack-3.0.16-1.5.s390x", }, }, { category: "product_version", name: "vlc-lang-3.0.16-1.5.s390x", product: { name: "vlc-lang-3.0.16-1.5.s390x", product_id: "vlc-lang-3.0.16-1.5.s390x", }, }, { category: "product_version", name: "vlc-noX-3.0.16-1.5.s390x", product: { name: "vlc-noX-3.0.16-1.5.s390x", product_id: "vlc-noX-3.0.16-1.5.s390x", }, }, { category: "product_version", name: "vlc-opencv-3.0.16-1.5.s390x", product: { name: "vlc-opencv-3.0.16-1.5.s390x", product_id: "vlc-opencv-3.0.16-1.5.s390x", }, }, { category: "product_version", name: "vlc-qt-3.0.16-1.5.s390x", product: { name: "vlc-qt-3.0.16-1.5.s390x", product_id: "vlc-qt-3.0.16-1.5.s390x", }, }, { category: "product_version", name: "vlc-vdpau-3.0.16-1.5.s390x", product: { name: "vlc-vdpau-3.0.16-1.5.s390x", product_id: "vlc-vdpau-3.0.16-1.5.s390x", }, }, ], category: "architecture", name: "s390x", }, { branches: [ { category: "product_version", name: "libvlc5-3.0.16-1.5.x86_64", product: { name: "libvlc5-3.0.16-1.5.x86_64", product_id: "libvlc5-3.0.16-1.5.x86_64", }, }, { category: "product_version", name: "libvlccore9-3.0.16-1.5.x86_64", product: { name: "libvlccore9-3.0.16-1.5.x86_64", product_id: "libvlccore9-3.0.16-1.5.x86_64", }, }, { category: "product_version", name: "vlc-3.0.16-1.5.x86_64", product: { name: "vlc-3.0.16-1.5.x86_64", product_id: "vlc-3.0.16-1.5.x86_64", }, }, { category: "product_version", name: "vlc-codec-gstreamer-3.0.16-1.5.x86_64", product: { name: "vlc-codec-gstreamer-3.0.16-1.5.x86_64", product_id: "vlc-codec-gstreamer-3.0.16-1.5.x86_64", }, }, { category: "product_version", name: "vlc-devel-3.0.16-1.5.x86_64", product: { name: "vlc-devel-3.0.16-1.5.x86_64", product_id: "vlc-devel-3.0.16-1.5.x86_64", }, }, { category: "product_version", name: "vlc-jack-3.0.16-1.5.x86_64", product: { name: "vlc-jack-3.0.16-1.5.x86_64", product_id: "vlc-jack-3.0.16-1.5.x86_64", }, }, { category: "product_version", name: "vlc-lang-3.0.16-1.5.x86_64", product: { name: "vlc-lang-3.0.16-1.5.x86_64", product_id: "vlc-lang-3.0.16-1.5.x86_64", }, }, { category: "product_version", name: "vlc-noX-3.0.16-1.5.x86_64", product: { name: "vlc-noX-3.0.16-1.5.x86_64", product_id: "vlc-noX-3.0.16-1.5.x86_64", }, }, { category: "product_version", name: "vlc-opencv-3.0.16-1.5.x86_64", product: { name: "vlc-opencv-3.0.16-1.5.x86_64", product_id: "vlc-opencv-3.0.16-1.5.x86_64", }, }, { category: "product_version", name: "vlc-qt-3.0.16-1.5.x86_64", product: { name: "vlc-qt-3.0.16-1.5.x86_64", product_id: "vlc-qt-3.0.16-1.5.x86_64", }, }, { category: "product_version", name: "vlc-vdpau-3.0.16-1.5.x86_64", product: { name: "vlc-vdpau-3.0.16-1.5.x86_64", product_id: "vlc-vdpau-3.0.16-1.5.x86_64", }, }, ], category: "architecture", name: "x86_64", }, { branches: [ { category: "product_name", name: "openSUSE Tumbleweed", product: { name: "openSUSE Tumbleweed", product_id: "openSUSE Tumbleweed", product_identification_helper: { cpe: "cpe:/o:opensuse:tumbleweed", }, }, }, ], category: "product_family", name: "SUSE Linux Enterprise", }, ], category: "vendor", name: "SUSE", }, ], relationships: [ { category: "default_component_of", full_product_name: { name: "libvlc5-3.0.16-1.5.aarch64 as component of openSUSE Tumbleweed", product_id: "openSUSE Tumbleweed:libvlc5-3.0.16-1.5.aarch64", }, product_reference: "libvlc5-3.0.16-1.5.aarch64", relates_to_product_reference: "openSUSE Tumbleweed", }, { category: "default_component_of", full_product_name: { name: "libvlc5-3.0.16-1.5.ppc64le as component of openSUSE Tumbleweed", product_id: "openSUSE Tumbleweed:libvlc5-3.0.16-1.5.ppc64le", }, product_reference: "libvlc5-3.0.16-1.5.ppc64le", relates_to_product_reference: "openSUSE Tumbleweed", }, { category: "default_component_of", full_product_name: { name: "libvlc5-3.0.16-1.5.s390x as component of openSUSE Tumbleweed", product_id: "openSUSE Tumbleweed:libvlc5-3.0.16-1.5.s390x", }, product_reference: "libvlc5-3.0.16-1.5.s390x", relates_to_product_reference: "openSUSE Tumbleweed", }, { category: "default_component_of", full_product_name: { name: "libvlc5-3.0.16-1.5.x86_64 as component of openSUSE Tumbleweed", product_id: "openSUSE Tumbleweed:libvlc5-3.0.16-1.5.x86_64", }, product_reference: "libvlc5-3.0.16-1.5.x86_64", relates_to_product_reference: "openSUSE Tumbleweed", }, { category: "default_component_of", full_product_name: { name: "libvlccore9-3.0.16-1.5.aarch64 as component of openSUSE Tumbleweed", product_id: "openSUSE Tumbleweed:libvlccore9-3.0.16-1.5.aarch64", }, product_reference: "libvlccore9-3.0.16-1.5.aarch64", relates_to_product_reference: "openSUSE Tumbleweed", }, { category: "default_component_of", full_product_name: { name: "libvlccore9-3.0.16-1.5.ppc64le as component of openSUSE Tumbleweed", product_id: "openSUSE Tumbleweed:libvlccore9-3.0.16-1.5.ppc64le", }, product_reference: "libvlccore9-3.0.16-1.5.ppc64le", relates_to_product_reference: "openSUSE Tumbleweed", }, { category: "default_component_of", full_product_name: { name: "libvlccore9-3.0.16-1.5.s390x as component of openSUSE Tumbleweed", product_id: "openSUSE Tumbleweed:libvlccore9-3.0.16-1.5.s390x", }, product_reference: "libvlccore9-3.0.16-1.5.s390x", relates_to_product_reference: "openSUSE Tumbleweed", }, { category: "default_component_of", full_product_name: { name: "libvlccore9-3.0.16-1.5.x86_64 as component of openSUSE Tumbleweed", product_id: "openSUSE Tumbleweed:libvlccore9-3.0.16-1.5.x86_64", }, product_reference: "libvlccore9-3.0.16-1.5.x86_64", relates_to_product_reference: "openSUSE Tumbleweed", }, { category: "default_component_of", full_product_name: { name: "vlc-3.0.16-1.5.aarch64 as component of openSUSE Tumbleweed", product_id: "openSUSE Tumbleweed:vlc-3.0.16-1.5.aarch64", }, product_reference: "vlc-3.0.16-1.5.aarch64", relates_to_product_reference: "openSUSE Tumbleweed", }, { category: "default_component_of", full_product_name: { name: "vlc-3.0.16-1.5.ppc64le as component of openSUSE Tumbleweed", product_id: "openSUSE Tumbleweed:vlc-3.0.16-1.5.ppc64le", }, product_reference: "vlc-3.0.16-1.5.ppc64le", relates_to_product_reference: "openSUSE Tumbleweed", }, { category: "default_component_of", full_product_name: { name: "vlc-3.0.16-1.5.s390x as component of openSUSE Tumbleweed", product_id: "openSUSE Tumbleweed:vlc-3.0.16-1.5.s390x", }, product_reference: "vlc-3.0.16-1.5.s390x", relates_to_product_reference: "openSUSE Tumbleweed", }, { category: "default_component_of", full_product_name: { name: "vlc-3.0.16-1.5.x86_64 as component of openSUSE Tumbleweed", product_id: "openSUSE Tumbleweed:vlc-3.0.16-1.5.x86_64", }, product_reference: "vlc-3.0.16-1.5.x86_64", relates_to_product_reference: "openSUSE Tumbleweed", }, { category: "default_component_of", full_product_name: { name: "vlc-codec-gstreamer-3.0.16-1.5.aarch64 as component of openSUSE Tumbleweed", product_id: "openSUSE Tumbleweed:vlc-codec-gstreamer-3.0.16-1.5.aarch64", }, product_reference: "vlc-codec-gstreamer-3.0.16-1.5.aarch64", relates_to_product_reference: "openSUSE Tumbleweed", }, { category: "default_component_of", full_product_name: { name: "vlc-codec-gstreamer-3.0.16-1.5.ppc64le as component of openSUSE Tumbleweed", product_id: "openSUSE Tumbleweed:vlc-codec-gstreamer-3.0.16-1.5.ppc64le", }, product_reference: "vlc-codec-gstreamer-3.0.16-1.5.ppc64le", relates_to_product_reference: "openSUSE Tumbleweed", }, { category: "default_component_of", full_product_name: { name: "vlc-codec-gstreamer-3.0.16-1.5.s390x as component of openSUSE Tumbleweed", product_id: "openSUSE Tumbleweed:vlc-codec-gstreamer-3.0.16-1.5.s390x", }, product_reference: "vlc-codec-gstreamer-3.0.16-1.5.s390x", relates_to_product_reference: "openSUSE Tumbleweed", }, { category: "default_component_of", full_product_name: { name: "vlc-codec-gstreamer-3.0.16-1.5.x86_64 as component of openSUSE Tumbleweed", product_id: "openSUSE Tumbleweed:vlc-codec-gstreamer-3.0.16-1.5.x86_64", }, product_reference: "vlc-codec-gstreamer-3.0.16-1.5.x86_64", relates_to_product_reference: "openSUSE Tumbleweed", }, { category: "default_component_of", full_product_name: { name: "vlc-devel-3.0.16-1.5.aarch64 as component of openSUSE Tumbleweed", product_id: "openSUSE Tumbleweed:vlc-devel-3.0.16-1.5.aarch64", }, product_reference: "vlc-devel-3.0.16-1.5.aarch64", relates_to_product_reference: "openSUSE Tumbleweed", }, { category: "default_component_of", full_product_name: { name: "vlc-devel-3.0.16-1.5.ppc64le as component of openSUSE Tumbleweed", product_id: "openSUSE Tumbleweed:vlc-devel-3.0.16-1.5.ppc64le", }, product_reference: "vlc-devel-3.0.16-1.5.ppc64le", relates_to_product_reference: "openSUSE Tumbleweed", }, { category: "default_component_of", full_product_name: { name: "vlc-devel-3.0.16-1.5.s390x as component of openSUSE Tumbleweed", product_id: "openSUSE Tumbleweed:vlc-devel-3.0.16-1.5.s390x", }, product_reference: "vlc-devel-3.0.16-1.5.s390x", relates_to_product_reference: "openSUSE Tumbleweed", }, { category: "default_component_of", full_product_name: { name: "vlc-devel-3.0.16-1.5.x86_64 as component of openSUSE Tumbleweed", product_id: "openSUSE Tumbleweed:vlc-devel-3.0.16-1.5.x86_64", }, product_reference: "vlc-devel-3.0.16-1.5.x86_64", relates_to_product_reference: "openSUSE Tumbleweed", }, { category: "default_component_of", full_product_name: { name: "vlc-jack-3.0.16-1.5.aarch64 as component of openSUSE Tumbleweed", product_id: "openSUSE Tumbleweed:vlc-jack-3.0.16-1.5.aarch64", }, product_reference: "vlc-jack-3.0.16-1.5.aarch64", relates_to_product_reference: "openSUSE Tumbleweed", }, { category: "default_component_of", full_product_name: { name: "vlc-jack-3.0.16-1.5.ppc64le as component of openSUSE Tumbleweed", product_id: "openSUSE Tumbleweed:vlc-jack-3.0.16-1.5.ppc64le", }, product_reference: "vlc-jack-3.0.16-1.5.ppc64le", relates_to_product_reference: "openSUSE Tumbleweed", }, { category: "default_component_of", full_product_name: { name: "vlc-jack-3.0.16-1.5.s390x as component of openSUSE Tumbleweed", product_id: "openSUSE Tumbleweed:vlc-jack-3.0.16-1.5.s390x", }, product_reference: "vlc-jack-3.0.16-1.5.s390x", relates_to_product_reference: "openSUSE Tumbleweed", }, { category: "default_component_of", full_product_name: { name: "vlc-jack-3.0.16-1.5.x86_64 as component of openSUSE Tumbleweed", product_id: "openSUSE Tumbleweed:vlc-jack-3.0.16-1.5.x86_64", }, product_reference: "vlc-jack-3.0.16-1.5.x86_64", relates_to_product_reference: "openSUSE Tumbleweed", }, { category: "default_component_of", full_product_name: { name: "vlc-lang-3.0.16-1.5.aarch64 as component of openSUSE Tumbleweed", product_id: "openSUSE Tumbleweed:vlc-lang-3.0.16-1.5.aarch64", }, product_reference: "vlc-lang-3.0.16-1.5.aarch64", relates_to_product_reference: "openSUSE Tumbleweed", }, { category: "default_component_of", full_product_name: { name: "vlc-lang-3.0.16-1.5.ppc64le as component of openSUSE Tumbleweed", product_id: "openSUSE Tumbleweed:vlc-lang-3.0.16-1.5.ppc64le", }, product_reference: "vlc-lang-3.0.16-1.5.ppc64le", relates_to_product_reference: "openSUSE Tumbleweed", }, { category: "default_component_of", full_product_name: { name: "vlc-lang-3.0.16-1.5.s390x as component of openSUSE Tumbleweed", product_id: "openSUSE Tumbleweed:vlc-lang-3.0.16-1.5.s390x", }, product_reference: "vlc-lang-3.0.16-1.5.s390x", relates_to_product_reference: "openSUSE Tumbleweed", }, { category: "default_component_of", full_product_name: { name: "vlc-lang-3.0.16-1.5.x86_64 as component of openSUSE Tumbleweed", product_id: "openSUSE Tumbleweed:vlc-lang-3.0.16-1.5.x86_64", }, product_reference: "vlc-lang-3.0.16-1.5.x86_64", relates_to_product_reference: "openSUSE Tumbleweed", }, { category: "default_component_of", full_product_name: { name: "vlc-noX-3.0.16-1.5.aarch64 as component of openSUSE Tumbleweed", product_id: "openSUSE Tumbleweed:vlc-noX-3.0.16-1.5.aarch64", }, product_reference: "vlc-noX-3.0.16-1.5.aarch64", relates_to_product_reference: "openSUSE Tumbleweed", }, { category: "default_component_of", full_product_name: { name: "vlc-noX-3.0.16-1.5.ppc64le as component of openSUSE Tumbleweed", product_id: "openSUSE Tumbleweed:vlc-noX-3.0.16-1.5.ppc64le", }, product_reference: "vlc-noX-3.0.16-1.5.ppc64le", relates_to_product_reference: "openSUSE Tumbleweed", }, { category: "default_component_of", full_product_name: { name: "vlc-noX-3.0.16-1.5.s390x as component of openSUSE Tumbleweed", product_id: "openSUSE Tumbleweed:vlc-noX-3.0.16-1.5.s390x", }, product_reference: "vlc-noX-3.0.16-1.5.s390x", relates_to_product_reference: "openSUSE Tumbleweed", }, { category: "default_component_of", full_product_name: { name: "vlc-noX-3.0.16-1.5.x86_64 as component of openSUSE Tumbleweed", product_id: "openSUSE Tumbleweed:vlc-noX-3.0.16-1.5.x86_64", }, product_reference: "vlc-noX-3.0.16-1.5.x86_64", relates_to_product_reference: "openSUSE Tumbleweed", }, { category: "default_component_of", full_product_name: { name: "vlc-opencv-3.0.16-1.5.aarch64 as component of openSUSE Tumbleweed", product_id: "openSUSE Tumbleweed:vlc-opencv-3.0.16-1.5.aarch64", }, product_reference: "vlc-opencv-3.0.16-1.5.aarch64", relates_to_product_reference: "openSUSE Tumbleweed", }, { category: "default_component_of", full_product_name: { name: "vlc-opencv-3.0.16-1.5.ppc64le as component of openSUSE Tumbleweed", product_id: "openSUSE Tumbleweed:vlc-opencv-3.0.16-1.5.ppc64le", }, product_reference: "vlc-opencv-3.0.16-1.5.ppc64le", relates_to_product_reference: "openSUSE Tumbleweed", }, { category: "default_component_of", full_product_name: { name: "vlc-opencv-3.0.16-1.5.s390x as component of openSUSE Tumbleweed", product_id: "openSUSE Tumbleweed:vlc-opencv-3.0.16-1.5.s390x", }, product_reference: "vlc-opencv-3.0.16-1.5.s390x", relates_to_product_reference: "openSUSE Tumbleweed", }, { category: "default_component_of", full_product_name: { name: "vlc-opencv-3.0.16-1.5.x86_64 as component of openSUSE Tumbleweed", product_id: "openSUSE Tumbleweed:vlc-opencv-3.0.16-1.5.x86_64", }, product_reference: "vlc-opencv-3.0.16-1.5.x86_64", relates_to_product_reference: "openSUSE Tumbleweed", }, { category: "default_component_of", full_product_name: { name: "vlc-qt-3.0.16-1.5.aarch64 as component of openSUSE Tumbleweed", product_id: "openSUSE Tumbleweed:vlc-qt-3.0.16-1.5.aarch64", }, product_reference: "vlc-qt-3.0.16-1.5.aarch64", relates_to_product_reference: "openSUSE Tumbleweed", }, { category: "default_component_of", full_product_name: { name: "vlc-qt-3.0.16-1.5.ppc64le as component of openSUSE Tumbleweed", product_id: "openSUSE Tumbleweed:vlc-qt-3.0.16-1.5.ppc64le", }, product_reference: "vlc-qt-3.0.16-1.5.ppc64le", relates_to_product_reference: "openSUSE Tumbleweed", }, { category: "default_component_of", full_product_name: { name: "vlc-qt-3.0.16-1.5.s390x as component of openSUSE Tumbleweed", product_id: "openSUSE Tumbleweed:vlc-qt-3.0.16-1.5.s390x", }, product_reference: "vlc-qt-3.0.16-1.5.s390x", relates_to_product_reference: "openSUSE Tumbleweed", }, { category: "default_component_of", full_product_name: { name: "vlc-qt-3.0.16-1.5.x86_64 as component of openSUSE Tumbleweed", product_id: "openSUSE Tumbleweed:vlc-qt-3.0.16-1.5.x86_64", }, product_reference: "vlc-qt-3.0.16-1.5.x86_64", relates_to_product_reference: "openSUSE Tumbleweed", }, { category: "default_component_of", full_product_name: { name: "vlc-vdpau-3.0.16-1.5.aarch64 as component of openSUSE Tumbleweed", product_id: "openSUSE Tumbleweed:vlc-vdpau-3.0.16-1.5.aarch64", }, product_reference: "vlc-vdpau-3.0.16-1.5.aarch64", relates_to_product_reference: "openSUSE Tumbleweed", }, { category: "default_component_of", full_product_name: { name: "vlc-vdpau-3.0.16-1.5.ppc64le as component of openSUSE Tumbleweed", product_id: "openSUSE Tumbleweed:vlc-vdpau-3.0.16-1.5.ppc64le", }, product_reference: "vlc-vdpau-3.0.16-1.5.ppc64le", relates_to_product_reference: "openSUSE Tumbleweed", }, { category: "default_component_of", full_product_name: { name: "vlc-vdpau-3.0.16-1.5.s390x as component of openSUSE Tumbleweed", product_id: "openSUSE Tumbleweed:vlc-vdpau-3.0.16-1.5.s390x", }, product_reference: "vlc-vdpau-3.0.16-1.5.s390x", relates_to_product_reference: "openSUSE Tumbleweed", }, { category: "default_component_of", full_product_name: { name: "vlc-vdpau-3.0.16-1.5.x86_64 as component of openSUSE Tumbleweed", product_id: "openSUSE Tumbleweed:vlc-vdpau-3.0.16-1.5.x86_64", }, product_reference: "vlc-vdpau-3.0.16-1.5.x86_64", relates_to_product_reference: "openSUSE Tumbleweed", }, ], }, vulnerabilities: [ { cve: "CVE-2017-10699", ids: [ { system_name: "SUSE CVE Page", text: "https://www.suse.com/security/cve/CVE-2017-10699", }, ], notes: [ { category: "general", text: "avcodec 2.2.x, as used in VideoLAN VLC media player 2.2.7-x before 2017-06-29, allows out-of-bounds heap memory write due to calling memcpy() with a wrong size, leading to a denial of service (application crash) or possibly code execution.", title: "CVE description", }, ], product_status: { recommended: [ "openSUSE Tumbleweed:libvlc5-3.0.16-1.5.aarch64", "openSUSE Tumbleweed:libvlc5-3.0.16-1.5.ppc64le", "openSUSE Tumbleweed:libvlc5-3.0.16-1.5.s390x", "openSUSE Tumbleweed:libvlc5-3.0.16-1.5.x86_64", "openSUSE Tumbleweed:libvlccore9-3.0.16-1.5.aarch64", "openSUSE Tumbleweed:libvlccore9-3.0.16-1.5.ppc64le", "openSUSE Tumbleweed:libvlccore9-3.0.16-1.5.s390x", "openSUSE Tumbleweed:libvlccore9-3.0.16-1.5.x86_64", "openSUSE Tumbleweed:vlc-3.0.16-1.5.aarch64", "openSUSE Tumbleweed:vlc-3.0.16-1.5.ppc64le", "openSUSE Tumbleweed:vlc-3.0.16-1.5.s390x", "openSUSE Tumbleweed:vlc-3.0.16-1.5.x86_64", "openSUSE Tumbleweed:vlc-codec-gstreamer-3.0.16-1.5.aarch64", "openSUSE Tumbleweed:vlc-codec-gstreamer-3.0.16-1.5.ppc64le", "openSUSE Tumbleweed:vlc-codec-gstreamer-3.0.16-1.5.s390x", "openSUSE Tumbleweed:vlc-codec-gstreamer-3.0.16-1.5.x86_64", "openSUSE Tumbleweed:vlc-devel-3.0.16-1.5.aarch64", "openSUSE Tumbleweed:vlc-devel-3.0.16-1.5.ppc64le", "openSUSE Tumbleweed:vlc-devel-3.0.16-1.5.s390x", "openSUSE Tumbleweed:vlc-devel-3.0.16-1.5.x86_64", "openSUSE Tumbleweed:vlc-jack-3.0.16-1.5.aarch64", "openSUSE Tumbleweed:vlc-jack-3.0.16-1.5.ppc64le", "openSUSE Tumbleweed:vlc-jack-3.0.16-1.5.s390x", "openSUSE Tumbleweed:vlc-jack-3.0.16-1.5.x86_64", "openSUSE Tumbleweed:vlc-lang-3.0.16-1.5.aarch64", "openSUSE Tumbleweed:vlc-lang-3.0.16-1.5.ppc64le", "openSUSE Tumbleweed:vlc-lang-3.0.16-1.5.s390x", "openSUSE Tumbleweed:vlc-lang-3.0.16-1.5.x86_64", "openSUSE Tumbleweed:vlc-noX-3.0.16-1.5.aarch64", "openSUSE Tumbleweed:vlc-noX-3.0.16-1.5.ppc64le", "openSUSE Tumbleweed:vlc-noX-3.0.16-1.5.s390x", "openSUSE Tumbleweed:vlc-noX-3.0.16-1.5.x86_64", "openSUSE Tumbleweed:vlc-opencv-3.0.16-1.5.aarch64", "openSUSE Tumbleweed:vlc-opencv-3.0.16-1.5.ppc64le", "openSUSE Tumbleweed:vlc-opencv-3.0.16-1.5.s390x", "openSUSE Tumbleweed:vlc-opencv-3.0.16-1.5.x86_64", "openSUSE Tumbleweed:vlc-qt-3.0.16-1.5.aarch64", "openSUSE Tumbleweed:vlc-qt-3.0.16-1.5.ppc64le", "openSUSE Tumbleweed:vlc-qt-3.0.16-1.5.s390x", "openSUSE Tumbleweed:vlc-qt-3.0.16-1.5.x86_64", "openSUSE Tumbleweed:vlc-vdpau-3.0.16-1.5.aarch64", "openSUSE Tumbleweed:vlc-vdpau-3.0.16-1.5.ppc64le", "openSUSE Tumbleweed:vlc-vdpau-3.0.16-1.5.s390x", "openSUSE Tumbleweed:vlc-vdpau-3.0.16-1.5.x86_64", ], }, references: [ { category: "external", summary: "CVE-2017-10699", url: "https://www.suse.com/security/cve/CVE-2017-10699", }, ], remediations: [ { category: "vendor_fix", details: "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n", product_ids: [ "openSUSE Tumbleweed:libvlc5-3.0.16-1.5.aarch64", "openSUSE Tumbleweed:libvlc5-3.0.16-1.5.ppc64le", "openSUSE Tumbleweed:libvlc5-3.0.16-1.5.s390x", "openSUSE Tumbleweed:libvlc5-3.0.16-1.5.x86_64", "openSUSE Tumbleweed:libvlccore9-3.0.16-1.5.aarch64", "openSUSE Tumbleweed:libvlccore9-3.0.16-1.5.ppc64le", "openSUSE Tumbleweed:libvlccore9-3.0.16-1.5.s390x", "openSUSE Tumbleweed:libvlccore9-3.0.16-1.5.x86_64", "openSUSE Tumbleweed:vlc-3.0.16-1.5.aarch64", "openSUSE Tumbleweed:vlc-3.0.16-1.5.ppc64le", "openSUSE Tumbleweed:vlc-3.0.16-1.5.s390x", "openSUSE Tumbleweed:vlc-3.0.16-1.5.x86_64", "openSUSE Tumbleweed:vlc-codec-gstreamer-3.0.16-1.5.aarch64", "openSUSE Tumbleweed:vlc-codec-gstreamer-3.0.16-1.5.ppc64le", "openSUSE Tumbleweed:vlc-codec-gstreamer-3.0.16-1.5.s390x", "openSUSE Tumbleweed:vlc-codec-gstreamer-3.0.16-1.5.x86_64", "openSUSE Tumbleweed:vlc-devel-3.0.16-1.5.aarch64", "openSUSE Tumbleweed:vlc-devel-3.0.16-1.5.ppc64le", "openSUSE Tumbleweed:vlc-devel-3.0.16-1.5.s390x", "openSUSE Tumbleweed:vlc-devel-3.0.16-1.5.x86_64", "openSUSE Tumbleweed:vlc-jack-3.0.16-1.5.aarch64", "openSUSE Tumbleweed:vlc-jack-3.0.16-1.5.ppc64le", "openSUSE Tumbleweed:vlc-jack-3.0.16-1.5.s390x", "openSUSE Tumbleweed:vlc-jack-3.0.16-1.5.x86_64", "openSUSE Tumbleweed:vlc-lang-3.0.16-1.5.aarch64", "openSUSE Tumbleweed:vlc-lang-3.0.16-1.5.ppc64le", "openSUSE Tumbleweed:vlc-lang-3.0.16-1.5.s390x", "openSUSE Tumbleweed:vlc-lang-3.0.16-1.5.x86_64", "openSUSE Tumbleweed:vlc-noX-3.0.16-1.5.aarch64", "openSUSE Tumbleweed:vlc-noX-3.0.16-1.5.ppc64le", "openSUSE Tumbleweed:vlc-noX-3.0.16-1.5.s390x", "openSUSE Tumbleweed:vlc-noX-3.0.16-1.5.x86_64", "openSUSE Tumbleweed:vlc-opencv-3.0.16-1.5.aarch64", "openSUSE Tumbleweed:vlc-opencv-3.0.16-1.5.ppc64le", "openSUSE Tumbleweed:vlc-opencv-3.0.16-1.5.s390x", "openSUSE Tumbleweed:vlc-opencv-3.0.16-1.5.x86_64", "openSUSE Tumbleweed:vlc-qt-3.0.16-1.5.aarch64", "openSUSE Tumbleweed:vlc-qt-3.0.16-1.5.ppc64le", "openSUSE Tumbleweed:vlc-qt-3.0.16-1.5.s390x", "openSUSE Tumbleweed:vlc-qt-3.0.16-1.5.x86_64", "openSUSE Tumbleweed:vlc-vdpau-3.0.16-1.5.aarch64", "openSUSE Tumbleweed:vlc-vdpau-3.0.16-1.5.ppc64le", "openSUSE Tumbleweed:vlc-vdpau-3.0.16-1.5.s390x", "openSUSE Tumbleweed:vlc-vdpau-3.0.16-1.5.x86_64", ], }, ], scores: [ { cvss_v3: { baseScore: 9.8, baseSeverity: "CRITICAL", vectorString: "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", version: "3.0", }, products: [ "openSUSE Tumbleweed:libvlc5-3.0.16-1.5.aarch64", "openSUSE Tumbleweed:libvlc5-3.0.16-1.5.ppc64le", "openSUSE Tumbleweed:libvlc5-3.0.16-1.5.s390x", "openSUSE Tumbleweed:libvlc5-3.0.16-1.5.x86_64", "openSUSE Tumbleweed:libvlccore9-3.0.16-1.5.aarch64", "openSUSE Tumbleweed:libvlccore9-3.0.16-1.5.ppc64le", "openSUSE Tumbleweed:libvlccore9-3.0.16-1.5.s390x", "openSUSE Tumbleweed:libvlccore9-3.0.16-1.5.x86_64", "openSUSE Tumbleweed:vlc-3.0.16-1.5.aarch64", "openSUSE Tumbleweed:vlc-3.0.16-1.5.ppc64le", "openSUSE Tumbleweed:vlc-3.0.16-1.5.s390x", "openSUSE Tumbleweed:vlc-3.0.16-1.5.x86_64", "openSUSE Tumbleweed:vlc-codec-gstreamer-3.0.16-1.5.aarch64", "openSUSE Tumbleweed:vlc-codec-gstreamer-3.0.16-1.5.ppc64le", "openSUSE Tumbleweed:vlc-codec-gstreamer-3.0.16-1.5.s390x", "openSUSE Tumbleweed:vlc-codec-gstreamer-3.0.16-1.5.x86_64", "openSUSE Tumbleweed:vlc-devel-3.0.16-1.5.aarch64", "openSUSE Tumbleweed:vlc-devel-3.0.16-1.5.ppc64le", "openSUSE Tumbleweed:vlc-devel-3.0.16-1.5.s390x", "openSUSE Tumbleweed:vlc-devel-3.0.16-1.5.x86_64", "openSUSE Tumbleweed:vlc-jack-3.0.16-1.5.aarch64", "openSUSE Tumbleweed:vlc-jack-3.0.16-1.5.ppc64le", "openSUSE Tumbleweed:vlc-jack-3.0.16-1.5.s390x", "openSUSE Tumbleweed:vlc-jack-3.0.16-1.5.x86_64", "openSUSE Tumbleweed:vlc-lang-3.0.16-1.5.aarch64", "openSUSE Tumbleweed:vlc-lang-3.0.16-1.5.ppc64le", "openSUSE Tumbleweed:vlc-lang-3.0.16-1.5.s390x", "openSUSE Tumbleweed:vlc-lang-3.0.16-1.5.x86_64", "openSUSE Tumbleweed:vlc-noX-3.0.16-1.5.aarch64", "openSUSE Tumbleweed:vlc-noX-3.0.16-1.5.ppc64le", "openSUSE Tumbleweed:vlc-noX-3.0.16-1.5.s390x", "openSUSE Tumbleweed:vlc-noX-3.0.16-1.5.x86_64", "openSUSE Tumbleweed:vlc-opencv-3.0.16-1.5.aarch64", "openSUSE Tumbleweed:vlc-opencv-3.0.16-1.5.ppc64le", "openSUSE Tumbleweed:vlc-opencv-3.0.16-1.5.s390x", "openSUSE Tumbleweed:vlc-opencv-3.0.16-1.5.x86_64", "openSUSE Tumbleweed:vlc-qt-3.0.16-1.5.aarch64", "openSUSE Tumbleweed:vlc-qt-3.0.16-1.5.ppc64le", "openSUSE Tumbleweed:vlc-qt-3.0.16-1.5.s390x", "openSUSE Tumbleweed:vlc-qt-3.0.16-1.5.x86_64", "openSUSE Tumbleweed:vlc-vdpau-3.0.16-1.5.aarch64", "openSUSE Tumbleweed:vlc-vdpau-3.0.16-1.5.ppc64le", "openSUSE Tumbleweed:vlc-vdpau-3.0.16-1.5.s390x", "openSUSE Tumbleweed:vlc-vdpau-3.0.16-1.5.x86_64", ], }, ], threats: [ { category: "impact", date: "2024-06-15T00:00:00Z", details: "important", }, ], title: "CVE-2017-10699", }, { cve: "CVE-2017-9300", ids: [ { system_name: "SUSE CVE Page", text: "https://www.suse.com/security/cve/CVE-2017-9300", }, ], notes: [ { category: "general", text: "plugins\\codec\\libflac_plugin.dll in VideoLAN VLC media player 2.2.4 allows remote attackers to cause a denial of service (heap corruption and application crash) or possibly have unspecified other impact via a crafted FLAC file.", title: "CVE description", }, ], product_status: { recommended: [ "openSUSE Tumbleweed:libvlc5-3.0.16-1.5.aarch64", "openSUSE Tumbleweed:libvlc5-3.0.16-1.5.ppc64le", "openSUSE Tumbleweed:libvlc5-3.0.16-1.5.s390x", "openSUSE Tumbleweed:libvlc5-3.0.16-1.5.x86_64", "openSUSE Tumbleweed:libvlccore9-3.0.16-1.5.aarch64", "openSUSE Tumbleweed:libvlccore9-3.0.16-1.5.ppc64le", "openSUSE Tumbleweed:libvlccore9-3.0.16-1.5.s390x", "openSUSE Tumbleweed:libvlccore9-3.0.16-1.5.x86_64", "openSUSE Tumbleweed:vlc-3.0.16-1.5.aarch64", "openSUSE Tumbleweed:vlc-3.0.16-1.5.ppc64le", "openSUSE Tumbleweed:vlc-3.0.16-1.5.s390x", "openSUSE Tumbleweed:vlc-3.0.16-1.5.x86_64", "openSUSE Tumbleweed:vlc-codec-gstreamer-3.0.16-1.5.aarch64", "openSUSE Tumbleweed:vlc-codec-gstreamer-3.0.16-1.5.ppc64le", "openSUSE Tumbleweed:vlc-codec-gstreamer-3.0.16-1.5.s390x", "openSUSE Tumbleweed:vlc-codec-gstreamer-3.0.16-1.5.x86_64", "openSUSE Tumbleweed:vlc-devel-3.0.16-1.5.aarch64", "openSUSE Tumbleweed:vlc-devel-3.0.16-1.5.ppc64le", "openSUSE Tumbleweed:vlc-devel-3.0.16-1.5.s390x", "openSUSE Tumbleweed:vlc-devel-3.0.16-1.5.x86_64", "openSUSE Tumbleweed:vlc-jack-3.0.16-1.5.aarch64", "openSUSE Tumbleweed:vlc-jack-3.0.16-1.5.ppc64le", "openSUSE Tumbleweed:vlc-jack-3.0.16-1.5.s390x", "openSUSE Tumbleweed:vlc-jack-3.0.16-1.5.x86_64", "openSUSE Tumbleweed:vlc-lang-3.0.16-1.5.aarch64", "openSUSE Tumbleweed:vlc-lang-3.0.16-1.5.ppc64le", "openSUSE Tumbleweed:vlc-lang-3.0.16-1.5.s390x", "openSUSE Tumbleweed:vlc-lang-3.0.16-1.5.x86_64", "openSUSE Tumbleweed:vlc-noX-3.0.16-1.5.aarch64", "openSUSE Tumbleweed:vlc-noX-3.0.16-1.5.ppc64le", "openSUSE Tumbleweed:vlc-noX-3.0.16-1.5.s390x", "openSUSE Tumbleweed:vlc-noX-3.0.16-1.5.x86_64", "openSUSE Tumbleweed:vlc-opencv-3.0.16-1.5.aarch64", "openSUSE Tumbleweed:vlc-opencv-3.0.16-1.5.ppc64le", "openSUSE Tumbleweed:vlc-opencv-3.0.16-1.5.s390x", "openSUSE Tumbleweed:vlc-opencv-3.0.16-1.5.x86_64", "openSUSE Tumbleweed:vlc-qt-3.0.16-1.5.aarch64", "openSUSE Tumbleweed:vlc-qt-3.0.16-1.5.ppc64le", "openSUSE Tumbleweed:vlc-qt-3.0.16-1.5.s390x", "openSUSE Tumbleweed:vlc-qt-3.0.16-1.5.x86_64", "openSUSE Tumbleweed:vlc-vdpau-3.0.16-1.5.aarch64", "openSUSE Tumbleweed:vlc-vdpau-3.0.16-1.5.ppc64le", "openSUSE Tumbleweed:vlc-vdpau-3.0.16-1.5.s390x", "openSUSE Tumbleweed:vlc-vdpau-3.0.16-1.5.x86_64", ], }, references: [ { category: "external", summary: "CVE-2017-9300", url: "https://www.suse.com/security/cve/CVE-2017-9300", }, { category: "external", summary: "SUSE Bug 1041907 for CVE-2017-9300", url: "https://bugzilla.suse.com/1041907", }, ], remediations: [ { category: "vendor_fix", details: "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n", product_ids: [ "openSUSE Tumbleweed:libvlc5-3.0.16-1.5.aarch64", "openSUSE Tumbleweed:libvlc5-3.0.16-1.5.ppc64le", "openSUSE Tumbleweed:libvlc5-3.0.16-1.5.s390x", "openSUSE Tumbleweed:libvlc5-3.0.16-1.5.x86_64", "openSUSE Tumbleweed:libvlccore9-3.0.16-1.5.aarch64", "openSUSE Tumbleweed:libvlccore9-3.0.16-1.5.ppc64le", "openSUSE Tumbleweed:libvlccore9-3.0.16-1.5.s390x", "openSUSE Tumbleweed:libvlccore9-3.0.16-1.5.x86_64", "openSUSE Tumbleweed:vlc-3.0.16-1.5.aarch64", "openSUSE Tumbleweed:vlc-3.0.16-1.5.ppc64le", "openSUSE Tumbleweed:vlc-3.0.16-1.5.s390x", "openSUSE Tumbleweed:vlc-3.0.16-1.5.x86_64", "openSUSE Tumbleweed:vlc-codec-gstreamer-3.0.16-1.5.aarch64", "openSUSE Tumbleweed:vlc-codec-gstreamer-3.0.16-1.5.ppc64le", "openSUSE Tumbleweed:vlc-codec-gstreamer-3.0.16-1.5.s390x", "openSUSE Tumbleweed:vlc-codec-gstreamer-3.0.16-1.5.x86_64", "openSUSE Tumbleweed:vlc-devel-3.0.16-1.5.aarch64", "openSUSE Tumbleweed:vlc-devel-3.0.16-1.5.ppc64le", "openSUSE Tumbleweed:vlc-devel-3.0.16-1.5.s390x", "openSUSE Tumbleweed:vlc-devel-3.0.16-1.5.x86_64", "openSUSE Tumbleweed:vlc-jack-3.0.16-1.5.aarch64", "openSUSE Tumbleweed:vlc-jack-3.0.16-1.5.ppc64le", "openSUSE Tumbleweed:vlc-jack-3.0.16-1.5.s390x", "openSUSE Tumbleweed:vlc-jack-3.0.16-1.5.x86_64", "openSUSE Tumbleweed:vlc-lang-3.0.16-1.5.aarch64", "openSUSE Tumbleweed:vlc-lang-3.0.16-1.5.ppc64le", "openSUSE Tumbleweed:vlc-lang-3.0.16-1.5.s390x", "openSUSE Tumbleweed:vlc-lang-3.0.16-1.5.x86_64", "openSUSE Tumbleweed:vlc-noX-3.0.16-1.5.aarch64", "openSUSE Tumbleweed:vlc-noX-3.0.16-1.5.ppc64le", "openSUSE Tumbleweed:vlc-noX-3.0.16-1.5.s390x", "openSUSE Tumbleweed:vlc-noX-3.0.16-1.5.x86_64", "openSUSE Tumbleweed:vlc-opencv-3.0.16-1.5.aarch64", "openSUSE Tumbleweed:vlc-opencv-3.0.16-1.5.ppc64le", "openSUSE Tumbleweed:vlc-opencv-3.0.16-1.5.s390x", "openSUSE Tumbleweed:vlc-opencv-3.0.16-1.5.x86_64", "openSUSE Tumbleweed:vlc-qt-3.0.16-1.5.aarch64", "openSUSE Tumbleweed:vlc-qt-3.0.16-1.5.ppc64le", "openSUSE Tumbleweed:vlc-qt-3.0.16-1.5.s390x", "openSUSE Tumbleweed:vlc-qt-3.0.16-1.5.x86_64", "openSUSE Tumbleweed:vlc-vdpau-3.0.16-1.5.aarch64", "openSUSE Tumbleweed:vlc-vdpau-3.0.16-1.5.ppc64le", "openSUSE Tumbleweed:vlc-vdpau-3.0.16-1.5.s390x", "openSUSE Tumbleweed:vlc-vdpau-3.0.16-1.5.x86_64", ], }, ], scores: [ { cvss_v3: { baseScore: 7.8, baseSeverity: "HIGH", vectorString: "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", version: "3.0", }, products: [ "openSUSE Tumbleweed:libvlc5-3.0.16-1.5.aarch64", "openSUSE Tumbleweed:libvlc5-3.0.16-1.5.ppc64le", "openSUSE Tumbleweed:libvlc5-3.0.16-1.5.s390x", "openSUSE Tumbleweed:libvlc5-3.0.16-1.5.x86_64", "openSUSE Tumbleweed:libvlccore9-3.0.16-1.5.aarch64", "openSUSE Tumbleweed:libvlccore9-3.0.16-1.5.ppc64le", "openSUSE Tumbleweed:libvlccore9-3.0.16-1.5.s390x", "openSUSE Tumbleweed:libvlccore9-3.0.16-1.5.x86_64", "openSUSE Tumbleweed:vlc-3.0.16-1.5.aarch64", "openSUSE Tumbleweed:vlc-3.0.16-1.5.ppc64le", "openSUSE Tumbleweed:vlc-3.0.16-1.5.s390x", "openSUSE Tumbleweed:vlc-3.0.16-1.5.x86_64", "openSUSE Tumbleweed:vlc-codec-gstreamer-3.0.16-1.5.aarch64", "openSUSE Tumbleweed:vlc-codec-gstreamer-3.0.16-1.5.ppc64le", "openSUSE Tumbleweed:vlc-codec-gstreamer-3.0.16-1.5.s390x", "openSUSE Tumbleweed:vlc-codec-gstreamer-3.0.16-1.5.x86_64", "openSUSE Tumbleweed:vlc-devel-3.0.16-1.5.aarch64", "openSUSE Tumbleweed:vlc-devel-3.0.16-1.5.ppc64le", "openSUSE Tumbleweed:vlc-devel-3.0.16-1.5.s390x", "openSUSE Tumbleweed:vlc-devel-3.0.16-1.5.x86_64", "openSUSE Tumbleweed:vlc-jack-3.0.16-1.5.aarch64", "openSUSE Tumbleweed:vlc-jack-3.0.16-1.5.ppc64le", "openSUSE Tumbleweed:vlc-jack-3.0.16-1.5.s390x", "openSUSE Tumbleweed:vlc-jack-3.0.16-1.5.x86_64", "openSUSE Tumbleweed:vlc-lang-3.0.16-1.5.aarch64", "openSUSE Tumbleweed:vlc-lang-3.0.16-1.5.ppc64le", "openSUSE Tumbleweed:vlc-lang-3.0.16-1.5.s390x", "openSUSE Tumbleweed:vlc-lang-3.0.16-1.5.x86_64", "openSUSE Tumbleweed:vlc-noX-3.0.16-1.5.aarch64", "openSUSE Tumbleweed:vlc-noX-3.0.16-1.5.ppc64le", "openSUSE Tumbleweed:vlc-noX-3.0.16-1.5.s390x", "openSUSE Tumbleweed:vlc-noX-3.0.16-1.5.x86_64", "openSUSE Tumbleweed:vlc-opencv-3.0.16-1.5.aarch64", "openSUSE Tumbleweed:vlc-opencv-3.0.16-1.5.ppc64le", "openSUSE Tumbleweed:vlc-opencv-3.0.16-1.5.s390x", "openSUSE Tumbleweed:vlc-opencv-3.0.16-1.5.x86_64", "openSUSE Tumbleweed:vlc-qt-3.0.16-1.5.aarch64", "openSUSE Tumbleweed:vlc-qt-3.0.16-1.5.ppc64le", "openSUSE Tumbleweed:vlc-qt-3.0.16-1.5.s390x", "openSUSE Tumbleweed:vlc-qt-3.0.16-1.5.x86_64", "openSUSE Tumbleweed:vlc-vdpau-3.0.16-1.5.aarch64", "openSUSE Tumbleweed:vlc-vdpau-3.0.16-1.5.ppc64le", "openSUSE Tumbleweed:vlc-vdpau-3.0.16-1.5.s390x", "openSUSE Tumbleweed:vlc-vdpau-3.0.16-1.5.x86_64", ], }, ], threats: [ { category: "impact", date: "2024-06-15T00:00:00Z", details: "moderate", }, ], title: "CVE-2017-9300", }, { cve: "CVE-2018-19857", ids: [ { system_name: "SUSE CVE Page", text: "https://www.suse.com/security/cve/CVE-2018-19857", }, ], notes: [ { category: "general", text: "The CAF demuxer in modules/demux/caf.c in VideoLAN VLC media player 3.0.4 may read memory from an uninitialized pointer when processing magic cookies in CAF files, because a ReadKukiChunk() cast converts a return value to an unsigned int even if that value is negative. This could result in a denial of service and/or a potential infoleak.", title: "CVE description", }, ], product_status: { recommended: [ "openSUSE Tumbleweed:libvlc5-3.0.16-1.5.aarch64", "openSUSE Tumbleweed:libvlc5-3.0.16-1.5.ppc64le", "openSUSE Tumbleweed:libvlc5-3.0.16-1.5.s390x", "openSUSE Tumbleweed:libvlc5-3.0.16-1.5.x86_64", "openSUSE Tumbleweed:libvlccore9-3.0.16-1.5.aarch64", "openSUSE Tumbleweed:libvlccore9-3.0.16-1.5.ppc64le", "openSUSE Tumbleweed:libvlccore9-3.0.16-1.5.s390x", "openSUSE Tumbleweed:libvlccore9-3.0.16-1.5.x86_64", "openSUSE Tumbleweed:vlc-3.0.16-1.5.aarch64", "openSUSE Tumbleweed:vlc-3.0.16-1.5.ppc64le", "openSUSE Tumbleweed:vlc-3.0.16-1.5.s390x", "openSUSE Tumbleweed:vlc-3.0.16-1.5.x86_64", "openSUSE Tumbleweed:vlc-codec-gstreamer-3.0.16-1.5.aarch64", "openSUSE Tumbleweed:vlc-codec-gstreamer-3.0.16-1.5.ppc64le", "openSUSE Tumbleweed:vlc-codec-gstreamer-3.0.16-1.5.s390x", "openSUSE Tumbleweed:vlc-codec-gstreamer-3.0.16-1.5.x86_64", "openSUSE Tumbleweed:vlc-devel-3.0.16-1.5.aarch64", "openSUSE Tumbleweed:vlc-devel-3.0.16-1.5.ppc64le", "openSUSE Tumbleweed:vlc-devel-3.0.16-1.5.s390x", "openSUSE Tumbleweed:vlc-devel-3.0.16-1.5.x86_64", "openSUSE Tumbleweed:vlc-jack-3.0.16-1.5.aarch64", "openSUSE Tumbleweed:vlc-jack-3.0.16-1.5.ppc64le", "openSUSE Tumbleweed:vlc-jack-3.0.16-1.5.s390x", "openSUSE Tumbleweed:vlc-jack-3.0.16-1.5.x86_64", "openSUSE Tumbleweed:vlc-lang-3.0.16-1.5.aarch64", "openSUSE Tumbleweed:vlc-lang-3.0.16-1.5.ppc64le", "openSUSE Tumbleweed:vlc-lang-3.0.16-1.5.s390x", "openSUSE Tumbleweed:vlc-lang-3.0.16-1.5.x86_64", "openSUSE Tumbleweed:vlc-noX-3.0.16-1.5.aarch64", "openSUSE Tumbleweed:vlc-noX-3.0.16-1.5.ppc64le", "openSUSE Tumbleweed:vlc-noX-3.0.16-1.5.s390x", "openSUSE Tumbleweed:vlc-noX-3.0.16-1.5.x86_64", "openSUSE Tumbleweed:vlc-opencv-3.0.16-1.5.aarch64", "openSUSE Tumbleweed:vlc-opencv-3.0.16-1.5.ppc64le", "openSUSE Tumbleweed:vlc-opencv-3.0.16-1.5.s390x", "openSUSE Tumbleweed:vlc-opencv-3.0.16-1.5.x86_64", "openSUSE Tumbleweed:vlc-qt-3.0.16-1.5.aarch64", "openSUSE Tumbleweed:vlc-qt-3.0.16-1.5.ppc64le", "openSUSE Tumbleweed:vlc-qt-3.0.16-1.5.s390x", "openSUSE Tumbleweed:vlc-qt-3.0.16-1.5.x86_64", "openSUSE Tumbleweed:vlc-vdpau-3.0.16-1.5.aarch64", "openSUSE Tumbleweed:vlc-vdpau-3.0.16-1.5.ppc64le", "openSUSE Tumbleweed:vlc-vdpau-3.0.16-1.5.s390x", "openSUSE Tumbleweed:vlc-vdpau-3.0.16-1.5.x86_64", ], }, references: [ { category: "external", summary: "CVE-2018-19857", url: "https://www.suse.com/security/cve/CVE-2018-19857", }, { category: "external", summary: "SUSE Bug 1118586 for CVE-2018-19857", url: "https://bugzilla.suse.com/1118586", }, ], remediations: [ { category: "vendor_fix", details: "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n", product_ids: [ "openSUSE Tumbleweed:libvlc5-3.0.16-1.5.aarch64", "openSUSE Tumbleweed:libvlc5-3.0.16-1.5.ppc64le", "openSUSE Tumbleweed:libvlc5-3.0.16-1.5.s390x", "openSUSE Tumbleweed:libvlc5-3.0.16-1.5.x86_64", "openSUSE Tumbleweed:libvlccore9-3.0.16-1.5.aarch64", "openSUSE Tumbleweed:libvlccore9-3.0.16-1.5.ppc64le", "openSUSE Tumbleweed:libvlccore9-3.0.16-1.5.s390x", "openSUSE Tumbleweed:libvlccore9-3.0.16-1.5.x86_64", "openSUSE Tumbleweed:vlc-3.0.16-1.5.aarch64", "openSUSE Tumbleweed:vlc-3.0.16-1.5.ppc64le", "openSUSE Tumbleweed:vlc-3.0.16-1.5.s390x", "openSUSE Tumbleweed:vlc-3.0.16-1.5.x86_64", "openSUSE Tumbleweed:vlc-codec-gstreamer-3.0.16-1.5.aarch64", "openSUSE Tumbleweed:vlc-codec-gstreamer-3.0.16-1.5.ppc64le", "openSUSE Tumbleweed:vlc-codec-gstreamer-3.0.16-1.5.s390x", "openSUSE Tumbleweed:vlc-codec-gstreamer-3.0.16-1.5.x86_64", "openSUSE Tumbleweed:vlc-devel-3.0.16-1.5.aarch64", "openSUSE Tumbleweed:vlc-devel-3.0.16-1.5.ppc64le", "openSUSE Tumbleweed:vlc-devel-3.0.16-1.5.s390x", "openSUSE Tumbleweed:vlc-devel-3.0.16-1.5.x86_64", "openSUSE Tumbleweed:vlc-jack-3.0.16-1.5.aarch64", "openSUSE Tumbleweed:vlc-jack-3.0.16-1.5.ppc64le", "openSUSE Tumbleweed:vlc-jack-3.0.16-1.5.s390x", "openSUSE Tumbleweed:vlc-jack-3.0.16-1.5.x86_64", "openSUSE Tumbleweed:vlc-lang-3.0.16-1.5.aarch64", "openSUSE Tumbleweed:vlc-lang-3.0.16-1.5.ppc64le", "openSUSE Tumbleweed:vlc-lang-3.0.16-1.5.s390x", "openSUSE Tumbleweed:vlc-lang-3.0.16-1.5.x86_64", "openSUSE Tumbleweed:vlc-noX-3.0.16-1.5.aarch64", "openSUSE Tumbleweed:vlc-noX-3.0.16-1.5.ppc64le", "openSUSE Tumbleweed:vlc-noX-3.0.16-1.5.s390x", "openSUSE Tumbleweed:vlc-noX-3.0.16-1.5.x86_64", "openSUSE Tumbleweed:vlc-opencv-3.0.16-1.5.aarch64", "openSUSE Tumbleweed:vlc-opencv-3.0.16-1.5.ppc64le", "openSUSE Tumbleweed:vlc-opencv-3.0.16-1.5.s390x", "openSUSE Tumbleweed:vlc-opencv-3.0.16-1.5.x86_64", "openSUSE Tumbleweed:vlc-qt-3.0.16-1.5.aarch64", "openSUSE Tumbleweed:vlc-qt-3.0.16-1.5.ppc64le", "openSUSE Tumbleweed:vlc-qt-3.0.16-1.5.s390x", "openSUSE Tumbleweed:vlc-qt-3.0.16-1.5.x86_64", "openSUSE Tumbleweed:vlc-vdpau-3.0.16-1.5.aarch64", "openSUSE Tumbleweed:vlc-vdpau-3.0.16-1.5.ppc64le", "openSUSE Tumbleweed:vlc-vdpau-3.0.16-1.5.s390x", "openSUSE Tumbleweed:vlc-vdpau-3.0.16-1.5.x86_64", ], }, ], scores: [ { cvss_v3: { baseScore: 9.1, baseSeverity: "CRITICAL", vectorString: "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H", version: "3.0", }, products: [ "openSUSE Tumbleweed:libvlc5-3.0.16-1.5.aarch64", "openSUSE Tumbleweed:libvlc5-3.0.16-1.5.ppc64le", "openSUSE Tumbleweed:libvlc5-3.0.16-1.5.s390x", "openSUSE Tumbleweed:libvlc5-3.0.16-1.5.x86_64", "openSUSE Tumbleweed:libvlccore9-3.0.16-1.5.aarch64", "openSUSE Tumbleweed:libvlccore9-3.0.16-1.5.ppc64le", "openSUSE Tumbleweed:libvlccore9-3.0.16-1.5.s390x", "openSUSE Tumbleweed:libvlccore9-3.0.16-1.5.x86_64", "openSUSE Tumbleweed:vlc-3.0.16-1.5.aarch64", "openSUSE Tumbleweed:vlc-3.0.16-1.5.ppc64le", "openSUSE Tumbleweed:vlc-3.0.16-1.5.s390x", "openSUSE Tumbleweed:vlc-3.0.16-1.5.x86_64", "openSUSE Tumbleweed:vlc-codec-gstreamer-3.0.16-1.5.aarch64", "openSUSE Tumbleweed:vlc-codec-gstreamer-3.0.16-1.5.ppc64le", "openSUSE Tumbleweed:vlc-codec-gstreamer-3.0.16-1.5.s390x", "openSUSE Tumbleweed:vlc-codec-gstreamer-3.0.16-1.5.x86_64", "openSUSE Tumbleweed:vlc-devel-3.0.16-1.5.aarch64", "openSUSE Tumbleweed:vlc-devel-3.0.16-1.5.ppc64le", "openSUSE Tumbleweed:vlc-devel-3.0.16-1.5.s390x", "openSUSE Tumbleweed:vlc-devel-3.0.16-1.5.x86_64", "openSUSE Tumbleweed:vlc-jack-3.0.16-1.5.aarch64", "openSUSE Tumbleweed:vlc-jack-3.0.16-1.5.ppc64le", "openSUSE Tumbleweed:vlc-jack-3.0.16-1.5.s390x", "openSUSE Tumbleweed:vlc-jack-3.0.16-1.5.x86_64", "openSUSE Tumbleweed:vlc-lang-3.0.16-1.5.aarch64", "openSUSE Tumbleweed:vlc-lang-3.0.16-1.5.ppc64le", "openSUSE Tumbleweed:vlc-lang-3.0.16-1.5.s390x", "openSUSE Tumbleweed:vlc-lang-3.0.16-1.5.x86_64", "openSUSE Tumbleweed:vlc-noX-3.0.16-1.5.aarch64", "openSUSE Tumbleweed:vlc-noX-3.0.16-1.5.ppc64le", "openSUSE Tumbleweed:vlc-noX-3.0.16-1.5.s390x", "openSUSE Tumbleweed:vlc-noX-3.0.16-1.5.x86_64", "openSUSE Tumbleweed:vlc-opencv-3.0.16-1.5.aarch64", "openSUSE Tumbleweed:vlc-opencv-3.0.16-1.5.ppc64le", "openSUSE Tumbleweed:vlc-opencv-3.0.16-1.5.s390x", "openSUSE Tumbleweed:vlc-opencv-3.0.16-1.5.x86_64", "openSUSE Tumbleweed:vlc-qt-3.0.16-1.5.aarch64", "openSUSE Tumbleweed:vlc-qt-3.0.16-1.5.ppc64le", "openSUSE Tumbleweed:vlc-qt-3.0.16-1.5.s390x", "openSUSE Tumbleweed:vlc-qt-3.0.16-1.5.x86_64", "openSUSE Tumbleweed:vlc-vdpau-3.0.16-1.5.aarch64", "openSUSE Tumbleweed:vlc-vdpau-3.0.16-1.5.ppc64le", "openSUSE Tumbleweed:vlc-vdpau-3.0.16-1.5.s390x", "openSUSE Tumbleweed:vlc-vdpau-3.0.16-1.5.x86_64", ], }, ], threats: [ { category: "impact", date: "2024-06-15T00:00:00Z", details: "moderate", }, ], title: "CVE-2018-19857", }, { cve: "CVE-2019-13602", ids: [ { system_name: "SUSE CVE Page", text: "https://www.suse.com/security/cve/CVE-2019-13602", }, ], notes: [ { category: "general", text: "An Integer Underflow in MP4_EIA608_Convert() in modules/demux/mp4/mp4.c in VideoLAN VLC media player through 3.0.7.1 allows remote attackers to cause a denial of service (heap-based buffer overflow and crash) or possibly have unspecified other impact via a crafted .mp4 file.", title: "CVE description", }, ], product_status: { recommended: [ "openSUSE Tumbleweed:libvlc5-3.0.16-1.5.aarch64", "openSUSE Tumbleweed:libvlc5-3.0.16-1.5.ppc64le", "openSUSE Tumbleweed:libvlc5-3.0.16-1.5.s390x", "openSUSE Tumbleweed:libvlc5-3.0.16-1.5.x86_64", "openSUSE Tumbleweed:libvlccore9-3.0.16-1.5.aarch64", "openSUSE Tumbleweed:libvlccore9-3.0.16-1.5.ppc64le", "openSUSE Tumbleweed:libvlccore9-3.0.16-1.5.s390x", "openSUSE Tumbleweed:libvlccore9-3.0.16-1.5.x86_64", "openSUSE Tumbleweed:vlc-3.0.16-1.5.aarch64", "openSUSE Tumbleweed:vlc-3.0.16-1.5.ppc64le", "openSUSE Tumbleweed:vlc-3.0.16-1.5.s390x", "openSUSE Tumbleweed:vlc-3.0.16-1.5.x86_64", "openSUSE Tumbleweed:vlc-codec-gstreamer-3.0.16-1.5.aarch64", "openSUSE Tumbleweed:vlc-codec-gstreamer-3.0.16-1.5.ppc64le", "openSUSE Tumbleweed:vlc-codec-gstreamer-3.0.16-1.5.s390x", "openSUSE Tumbleweed:vlc-codec-gstreamer-3.0.16-1.5.x86_64", "openSUSE Tumbleweed:vlc-devel-3.0.16-1.5.aarch64", "openSUSE Tumbleweed:vlc-devel-3.0.16-1.5.ppc64le", "openSUSE Tumbleweed:vlc-devel-3.0.16-1.5.s390x", "openSUSE Tumbleweed:vlc-devel-3.0.16-1.5.x86_64", "openSUSE Tumbleweed:vlc-jack-3.0.16-1.5.aarch64", "openSUSE Tumbleweed:vlc-jack-3.0.16-1.5.ppc64le", "openSUSE Tumbleweed:vlc-jack-3.0.16-1.5.s390x", "openSUSE Tumbleweed:vlc-jack-3.0.16-1.5.x86_64", "openSUSE Tumbleweed:vlc-lang-3.0.16-1.5.aarch64", "openSUSE Tumbleweed:vlc-lang-3.0.16-1.5.ppc64le", "openSUSE Tumbleweed:vlc-lang-3.0.16-1.5.s390x", "openSUSE Tumbleweed:vlc-lang-3.0.16-1.5.x86_64", "openSUSE Tumbleweed:vlc-noX-3.0.16-1.5.aarch64", "openSUSE Tumbleweed:vlc-noX-3.0.16-1.5.ppc64le", "openSUSE Tumbleweed:vlc-noX-3.0.16-1.5.s390x", "openSUSE Tumbleweed:vlc-noX-3.0.16-1.5.x86_64", "openSUSE Tumbleweed:vlc-opencv-3.0.16-1.5.aarch64", "openSUSE Tumbleweed:vlc-opencv-3.0.16-1.5.ppc64le", "openSUSE Tumbleweed:vlc-opencv-3.0.16-1.5.s390x", "openSUSE Tumbleweed:vlc-opencv-3.0.16-1.5.x86_64", "openSUSE Tumbleweed:vlc-qt-3.0.16-1.5.aarch64", "openSUSE Tumbleweed:vlc-qt-3.0.16-1.5.ppc64le", "openSUSE Tumbleweed:vlc-qt-3.0.16-1.5.s390x", "openSUSE Tumbleweed:vlc-qt-3.0.16-1.5.x86_64", "openSUSE Tumbleweed:vlc-vdpau-3.0.16-1.5.aarch64", "openSUSE Tumbleweed:vlc-vdpau-3.0.16-1.5.ppc64le", "openSUSE Tumbleweed:vlc-vdpau-3.0.16-1.5.s390x", "openSUSE Tumbleweed:vlc-vdpau-3.0.16-1.5.x86_64", ], }, references: [ { category: "external", summary: "CVE-2019-13602", url: "https://www.suse.com/security/cve/CVE-2019-13602", }, { category: "external", summary: "SUSE Bug 1141522 for CVE-2019-13602", url: "https://bugzilla.suse.com/1141522", }, { category: "external", summary: "SUSE Bug 1146428 for CVE-2019-13602", url: "https://bugzilla.suse.com/1146428", }, ], remediations: [ { category: "vendor_fix", details: "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n", product_ids: [ "openSUSE Tumbleweed:libvlc5-3.0.16-1.5.aarch64", "openSUSE Tumbleweed:libvlc5-3.0.16-1.5.ppc64le", "openSUSE Tumbleweed:libvlc5-3.0.16-1.5.s390x", "openSUSE Tumbleweed:libvlc5-3.0.16-1.5.x86_64", "openSUSE Tumbleweed:libvlccore9-3.0.16-1.5.aarch64", "openSUSE Tumbleweed:libvlccore9-3.0.16-1.5.ppc64le", "openSUSE Tumbleweed:libvlccore9-3.0.16-1.5.s390x", "openSUSE Tumbleweed:libvlccore9-3.0.16-1.5.x86_64", "openSUSE Tumbleweed:vlc-3.0.16-1.5.aarch64", "openSUSE Tumbleweed:vlc-3.0.16-1.5.ppc64le", "openSUSE Tumbleweed:vlc-3.0.16-1.5.s390x", "openSUSE Tumbleweed:vlc-3.0.16-1.5.x86_64", "openSUSE Tumbleweed:vlc-codec-gstreamer-3.0.16-1.5.aarch64", "openSUSE Tumbleweed:vlc-codec-gstreamer-3.0.16-1.5.ppc64le", "openSUSE Tumbleweed:vlc-codec-gstreamer-3.0.16-1.5.s390x", "openSUSE Tumbleweed:vlc-codec-gstreamer-3.0.16-1.5.x86_64", "openSUSE Tumbleweed:vlc-devel-3.0.16-1.5.aarch64", "openSUSE Tumbleweed:vlc-devel-3.0.16-1.5.ppc64le", "openSUSE Tumbleweed:vlc-devel-3.0.16-1.5.s390x", "openSUSE Tumbleweed:vlc-devel-3.0.16-1.5.x86_64", "openSUSE Tumbleweed:vlc-jack-3.0.16-1.5.aarch64", "openSUSE Tumbleweed:vlc-jack-3.0.16-1.5.ppc64le", "openSUSE Tumbleweed:vlc-jack-3.0.16-1.5.s390x", "openSUSE Tumbleweed:vlc-jack-3.0.16-1.5.x86_64", "openSUSE Tumbleweed:vlc-lang-3.0.16-1.5.aarch64", "openSUSE Tumbleweed:vlc-lang-3.0.16-1.5.ppc64le", "openSUSE Tumbleweed:vlc-lang-3.0.16-1.5.s390x", "openSUSE Tumbleweed:vlc-lang-3.0.16-1.5.x86_64", "openSUSE Tumbleweed:vlc-noX-3.0.16-1.5.aarch64", "openSUSE Tumbleweed:vlc-noX-3.0.16-1.5.ppc64le", "openSUSE Tumbleweed:vlc-noX-3.0.16-1.5.s390x", "openSUSE Tumbleweed:vlc-noX-3.0.16-1.5.x86_64", "openSUSE Tumbleweed:vlc-opencv-3.0.16-1.5.aarch64", "openSUSE Tumbleweed:vlc-opencv-3.0.16-1.5.ppc64le", "openSUSE Tumbleweed:vlc-opencv-3.0.16-1.5.s390x", "openSUSE Tumbleweed:vlc-opencv-3.0.16-1.5.x86_64", "openSUSE Tumbleweed:vlc-qt-3.0.16-1.5.aarch64", "openSUSE Tumbleweed:vlc-qt-3.0.16-1.5.ppc64le", "openSUSE Tumbleweed:vlc-qt-3.0.16-1.5.s390x", "openSUSE Tumbleweed:vlc-qt-3.0.16-1.5.x86_64", "openSUSE Tumbleweed:vlc-vdpau-3.0.16-1.5.aarch64", "openSUSE Tumbleweed:vlc-vdpau-3.0.16-1.5.ppc64le", "openSUSE Tumbleweed:vlc-vdpau-3.0.16-1.5.s390x", "openSUSE Tumbleweed:vlc-vdpau-3.0.16-1.5.x86_64", ], }, ], scores: [ { cvss_v3: { baseScore: 7.8, baseSeverity: "HIGH", vectorString: "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", version: "3.0", }, products: [ "openSUSE Tumbleweed:libvlc5-3.0.16-1.5.aarch64", "openSUSE Tumbleweed:libvlc5-3.0.16-1.5.ppc64le", "openSUSE Tumbleweed:libvlc5-3.0.16-1.5.s390x", "openSUSE Tumbleweed:libvlc5-3.0.16-1.5.x86_64", "openSUSE Tumbleweed:libvlccore9-3.0.16-1.5.aarch64", "openSUSE Tumbleweed:libvlccore9-3.0.16-1.5.ppc64le", "openSUSE Tumbleweed:libvlccore9-3.0.16-1.5.s390x", "openSUSE Tumbleweed:libvlccore9-3.0.16-1.5.x86_64", "openSUSE Tumbleweed:vlc-3.0.16-1.5.aarch64", "openSUSE Tumbleweed:vlc-3.0.16-1.5.ppc64le", "openSUSE Tumbleweed:vlc-3.0.16-1.5.s390x", "openSUSE Tumbleweed:vlc-3.0.16-1.5.x86_64", "openSUSE Tumbleweed:vlc-codec-gstreamer-3.0.16-1.5.aarch64", "openSUSE Tumbleweed:vlc-codec-gstreamer-3.0.16-1.5.ppc64le", "openSUSE Tumbleweed:vlc-codec-gstreamer-3.0.16-1.5.s390x", "openSUSE Tumbleweed:vlc-codec-gstreamer-3.0.16-1.5.x86_64", "openSUSE Tumbleweed:vlc-devel-3.0.16-1.5.aarch64", "openSUSE Tumbleweed:vlc-devel-3.0.16-1.5.ppc64le", "openSUSE Tumbleweed:vlc-devel-3.0.16-1.5.s390x", "openSUSE Tumbleweed:vlc-devel-3.0.16-1.5.x86_64", "openSUSE Tumbleweed:vlc-jack-3.0.16-1.5.aarch64", "openSUSE Tumbleweed:vlc-jack-3.0.16-1.5.ppc64le", "openSUSE Tumbleweed:vlc-jack-3.0.16-1.5.s390x", "openSUSE Tumbleweed:vlc-jack-3.0.16-1.5.x86_64", "openSUSE Tumbleweed:vlc-lang-3.0.16-1.5.aarch64", "openSUSE Tumbleweed:vlc-lang-3.0.16-1.5.ppc64le", "openSUSE Tumbleweed:vlc-lang-3.0.16-1.5.s390x", "openSUSE Tumbleweed:vlc-lang-3.0.16-1.5.x86_64", "openSUSE Tumbleweed:vlc-noX-3.0.16-1.5.aarch64", "openSUSE Tumbleweed:vlc-noX-3.0.16-1.5.ppc64le", "openSUSE Tumbleweed:vlc-noX-3.0.16-1.5.s390x", "openSUSE Tumbleweed:vlc-noX-3.0.16-1.5.x86_64", "openSUSE Tumbleweed:vlc-opencv-3.0.16-1.5.aarch64", "openSUSE Tumbleweed:vlc-opencv-3.0.16-1.5.ppc64le", "openSUSE Tumbleweed:vlc-opencv-3.0.16-1.5.s390x", "openSUSE Tumbleweed:vlc-opencv-3.0.16-1.5.x86_64", "openSUSE Tumbleweed:vlc-qt-3.0.16-1.5.aarch64", "openSUSE Tumbleweed:vlc-qt-3.0.16-1.5.ppc64le", "openSUSE Tumbleweed:vlc-qt-3.0.16-1.5.s390x", "openSUSE Tumbleweed:vlc-qt-3.0.16-1.5.x86_64", "openSUSE Tumbleweed:vlc-vdpau-3.0.16-1.5.aarch64", "openSUSE Tumbleweed:vlc-vdpau-3.0.16-1.5.ppc64le", "openSUSE Tumbleweed:vlc-vdpau-3.0.16-1.5.s390x", "openSUSE Tumbleweed:vlc-vdpau-3.0.16-1.5.x86_64", ], }, ], threats: [ { category: "impact", date: "2024-06-15T00:00:00Z", details: "important", }, ], title: "CVE-2019-13602", }, { cve: "CVE-2019-13962", ids: [ { system_name: "SUSE CVE Page", text: "https://www.suse.com/security/cve/CVE-2019-13962", }, ], notes: [ { category: "general", text: "lavc_CopyPicture in modules/codec/avcodec/video.c in VideoLAN VLC media player through 3.0.7 has a heap-based buffer over-read because it does not properly validate the width and height.", title: "CVE description", }, ], product_status: { recommended: [ "openSUSE Tumbleweed:libvlc5-3.0.16-1.5.aarch64", "openSUSE Tumbleweed:libvlc5-3.0.16-1.5.ppc64le", "openSUSE Tumbleweed:libvlc5-3.0.16-1.5.s390x", "openSUSE Tumbleweed:libvlc5-3.0.16-1.5.x86_64", "openSUSE Tumbleweed:libvlccore9-3.0.16-1.5.aarch64", "openSUSE Tumbleweed:libvlccore9-3.0.16-1.5.ppc64le", "openSUSE Tumbleweed:libvlccore9-3.0.16-1.5.s390x", "openSUSE Tumbleweed:libvlccore9-3.0.16-1.5.x86_64", "openSUSE Tumbleweed:vlc-3.0.16-1.5.aarch64", "openSUSE Tumbleweed:vlc-3.0.16-1.5.ppc64le", "openSUSE Tumbleweed:vlc-3.0.16-1.5.s390x", "openSUSE Tumbleweed:vlc-3.0.16-1.5.x86_64", "openSUSE Tumbleweed:vlc-codec-gstreamer-3.0.16-1.5.aarch64", "openSUSE Tumbleweed:vlc-codec-gstreamer-3.0.16-1.5.ppc64le", "openSUSE Tumbleweed:vlc-codec-gstreamer-3.0.16-1.5.s390x", "openSUSE Tumbleweed:vlc-codec-gstreamer-3.0.16-1.5.x86_64", "openSUSE Tumbleweed:vlc-devel-3.0.16-1.5.aarch64", "openSUSE Tumbleweed:vlc-devel-3.0.16-1.5.ppc64le", "openSUSE Tumbleweed:vlc-devel-3.0.16-1.5.s390x", "openSUSE Tumbleweed:vlc-devel-3.0.16-1.5.x86_64", "openSUSE Tumbleweed:vlc-jack-3.0.16-1.5.aarch64", "openSUSE Tumbleweed:vlc-jack-3.0.16-1.5.ppc64le", "openSUSE Tumbleweed:vlc-jack-3.0.16-1.5.s390x", "openSUSE Tumbleweed:vlc-jack-3.0.16-1.5.x86_64", "openSUSE Tumbleweed:vlc-lang-3.0.16-1.5.aarch64", "openSUSE Tumbleweed:vlc-lang-3.0.16-1.5.ppc64le", "openSUSE Tumbleweed:vlc-lang-3.0.16-1.5.s390x", "openSUSE Tumbleweed:vlc-lang-3.0.16-1.5.x86_64", "openSUSE Tumbleweed:vlc-noX-3.0.16-1.5.aarch64", "openSUSE Tumbleweed:vlc-noX-3.0.16-1.5.ppc64le", "openSUSE Tumbleweed:vlc-noX-3.0.16-1.5.s390x", "openSUSE Tumbleweed:vlc-noX-3.0.16-1.5.x86_64", "openSUSE Tumbleweed:vlc-opencv-3.0.16-1.5.aarch64", "openSUSE Tumbleweed:vlc-opencv-3.0.16-1.5.ppc64le", "openSUSE Tumbleweed:vlc-opencv-3.0.16-1.5.s390x", "openSUSE Tumbleweed:vlc-opencv-3.0.16-1.5.x86_64", "openSUSE Tumbleweed:vlc-qt-3.0.16-1.5.aarch64", "openSUSE Tumbleweed:vlc-qt-3.0.16-1.5.ppc64le", "openSUSE Tumbleweed:vlc-qt-3.0.16-1.5.s390x", "openSUSE Tumbleweed:vlc-qt-3.0.16-1.5.x86_64", "openSUSE Tumbleweed:vlc-vdpau-3.0.16-1.5.aarch64", "openSUSE Tumbleweed:vlc-vdpau-3.0.16-1.5.ppc64le", "openSUSE Tumbleweed:vlc-vdpau-3.0.16-1.5.s390x", "openSUSE Tumbleweed:vlc-vdpau-3.0.16-1.5.x86_64", ], }, references: [ { category: "external", summary: "CVE-2019-13962", url: "https://www.suse.com/security/cve/CVE-2019-13962", }, { category: "external", summary: "SUSE Bug 1142161 for CVE-2019-13962", url: "https://bugzilla.suse.com/1142161", }, { category: "external", summary: "SUSE Bug 1146428 for CVE-2019-13962", url: "https://bugzilla.suse.com/1146428", }, ], remediations: [ { category: "vendor_fix", details: "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n", product_ids: [ "openSUSE Tumbleweed:libvlc5-3.0.16-1.5.aarch64", "openSUSE Tumbleweed:libvlc5-3.0.16-1.5.ppc64le", "openSUSE Tumbleweed:libvlc5-3.0.16-1.5.s390x", "openSUSE Tumbleweed:libvlc5-3.0.16-1.5.x86_64", "openSUSE Tumbleweed:libvlccore9-3.0.16-1.5.aarch64", "openSUSE Tumbleweed:libvlccore9-3.0.16-1.5.ppc64le", "openSUSE Tumbleweed:libvlccore9-3.0.16-1.5.s390x", "openSUSE Tumbleweed:libvlccore9-3.0.16-1.5.x86_64", "openSUSE Tumbleweed:vlc-3.0.16-1.5.aarch64", "openSUSE Tumbleweed:vlc-3.0.16-1.5.ppc64le", "openSUSE Tumbleweed:vlc-3.0.16-1.5.s390x", "openSUSE Tumbleweed:vlc-3.0.16-1.5.x86_64", "openSUSE Tumbleweed:vlc-codec-gstreamer-3.0.16-1.5.aarch64", "openSUSE Tumbleweed:vlc-codec-gstreamer-3.0.16-1.5.ppc64le", "openSUSE Tumbleweed:vlc-codec-gstreamer-3.0.16-1.5.s390x", "openSUSE Tumbleweed:vlc-codec-gstreamer-3.0.16-1.5.x86_64", "openSUSE Tumbleweed:vlc-devel-3.0.16-1.5.aarch64", "openSUSE Tumbleweed:vlc-devel-3.0.16-1.5.ppc64le", "openSUSE Tumbleweed:vlc-devel-3.0.16-1.5.s390x", "openSUSE Tumbleweed:vlc-devel-3.0.16-1.5.x86_64", "openSUSE Tumbleweed:vlc-jack-3.0.16-1.5.aarch64", "openSUSE Tumbleweed:vlc-jack-3.0.16-1.5.ppc64le", "openSUSE Tumbleweed:vlc-jack-3.0.16-1.5.s390x", "openSUSE Tumbleweed:vlc-jack-3.0.16-1.5.x86_64", "openSUSE Tumbleweed:vlc-lang-3.0.16-1.5.aarch64", "openSUSE Tumbleweed:vlc-lang-3.0.16-1.5.ppc64le", "openSUSE Tumbleweed:vlc-lang-3.0.16-1.5.s390x", "openSUSE Tumbleweed:vlc-lang-3.0.16-1.5.x86_64", "openSUSE Tumbleweed:vlc-noX-3.0.16-1.5.aarch64", "openSUSE Tumbleweed:vlc-noX-3.0.16-1.5.ppc64le", "openSUSE Tumbleweed:vlc-noX-3.0.16-1.5.s390x", "openSUSE Tumbleweed:vlc-noX-3.0.16-1.5.x86_64", "openSUSE Tumbleweed:vlc-opencv-3.0.16-1.5.aarch64", "openSUSE Tumbleweed:vlc-opencv-3.0.16-1.5.ppc64le", "openSUSE Tumbleweed:vlc-opencv-3.0.16-1.5.s390x", "openSUSE Tumbleweed:vlc-opencv-3.0.16-1.5.x86_64", "openSUSE Tumbleweed:vlc-qt-3.0.16-1.5.aarch64", "openSUSE Tumbleweed:vlc-qt-3.0.16-1.5.ppc64le", "openSUSE Tumbleweed:vlc-qt-3.0.16-1.5.s390x", "openSUSE Tumbleweed:vlc-qt-3.0.16-1.5.x86_64", "openSUSE Tumbleweed:vlc-vdpau-3.0.16-1.5.aarch64", "openSUSE Tumbleweed:vlc-vdpau-3.0.16-1.5.ppc64le", "openSUSE Tumbleweed:vlc-vdpau-3.0.16-1.5.s390x", "openSUSE Tumbleweed:vlc-vdpau-3.0.16-1.5.x86_64", ], }, ], scores: [ { cvss_v3: { baseScore: 9.8, baseSeverity: "CRITICAL", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", version: "3.1", }, products: [ "openSUSE Tumbleweed:libvlc5-3.0.16-1.5.aarch64", "openSUSE Tumbleweed:libvlc5-3.0.16-1.5.ppc64le", "openSUSE Tumbleweed:libvlc5-3.0.16-1.5.s390x", "openSUSE Tumbleweed:libvlc5-3.0.16-1.5.x86_64", "openSUSE Tumbleweed:libvlccore9-3.0.16-1.5.aarch64", "openSUSE Tumbleweed:libvlccore9-3.0.16-1.5.ppc64le", "openSUSE Tumbleweed:libvlccore9-3.0.16-1.5.s390x", "openSUSE Tumbleweed:libvlccore9-3.0.16-1.5.x86_64", "openSUSE Tumbleweed:vlc-3.0.16-1.5.aarch64", "openSUSE Tumbleweed:vlc-3.0.16-1.5.ppc64le", "openSUSE Tumbleweed:vlc-3.0.16-1.5.s390x", "openSUSE Tumbleweed:vlc-3.0.16-1.5.x86_64", "openSUSE Tumbleweed:vlc-codec-gstreamer-3.0.16-1.5.aarch64", "openSUSE Tumbleweed:vlc-codec-gstreamer-3.0.16-1.5.ppc64le", "openSUSE Tumbleweed:vlc-codec-gstreamer-3.0.16-1.5.s390x", "openSUSE Tumbleweed:vlc-codec-gstreamer-3.0.16-1.5.x86_64", "openSUSE Tumbleweed:vlc-devel-3.0.16-1.5.aarch64", "openSUSE Tumbleweed:vlc-devel-3.0.16-1.5.ppc64le", "openSUSE Tumbleweed:vlc-devel-3.0.16-1.5.s390x", "openSUSE Tumbleweed:vlc-devel-3.0.16-1.5.x86_64", "openSUSE Tumbleweed:vlc-jack-3.0.16-1.5.aarch64", "openSUSE Tumbleweed:vlc-jack-3.0.16-1.5.ppc64le", "openSUSE Tumbleweed:vlc-jack-3.0.16-1.5.s390x", "openSUSE Tumbleweed:vlc-jack-3.0.16-1.5.x86_64", "openSUSE Tumbleweed:vlc-lang-3.0.16-1.5.aarch64", "openSUSE Tumbleweed:vlc-lang-3.0.16-1.5.ppc64le", "openSUSE Tumbleweed:vlc-lang-3.0.16-1.5.s390x", "openSUSE Tumbleweed:vlc-lang-3.0.16-1.5.x86_64", "openSUSE Tumbleweed:vlc-noX-3.0.16-1.5.aarch64", "openSUSE Tumbleweed:vlc-noX-3.0.16-1.5.ppc64le", "openSUSE Tumbleweed:vlc-noX-3.0.16-1.5.s390x", "openSUSE Tumbleweed:vlc-noX-3.0.16-1.5.x86_64", "openSUSE Tumbleweed:vlc-opencv-3.0.16-1.5.aarch64", "openSUSE Tumbleweed:vlc-opencv-3.0.16-1.5.ppc64le", "openSUSE Tumbleweed:vlc-opencv-3.0.16-1.5.s390x", "openSUSE Tumbleweed:vlc-opencv-3.0.16-1.5.x86_64", "openSUSE Tumbleweed:vlc-qt-3.0.16-1.5.aarch64", "openSUSE Tumbleweed:vlc-qt-3.0.16-1.5.ppc64le", "openSUSE Tumbleweed:vlc-qt-3.0.16-1.5.s390x", "openSUSE Tumbleweed:vlc-qt-3.0.16-1.5.x86_64", "openSUSE Tumbleweed:vlc-vdpau-3.0.16-1.5.aarch64", "openSUSE Tumbleweed:vlc-vdpau-3.0.16-1.5.ppc64le", "openSUSE Tumbleweed:vlc-vdpau-3.0.16-1.5.s390x", "openSUSE Tumbleweed:vlc-vdpau-3.0.16-1.5.x86_64", ], }, ], threats: [ { category: "impact", date: "2024-06-15T00:00:00Z", details: "critical", }, ], title: "CVE-2019-13962", }, { cve: "CVE-2019-14437", ids: [ { system_name: "SUSE CVE Page", text: "https://www.suse.com/security/cve/CVE-2019-14437", }, ], notes: [ { category: "general", text: "The xiph_SplitHeaders function in modules/demux/xiph.h in VideoLAN VLC media player 3.0.7.1 does not check array bounds properly. As a result, a heap-based buffer over-read can be triggered via a crafted .ogg file.", title: "CVE description", }, ], product_status: { recommended: [ "openSUSE Tumbleweed:libvlc5-3.0.16-1.5.aarch64", "openSUSE Tumbleweed:libvlc5-3.0.16-1.5.ppc64le", "openSUSE Tumbleweed:libvlc5-3.0.16-1.5.s390x", "openSUSE Tumbleweed:libvlc5-3.0.16-1.5.x86_64", "openSUSE Tumbleweed:libvlccore9-3.0.16-1.5.aarch64", "openSUSE Tumbleweed:libvlccore9-3.0.16-1.5.ppc64le", "openSUSE Tumbleweed:libvlccore9-3.0.16-1.5.s390x", "openSUSE Tumbleweed:libvlccore9-3.0.16-1.5.x86_64", "openSUSE Tumbleweed:vlc-3.0.16-1.5.aarch64", "openSUSE Tumbleweed:vlc-3.0.16-1.5.ppc64le", "openSUSE Tumbleweed:vlc-3.0.16-1.5.s390x", "openSUSE Tumbleweed:vlc-3.0.16-1.5.x86_64", "openSUSE Tumbleweed:vlc-codec-gstreamer-3.0.16-1.5.aarch64", "openSUSE Tumbleweed:vlc-codec-gstreamer-3.0.16-1.5.ppc64le", "openSUSE Tumbleweed:vlc-codec-gstreamer-3.0.16-1.5.s390x", "openSUSE Tumbleweed:vlc-codec-gstreamer-3.0.16-1.5.x86_64", "openSUSE Tumbleweed:vlc-devel-3.0.16-1.5.aarch64", "openSUSE Tumbleweed:vlc-devel-3.0.16-1.5.ppc64le", "openSUSE Tumbleweed:vlc-devel-3.0.16-1.5.s390x", "openSUSE Tumbleweed:vlc-devel-3.0.16-1.5.x86_64", "openSUSE Tumbleweed:vlc-jack-3.0.16-1.5.aarch64", "openSUSE Tumbleweed:vlc-jack-3.0.16-1.5.ppc64le", "openSUSE Tumbleweed:vlc-jack-3.0.16-1.5.s390x", "openSUSE Tumbleweed:vlc-jack-3.0.16-1.5.x86_64", "openSUSE Tumbleweed:vlc-lang-3.0.16-1.5.aarch64", "openSUSE Tumbleweed:vlc-lang-3.0.16-1.5.ppc64le", "openSUSE Tumbleweed:vlc-lang-3.0.16-1.5.s390x", "openSUSE Tumbleweed:vlc-lang-3.0.16-1.5.x86_64", "openSUSE Tumbleweed:vlc-noX-3.0.16-1.5.aarch64", "openSUSE Tumbleweed:vlc-noX-3.0.16-1.5.ppc64le", "openSUSE Tumbleweed:vlc-noX-3.0.16-1.5.s390x", "openSUSE Tumbleweed:vlc-noX-3.0.16-1.5.x86_64", "openSUSE Tumbleweed:vlc-opencv-3.0.16-1.5.aarch64", "openSUSE Tumbleweed:vlc-opencv-3.0.16-1.5.ppc64le", "openSUSE Tumbleweed:vlc-opencv-3.0.16-1.5.s390x", "openSUSE Tumbleweed:vlc-opencv-3.0.16-1.5.x86_64", "openSUSE Tumbleweed:vlc-qt-3.0.16-1.5.aarch64", "openSUSE Tumbleweed:vlc-qt-3.0.16-1.5.ppc64le", "openSUSE Tumbleweed:vlc-qt-3.0.16-1.5.s390x", "openSUSE Tumbleweed:vlc-qt-3.0.16-1.5.x86_64", "openSUSE Tumbleweed:vlc-vdpau-3.0.16-1.5.aarch64", "openSUSE Tumbleweed:vlc-vdpau-3.0.16-1.5.ppc64le", "openSUSE Tumbleweed:vlc-vdpau-3.0.16-1.5.s390x", "openSUSE Tumbleweed:vlc-vdpau-3.0.16-1.5.x86_64", ], }, references: [ { category: "external", summary: "CVE-2019-14437", url: "https://www.suse.com/security/cve/CVE-2019-14437", }, { category: "external", summary: "SUSE Bug 1146428 for CVE-2019-14437", url: "https://bugzilla.suse.com/1146428", }, ], remediations: [ { category: "vendor_fix", details: "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n", product_ids: [ "openSUSE Tumbleweed:libvlc5-3.0.16-1.5.aarch64", "openSUSE Tumbleweed:libvlc5-3.0.16-1.5.ppc64le", "openSUSE Tumbleweed:libvlc5-3.0.16-1.5.s390x", "openSUSE Tumbleweed:libvlc5-3.0.16-1.5.x86_64", "openSUSE Tumbleweed:libvlccore9-3.0.16-1.5.aarch64", "openSUSE Tumbleweed:libvlccore9-3.0.16-1.5.ppc64le", "openSUSE Tumbleweed:libvlccore9-3.0.16-1.5.s390x", "openSUSE Tumbleweed:libvlccore9-3.0.16-1.5.x86_64", "openSUSE Tumbleweed:vlc-3.0.16-1.5.aarch64", "openSUSE Tumbleweed:vlc-3.0.16-1.5.ppc64le", "openSUSE Tumbleweed:vlc-3.0.16-1.5.s390x", "openSUSE Tumbleweed:vlc-3.0.16-1.5.x86_64", "openSUSE Tumbleweed:vlc-codec-gstreamer-3.0.16-1.5.aarch64", "openSUSE Tumbleweed:vlc-codec-gstreamer-3.0.16-1.5.ppc64le", "openSUSE Tumbleweed:vlc-codec-gstreamer-3.0.16-1.5.s390x", "openSUSE Tumbleweed:vlc-codec-gstreamer-3.0.16-1.5.x86_64", "openSUSE Tumbleweed:vlc-devel-3.0.16-1.5.aarch64", "openSUSE Tumbleweed:vlc-devel-3.0.16-1.5.ppc64le", "openSUSE Tumbleweed:vlc-devel-3.0.16-1.5.s390x", "openSUSE Tumbleweed:vlc-devel-3.0.16-1.5.x86_64", "openSUSE Tumbleweed:vlc-jack-3.0.16-1.5.aarch64", "openSUSE Tumbleweed:vlc-jack-3.0.16-1.5.ppc64le", "openSUSE Tumbleweed:vlc-jack-3.0.16-1.5.s390x", "openSUSE Tumbleweed:vlc-jack-3.0.16-1.5.x86_64", "openSUSE Tumbleweed:vlc-lang-3.0.16-1.5.aarch64", "openSUSE Tumbleweed:vlc-lang-3.0.16-1.5.ppc64le", "openSUSE Tumbleweed:vlc-lang-3.0.16-1.5.s390x", "openSUSE Tumbleweed:vlc-lang-3.0.16-1.5.x86_64", "openSUSE Tumbleweed:vlc-noX-3.0.16-1.5.aarch64", "openSUSE Tumbleweed:vlc-noX-3.0.16-1.5.ppc64le", "openSUSE Tumbleweed:vlc-noX-3.0.16-1.5.s390x", "openSUSE Tumbleweed:vlc-noX-3.0.16-1.5.x86_64", "openSUSE Tumbleweed:vlc-opencv-3.0.16-1.5.aarch64", "openSUSE Tumbleweed:vlc-opencv-3.0.16-1.5.ppc64le", "openSUSE Tumbleweed:vlc-opencv-3.0.16-1.5.s390x", "openSUSE Tumbleweed:vlc-opencv-3.0.16-1.5.x86_64", "openSUSE Tumbleweed:vlc-qt-3.0.16-1.5.aarch64", "openSUSE Tumbleweed:vlc-qt-3.0.16-1.5.ppc64le", "openSUSE Tumbleweed:vlc-qt-3.0.16-1.5.s390x", "openSUSE Tumbleweed:vlc-qt-3.0.16-1.5.x86_64", "openSUSE Tumbleweed:vlc-vdpau-3.0.16-1.5.aarch64", "openSUSE Tumbleweed:vlc-vdpau-3.0.16-1.5.ppc64le", "openSUSE Tumbleweed:vlc-vdpau-3.0.16-1.5.s390x", "openSUSE Tumbleweed:vlc-vdpau-3.0.16-1.5.x86_64", ], }, ], scores: [ { cvss_v3: { baseScore: 7.8, baseSeverity: "HIGH", vectorString: "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", version: "3.0", }, products: [ "openSUSE Tumbleweed:libvlc5-3.0.16-1.5.aarch64", "openSUSE Tumbleweed:libvlc5-3.0.16-1.5.ppc64le", "openSUSE Tumbleweed:libvlc5-3.0.16-1.5.s390x", "openSUSE Tumbleweed:libvlc5-3.0.16-1.5.x86_64", "openSUSE Tumbleweed:libvlccore9-3.0.16-1.5.aarch64", "openSUSE Tumbleweed:libvlccore9-3.0.16-1.5.ppc64le", "openSUSE Tumbleweed:libvlccore9-3.0.16-1.5.s390x", "openSUSE Tumbleweed:libvlccore9-3.0.16-1.5.x86_64", "openSUSE Tumbleweed:vlc-3.0.16-1.5.aarch64", "openSUSE Tumbleweed:vlc-3.0.16-1.5.ppc64le", "openSUSE Tumbleweed:vlc-3.0.16-1.5.s390x", "openSUSE Tumbleweed:vlc-3.0.16-1.5.x86_64", "openSUSE Tumbleweed:vlc-codec-gstreamer-3.0.16-1.5.aarch64", "openSUSE Tumbleweed:vlc-codec-gstreamer-3.0.16-1.5.ppc64le", "openSUSE Tumbleweed:vlc-codec-gstreamer-3.0.16-1.5.s390x", "openSUSE Tumbleweed:vlc-codec-gstreamer-3.0.16-1.5.x86_64", "openSUSE Tumbleweed:vlc-devel-3.0.16-1.5.aarch64", "openSUSE Tumbleweed:vlc-devel-3.0.16-1.5.ppc64le", "openSUSE Tumbleweed:vlc-devel-3.0.16-1.5.s390x", "openSUSE Tumbleweed:vlc-devel-3.0.16-1.5.x86_64", "openSUSE Tumbleweed:vlc-jack-3.0.16-1.5.aarch64", "openSUSE Tumbleweed:vlc-jack-3.0.16-1.5.ppc64le", "openSUSE Tumbleweed:vlc-jack-3.0.16-1.5.s390x", "openSUSE Tumbleweed:vlc-jack-3.0.16-1.5.x86_64", "openSUSE Tumbleweed:vlc-lang-3.0.16-1.5.aarch64", "openSUSE Tumbleweed:vlc-lang-3.0.16-1.5.ppc64le", "openSUSE Tumbleweed:vlc-lang-3.0.16-1.5.s390x", "openSUSE Tumbleweed:vlc-lang-3.0.16-1.5.x86_64", "openSUSE Tumbleweed:vlc-noX-3.0.16-1.5.aarch64", "openSUSE Tumbleweed:vlc-noX-3.0.16-1.5.ppc64le", "openSUSE Tumbleweed:vlc-noX-3.0.16-1.5.s390x", "openSUSE Tumbleweed:vlc-noX-3.0.16-1.5.x86_64", "openSUSE Tumbleweed:vlc-opencv-3.0.16-1.5.aarch64", "openSUSE Tumbleweed:vlc-opencv-3.0.16-1.5.ppc64le", "openSUSE Tumbleweed:vlc-opencv-3.0.16-1.5.s390x", "openSUSE Tumbleweed:vlc-opencv-3.0.16-1.5.x86_64", "openSUSE Tumbleweed:vlc-qt-3.0.16-1.5.aarch64", "openSUSE Tumbleweed:vlc-qt-3.0.16-1.5.ppc64le", "openSUSE Tumbleweed:vlc-qt-3.0.16-1.5.s390x", "openSUSE Tumbleweed:vlc-qt-3.0.16-1.5.x86_64", "openSUSE Tumbleweed:vlc-vdpau-3.0.16-1.5.aarch64", "openSUSE Tumbleweed:vlc-vdpau-3.0.16-1.5.ppc64le", "openSUSE Tumbleweed:vlc-vdpau-3.0.16-1.5.s390x", "openSUSE Tumbleweed:vlc-vdpau-3.0.16-1.5.x86_64", ], }, ], threats: [ { category: "impact", date: "2024-06-15T00:00:00Z", details: "moderate", }, ], title: "CVE-2019-14437", }, { cve: "CVE-2019-14498", ids: [ { system_name: "SUSE CVE Page", text: "https://www.suse.com/security/cve/CVE-2019-14498", }, ], notes: [ { category: "general", text: "A divide-by-zero error exists in the Control function of demux/caf.c in VideoLAN VLC media player 3.0.7.1. As a result, an FPE can be triggered via a crafted CAF file.", title: "CVE description", }, ], product_status: { recommended: [ "openSUSE Tumbleweed:libvlc5-3.0.16-1.5.aarch64", "openSUSE Tumbleweed:libvlc5-3.0.16-1.5.ppc64le", "openSUSE Tumbleweed:libvlc5-3.0.16-1.5.s390x", "openSUSE Tumbleweed:libvlc5-3.0.16-1.5.x86_64", "openSUSE Tumbleweed:libvlccore9-3.0.16-1.5.aarch64", "openSUSE Tumbleweed:libvlccore9-3.0.16-1.5.ppc64le", "openSUSE Tumbleweed:libvlccore9-3.0.16-1.5.s390x", "openSUSE Tumbleweed:libvlccore9-3.0.16-1.5.x86_64", "openSUSE Tumbleweed:vlc-3.0.16-1.5.aarch64", "openSUSE Tumbleweed:vlc-3.0.16-1.5.ppc64le", "openSUSE Tumbleweed:vlc-3.0.16-1.5.s390x", "openSUSE Tumbleweed:vlc-3.0.16-1.5.x86_64", "openSUSE Tumbleweed:vlc-codec-gstreamer-3.0.16-1.5.aarch64", "openSUSE Tumbleweed:vlc-codec-gstreamer-3.0.16-1.5.ppc64le", "openSUSE Tumbleweed:vlc-codec-gstreamer-3.0.16-1.5.s390x", "openSUSE Tumbleweed:vlc-codec-gstreamer-3.0.16-1.5.x86_64", "openSUSE Tumbleweed:vlc-devel-3.0.16-1.5.aarch64", "openSUSE Tumbleweed:vlc-devel-3.0.16-1.5.ppc64le", "openSUSE Tumbleweed:vlc-devel-3.0.16-1.5.s390x", "openSUSE Tumbleweed:vlc-devel-3.0.16-1.5.x86_64", "openSUSE Tumbleweed:vlc-jack-3.0.16-1.5.aarch64", "openSUSE Tumbleweed:vlc-jack-3.0.16-1.5.ppc64le", "openSUSE Tumbleweed:vlc-jack-3.0.16-1.5.s390x", "openSUSE Tumbleweed:vlc-jack-3.0.16-1.5.x86_64", "openSUSE Tumbleweed:vlc-lang-3.0.16-1.5.aarch64", "openSUSE Tumbleweed:vlc-lang-3.0.16-1.5.ppc64le", "openSUSE Tumbleweed:vlc-lang-3.0.16-1.5.s390x", "openSUSE Tumbleweed:vlc-lang-3.0.16-1.5.x86_64", "openSUSE Tumbleweed:vlc-noX-3.0.16-1.5.aarch64", "openSUSE Tumbleweed:vlc-noX-3.0.16-1.5.ppc64le", "openSUSE Tumbleweed:vlc-noX-3.0.16-1.5.s390x", "openSUSE Tumbleweed:vlc-noX-3.0.16-1.5.x86_64", "openSUSE Tumbleweed:vlc-opencv-3.0.16-1.5.aarch64", "openSUSE Tumbleweed:vlc-opencv-3.0.16-1.5.ppc64le", "openSUSE Tumbleweed:vlc-opencv-3.0.16-1.5.s390x", "openSUSE Tumbleweed:vlc-opencv-3.0.16-1.5.x86_64", "openSUSE Tumbleweed:vlc-qt-3.0.16-1.5.aarch64", "openSUSE Tumbleweed:vlc-qt-3.0.16-1.5.ppc64le", "openSUSE Tumbleweed:vlc-qt-3.0.16-1.5.s390x", "openSUSE Tumbleweed:vlc-qt-3.0.16-1.5.x86_64", "openSUSE Tumbleweed:vlc-vdpau-3.0.16-1.5.aarch64", "openSUSE Tumbleweed:vlc-vdpau-3.0.16-1.5.ppc64le", "openSUSE Tumbleweed:vlc-vdpau-3.0.16-1.5.s390x", "openSUSE Tumbleweed:vlc-vdpau-3.0.16-1.5.x86_64", ], }, references: [ { category: "external", summary: "CVE-2019-14498", url: "https://www.suse.com/security/cve/CVE-2019-14498", }, { category: "external", summary: "SUSE Bug 1146428 for CVE-2019-14498", url: "https://bugzilla.suse.com/1146428", }, ], remediations: [ { category: "vendor_fix", details: "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n", product_ids: [ "openSUSE Tumbleweed:libvlc5-3.0.16-1.5.aarch64", "openSUSE Tumbleweed:libvlc5-3.0.16-1.5.ppc64le", "openSUSE Tumbleweed:libvlc5-3.0.16-1.5.s390x", "openSUSE Tumbleweed:libvlc5-3.0.16-1.5.x86_64", "openSUSE Tumbleweed:libvlccore9-3.0.16-1.5.aarch64", "openSUSE Tumbleweed:libvlccore9-3.0.16-1.5.ppc64le", "openSUSE Tumbleweed:libvlccore9-3.0.16-1.5.s390x", "openSUSE Tumbleweed:libvlccore9-3.0.16-1.5.x86_64", "openSUSE Tumbleweed:vlc-3.0.16-1.5.aarch64", "openSUSE Tumbleweed:vlc-3.0.16-1.5.ppc64le", "openSUSE Tumbleweed:vlc-3.0.16-1.5.s390x", "openSUSE Tumbleweed:vlc-3.0.16-1.5.x86_64", "openSUSE Tumbleweed:vlc-codec-gstreamer-3.0.16-1.5.aarch64", "openSUSE Tumbleweed:vlc-codec-gstreamer-3.0.16-1.5.ppc64le", "openSUSE Tumbleweed:vlc-codec-gstreamer-3.0.16-1.5.s390x", "openSUSE Tumbleweed:vlc-codec-gstreamer-3.0.16-1.5.x86_64", "openSUSE Tumbleweed:vlc-devel-3.0.16-1.5.aarch64", "openSUSE Tumbleweed:vlc-devel-3.0.16-1.5.ppc64le", "openSUSE Tumbleweed:vlc-devel-3.0.16-1.5.s390x", "openSUSE Tumbleweed:vlc-devel-3.0.16-1.5.x86_64", "openSUSE Tumbleweed:vlc-jack-3.0.16-1.5.aarch64", "openSUSE Tumbleweed:vlc-jack-3.0.16-1.5.ppc64le", "openSUSE Tumbleweed:vlc-jack-3.0.16-1.5.s390x", "openSUSE Tumbleweed:vlc-jack-3.0.16-1.5.x86_64", "openSUSE Tumbleweed:vlc-lang-3.0.16-1.5.aarch64", "openSUSE Tumbleweed:vlc-lang-3.0.16-1.5.ppc64le", "openSUSE Tumbleweed:vlc-lang-3.0.16-1.5.s390x", "openSUSE Tumbleweed:vlc-lang-3.0.16-1.5.x86_64", "openSUSE Tumbleweed:vlc-noX-3.0.16-1.5.aarch64", "openSUSE Tumbleweed:vlc-noX-3.0.16-1.5.ppc64le", "openSUSE Tumbleweed:vlc-noX-3.0.16-1.5.s390x", "openSUSE Tumbleweed:vlc-noX-3.0.16-1.5.x86_64", "openSUSE Tumbleweed:vlc-opencv-3.0.16-1.5.aarch64", "openSUSE Tumbleweed:vlc-opencv-3.0.16-1.5.ppc64le", "openSUSE Tumbleweed:vlc-opencv-3.0.16-1.5.s390x", "openSUSE Tumbleweed:vlc-opencv-3.0.16-1.5.x86_64", "openSUSE Tumbleweed:vlc-qt-3.0.16-1.5.aarch64", "openSUSE Tumbleweed:vlc-qt-3.0.16-1.5.ppc64le", "openSUSE Tumbleweed:vlc-qt-3.0.16-1.5.s390x", "openSUSE Tumbleweed:vlc-qt-3.0.16-1.5.x86_64", "openSUSE Tumbleweed:vlc-vdpau-3.0.16-1.5.aarch64", "openSUSE Tumbleweed:vlc-vdpau-3.0.16-1.5.ppc64le", "openSUSE Tumbleweed:vlc-vdpau-3.0.16-1.5.s390x", "openSUSE Tumbleweed:vlc-vdpau-3.0.16-1.5.x86_64", ], }, ], scores: [ { cvss_v3: { baseScore: 7.8, baseSeverity: "HIGH", vectorString: "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", version: "3.0", }, products: [ "openSUSE Tumbleweed:libvlc5-3.0.16-1.5.aarch64", "openSUSE Tumbleweed:libvlc5-3.0.16-1.5.ppc64le", "openSUSE Tumbleweed:libvlc5-3.0.16-1.5.s390x", "openSUSE Tumbleweed:libvlc5-3.0.16-1.5.x86_64", "openSUSE Tumbleweed:libvlccore9-3.0.16-1.5.aarch64", "openSUSE Tumbleweed:libvlccore9-3.0.16-1.5.ppc64le", "openSUSE Tumbleweed:libvlccore9-3.0.16-1.5.s390x", "openSUSE Tumbleweed:libvlccore9-3.0.16-1.5.x86_64", "openSUSE Tumbleweed:vlc-3.0.16-1.5.aarch64", "openSUSE Tumbleweed:vlc-3.0.16-1.5.ppc64le", "openSUSE Tumbleweed:vlc-3.0.16-1.5.s390x", "openSUSE Tumbleweed:vlc-3.0.16-1.5.x86_64", "openSUSE Tumbleweed:vlc-codec-gstreamer-3.0.16-1.5.aarch64", "openSUSE Tumbleweed:vlc-codec-gstreamer-3.0.16-1.5.ppc64le", "openSUSE Tumbleweed:vlc-codec-gstreamer-3.0.16-1.5.s390x", "openSUSE Tumbleweed:vlc-codec-gstreamer-3.0.16-1.5.x86_64", "openSUSE Tumbleweed:vlc-devel-3.0.16-1.5.aarch64", "openSUSE Tumbleweed:vlc-devel-3.0.16-1.5.ppc64le", "openSUSE Tumbleweed:vlc-devel-3.0.16-1.5.s390x", "openSUSE Tumbleweed:vlc-devel-3.0.16-1.5.x86_64", "openSUSE Tumbleweed:vlc-jack-3.0.16-1.5.aarch64", "openSUSE Tumbleweed:vlc-jack-3.0.16-1.5.ppc64le", "openSUSE Tumbleweed:vlc-jack-3.0.16-1.5.s390x", "openSUSE Tumbleweed:vlc-jack-3.0.16-1.5.x86_64", "openSUSE Tumbleweed:vlc-lang-3.0.16-1.5.aarch64", "openSUSE Tumbleweed:vlc-lang-3.0.16-1.5.ppc64le", "openSUSE Tumbleweed:vlc-lang-3.0.16-1.5.s390x", "openSUSE Tumbleweed:vlc-lang-3.0.16-1.5.x86_64", "openSUSE Tumbleweed:vlc-noX-3.0.16-1.5.aarch64", "openSUSE Tumbleweed:vlc-noX-3.0.16-1.5.ppc64le", "openSUSE Tumbleweed:vlc-noX-3.0.16-1.5.s390x", "openSUSE Tumbleweed:vlc-noX-3.0.16-1.5.x86_64", "openSUSE Tumbleweed:vlc-opencv-3.0.16-1.5.aarch64", "openSUSE Tumbleweed:vlc-opencv-3.0.16-1.5.ppc64le", "openSUSE Tumbleweed:vlc-opencv-3.0.16-1.5.s390x", "openSUSE Tumbleweed:vlc-opencv-3.0.16-1.5.x86_64", "openSUSE Tumbleweed:vlc-qt-3.0.16-1.5.aarch64", "openSUSE Tumbleweed:vlc-qt-3.0.16-1.5.ppc64le", "openSUSE Tumbleweed:vlc-qt-3.0.16-1.5.s390x", "openSUSE Tumbleweed:vlc-qt-3.0.16-1.5.x86_64", "openSUSE Tumbleweed:vlc-vdpau-3.0.16-1.5.aarch64", "openSUSE Tumbleweed:vlc-vdpau-3.0.16-1.5.ppc64le", "openSUSE Tumbleweed:vlc-vdpau-3.0.16-1.5.s390x", "openSUSE Tumbleweed:vlc-vdpau-3.0.16-1.5.x86_64", ], }, ], threats: [ { category: "impact", date: "2024-06-15T00:00:00Z", details: "moderate", }, ], title: "CVE-2019-14498", }, { cve: "CVE-2019-14533", ids: [ { system_name: "SUSE CVE Page", text: "https://www.suse.com/security/cve/CVE-2019-14533", }, ], notes: [ { category: "general", text: "The Control function of demux/asf/asf.c in VideoLAN VLC media player 3.0.7.1 has a use-after-free.", title: "CVE description", }, ], product_status: { recommended: [ "openSUSE Tumbleweed:libvlc5-3.0.16-1.5.aarch64", "openSUSE Tumbleweed:libvlc5-3.0.16-1.5.ppc64le", "openSUSE Tumbleweed:libvlc5-3.0.16-1.5.s390x", "openSUSE Tumbleweed:libvlc5-3.0.16-1.5.x86_64", "openSUSE Tumbleweed:libvlccore9-3.0.16-1.5.aarch64", "openSUSE Tumbleweed:libvlccore9-3.0.16-1.5.ppc64le", "openSUSE Tumbleweed:libvlccore9-3.0.16-1.5.s390x", "openSUSE Tumbleweed:libvlccore9-3.0.16-1.5.x86_64", "openSUSE Tumbleweed:vlc-3.0.16-1.5.aarch64", "openSUSE Tumbleweed:vlc-3.0.16-1.5.ppc64le", "openSUSE Tumbleweed:vlc-3.0.16-1.5.s390x", "openSUSE Tumbleweed:vlc-3.0.16-1.5.x86_64", "openSUSE Tumbleweed:vlc-codec-gstreamer-3.0.16-1.5.aarch64", "openSUSE Tumbleweed:vlc-codec-gstreamer-3.0.16-1.5.ppc64le", "openSUSE Tumbleweed:vlc-codec-gstreamer-3.0.16-1.5.s390x", "openSUSE Tumbleweed:vlc-codec-gstreamer-3.0.16-1.5.x86_64", "openSUSE Tumbleweed:vlc-devel-3.0.16-1.5.aarch64", "openSUSE Tumbleweed:vlc-devel-3.0.16-1.5.ppc64le", "openSUSE Tumbleweed:vlc-devel-3.0.16-1.5.s390x", "openSUSE Tumbleweed:vlc-devel-3.0.16-1.5.x86_64", "openSUSE Tumbleweed:vlc-jack-3.0.16-1.5.aarch64", "openSUSE Tumbleweed:vlc-jack-3.0.16-1.5.ppc64le", "openSUSE Tumbleweed:vlc-jack-3.0.16-1.5.s390x", "openSUSE Tumbleweed:vlc-jack-3.0.16-1.5.x86_64", "openSUSE Tumbleweed:vlc-lang-3.0.16-1.5.aarch64", "openSUSE Tumbleweed:vlc-lang-3.0.16-1.5.ppc64le", "openSUSE Tumbleweed:vlc-lang-3.0.16-1.5.s390x", "openSUSE Tumbleweed:vlc-lang-3.0.16-1.5.x86_64", "openSUSE Tumbleweed:vlc-noX-3.0.16-1.5.aarch64", "openSUSE Tumbleweed:vlc-noX-3.0.16-1.5.ppc64le", "openSUSE Tumbleweed:vlc-noX-3.0.16-1.5.s390x", "openSUSE Tumbleweed:vlc-noX-3.0.16-1.5.x86_64", "openSUSE Tumbleweed:vlc-opencv-3.0.16-1.5.aarch64", "openSUSE Tumbleweed:vlc-opencv-3.0.16-1.5.ppc64le", "openSUSE Tumbleweed:vlc-opencv-3.0.16-1.5.s390x", "openSUSE Tumbleweed:vlc-opencv-3.0.16-1.5.x86_64", "openSUSE Tumbleweed:vlc-qt-3.0.16-1.5.aarch64", "openSUSE Tumbleweed:vlc-qt-3.0.16-1.5.ppc64le", "openSUSE Tumbleweed:vlc-qt-3.0.16-1.5.s390x", "openSUSE Tumbleweed:vlc-qt-3.0.16-1.5.x86_64", "openSUSE Tumbleweed:vlc-vdpau-3.0.16-1.5.aarch64", "openSUSE Tumbleweed:vlc-vdpau-3.0.16-1.5.ppc64le", "openSUSE Tumbleweed:vlc-vdpau-3.0.16-1.5.s390x", "openSUSE Tumbleweed:vlc-vdpau-3.0.16-1.5.x86_64", ], }, references: [ { category: "external", summary: "CVE-2019-14533", url: "https://www.suse.com/security/cve/CVE-2019-14533", }, { category: "external", summary: "SUSE Bug 1146428 for CVE-2019-14533", url: "https://bugzilla.suse.com/1146428", }, ], remediations: [ { category: "vendor_fix", details: "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n", product_ids: [ "openSUSE Tumbleweed:libvlc5-3.0.16-1.5.aarch64", "openSUSE Tumbleweed:libvlc5-3.0.16-1.5.ppc64le", "openSUSE Tumbleweed:libvlc5-3.0.16-1.5.s390x", "openSUSE Tumbleweed:libvlc5-3.0.16-1.5.x86_64", "openSUSE Tumbleweed:libvlccore9-3.0.16-1.5.aarch64", "openSUSE Tumbleweed:libvlccore9-3.0.16-1.5.ppc64le", "openSUSE Tumbleweed:libvlccore9-3.0.16-1.5.s390x", "openSUSE Tumbleweed:libvlccore9-3.0.16-1.5.x86_64", "openSUSE Tumbleweed:vlc-3.0.16-1.5.aarch64", "openSUSE Tumbleweed:vlc-3.0.16-1.5.ppc64le", "openSUSE Tumbleweed:vlc-3.0.16-1.5.s390x", "openSUSE Tumbleweed:vlc-3.0.16-1.5.x86_64", "openSUSE Tumbleweed:vlc-codec-gstreamer-3.0.16-1.5.aarch64", "openSUSE Tumbleweed:vlc-codec-gstreamer-3.0.16-1.5.ppc64le", "openSUSE Tumbleweed:vlc-codec-gstreamer-3.0.16-1.5.s390x", "openSUSE Tumbleweed:vlc-codec-gstreamer-3.0.16-1.5.x86_64", "openSUSE Tumbleweed:vlc-devel-3.0.16-1.5.aarch64", "openSUSE Tumbleweed:vlc-devel-3.0.16-1.5.ppc64le", "openSUSE Tumbleweed:vlc-devel-3.0.16-1.5.s390x", "openSUSE Tumbleweed:vlc-devel-3.0.16-1.5.x86_64", "openSUSE Tumbleweed:vlc-jack-3.0.16-1.5.aarch64", "openSUSE Tumbleweed:vlc-jack-3.0.16-1.5.ppc64le", "openSUSE Tumbleweed:vlc-jack-3.0.16-1.5.s390x", "openSUSE Tumbleweed:vlc-jack-3.0.16-1.5.x86_64", "openSUSE Tumbleweed:vlc-lang-3.0.16-1.5.aarch64", "openSUSE Tumbleweed:vlc-lang-3.0.16-1.5.ppc64le", "openSUSE Tumbleweed:vlc-lang-3.0.16-1.5.s390x", "openSUSE Tumbleweed:vlc-lang-3.0.16-1.5.x86_64", "openSUSE Tumbleweed:vlc-noX-3.0.16-1.5.aarch64", "openSUSE Tumbleweed:vlc-noX-3.0.16-1.5.ppc64le", "openSUSE Tumbleweed:vlc-noX-3.0.16-1.5.s390x", "openSUSE Tumbleweed:vlc-noX-3.0.16-1.5.x86_64", "openSUSE Tumbleweed:vlc-opencv-3.0.16-1.5.aarch64", "openSUSE Tumbleweed:vlc-opencv-3.0.16-1.5.ppc64le", "openSUSE Tumbleweed:vlc-opencv-3.0.16-1.5.s390x", "openSUSE Tumbleweed:vlc-opencv-3.0.16-1.5.x86_64", "openSUSE Tumbleweed:vlc-qt-3.0.16-1.5.aarch64", "openSUSE Tumbleweed:vlc-qt-3.0.16-1.5.ppc64le", "openSUSE Tumbleweed:vlc-qt-3.0.16-1.5.s390x", "openSUSE Tumbleweed:vlc-qt-3.0.16-1.5.x86_64", "openSUSE Tumbleweed:vlc-vdpau-3.0.16-1.5.aarch64", "openSUSE Tumbleweed:vlc-vdpau-3.0.16-1.5.ppc64le", "openSUSE Tumbleweed:vlc-vdpau-3.0.16-1.5.s390x", "openSUSE Tumbleweed:vlc-vdpau-3.0.16-1.5.x86_64", ], }, ], scores: [ { cvss_v3: { baseScore: 7.8, baseSeverity: "HIGH", vectorString: "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", version: "3.0", }, products: [ "openSUSE Tumbleweed:libvlc5-3.0.16-1.5.aarch64", "openSUSE Tumbleweed:libvlc5-3.0.16-1.5.ppc64le", "openSUSE Tumbleweed:libvlc5-3.0.16-1.5.s390x", "openSUSE Tumbleweed:libvlc5-3.0.16-1.5.x86_64", "openSUSE Tumbleweed:libvlccore9-3.0.16-1.5.aarch64", "openSUSE Tumbleweed:libvlccore9-3.0.16-1.5.ppc64le", "openSUSE Tumbleweed:libvlccore9-3.0.16-1.5.s390x", "openSUSE Tumbleweed:libvlccore9-3.0.16-1.5.x86_64", "openSUSE Tumbleweed:vlc-3.0.16-1.5.aarch64", "openSUSE Tumbleweed:vlc-3.0.16-1.5.ppc64le", "openSUSE Tumbleweed:vlc-3.0.16-1.5.s390x", "openSUSE Tumbleweed:vlc-3.0.16-1.5.x86_64", "openSUSE Tumbleweed:vlc-codec-gstreamer-3.0.16-1.5.aarch64", "openSUSE Tumbleweed:vlc-codec-gstreamer-3.0.16-1.5.ppc64le", "openSUSE Tumbleweed:vlc-codec-gstreamer-3.0.16-1.5.s390x", "openSUSE Tumbleweed:vlc-codec-gstreamer-3.0.16-1.5.x86_64", "openSUSE Tumbleweed:vlc-devel-3.0.16-1.5.aarch64", "openSUSE Tumbleweed:vlc-devel-3.0.16-1.5.ppc64le", "openSUSE Tumbleweed:vlc-devel-3.0.16-1.5.s390x", "openSUSE Tumbleweed:vlc-devel-3.0.16-1.5.x86_64", "openSUSE Tumbleweed:vlc-jack-3.0.16-1.5.aarch64", "openSUSE Tumbleweed:vlc-jack-3.0.16-1.5.ppc64le", "openSUSE Tumbleweed:vlc-jack-3.0.16-1.5.s390x", "openSUSE Tumbleweed:vlc-jack-3.0.16-1.5.x86_64", "openSUSE Tumbleweed:vlc-lang-3.0.16-1.5.aarch64", "openSUSE Tumbleweed:vlc-lang-3.0.16-1.5.ppc64le", "openSUSE Tumbleweed:vlc-lang-3.0.16-1.5.s390x", "openSUSE Tumbleweed:vlc-lang-3.0.16-1.5.x86_64", "openSUSE Tumbleweed:vlc-noX-3.0.16-1.5.aarch64", "openSUSE Tumbleweed:vlc-noX-3.0.16-1.5.ppc64le", "openSUSE Tumbleweed:vlc-noX-3.0.16-1.5.s390x", "openSUSE Tumbleweed:vlc-noX-3.0.16-1.5.x86_64", "openSUSE Tumbleweed:vlc-opencv-3.0.16-1.5.aarch64", "openSUSE Tumbleweed:vlc-opencv-3.0.16-1.5.ppc64le", "openSUSE Tumbleweed:vlc-opencv-3.0.16-1.5.s390x", "openSUSE Tumbleweed:vlc-opencv-3.0.16-1.5.x86_64", "openSUSE Tumbleweed:vlc-qt-3.0.16-1.5.aarch64", "openSUSE Tumbleweed:vlc-qt-3.0.16-1.5.ppc64le", "openSUSE Tumbleweed:vlc-qt-3.0.16-1.5.s390x", "openSUSE Tumbleweed:vlc-qt-3.0.16-1.5.x86_64", "openSUSE Tumbleweed:vlc-vdpau-3.0.16-1.5.aarch64", "openSUSE Tumbleweed:vlc-vdpau-3.0.16-1.5.ppc64le", "openSUSE Tumbleweed:vlc-vdpau-3.0.16-1.5.s390x", "openSUSE Tumbleweed:vlc-vdpau-3.0.16-1.5.x86_64", ], }, ], threats: [ { category: "impact", date: "2024-06-15T00:00:00Z", details: "moderate", }, ], title: "CVE-2019-14533", }, { cve: "CVE-2019-14534", ids: [ { system_name: "SUSE CVE Page", text: "https://www.suse.com/security/cve/CVE-2019-14534", }, ], notes: [ { category: "general", text: "In VideoLAN VLC media player 3.0.7.1, there is a NULL pointer dereference at the function SeekPercent of demux/asf/asf.c that will lead to a denial of service attack.", title: "CVE description", }, ], product_status: { recommended: [ "openSUSE Tumbleweed:libvlc5-3.0.16-1.5.aarch64", "openSUSE Tumbleweed:libvlc5-3.0.16-1.5.ppc64le", "openSUSE Tumbleweed:libvlc5-3.0.16-1.5.s390x", "openSUSE Tumbleweed:libvlc5-3.0.16-1.5.x86_64", "openSUSE Tumbleweed:libvlccore9-3.0.16-1.5.aarch64", "openSUSE Tumbleweed:libvlccore9-3.0.16-1.5.ppc64le", "openSUSE Tumbleweed:libvlccore9-3.0.16-1.5.s390x", "openSUSE Tumbleweed:libvlccore9-3.0.16-1.5.x86_64", "openSUSE Tumbleweed:vlc-3.0.16-1.5.aarch64", "openSUSE Tumbleweed:vlc-3.0.16-1.5.ppc64le", "openSUSE Tumbleweed:vlc-3.0.16-1.5.s390x", "openSUSE Tumbleweed:vlc-3.0.16-1.5.x86_64", "openSUSE Tumbleweed:vlc-codec-gstreamer-3.0.16-1.5.aarch64", "openSUSE Tumbleweed:vlc-codec-gstreamer-3.0.16-1.5.ppc64le", "openSUSE Tumbleweed:vlc-codec-gstreamer-3.0.16-1.5.s390x", "openSUSE Tumbleweed:vlc-codec-gstreamer-3.0.16-1.5.x86_64", "openSUSE Tumbleweed:vlc-devel-3.0.16-1.5.aarch64", "openSUSE Tumbleweed:vlc-devel-3.0.16-1.5.ppc64le", "openSUSE Tumbleweed:vlc-devel-3.0.16-1.5.s390x", "openSUSE Tumbleweed:vlc-devel-3.0.16-1.5.x86_64", "openSUSE Tumbleweed:vlc-jack-3.0.16-1.5.aarch64", "openSUSE Tumbleweed:vlc-jack-3.0.16-1.5.ppc64le", "openSUSE Tumbleweed:vlc-jack-3.0.16-1.5.s390x", "openSUSE Tumbleweed:vlc-jack-3.0.16-1.5.x86_64", "openSUSE Tumbleweed:vlc-lang-3.0.16-1.5.aarch64", "openSUSE Tumbleweed:vlc-lang-3.0.16-1.5.ppc64le", "openSUSE Tumbleweed:vlc-lang-3.0.16-1.5.s390x", "openSUSE Tumbleweed:vlc-lang-3.0.16-1.5.x86_64", "openSUSE Tumbleweed:vlc-noX-3.0.16-1.5.aarch64", "openSUSE Tumbleweed:vlc-noX-3.0.16-1.5.ppc64le", "openSUSE Tumbleweed:vlc-noX-3.0.16-1.5.s390x", "openSUSE Tumbleweed:vlc-noX-3.0.16-1.5.x86_64", "openSUSE Tumbleweed:vlc-opencv-3.0.16-1.5.aarch64", "openSUSE Tumbleweed:vlc-opencv-3.0.16-1.5.ppc64le", "openSUSE Tumbleweed:vlc-opencv-3.0.16-1.5.s390x", "openSUSE Tumbleweed:vlc-opencv-3.0.16-1.5.x86_64", "openSUSE Tumbleweed:vlc-qt-3.0.16-1.5.aarch64", "openSUSE Tumbleweed:vlc-qt-3.0.16-1.5.ppc64le", "openSUSE Tumbleweed:vlc-qt-3.0.16-1.5.s390x", "openSUSE Tumbleweed:vlc-qt-3.0.16-1.5.x86_64", "openSUSE Tumbleweed:vlc-vdpau-3.0.16-1.5.aarch64", "openSUSE Tumbleweed:vlc-vdpau-3.0.16-1.5.ppc64le", "openSUSE Tumbleweed:vlc-vdpau-3.0.16-1.5.s390x", "openSUSE Tumbleweed:vlc-vdpau-3.0.16-1.5.x86_64", ], }, references: [ { category: "external", summary: "CVE-2019-14534", url: "https://www.suse.com/security/cve/CVE-2019-14534", }, { category: "external", summary: "SUSE Bug 1146428 for CVE-2019-14534", url: "https://bugzilla.suse.com/1146428", }, ], remediations: [ { category: "vendor_fix", details: "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n", product_ids: [ "openSUSE Tumbleweed:libvlc5-3.0.16-1.5.aarch64", "openSUSE Tumbleweed:libvlc5-3.0.16-1.5.ppc64le", "openSUSE Tumbleweed:libvlc5-3.0.16-1.5.s390x", "openSUSE Tumbleweed:libvlc5-3.0.16-1.5.x86_64", "openSUSE Tumbleweed:libvlccore9-3.0.16-1.5.aarch64", "openSUSE Tumbleweed:libvlccore9-3.0.16-1.5.ppc64le", "openSUSE Tumbleweed:libvlccore9-3.0.16-1.5.s390x", "openSUSE Tumbleweed:libvlccore9-3.0.16-1.5.x86_64", "openSUSE Tumbleweed:vlc-3.0.16-1.5.aarch64", "openSUSE Tumbleweed:vlc-3.0.16-1.5.ppc64le", "openSUSE Tumbleweed:vlc-3.0.16-1.5.s390x", "openSUSE Tumbleweed:vlc-3.0.16-1.5.x86_64", "openSUSE Tumbleweed:vlc-codec-gstreamer-3.0.16-1.5.aarch64", "openSUSE Tumbleweed:vlc-codec-gstreamer-3.0.16-1.5.ppc64le", "openSUSE Tumbleweed:vlc-codec-gstreamer-3.0.16-1.5.s390x", "openSUSE Tumbleweed:vlc-codec-gstreamer-3.0.16-1.5.x86_64", "openSUSE Tumbleweed:vlc-devel-3.0.16-1.5.aarch64", "openSUSE Tumbleweed:vlc-devel-3.0.16-1.5.ppc64le", "openSUSE Tumbleweed:vlc-devel-3.0.16-1.5.s390x", "openSUSE Tumbleweed:vlc-devel-3.0.16-1.5.x86_64", "openSUSE Tumbleweed:vlc-jack-3.0.16-1.5.aarch64", "openSUSE Tumbleweed:vlc-jack-3.0.16-1.5.ppc64le", "openSUSE Tumbleweed:vlc-jack-3.0.16-1.5.s390x", "openSUSE Tumbleweed:vlc-jack-3.0.16-1.5.x86_64", "openSUSE Tumbleweed:vlc-lang-3.0.16-1.5.aarch64", "openSUSE Tumbleweed:vlc-lang-3.0.16-1.5.ppc64le", "openSUSE Tumbleweed:vlc-lang-3.0.16-1.5.s390x", "openSUSE Tumbleweed:vlc-lang-3.0.16-1.5.x86_64", "openSUSE Tumbleweed:vlc-noX-3.0.16-1.5.aarch64", "openSUSE Tumbleweed:vlc-noX-3.0.16-1.5.ppc64le", "openSUSE Tumbleweed:vlc-noX-3.0.16-1.5.s390x", "openSUSE Tumbleweed:vlc-noX-3.0.16-1.5.x86_64", "openSUSE Tumbleweed:vlc-opencv-3.0.16-1.5.aarch64", "openSUSE Tumbleweed:vlc-opencv-3.0.16-1.5.ppc64le", "openSUSE Tumbleweed:vlc-opencv-3.0.16-1.5.s390x", "openSUSE Tumbleweed:vlc-opencv-3.0.16-1.5.x86_64", "openSUSE Tumbleweed:vlc-qt-3.0.16-1.5.aarch64", "openSUSE Tumbleweed:vlc-qt-3.0.16-1.5.ppc64le", "openSUSE Tumbleweed:vlc-qt-3.0.16-1.5.s390x", "openSUSE Tumbleweed:vlc-qt-3.0.16-1.5.x86_64", "openSUSE Tumbleweed:vlc-vdpau-3.0.16-1.5.aarch64", "openSUSE Tumbleweed:vlc-vdpau-3.0.16-1.5.ppc64le", "openSUSE Tumbleweed:vlc-vdpau-3.0.16-1.5.s390x", "openSUSE Tumbleweed:vlc-vdpau-3.0.16-1.5.x86_64", ], }, ], scores: [ { cvss_v3: { baseScore: 5.5, baseSeverity: "MEDIUM", vectorString: "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", version: "3.0", }, products: [ "openSUSE Tumbleweed:libvlc5-3.0.16-1.5.aarch64", "openSUSE Tumbleweed:libvlc5-3.0.16-1.5.ppc64le", "openSUSE Tumbleweed:libvlc5-3.0.16-1.5.s390x", "openSUSE Tumbleweed:libvlc5-3.0.16-1.5.x86_64", "openSUSE Tumbleweed:libvlccore9-3.0.16-1.5.aarch64", "openSUSE Tumbleweed:libvlccore9-3.0.16-1.5.ppc64le", "openSUSE Tumbleweed:libvlccore9-3.0.16-1.5.s390x", "openSUSE Tumbleweed:libvlccore9-3.0.16-1.5.x86_64", "openSUSE Tumbleweed:vlc-3.0.16-1.5.aarch64", "openSUSE Tumbleweed:vlc-3.0.16-1.5.ppc64le", "openSUSE Tumbleweed:vlc-3.0.16-1.5.s390x", "openSUSE Tumbleweed:vlc-3.0.16-1.5.x86_64", "openSUSE Tumbleweed:vlc-codec-gstreamer-3.0.16-1.5.aarch64", "openSUSE Tumbleweed:vlc-codec-gstreamer-3.0.16-1.5.ppc64le", "openSUSE Tumbleweed:vlc-codec-gstreamer-3.0.16-1.5.s390x", "openSUSE Tumbleweed:vlc-codec-gstreamer-3.0.16-1.5.x86_64", "openSUSE Tumbleweed:vlc-devel-3.0.16-1.5.aarch64", "openSUSE Tumbleweed:vlc-devel-3.0.16-1.5.ppc64le", "openSUSE Tumbleweed:vlc-devel-3.0.16-1.5.s390x", "openSUSE Tumbleweed:vlc-devel-3.0.16-1.5.x86_64", "openSUSE Tumbleweed:vlc-jack-3.0.16-1.5.aarch64", "openSUSE Tumbleweed:vlc-jack-3.0.16-1.5.ppc64le", "openSUSE Tumbleweed:vlc-jack-3.0.16-1.5.s390x", "openSUSE Tumbleweed:vlc-jack-3.0.16-1.5.x86_64", "openSUSE Tumbleweed:vlc-lang-3.0.16-1.5.aarch64", "openSUSE Tumbleweed:vlc-lang-3.0.16-1.5.ppc64le", "openSUSE Tumbleweed:vlc-lang-3.0.16-1.5.s390x", "openSUSE Tumbleweed:vlc-lang-3.0.16-1.5.x86_64", "openSUSE Tumbleweed:vlc-noX-3.0.16-1.5.aarch64", "openSUSE Tumbleweed:vlc-noX-3.0.16-1.5.ppc64le", "openSUSE Tumbleweed:vlc-noX-3.0.16-1.5.s390x", "openSUSE Tumbleweed:vlc-noX-3.0.16-1.5.x86_64", "openSUSE Tumbleweed:vlc-opencv-3.0.16-1.5.aarch64", "openSUSE Tumbleweed:vlc-opencv-3.0.16-1.5.ppc64le", "openSUSE Tumbleweed:vlc-opencv-3.0.16-1.5.s390x", "openSUSE Tumbleweed:vlc-opencv-3.0.16-1.5.x86_64", "openSUSE Tumbleweed:vlc-qt-3.0.16-1.5.aarch64", "openSUSE Tumbleweed:vlc-qt-3.0.16-1.5.ppc64le", "openSUSE Tumbleweed:vlc-qt-3.0.16-1.5.s390x", "openSUSE Tumbleweed:vlc-qt-3.0.16-1.5.x86_64", "openSUSE Tumbleweed:vlc-vdpau-3.0.16-1.5.aarch64", "openSUSE Tumbleweed:vlc-vdpau-3.0.16-1.5.ppc64le", "openSUSE Tumbleweed:vlc-vdpau-3.0.16-1.5.s390x", "openSUSE Tumbleweed:vlc-vdpau-3.0.16-1.5.x86_64", ], }, ], threats: [ { category: "impact", date: "2024-06-15T00:00:00Z", details: "moderate", }, ], title: "CVE-2019-14534", }, { cve: "CVE-2019-14535", ids: [ { system_name: "SUSE CVE Page", text: "https://www.suse.com/security/cve/CVE-2019-14535", }, ], notes: [ { category: "general", text: "A divide-by-zero error exists in the SeekIndex function of demux/asf/asf.c in VideoLAN VLC media player 3.0.7.1. As a result, an FPE can be triggered via a crafted WMV file.", title: "CVE description", }, ], product_status: { recommended: [ "openSUSE Tumbleweed:libvlc5-3.0.16-1.5.aarch64", "openSUSE Tumbleweed:libvlc5-3.0.16-1.5.ppc64le", "openSUSE Tumbleweed:libvlc5-3.0.16-1.5.s390x", "openSUSE Tumbleweed:libvlc5-3.0.16-1.5.x86_64", "openSUSE Tumbleweed:libvlccore9-3.0.16-1.5.aarch64", "openSUSE Tumbleweed:libvlccore9-3.0.16-1.5.ppc64le", "openSUSE Tumbleweed:libvlccore9-3.0.16-1.5.s390x", "openSUSE Tumbleweed:libvlccore9-3.0.16-1.5.x86_64", "openSUSE Tumbleweed:vlc-3.0.16-1.5.aarch64", "openSUSE Tumbleweed:vlc-3.0.16-1.5.ppc64le", "openSUSE Tumbleweed:vlc-3.0.16-1.5.s390x", "openSUSE Tumbleweed:vlc-3.0.16-1.5.x86_64", "openSUSE Tumbleweed:vlc-codec-gstreamer-3.0.16-1.5.aarch64", "openSUSE Tumbleweed:vlc-codec-gstreamer-3.0.16-1.5.ppc64le", "openSUSE Tumbleweed:vlc-codec-gstreamer-3.0.16-1.5.s390x", "openSUSE Tumbleweed:vlc-codec-gstreamer-3.0.16-1.5.x86_64", "openSUSE Tumbleweed:vlc-devel-3.0.16-1.5.aarch64", "openSUSE Tumbleweed:vlc-devel-3.0.16-1.5.ppc64le", "openSUSE Tumbleweed:vlc-devel-3.0.16-1.5.s390x", "openSUSE Tumbleweed:vlc-devel-3.0.16-1.5.x86_64", "openSUSE Tumbleweed:vlc-jack-3.0.16-1.5.aarch64", "openSUSE Tumbleweed:vlc-jack-3.0.16-1.5.ppc64le", "openSUSE Tumbleweed:vlc-jack-3.0.16-1.5.s390x", "openSUSE Tumbleweed:vlc-jack-3.0.16-1.5.x86_64", "openSUSE Tumbleweed:vlc-lang-3.0.16-1.5.aarch64", "openSUSE Tumbleweed:vlc-lang-3.0.16-1.5.ppc64le", "openSUSE Tumbleweed:vlc-lang-3.0.16-1.5.s390x", "openSUSE Tumbleweed:vlc-lang-3.0.16-1.5.x86_64", "openSUSE Tumbleweed:vlc-noX-3.0.16-1.5.aarch64", "openSUSE Tumbleweed:vlc-noX-3.0.16-1.5.ppc64le", "openSUSE Tumbleweed:vlc-noX-3.0.16-1.5.s390x", "openSUSE Tumbleweed:vlc-noX-3.0.16-1.5.x86_64", "openSUSE Tumbleweed:vlc-opencv-3.0.16-1.5.aarch64", "openSUSE Tumbleweed:vlc-opencv-3.0.16-1.5.ppc64le", "openSUSE Tumbleweed:vlc-opencv-3.0.16-1.5.s390x", "openSUSE Tumbleweed:vlc-opencv-3.0.16-1.5.x86_64", "openSUSE Tumbleweed:vlc-qt-3.0.16-1.5.aarch64", "openSUSE Tumbleweed:vlc-qt-3.0.16-1.5.ppc64le", "openSUSE Tumbleweed:vlc-qt-3.0.16-1.5.s390x", "openSUSE Tumbleweed:vlc-qt-3.0.16-1.5.x86_64", "openSUSE Tumbleweed:vlc-vdpau-3.0.16-1.5.aarch64", "openSUSE Tumbleweed:vlc-vdpau-3.0.16-1.5.ppc64le", "openSUSE Tumbleweed:vlc-vdpau-3.0.16-1.5.s390x", "openSUSE Tumbleweed:vlc-vdpau-3.0.16-1.5.x86_64", ], }, references: [ { category: "external", summary: "CVE-2019-14535", url: "https://www.suse.com/security/cve/CVE-2019-14535", }, { category: "external", summary: "SUSE Bug 1146428 for CVE-2019-14535", url: "https://bugzilla.suse.com/1146428", }, ], remediations: [ { category: "vendor_fix", details: "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n", product_ids: [ "openSUSE Tumbleweed:libvlc5-3.0.16-1.5.aarch64", "openSUSE Tumbleweed:libvlc5-3.0.16-1.5.ppc64le", "openSUSE Tumbleweed:libvlc5-3.0.16-1.5.s390x", "openSUSE Tumbleweed:libvlc5-3.0.16-1.5.x86_64", "openSUSE Tumbleweed:libvlccore9-3.0.16-1.5.aarch64", "openSUSE Tumbleweed:libvlccore9-3.0.16-1.5.ppc64le", "openSUSE Tumbleweed:libvlccore9-3.0.16-1.5.s390x", "openSUSE Tumbleweed:libvlccore9-3.0.16-1.5.x86_64", "openSUSE Tumbleweed:vlc-3.0.16-1.5.aarch64", "openSUSE Tumbleweed:vlc-3.0.16-1.5.ppc64le", "openSUSE Tumbleweed:vlc-3.0.16-1.5.s390x", "openSUSE Tumbleweed:vlc-3.0.16-1.5.x86_64", "openSUSE Tumbleweed:vlc-codec-gstreamer-3.0.16-1.5.aarch64", "openSUSE Tumbleweed:vlc-codec-gstreamer-3.0.16-1.5.ppc64le", "openSUSE Tumbleweed:vlc-codec-gstreamer-3.0.16-1.5.s390x", "openSUSE Tumbleweed:vlc-codec-gstreamer-3.0.16-1.5.x86_64", "openSUSE Tumbleweed:vlc-devel-3.0.16-1.5.aarch64", "openSUSE Tumbleweed:vlc-devel-3.0.16-1.5.ppc64le", "openSUSE Tumbleweed:vlc-devel-3.0.16-1.5.s390x", "openSUSE Tumbleweed:vlc-devel-3.0.16-1.5.x86_64", "openSUSE Tumbleweed:vlc-jack-3.0.16-1.5.aarch64", "openSUSE Tumbleweed:vlc-jack-3.0.16-1.5.ppc64le", "openSUSE Tumbleweed:vlc-jack-3.0.16-1.5.s390x", "openSUSE Tumbleweed:vlc-jack-3.0.16-1.5.x86_64", "openSUSE Tumbleweed:vlc-lang-3.0.16-1.5.aarch64", "openSUSE Tumbleweed:vlc-lang-3.0.16-1.5.ppc64le", "openSUSE Tumbleweed:vlc-lang-3.0.16-1.5.s390x", "openSUSE Tumbleweed:vlc-lang-3.0.16-1.5.x86_64", "openSUSE Tumbleweed:vlc-noX-3.0.16-1.5.aarch64", "openSUSE Tumbleweed:vlc-noX-3.0.16-1.5.ppc64le", "openSUSE Tumbleweed:vlc-noX-3.0.16-1.5.s390x", "openSUSE Tumbleweed:vlc-noX-3.0.16-1.5.x86_64", "openSUSE Tumbleweed:vlc-opencv-3.0.16-1.5.aarch64", "openSUSE Tumbleweed:vlc-opencv-3.0.16-1.5.ppc64le", "openSUSE Tumbleweed:vlc-opencv-3.0.16-1.5.s390x", "openSUSE Tumbleweed:vlc-opencv-3.0.16-1.5.x86_64", "openSUSE Tumbleweed:vlc-qt-3.0.16-1.5.aarch64", "openSUSE Tumbleweed:vlc-qt-3.0.16-1.5.ppc64le", "openSUSE Tumbleweed:vlc-qt-3.0.16-1.5.s390x", "openSUSE Tumbleweed:vlc-qt-3.0.16-1.5.x86_64", "openSUSE Tumbleweed:vlc-vdpau-3.0.16-1.5.aarch64", "openSUSE Tumbleweed:vlc-vdpau-3.0.16-1.5.ppc64le", "openSUSE Tumbleweed:vlc-vdpau-3.0.16-1.5.s390x", "openSUSE Tumbleweed:vlc-vdpau-3.0.16-1.5.x86_64", ], }, ], scores: [ { cvss_v3: { baseScore: 7.8, baseSeverity: "HIGH", vectorString: "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", version: "3.0", }, products: [ "openSUSE Tumbleweed:libvlc5-3.0.16-1.5.aarch64", "openSUSE Tumbleweed:libvlc5-3.0.16-1.5.ppc64le", "openSUSE Tumbleweed:libvlc5-3.0.16-1.5.s390x", "openSUSE Tumbleweed:libvlc5-3.0.16-1.5.x86_64", "openSUSE Tumbleweed:libvlccore9-3.0.16-1.5.aarch64", "openSUSE Tumbleweed:libvlccore9-3.0.16-1.5.ppc64le", "openSUSE Tumbleweed:libvlccore9-3.0.16-1.5.s390x", "openSUSE Tumbleweed:libvlccore9-3.0.16-1.5.x86_64", "openSUSE Tumbleweed:vlc-3.0.16-1.5.aarch64", "openSUSE Tumbleweed:vlc-3.0.16-1.5.ppc64le", "openSUSE Tumbleweed:vlc-3.0.16-1.5.s390x", "openSUSE Tumbleweed:vlc-3.0.16-1.5.x86_64", "openSUSE Tumbleweed:vlc-codec-gstreamer-3.0.16-1.5.aarch64", "openSUSE Tumbleweed:vlc-codec-gstreamer-3.0.16-1.5.ppc64le", "openSUSE Tumbleweed:vlc-codec-gstreamer-3.0.16-1.5.s390x", "openSUSE Tumbleweed:vlc-codec-gstreamer-3.0.16-1.5.x86_64", "openSUSE Tumbleweed:vlc-devel-3.0.16-1.5.aarch64", "openSUSE Tumbleweed:vlc-devel-3.0.16-1.5.ppc64le", "openSUSE Tumbleweed:vlc-devel-3.0.16-1.5.s390x", "openSUSE Tumbleweed:vlc-devel-3.0.16-1.5.x86_64", "openSUSE Tumbleweed:vlc-jack-3.0.16-1.5.aarch64", "openSUSE Tumbleweed:vlc-jack-3.0.16-1.5.ppc64le", "openSUSE Tumbleweed:vlc-jack-3.0.16-1.5.s390x", "openSUSE Tumbleweed:vlc-jack-3.0.16-1.5.x86_64", "openSUSE Tumbleweed:vlc-lang-3.0.16-1.5.aarch64", "openSUSE Tumbleweed:vlc-lang-3.0.16-1.5.ppc64le", "openSUSE Tumbleweed:vlc-lang-3.0.16-1.5.s390x", "openSUSE Tumbleweed:vlc-lang-3.0.16-1.5.x86_64", "openSUSE Tumbleweed:vlc-noX-3.0.16-1.5.aarch64", "openSUSE Tumbleweed:vlc-noX-3.0.16-1.5.ppc64le", "openSUSE Tumbleweed:vlc-noX-3.0.16-1.5.s390x", "openSUSE Tumbleweed:vlc-noX-3.0.16-1.5.x86_64", "openSUSE Tumbleweed:vlc-opencv-3.0.16-1.5.aarch64", "openSUSE Tumbleweed:vlc-opencv-3.0.16-1.5.ppc64le", "openSUSE Tumbleweed:vlc-opencv-3.0.16-1.5.s390x", "openSUSE Tumbleweed:vlc-opencv-3.0.16-1.5.x86_64", "openSUSE Tumbleweed:vlc-qt-3.0.16-1.5.aarch64", "openSUSE Tumbleweed:vlc-qt-3.0.16-1.5.ppc64le", "openSUSE Tumbleweed:vlc-qt-3.0.16-1.5.s390x", "openSUSE Tumbleweed:vlc-qt-3.0.16-1.5.x86_64", "openSUSE Tumbleweed:vlc-vdpau-3.0.16-1.5.aarch64", "openSUSE Tumbleweed:vlc-vdpau-3.0.16-1.5.ppc64le", "openSUSE Tumbleweed:vlc-vdpau-3.0.16-1.5.s390x", "openSUSE Tumbleweed:vlc-vdpau-3.0.16-1.5.x86_64", ], }, ], threats: [ { category: "impact", date: "2024-06-15T00:00:00Z", details: "moderate", }, ], title: "CVE-2019-14535", }, { cve: "CVE-2019-14776", ids: [ { system_name: "SUSE CVE Page", text: "https://www.suse.com/security/cve/CVE-2019-14776", }, ], notes: [ { category: "general", text: "A heap-based buffer over-read exists in DemuxInit() in demux/asf/asf.c in VideoLAN VLC media player 3.0.7.1 via a crafted .mkv file.", title: "CVE description", }, ], product_status: { recommended: [ "openSUSE Tumbleweed:libvlc5-3.0.16-1.5.aarch64", "openSUSE Tumbleweed:libvlc5-3.0.16-1.5.ppc64le", "openSUSE Tumbleweed:libvlc5-3.0.16-1.5.s390x", "openSUSE Tumbleweed:libvlc5-3.0.16-1.5.x86_64", "openSUSE Tumbleweed:libvlccore9-3.0.16-1.5.aarch64", "openSUSE Tumbleweed:libvlccore9-3.0.16-1.5.ppc64le", "openSUSE Tumbleweed:libvlccore9-3.0.16-1.5.s390x", "openSUSE Tumbleweed:libvlccore9-3.0.16-1.5.x86_64", "openSUSE Tumbleweed:vlc-3.0.16-1.5.aarch64", "openSUSE Tumbleweed:vlc-3.0.16-1.5.ppc64le", "openSUSE Tumbleweed:vlc-3.0.16-1.5.s390x", "openSUSE Tumbleweed:vlc-3.0.16-1.5.x86_64", "openSUSE Tumbleweed:vlc-codec-gstreamer-3.0.16-1.5.aarch64", "openSUSE Tumbleweed:vlc-codec-gstreamer-3.0.16-1.5.ppc64le", "openSUSE Tumbleweed:vlc-codec-gstreamer-3.0.16-1.5.s390x", "openSUSE Tumbleweed:vlc-codec-gstreamer-3.0.16-1.5.x86_64", "openSUSE Tumbleweed:vlc-devel-3.0.16-1.5.aarch64", "openSUSE Tumbleweed:vlc-devel-3.0.16-1.5.ppc64le", "openSUSE Tumbleweed:vlc-devel-3.0.16-1.5.s390x", "openSUSE Tumbleweed:vlc-devel-3.0.16-1.5.x86_64", "openSUSE Tumbleweed:vlc-jack-3.0.16-1.5.aarch64", "openSUSE Tumbleweed:vlc-jack-3.0.16-1.5.ppc64le", "openSUSE Tumbleweed:vlc-jack-3.0.16-1.5.s390x", "openSUSE Tumbleweed:vlc-jack-3.0.16-1.5.x86_64", "openSUSE Tumbleweed:vlc-lang-3.0.16-1.5.aarch64", "openSUSE Tumbleweed:vlc-lang-3.0.16-1.5.ppc64le", "openSUSE Tumbleweed:vlc-lang-3.0.16-1.5.s390x", "openSUSE Tumbleweed:vlc-lang-3.0.16-1.5.x86_64", "openSUSE Tumbleweed:vlc-noX-3.0.16-1.5.aarch64", "openSUSE Tumbleweed:vlc-noX-3.0.16-1.5.ppc64le", "openSUSE Tumbleweed:vlc-noX-3.0.16-1.5.s390x", "openSUSE Tumbleweed:vlc-noX-3.0.16-1.5.x86_64", "openSUSE Tumbleweed:vlc-opencv-3.0.16-1.5.aarch64", "openSUSE Tumbleweed:vlc-opencv-3.0.16-1.5.ppc64le", "openSUSE Tumbleweed:vlc-opencv-3.0.16-1.5.s390x", "openSUSE Tumbleweed:vlc-opencv-3.0.16-1.5.x86_64", "openSUSE Tumbleweed:vlc-qt-3.0.16-1.5.aarch64", "openSUSE Tumbleweed:vlc-qt-3.0.16-1.5.ppc64le", "openSUSE Tumbleweed:vlc-qt-3.0.16-1.5.s390x", "openSUSE Tumbleweed:vlc-qt-3.0.16-1.5.x86_64", "openSUSE Tumbleweed:vlc-vdpau-3.0.16-1.5.aarch64", "openSUSE Tumbleweed:vlc-vdpau-3.0.16-1.5.ppc64le", "openSUSE Tumbleweed:vlc-vdpau-3.0.16-1.5.s390x", "openSUSE Tumbleweed:vlc-vdpau-3.0.16-1.5.x86_64", ], }, references: [ { category: "external", summary: "CVE-2019-14776", url: "https://www.suse.com/security/cve/CVE-2019-14776", }, { category: "external", summary: "SUSE Bug 1146428 for CVE-2019-14776", url: "https://bugzilla.suse.com/1146428", }, ], remediations: [ { category: "vendor_fix", details: "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n", product_ids: [ "openSUSE Tumbleweed:libvlc5-3.0.16-1.5.aarch64", "openSUSE Tumbleweed:libvlc5-3.0.16-1.5.ppc64le", "openSUSE Tumbleweed:libvlc5-3.0.16-1.5.s390x", "openSUSE Tumbleweed:libvlc5-3.0.16-1.5.x86_64", "openSUSE Tumbleweed:libvlccore9-3.0.16-1.5.aarch64", "openSUSE Tumbleweed:libvlccore9-3.0.16-1.5.ppc64le", "openSUSE Tumbleweed:libvlccore9-3.0.16-1.5.s390x", "openSUSE Tumbleweed:libvlccore9-3.0.16-1.5.x86_64", "openSUSE Tumbleweed:vlc-3.0.16-1.5.aarch64", "openSUSE Tumbleweed:vlc-3.0.16-1.5.ppc64le", "openSUSE Tumbleweed:vlc-3.0.16-1.5.s390x", "openSUSE Tumbleweed:vlc-3.0.16-1.5.x86_64", "openSUSE Tumbleweed:vlc-codec-gstreamer-3.0.16-1.5.aarch64", "openSUSE Tumbleweed:vlc-codec-gstreamer-3.0.16-1.5.ppc64le", "openSUSE Tumbleweed:vlc-codec-gstreamer-3.0.16-1.5.s390x", "openSUSE Tumbleweed:vlc-codec-gstreamer-3.0.16-1.5.x86_64", "openSUSE Tumbleweed:vlc-devel-3.0.16-1.5.aarch64", "openSUSE Tumbleweed:vlc-devel-3.0.16-1.5.ppc64le", "openSUSE Tumbleweed:vlc-devel-3.0.16-1.5.s390x", "openSUSE Tumbleweed:vlc-devel-3.0.16-1.5.x86_64", "openSUSE Tumbleweed:vlc-jack-3.0.16-1.5.aarch64", "openSUSE Tumbleweed:vlc-jack-3.0.16-1.5.ppc64le", "openSUSE Tumbleweed:vlc-jack-3.0.16-1.5.s390x", "openSUSE Tumbleweed:vlc-jack-3.0.16-1.5.x86_64", "openSUSE Tumbleweed:vlc-lang-3.0.16-1.5.aarch64", "openSUSE Tumbleweed:vlc-lang-3.0.16-1.5.ppc64le", "openSUSE Tumbleweed:vlc-lang-3.0.16-1.5.s390x", "openSUSE Tumbleweed:vlc-lang-3.0.16-1.5.x86_64", "openSUSE Tumbleweed:vlc-noX-3.0.16-1.5.aarch64", "openSUSE Tumbleweed:vlc-noX-3.0.16-1.5.ppc64le", "openSUSE Tumbleweed:vlc-noX-3.0.16-1.5.s390x", "openSUSE Tumbleweed:vlc-noX-3.0.16-1.5.x86_64", "openSUSE Tumbleweed:vlc-opencv-3.0.16-1.5.aarch64", "openSUSE Tumbleweed:vlc-opencv-3.0.16-1.5.ppc64le", "openSUSE Tumbleweed:vlc-opencv-3.0.16-1.5.s390x", "openSUSE Tumbleweed:vlc-opencv-3.0.16-1.5.x86_64", "openSUSE Tumbleweed:vlc-qt-3.0.16-1.5.aarch64", "openSUSE Tumbleweed:vlc-qt-3.0.16-1.5.ppc64le", "openSUSE Tumbleweed:vlc-qt-3.0.16-1.5.s390x", "openSUSE Tumbleweed:vlc-qt-3.0.16-1.5.x86_64", "openSUSE Tumbleweed:vlc-vdpau-3.0.16-1.5.aarch64", "openSUSE Tumbleweed:vlc-vdpau-3.0.16-1.5.ppc64le", "openSUSE Tumbleweed:vlc-vdpau-3.0.16-1.5.s390x", "openSUSE Tumbleweed:vlc-vdpau-3.0.16-1.5.x86_64", ], }, ], scores: [ { cvss_v3: { baseScore: 7.8, baseSeverity: "HIGH", vectorString: "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", version: "3.0", }, products: [ "openSUSE Tumbleweed:libvlc5-3.0.16-1.5.aarch64", "openSUSE Tumbleweed:libvlc5-3.0.16-1.5.ppc64le", "openSUSE Tumbleweed:libvlc5-3.0.16-1.5.s390x", "openSUSE Tumbleweed:libvlc5-3.0.16-1.5.x86_64", "openSUSE Tumbleweed:libvlccore9-3.0.16-1.5.aarch64", "openSUSE Tumbleweed:libvlccore9-3.0.16-1.5.ppc64le", "openSUSE Tumbleweed:libvlccore9-3.0.16-1.5.s390x", "openSUSE Tumbleweed:libvlccore9-3.0.16-1.5.x86_64", "openSUSE Tumbleweed:vlc-3.0.16-1.5.aarch64", "openSUSE Tumbleweed:vlc-3.0.16-1.5.ppc64le", "openSUSE Tumbleweed:vlc-3.0.16-1.5.s390x", "openSUSE Tumbleweed:vlc-3.0.16-1.5.x86_64", "openSUSE Tumbleweed:vlc-codec-gstreamer-3.0.16-1.5.aarch64", "openSUSE Tumbleweed:vlc-codec-gstreamer-3.0.16-1.5.ppc64le", "openSUSE Tumbleweed:vlc-codec-gstreamer-3.0.16-1.5.s390x", "openSUSE Tumbleweed:vlc-codec-gstreamer-3.0.16-1.5.x86_64", "openSUSE Tumbleweed:vlc-devel-3.0.16-1.5.aarch64", "openSUSE Tumbleweed:vlc-devel-3.0.16-1.5.ppc64le", "openSUSE Tumbleweed:vlc-devel-3.0.16-1.5.s390x", "openSUSE Tumbleweed:vlc-devel-3.0.16-1.5.x86_64", "openSUSE Tumbleweed:vlc-jack-3.0.16-1.5.aarch64", "openSUSE Tumbleweed:vlc-jack-3.0.16-1.5.ppc64le", "openSUSE Tumbleweed:vlc-jack-3.0.16-1.5.s390x", "openSUSE Tumbleweed:vlc-jack-3.0.16-1.5.x86_64", "openSUSE Tumbleweed:vlc-lang-3.0.16-1.5.aarch64", "openSUSE Tumbleweed:vlc-lang-3.0.16-1.5.ppc64le", "openSUSE Tumbleweed:vlc-lang-3.0.16-1.5.s390x", "openSUSE Tumbleweed:vlc-lang-3.0.16-1.5.x86_64", "openSUSE Tumbleweed:vlc-noX-3.0.16-1.5.aarch64", "openSUSE Tumbleweed:vlc-noX-3.0.16-1.5.ppc64le", "openSUSE Tumbleweed:vlc-noX-3.0.16-1.5.s390x", "openSUSE Tumbleweed:vlc-noX-3.0.16-1.5.x86_64", "openSUSE Tumbleweed:vlc-opencv-3.0.16-1.5.aarch64", "openSUSE Tumbleweed:vlc-opencv-3.0.16-1.5.ppc64le", "openSUSE Tumbleweed:vlc-opencv-3.0.16-1.5.s390x", "openSUSE Tumbleweed:vlc-opencv-3.0.16-1.5.x86_64", "openSUSE Tumbleweed:vlc-qt-3.0.16-1.5.aarch64", "openSUSE Tumbleweed:vlc-qt-3.0.16-1.5.ppc64le", "openSUSE Tumbleweed:vlc-qt-3.0.16-1.5.s390x", "openSUSE Tumbleweed:vlc-qt-3.0.16-1.5.x86_64", "openSUSE Tumbleweed:vlc-vdpau-3.0.16-1.5.aarch64", "openSUSE Tumbleweed:vlc-vdpau-3.0.16-1.5.ppc64le", "openSUSE Tumbleweed:vlc-vdpau-3.0.16-1.5.s390x", "openSUSE Tumbleweed:vlc-vdpau-3.0.16-1.5.x86_64", ], }, ], threats: [ { category: "impact", date: "2024-06-15T00:00:00Z", details: "moderate", }, ], title: "CVE-2019-14776", }, { cve: "CVE-2019-14777", ids: [ { system_name: "SUSE CVE Page", text: "https://www.suse.com/security/cve/CVE-2019-14777", }, ], notes: [ { category: "general", text: "The Control function of demux/mkv/mkv.cpp in VideoLAN VLC media player 3.0.7.1 has a use-after-free.", title: "CVE description", }, ], product_status: { recommended: [ "openSUSE Tumbleweed:libvlc5-3.0.16-1.5.aarch64", "openSUSE Tumbleweed:libvlc5-3.0.16-1.5.ppc64le", "openSUSE Tumbleweed:libvlc5-3.0.16-1.5.s390x", "openSUSE Tumbleweed:libvlc5-3.0.16-1.5.x86_64", "openSUSE Tumbleweed:libvlccore9-3.0.16-1.5.aarch64", "openSUSE Tumbleweed:libvlccore9-3.0.16-1.5.ppc64le", "openSUSE Tumbleweed:libvlccore9-3.0.16-1.5.s390x", "openSUSE Tumbleweed:libvlccore9-3.0.16-1.5.x86_64", "openSUSE Tumbleweed:vlc-3.0.16-1.5.aarch64", "openSUSE Tumbleweed:vlc-3.0.16-1.5.ppc64le", "openSUSE Tumbleweed:vlc-3.0.16-1.5.s390x", "openSUSE Tumbleweed:vlc-3.0.16-1.5.x86_64", "openSUSE Tumbleweed:vlc-codec-gstreamer-3.0.16-1.5.aarch64", "openSUSE Tumbleweed:vlc-codec-gstreamer-3.0.16-1.5.ppc64le", "openSUSE Tumbleweed:vlc-codec-gstreamer-3.0.16-1.5.s390x", "openSUSE Tumbleweed:vlc-codec-gstreamer-3.0.16-1.5.x86_64", "openSUSE Tumbleweed:vlc-devel-3.0.16-1.5.aarch64", "openSUSE Tumbleweed:vlc-devel-3.0.16-1.5.ppc64le", "openSUSE Tumbleweed:vlc-devel-3.0.16-1.5.s390x", "openSUSE Tumbleweed:vlc-devel-3.0.16-1.5.x86_64", "openSUSE Tumbleweed:vlc-jack-3.0.16-1.5.aarch64", "openSUSE Tumbleweed:vlc-jack-3.0.16-1.5.ppc64le", "openSUSE Tumbleweed:vlc-jack-3.0.16-1.5.s390x", "openSUSE Tumbleweed:vlc-jack-3.0.16-1.5.x86_64", "openSUSE Tumbleweed:vlc-lang-3.0.16-1.5.aarch64", "openSUSE Tumbleweed:vlc-lang-3.0.16-1.5.ppc64le", "openSUSE Tumbleweed:vlc-lang-3.0.16-1.5.s390x", "openSUSE Tumbleweed:vlc-lang-3.0.16-1.5.x86_64", "openSUSE Tumbleweed:vlc-noX-3.0.16-1.5.aarch64", "openSUSE Tumbleweed:vlc-noX-3.0.16-1.5.ppc64le", "openSUSE Tumbleweed:vlc-noX-3.0.16-1.5.s390x", "openSUSE Tumbleweed:vlc-noX-3.0.16-1.5.x86_64", "openSUSE Tumbleweed:vlc-opencv-3.0.16-1.5.aarch64", "openSUSE Tumbleweed:vlc-opencv-3.0.16-1.5.ppc64le", "openSUSE Tumbleweed:vlc-opencv-3.0.16-1.5.s390x", "openSUSE Tumbleweed:vlc-opencv-3.0.16-1.5.x86_64", "openSUSE Tumbleweed:vlc-qt-3.0.16-1.5.aarch64", "openSUSE Tumbleweed:vlc-qt-3.0.16-1.5.ppc64le", "openSUSE Tumbleweed:vlc-qt-3.0.16-1.5.s390x", "openSUSE Tumbleweed:vlc-qt-3.0.16-1.5.x86_64", "openSUSE Tumbleweed:vlc-vdpau-3.0.16-1.5.aarch64", "openSUSE Tumbleweed:vlc-vdpau-3.0.16-1.5.ppc64le", "openSUSE Tumbleweed:vlc-vdpau-3.0.16-1.5.s390x", "openSUSE Tumbleweed:vlc-vdpau-3.0.16-1.5.x86_64", ], }, references: [ { category: "external", summary: "CVE-2019-14777", url: "https://www.suse.com/security/cve/CVE-2019-14777", }, { category: "external", summary: "SUSE Bug 1146428 for CVE-2019-14777", url: "https://bugzilla.suse.com/1146428", }, ], remediations: [ { category: "vendor_fix", details: "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n", product_ids: [ "openSUSE Tumbleweed:libvlc5-3.0.16-1.5.aarch64", "openSUSE Tumbleweed:libvlc5-3.0.16-1.5.ppc64le", "openSUSE Tumbleweed:libvlc5-3.0.16-1.5.s390x", "openSUSE Tumbleweed:libvlc5-3.0.16-1.5.x86_64", "openSUSE Tumbleweed:libvlccore9-3.0.16-1.5.aarch64", "openSUSE Tumbleweed:libvlccore9-3.0.16-1.5.ppc64le", "openSUSE Tumbleweed:libvlccore9-3.0.16-1.5.s390x", "openSUSE Tumbleweed:libvlccore9-3.0.16-1.5.x86_64", "openSUSE Tumbleweed:vlc-3.0.16-1.5.aarch64", "openSUSE Tumbleweed:vlc-3.0.16-1.5.ppc64le", "openSUSE Tumbleweed:vlc-3.0.16-1.5.s390x", "openSUSE Tumbleweed:vlc-3.0.16-1.5.x86_64", "openSUSE Tumbleweed:vlc-codec-gstreamer-3.0.16-1.5.aarch64", "openSUSE Tumbleweed:vlc-codec-gstreamer-3.0.16-1.5.ppc64le", "openSUSE Tumbleweed:vlc-codec-gstreamer-3.0.16-1.5.s390x", "openSUSE Tumbleweed:vlc-codec-gstreamer-3.0.16-1.5.x86_64", "openSUSE Tumbleweed:vlc-devel-3.0.16-1.5.aarch64", "openSUSE Tumbleweed:vlc-devel-3.0.16-1.5.ppc64le", "openSUSE Tumbleweed:vlc-devel-3.0.16-1.5.s390x", "openSUSE Tumbleweed:vlc-devel-3.0.16-1.5.x86_64", "openSUSE Tumbleweed:vlc-jack-3.0.16-1.5.aarch64", "openSUSE Tumbleweed:vlc-jack-3.0.16-1.5.ppc64le", "openSUSE Tumbleweed:vlc-jack-3.0.16-1.5.s390x", "openSUSE Tumbleweed:vlc-jack-3.0.16-1.5.x86_64", "openSUSE Tumbleweed:vlc-lang-3.0.16-1.5.aarch64", "openSUSE Tumbleweed:vlc-lang-3.0.16-1.5.ppc64le", "openSUSE Tumbleweed:vlc-lang-3.0.16-1.5.s390x", "openSUSE Tumbleweed:vlc-lang-3.0.16-1.5.x86_64", "openSUSE Tumbleweed:vlc-noX-3.0.16-1.5.aarch64", "openSUSE Tumbleweed:vlc-noX-3.0.16-1.5.ppc64le", "openSUSE Tumbleweed:vlc-noX-3.0.16-1.5.s390x", "openSUSE Tumbleweed:vlc-noX-3.0.16-1.5.x86_64", "openSUSE Tumbleweed:vlc-opencv-3.0.16-1.5.aarch64", "openSUSE Tumbleweed:vlc-opencv-3.0.16-1.5.ppc64le", "openSUSE Tumbleweed:vlc-opencv-3.0.16-1.5.s390x", "openSUSE Tumbleweed:vlc-opencv-3.0.16-1.5.x86_64", "openSUSE Tumbleweed:vlc-qt-3.0.16-1.5.aarch64", "openSUSE Tumbleweed:vlc-qt-3.0.16-1.5.ppc64le", "openSUSE Tumbleweed:vlc-qt-3.0.16-1.5.s390x", "openSUSE Tumbleweed:vlc-qt-3.0.16-1.5.x86_64", "openSUSE Tumbleweed:vlc-vdpau-3.0.16-1.5.aarch64", "openSUSE Tumbleweed:vlc-vdpau-3.0.16-1.5.ppc64le", "openSUSE Tumbleweed:vlc-vdpau-3.0.16-1.5.s390x", "openSUSE Tumbleweed:vlc-vdpau-3.0.16-1.5.x86_64", ], }, ], scores: [ { cvss_v3: { baseScore: 7.8, baseSeverity: "HIGH", vectorString: "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", version: "3.0", }, products: [ "openSUSE Tumbleweed:libvlc5-3.0.16-1.5.aarch64", "openSUSE Tumbleweed:libvlc5-3.0.16-1.5.ppc64le", "openSUSE Tumbleweed:libvlc5-3.0.16-1.5.s390x", "openSUSE Tumbleweed:libvlc5-3.0.16-1.5.x86_64", "openSUSE Tumbleweed:libvlccore9-3.0.16-1.5.aarch64", "openSUSE Tumbleweed:libvlccore9-3.0.16-1.5.ppc64le", "openSUSE Tumbleweed:libvlccore9-3.0.16-1.5.s390x", "openSUSE Tumbleweed:libvlccore9-3.0.16-1.5.x86_64", "openSUSE Tumbleweed:vlc-3.0.16-1.5.aarch64", "openSUSE Tumbleweed:vlc-3.0.16-1.5.ppc64le", "openSUSE Tumbleweed:vlc-3.0.16-1.5.s390x", "openSUSE Tumbleweed:vlc-3.0.16-1.5.x86_64", "openSUSE Tumbleweed:vlc-codec-gstreamer-3.0.16-1.5.aarch64", "openSUSE Tumbleweed:vlc-codec-gstreamer-3.0.16-1.5.ppc64le", "openSUSE Tumbleweed:vlc-codec-gstreamer-3.0.16-1.5.s390x", "openSUSE Tumbleweed:vlc-codec-gstreamer-3.0.16-1.5.x86_64", "openSUSE Tumbleweed:vlc-devel-3.0.16-1.5.aarch64", "openSUSE Tumbleweed:vlc-devel-3.0.16-1.5.ppc64le", "openSUSE Tumbleweed:vlc-devel-3.0.16-1.5.s390x", "openSUSE Tumbleweed:vlc-devel-3.0.16-1.5.x86_64", "openSUSE Tumbleweed:vlc-jack-3.0.16-1.5.aarch64", "openSUSE Tumbleweed:vlc-jack-3.0.16-1.5.ppc64le", "openSUSE Tumbleweed:vlc-jack-3.0.16-1.5.s390x", "openSUSE Tumbleweed:vlc-jack-3.0.16-1.5.x86_64", "openSUSE Tumbleweed:vlc-lang-3.0.16-1.5.aarch64", "openSUSE Tumbleweed:vlc-lang-3.0.16-1.5.ppc64le", "openSUSE Tumbleweed:vlc-lang-3.0.16-1.5.s390x", "openSUSE Tumbleweed:vlc-lang-3.0.16-1.5.x86_64", "openSUSE Tumbleweed:vlc-noX-3.0.16-1.5.aarch64", "openSUSE Tumbleweed:vlc-noX-3.0.16-1.5.ppc64le", "openSUSE Tumbleweed:vlc-noX-3.0.16-1.5.s390x", "openSUSE Tumbleweed:vlc-noX-3.0.16-1.5.x86_64", "openSUSE Tumbleweed:vlc-opencv-3.0.16-1.5.aarch64", "openSUSE Tumbleweed:vlc-opencv-3.0.16-1.5.ppc64le", "openSUSE Tumbleweed:vlc-opencv-3.0.16-1.5.s390x", "openSUSE Tumbleweed:vlc-opencv-3.0.16-1.5.x86_64", "openSUSE Tumbleweed:vlc-qt-3.0.16-1.5.aarch64", "openSUSE Tumbleweed:vlc-qt-3.0.16-1.5.ppc64le", "openSUSE Tumbleweed:vlc-qt-3.0.16-1.5.s390x", "openSUSE Tumbleweed:vlc-qt-3.0.16-1.5.x86_64", "openSUSE Tumbleweed:vlc-vdpau-3.0.16-1.5.aarch64", "openSUSE Tumbleweed:vlc-vdpau-3.0.16-1.5.ppc64le", "openSUSE Tumbleweed:vlc-vdpau-3.0.16-1.5.s390x", "openSUSE Tumbleweed:vlc-vdpau-3.0.16-1.5.x86_64", ], }, ], threats: [ { category: "impact", date: "2024-06-15T00:00:00Z", details: "moderate", }, ], title: "CVE-2019-14777", }, { cve: "CVE-2019-14970", ids: [ { system_name: "SUSE CVE Page", text: "https://www.suse.com/security/cve/CVE-2019-14970", }, ], notes: [ { category: "general", text: "A vulnerability in mkv::event_thread_t in VideoLAN VLC media player 3.0.7.1 allows remote attackers to trigger a heap-based buffer overflow via a crafted .mkv file.", title: "CVE description", }, ], product_status: { recommended: [ "openSUSE Tumbleweed:libvlc5-3.0.16-1.5.aarch64", "openSUSE Tumbleweed:libvlc5-3.0.16-1.5.ppc64le", "openSUSE Tumbleweed:libvlc5-3.0.16-1.5.s390x", "openSUSE Tumbleweed:libvlc5-3.0.16-1.5.x86_64", "openSUSE Tumbleweed:libvlccore9-3.0.16-1.5.aarch64", "openSUSE Tumbleweed:libvlccore9-3.0.16-1.5.ppc64le", "openSUSE Tumbleweed:libvlccore9-3.0.16-1.5.s390x", "openSUSE Tumbleweed:libvlccore9-3.0.16-1.5.x86_64", "openSUSE Tumbleweed:vlc-3.0.16-1.5.aarch64", "openSUSE Tumbleweed:vlc-3.0.16-1.5.ppc64le", "openSUSE Tumbleweed:vlc-3.0.16-1.5.s390x", "openSUSE Tumbleweed:vlc-3.0.16-1.5.x86_64", "openSUSE Tumbleweed:vlc-codec-gstreamer-3.0.16-1.5.aarch64", "openSUSE Tumbleweed:vlc-codec-gstreamer-3.0.16-1.5.ppc64le", "openSUSE Tumbleweed:vlc-codec-gstreamer-3.0.16-1.5.s390x", "openSUSE Tumbleweed:vlc-codec-gstreamer-3.0.16-1.5.x86_64", "openSUSE Tumbleweed:vlc-devel-3.0.16-1.5.aarch64", "openSUSE Tumbleweed:vlc-devel-3.0.16-1.5.ppc64le", "openSUSE Tumbleweed:vlc-devel-3.0.16-1.5.s390x", "openSUSE Tumbleweed:vlc-devel-3.0.16-1.5.x86_64", "openSUSE Tumbleweed:vlc-jack-3.0.16-1.5.aarch64", "openSUSE Tumbleweed:vlc-jack-3.0.16-1.5.ppc64le", "openSUSE Tumbleweed:vlc-jack-3.0.16-1.5.s390x", "openSUSE Tumbleweed:vlc-jack-3.0.16-1.5.x86_64", "openSUSE Tumbleweed:vlc-lang-3.0.16-1.5.aarch64", "openSUSE Tumbleweed:vlc-lang-3.0.16-1.5.ppc64le", "openSUSE Tumbleweed:vlc-lang-3.0.16-1.5.s390x", "openSUSE Tumbleweed:vlc-lang-3.0.16-1.5.x86_64", "openSUSE Tumbleweed:vlc-noX-3.0.16-1.5.aarch64", "openSUSE Tumbleweed:vlc-noX-3.0.16-1.5.ppc64le", "openSUSE Tumbleweed:vlc-noX-3.0.16-1.5.s390x", "openSUSE Tumbleweed:vlc-noX-3.0.16-1.5.x86_64", "openSUSE Tumbleweed:vlc-opencv-3.0.16-1.5.aarch64", "openSUSE Tumbleweed:vlc-opencv-3.0.16-1.5.ppc64le", "openSUSE Tumbleweed:vlc-opencv-3.0.16-1.5.s390x", "openSUSE Tumbleweed:vlc-opencv-3.0.16-1.5.x86_64", "openSUSE Tumbleweed:vlc-qt-3.0.16-1.5.aarch64", "openSUSE Tumbleweed:vlc-qt-3.0.16-1.5.ppc64le", "openSUSE Tumbleweed:vlc-qt-3.0.16-1.5.s390x", "openSUSE Tumbleweed:vlc-qt-3.0.16-1.5.x86_64", "openSUSE Tumbleweed:vlc-vdpau-3.0.16-1.5.aarch64", "openSUSE Tumbleweed:vlc-vdpau-3.0.16-1.5.ppc64le", "openSUSE Tumbleweed:vlc-vdpau-3.0.16-1.5.s390x", "openSUSE Tumbleweed:vlc-vdpau-3.0.16-1.5.x86_64", ], }, references: [ { category: "external", summary: "CVE-2019-14970", url: "https://www.suse.com/security/cve/CVE-2019-14970", }, { category: "external", summary: "SUSE Bug 1146428 for CVE-2019-14970", url: "https://bugzilla.suse.com/1146428", }, ], remediations: [ { category: "vendor_fix", details: "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n", product_ids: [ "openSUSE Tumbleweed:libvlc5-3.0.16-1.5.aarch64", "openSUSE Tumbleweed:libvlc5-3.0.16-1.5.ppc64le", "openSUSE Tumbleweed:libvlc5-3.0.16-1.5.s390x", "openSUSE Tumbleweed:libvlc5-3.0.16-1.5.x86_64", "openSUSE Tumbleweed:libvlccore9-3.0.16-1.5.aarch64", "openSUSE Tumbleweed:libvlccore9-3.0.16-1.5.ppc64le", "openSUSE Tumbleweed:libvlccore9-3.0.16-1.5.s390x", "openSUSE Tumbleweed:libvlccore9-3.0.16-1.5.x86_64", "openSUSE Tumbleweed:vlc-3.0.16-1.5.aarch64", "openSUSE Tumbleweed:vlc-3.0.16-1.5.ppc64le", "openSUSE Tumbleweed:vlc-3.0.16-1.5.s390x", "openSUSE Tumbleweed:vlc-3.0.16-1.5.x86_64", "openSUSE Tumbleweed:vlc-codec-gstreamer-3.0.16-1.5.aarch64", "openSUSE Tumbleweed:vlc-codec-gstreamer-3.0.16-1.5.ppc64le", "openSUSE Tumbleweed:vlc-codec-gstreamer-3.0.16-1.5.s390x", "openSUSE Tumbleweed:vlc-codec-gstreamer-3.0.16-1.5.x86_64", "openSUSE Tumbleweed:vlc-devel-3.0.16-1.5.aarch64", "openSUSE Tumbleweed:vlc-devel-3.0.16-1.5.ppc64le", "openSUSE Tumbleweed:vlc-devel-3.0.16-1.5.s390x", "openSUSE Tumbleweed:vlc-devel-3.0.16-1.5.x86_64", "openSUSE Tumbleweed:vlc-jack-3.0.16-1.5.aarch64", "openSUSE Tumbleweed:vlc-jack-3.0.16-1.5.ppc64le", "openSUSE Tumbleweed:vlc-jack-3.0.16-1.5.s390x", "openSUSE Tumbleweed:vlc-jack-3.0.16-1.5.x86_64", "openSUSE Tumbleweed:vlc-lang-3.0.16-1.5.aarch64", "openSUSE Tumbleweed:vlc-lang-3.0.16-1.5.ppc64le", "openSUSE Tumbleweed:vlc-lang-3.0.16-1.5.s390x", "openSUSE Tumbleweed:vlc-lang-3.0.16-1.5.x86_64", "openSUSE Tumbleweed:vlc-noX-3.0.16-1.5.aarch64", "openSUSE Tumbleweed:vlc-noX-3.0.16-1.5.ppc64le", "openSUSE Tumbleweed:vlc-noX-3.0.16-1.5.s390x", "openSUSE Tumbleweed:vlc-noX-3.0.16-1.5.x86_64", "openSUSE Tumbleweed:vlc-opencv-3.0.16-1.5.aarch64", "openSUSE Tumbleweed:vlc-opencv-3.0.16-1.5.ppc64le", "openSUSE Tumbleweed:vlc-opencv-3.0.16-1.5.s390x", "openSUSE Tumbleweed:vlc-opencv-3.0.16-1.5.x86_64", "openSUSE Tumbleweed:vlc-qt-3.0.16-1.5.aarch64", "openSUSE Tumbleweed:vlc-qt-3.0.16-1.5.ppc64le", "openSUSE Tumbleweed:vlc-qt-3.0.16-1.5.s390x", "openSUSE Tumbleweed:vlc-qt-3.0.16-1.5.x86_64", "openSUSE Tumbleweed:vlc-vdpau-3.0.16-1.5.aarch64", "openSUSE Tumbleweed:vlc-vdpau-3.0.16-1.5.ppc64le", "openSUSE Tumbleweed:vlc-vdpau-3.0.16-1.5.s390x", "openSUSE Tumbleweed:vlc-vdpau-3.0.16-1.5.x86_64", ], }, ], scores: [ { cvss_v3: { baseScore: 7.8, baseSeverity: "HIGH", vectorString: "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", version: "3.0", }, products: [ "openSUSE Tumbleweed:libvlc5-3.0.16-1.5.aarch64", "openSUSE Tumbleweed:libvlc5-3.0.16-1.5.ppc64le", "openSUSE Tumbleweed:libvlc5-3.0.16-1.5.s390x", "openSUSE Tumbleweed:libvlc5-3.0.16-1.5.x86_64", "openSUSE Tumbleweed:libvlccore9-3.0.16-1.5.aarch64", "openSUSE Tumbleweed:libvlccore9-3.0.16-1.5.ppc64le", "openSUSE Tumbleweed:libvlccore9-3.0.16-1.5.s390x", "openSUSE Tumbleweed:libvlccore9-3.0.16-1.5.x86_64", "openSUSE Tumbleweed:vlc-3.0.16-1.5.aarch64", "openSUSE Tumbleweed:vlc-3.0.16-1.5.ppc64le", "openSUSE Tumbleweed:vlc-3.0.16-1.5.s390x", "openSUSE Tumbleweed:vlc-3.0.16-1.5.x86_64", "openSUSE Tumbleweed:vlc-codec-gstreamer-3.0.16-1.5.aarch64", "openSUSE Tumbleweed:vlc-codec-gstreamer-3.0.16-1.5.ppc64le", "openSUSE Tumbleweed:vlc-codec-gstreamer-3.0.16-1.5.s390x", "openSUSE Tumbleweed:vlc-codec-gstreamer-3.0.16-1.5.x86_64", "openSUSE Tumbleweed:vlc-devel-3.0.16-1.5.aarch64", "openSUSE Tumbleweed:vlc-devel-3.0.16-1.5.ppc64le", "openSUSE Tumbleweed:vlc-devel-3.0.16-1.5.s390x", "openSUSE Tumbleweed:vlc-devel-3.0.16-1.5.x86_64", "openSUSE Tumbleweed:vlc-jack-3.0.16-1.5.aarch64", "openSUSE Tumbleweed:vlc-jack-3.0.16-1.5.ppc64le", "openSUSE Tumbleweed:vlc-jack-3.0.16-1.5.s390x", "openSUSE Tumbleweed:vlc-jack-3.0.16-1.5.x86_64", "openSUSE Tumbleweed:vlc-lang-3.0.16-1.5.aarch64", "openSUSE Tumbleweed:vlc-lang-3.0.16-1.5.ppc64le", "openSUSE Tumbleweed:vlc-lang-3.0.16-1.5.s390x", "openSUSE Tumbleweed:vlc-lang-3.0.16-1.5.x86_64", "openSUSE Tumbleweed:vlc-noX-3.0.16-1.5.aarch64", "openSUSE Tumbleweed:vlc-noX-3.0.16-1.5.ppc64le", "openSUSE Tumbleweed:vlc-noX-3.0.16-1.5.s390x", "openSUSE Tumbleweed:vlc-noX-3.0.16-1.5.x86_64", "openSUSE Tumbleweed:vlc-opencv-3.0.16-1.5.aarch64", "openSUSE Tumbleweed:vlc-opencv-3.0.16-1.5.ppc64le", "openSUSE Tumbleweed:vlc-opencv-3.0.16-1.5.s390x", "openSUSE Tumbleweed:vlc-opencv-3.0.16-1.5.x86_64", "openSUSE Tumbleweed:vlc-qt-3.0.16-1.5.aarch64", "openSUSE Tumbleweed:vlc-qt-3.0.16-1.5.ppc64le", "openSUSE Tumbleweed:vlc-qt-3.0.16-1.5.s390x", "openSUSE Tumbleweed:vlc-qt-3.0.16-1.5.x86_64", "openSUSE Tumbleweed:vlc-vdpau-3.0.16-1.5.aarch64", "openSUSE Tumbleweed:vlc-vdpau-3.0.16-1.5.ppc64le", "openSUSE Tumbleweed:vlc-vdpau-3.0.16-1.5.s390x", "openSUSE Tumbleweed:vlc-vdpau-3.0.16-1.5.x86_64", ], }, ], threats: [ { category: "impact", date: "2024-06-15T00:00:00Z", details: "moderate", }, ], title: "CVE-2019-14970", }, { cve: "CVE-2019-5439", ids: [ { system_name: "SUSE CVE Page", text: "https://www.suse.com/security/cve/CVE-2019-5439", }, ], notes: [ { category: "general", text: "A Buffer Overflow in VLC Media Player < 3.0.7 causes a crash which can possibly be further developed into a remote code execution exploit.", title: "CVE description", }, ], product_status: { recommended: [ "openSUSE Tumbleweed:libvlc5-3.0.16-1.5.aarch64", "openSUSE Tumbleweed:libvlc5-3.0.16-1.5.ppc64le", "openSUSE Tumbleweed:libvlc5-3.0.16-1.5.s390x", "openSUSE Tumbleweed:libvlc5-3.0.16-1.5.x86_64", "openSUSE Tumbleweed:libvlccore9-3.0.16-1.5.aarch64", "openSUSE Tumbleweed:libvlccore9-3.0.16-1.5.ppc64le", "openSUSE Tumbleweed:libvlccore9-3.0.16-1.5.s390x", "openSUSE Tumbleweed:libvlccore9-3.0.16-1.5.x86_64", "openSUSE Tumbleweed:vlc-3.0.16-1.5.aarch64", "openSUSE Tumbleweed:vlc-3.0.16-1.5.ppc64le", "openSUSE Tumbleweed:vlc-3.0.16-1.5.s390x", "openSUSE Tumbleweed:vlc-3.0.16-1.5.x86_64", "openSUSE Tumbleweed:vlc-codec-gstreamer-3.0.16-1.5.aarch64", "openSUSE Tumbleweed:vlc-codec-gstreamer-3.0.16-1.5.ppc64le", "openSUSE Tumbleweed:vlc-codec-gstreamer-3.0.16-1.5.s390x", "openSUSE Tumbleweed:vlc-codec-gstreamer-3.0.16-1.5.x86_64", "openSUSE Tumbleweed:vlc-devel-3.0.16-1.5.aarch64", "openSUSE Tumbleweed:vlc-devel-3.0.16-1.5.ppc64le", "openSUSE Tumbleweed:vlc-devel-3.0.16-1.5.s390x", "openSUSE Tumbleweed:vlc-devel-3.0.16-1.5.x86_64", "openSUSE Tumbleweed:vlc-jack-3.0.16-1.5.aarch64", "openSUSE Tumbleweed:vlc-jack-3.0.16-1.5.ppc64le", "openSUSE Tumbleweed:vlc-jack-3.0.16-1.5.s390x", "openSUSE Tumbleweed:vlc-jack-3.0.16-1.5.x86_64", "openSUSE Tumbleweed:vlc-lang-3.0.16-1.5.aarch64", "openSUSE Tumbleweed:vlc-lang-3.0.16-1.5.ppc64le", "openSUSE Tumbleweed:vlc-lang-3.0.16-1.5.s390x", "openSUSE Tumbleweed:vlc-lang-3.0.16-1.5.x86_64", "openSUSE Tumbleweed:vlc-noX-3.0.16-1.5.aarch64", "openSUSE Tumbleweed:vlc-noX-3.0.16-1.5.ppc64le", "openSUSE Tumbleweed:vlc-noX-3.0.16-1.5.s390x", "openSUSE Tumbleweed:vlc-noX-3.0.16-1.5.x86_64", "openSUSE Tumbleweed:vlc-opencv-3.0.16-1.5.aarch64", "openSUSE Tumbleweed:vlc-opencv-3.0.16-1.5.ppc64le", "openSUSE Tumbleweed:vlc-opencv-3.0.16-1.5.s390x", "openSUSE Tumbleweed:vlc-opencv-3.0.16-1.5.x86_64", "openSUSE Tumbleweed:vlc-qt-3.0.16-1.5.aarch64", "openSUSE Tumbleweed:vlc-qt-3.0.16-1.5.ppc64le", "openSUSE Tumbleweed:vlc-qt-3.0.16-1.5.s390x", "openSUSE Tumbleweed:vlc-qt-3.0.16-1.5.x86_64", "openSUSE Tumbleweed:vlc-vdpau-3.0.16-1.5.aarch64", "openSUSE Tumbleweed:vlc-vdpau-3.0.16-1.5.ppc64le", "openSUSE Tumbleweed:vlc-vdpau-3.0.16-1.5.s390x", "openSUSE Tumbleweed:vlc-vdpau-3.0.16-1.5.x86_64", ], }, references: [ { category: "external", summary: "CVE-2019-5439", url: "https://www.suse.com/security/cve/CVE-2019-5439", }, { category: "external", summary: "SUSE Bug 1138354 for CVE-2019-5439", url: "https://bugzilla.suse.com/1138354", }, ], remediations: [ { category: "vendor_fix", details: "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n", product_ids: [ "openSUSE Tumbleweed:libvlc5-3.0.16-1.5.aarch64", "openSUSE Tumbleweed:libvlc5-3.0.16-1.5.ppc64le", "openSUSE Tumbleweed:libvlc5-3.0.16-1.5.s390x", "openSUSE Tumbleweed:libvlc5-3.0.16-1.5.x86_64", "openSUSE Tumbleweed:libvlccore9-3.0.16-1.5.aarch64", "openSUSE Tumbleweed:libvlccore9-3.0.16-1.5.ppc64le", "openSUSE Tumbleweed:libvlccore9-3.0.16-1.5.s390x", "openSUSE Tumbleweed:libvlccore9-3.0.16-1.5.x86_64", "openSUSE Tumbleweed:vlc-3.0.16-1.5.aarch64", "openSUSE Tumbleweed:vlc-3.0.16-1.5.ppc64le", "openSUSE Tumbleweed:vlc-3.0.16-1.5.s390x", "openSUSE Tumbleweed:vlc-3.0.16-1.5.x86_64", "openSUSE Tumbleweed:vlc-codec-gstreamer-3.0.16-1.5.aarch64", "openSUSE Tumbleweed:vlc-codec-gstreamer-3.0.16-1.5.ppc64le", "openSUSE Tumbleweed:vlc-codec-gstreamer-3.0.16-1.5.s390x", "openSUSE Tumbleweed:vlc-codec-gstreamer-3.0.16-1.5.x86_64", "openSUSE Tumbleweed:vlc-devel-3.0.16-1.5.aarch64", "openSUSE Tumbleweed:vlc-devel-3.0.16-1.5.ppc64le", "openSUSE Tumbleweed:vlc-devel-3.0.16-1.5.s390x", "openSUSE Tumbleweed:vlc-devel-3.0.16-1.5.x86_64", "openSUSE Tumbleweed:vlc-jack-3.0.16-1.5.aarch64", "openSUSE Tumbleweed:vlc-jack-3.0.16-1.5.ppc64le", "openSUSE Tumbleweed:vlc-jack-3.0.16-1.5.s390x", "openSUSE Tumbleweed:vlc-jack-3.0.16-1.5.x86_64", "openSUSE Tumbleweed:vlc-lang-3.0.16-1.5.aarch64", "openSUSE Tumbleweed:vlc-lang-3.0.16-1.5.ppc64le", "openSUSE Tumbleweed:vlc-lang-3.0.16-1.5.s390x", "openSUSE Tumbleweed:vlc-lang-3.0.16-1.5.x86_64", "openSUSE Tumbleweed:vlc-noX-3.0.16-1.5.aarch64", "openSUSE Tumbleweed:vlc-noX-3.0.16-1.5.ppc64le", "openSUSE Tumbleweed:vlc-noX-3.0.16-1.5.s390x", "openSUSE Tumbleweed:vlc-noX-3.0.16-1.5.x86_64", "openSUSE Tumbleweed:vlc-opencv-3.0.16-1.5.aarch64", "openSUSE Tumbleweed:vlc-opencv-3.0.16-1.5.ppc64le", "openSUSE Tumbleweed:vlc-opencv-3.0.16-1.5.s390x", "openSUSE Tumbleweed:vlc-opencv-3.0.16-1.5.x86_64", "openSUSE Tumbleweed:vlc-qt-3.0.16-1.5.aarch64", "openSUSE Tumbleweed:vlc-qt-3.0.16-1.5.ppc64le", "openSUSE Tumbleweed:vlc-qt-3.0.16-1.5.s390x", "openSUSE Tumbleweed:vlc-qt-3.0.16-1.5.x86_64", "openSUSE Tumbleweed:vlc-vdpau-3.0.16-1.5.aarch64", "openSUSE Tumbleweed:vlc-vdpau-3.0.16-1.5.ppc64le", "openSUSE Tumbleweed:vlc-vdpau-3.0.16-1.5.s390x", "openSUSE Tumbleweed:vlc-vdpau-3.0.16-1.5.x86_64", ], }, ], scores: [ { cvss_v3: { baseScore: 6.5, baseSeverity: "MEDIUM", vectorString: "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", version: "3.0", }, products: [ "openSUSE Tumbleweed:libvlc5-3.0.16-1.5.aarch64", "openSUSE Tumbleweed:libvlc5-3.0.16-1.5.ppc64le", "openSUSE Tumbleweed:libvlc5-3.0.16-1.5.s390x", "openSUSE Tumbleweed:libvlc5-3.0.16-1.5.x86_64", "openSUSE Tumbleweed:libvlccore9-3.0.16-1.5.aarch64", "openSUSE Tumbleweed:libvlccore9-3.0.16-1.5.ppc64le", "openSUSE Tumbleweed:libvlccore9-3.0.16-1.5.s390x", "openSUSE Tumbleweed:libvlccore9-3.0.16-1.5.x86_64", "openSUSE Tumbleweed:vlc-3.0.16-1.5.aarch64", "openSUSE Tumbleweed:vlc-3.0.16-1.5.ppc64le", "openSUSE Tumbleweed:vlc-3.0.16-1.5.s390x", "openSUSE Tumbleweed:vlc-3.0.16-1.5.x86_64", "openSUSE Tumbleweed:vlc-codec-gstreamer-3.0.16-1.5.aarch64", "openSUSE Tumbleweed:vlc-codec-gstreamer-3.0.16-1.5.ppc64le", "openSUSE Tumbleweed:vlc-codec-gstreamer-3.0.16-1.5.s390x", "openSUSE Tumbleweed:vlc-codec-gstreamer-3.0.16-1.5.x86_64", "openSUSE Tumbleweed:vlc-devel-3.0.16-1.5.aarch64", "openSUSE Tumbleweed:vlc-devel-3.0.16-1.5.ppc64le", "openSUSE Tumbleweed:vlc-devel-3.0.16-1.5.s390x", "openSUSE Tumbleweed:vlc-devel-3.0.16-1.5.x86_64", "openSUSE Tumbleweed:vlc-jack-3.0.16-1.5.aarch64", "openSUSE Tumbleweed:vlc-jack-3.0.16-1.5.ppc64le", "openSUSE Tumbleweed:vlc-jack-3.0.16-1.5.s390x", "openSUSE Tumbleweed:vlc-jack-3.0.16-1.5.x86_64", "openSUSE Tumbleweed:vlc-lang-3.0.16-1.5.aarch64", "openSUSE Tumbleweed:vlc-lang-3.0.16-1.5.ppc64le", "openSUSE Tumbleweed:vlc-lang-3.0.16-1.5.s390x", "openSUSE Tumbleweed:vlc-lang-3.0.16-1.5.x86_64", "openSUSE Tumbleweed:vlc-noX-3.0.16-1.5.aarch64", "openSUSE Tumbleweed:vlc-noX-3.0.16-1.5.ppc64le", "openSUSE Tumbleweed:vlc-noX-3.0.16-1.5.s390x", "openSUSE Tumbleweed:vlc-noX-3.0.16-1.5.x86_64", "openSUSE Tumbleweed:vlc-opencv-3.0.16-1.5.aarch64", "openSUSE Tumbleweed:vlc-opencv-3.0.16-1.5.ppc64le", "openSUSE Tumbleweed:vlc-opencv-3.0.16-1.5.s390x", "openSUSE Tumbleweed:vlc-opencv-3.0.16-1.5.x86_64", "openSUSE Tumbleweed:vlc-qt-3.0.16-1.5.aarch64", "openSUSE Tumbleweed:vlc-qt-3.0.16-1.5.ppc64le", "openSUSE Tumbleweed:vlc-qt-3.0.16-1.5.s390x", "openSUSE Tumbleweed:vlc-qt-3.0.16-1.5.x86_64", "openSUSE Tumbleweed:vlc-vdpau-3.0.16-1.5.aarch64", "openSUSE Tumbleweed:vlc-vdpau-3.0.16-1.5.ppc64le", "openSUSE Tumbleweed:vlc-vdpau-3.0.16-1.5.s390x", "openSUSE Tumbleweed:vlc-vdpau-3.0.16-1.5.x86_64", ], }, ], threats: [ { category: "impact", date: "2024-06-15T00:00:00Z", details: "moderate", }, ], title: "CVE-2019-5439", }, { cve: "CVE-2019-5460", ids: [ { system_name: "SUSE CVE Page", text: "https://www.suse.com/security/cve/CVE-2019-5460", }, ], notes: [ { category: "general", text: "Double Free in VLC versions <= 3.0.6 leads to a crash.", title: "CVE description", }, ], product_status: { recommended: [ "openSUSE Tumbleweed:libvlc5-3.0.16-1.5.aarch64", "openSUSE Tumbleweed:libvlc5-3.0.16-1.5.ppc64le", "openSUSE Tumbleweed:libvlc5-3.0.16-1.5.s390x", "openSUSE Tumbleweed:libvlc5-3.0.16-1.5.x86_64", "openSUSE Tumbleweed:libvlccore9-3.0.16-1.5.aarch64", "openSUSE Tumbleweed:libvlccore9-3.0.16-1.5.ppc64le", "openSUSE Tumbleweed:libvlccore9-3.0.16-1.5.s390x", "openSUSE Tumbleweed:libvlccore9-3.0.16-1.5.x86_64", "openSUSE Tumbleweed:vlc-3.0.16-1.5.aarch64", "openSUSE Tumbleweed:vlc-3.0.16-1.5.ppc64le", "openSUSE Tumbleweed:vlc-3.0.16-1.5.s390x", "openSUSE Tumbleweed:vlc-3.0.16-1.5.x86_64", "openSUSE Tumbleweed:vlc-codec-gstreamer-3.0.16-1.5.aarch64", "openSUSE Tumbleweed:vlc-codec-gstreamer-3.0.16-1.5.ppc64le", "openSUSE Tumbleweed:vlc-codec-gstreamer-3.0.16-1.5.s390x", "openSUSE Tumbleweed:vlc-codec-gstreamer-3.0.16-1.5.x86_64", "openSUSE Tumbleweed:vlc-devel-3.0.16-1.5.aarch64", "openSUSE Tumbleweed:vlc-devel-3.0.16-1.5.ppc64le", "openSUSE Tumbleweed:vlc-devel-3.0.16-1.5.s390x", "openSUSE Tumbleweed:vlc-devel-3.0.16-1.5.x86_64", "openSUSE Tumbleweed:vlc-jack-3.0.16-1.5.aarch64", "openSUSE Tumbleweed:vlc-jack-3.0.16-1.5.ppc64le", "openSUSE Tumbleweed:vlc-jack-3.0.16-1.5.s390x", "openSUSE Tumbleweed:vlc-jack-3.0.16-1.5.x86_64", "openSUSE Tumbleweed:vlc-lang-3.0.16-1.5.aarch64", "openSUSE Tumbleweed:vlc-lang-3.0.16-1.5.ppc64le", "openSUSE Tumbleweed:vlc-lang-3.0.16-1.5.s390x", "openSUSE Tumbleweed:vlc-lang-3.0.16-1.5.x86_64", "openSUSE Tumbleweed:vlc-noX-3.0.16-1.5.aarch64", "openSUSE Tumbleweed:vlc-noX-3.0.16-1.5.ppc64le", "openSUSE Tumbleweed:vlc-noX-3.0.16-1.5.s390x", "openSUSE Tumbleweed:vlc-noX-3.0.16-1.5.x86_64", "openSUSE Tumbleweed:vlc-opencv-3.0.16-1.5.aarch64", "openSUSE Tumbleweed:vlc-opencv-3.0.16-1.5.ppc64le", "openSUSE Tumbleweed:vlc-opencv-3.0.16-1.5.s390x", "openSUSE Tumbleweed:vlc-opencv-3.0.16-1.5.x86_64", "openSUSE Tumbleweed:vlc-qt-3.0.16-1.5.aarch64", "openSUSE Tumbleweed:vlc-qt-3.0.16-1.5.ppc64le", "openSUSE Tumbleweed:vlc-qt-3.0.16-1.5.s390x", "openSUSE Tumbleweed:vlc-qt-3.0.16-1.5.x86_64", "openSUSE Tumbleweed:vlc-vdpau-3.0.16-1.5.aarch64", "openSUSE Tumbleweed:vlc-vdpau-3.0.16-1.5.ppc64le", "openSUSE Tumbleweed:vlc-vdpau-3.0.16-1.5.s390x", "openSUSE Tumbleweed:vlc-vdpau-3.0.16-1.5.x86_64", ], }, references: [ { category: "external", summary: "CVE-2019-5460", url: "https://www.suse.com/security/cve/CVE-2019-5460", }, { category: "external", summary: "SUSE Bug 1143547 for CVE-2019-5460", url: "https://bugzilla.suse.com/1143547", }, ], remediations: [ { category: "vendor_fix", details: "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n", product_ids: [ "openSUSE Tumbleweed:libvlc5-3.0.16-1.5.aarch64", "openSUSE Tumbleweed:libvlc5-3.0.16-1.5.ppc64le", "openSUSE Tumbleweed:libvlc5-3.0.16-1.5.s390x", "openSUSE Tumbleweed:libvlc5-3.0.16-1.5.x86_64", "openSUSE Tumbleweed:libvlccore9-3.0.16-1.5.aarch64", "openSUSE Tumbleweed:libvlccore9-3.0.16-1.5.ppc64le", "openSUSE Tumbleweed:libvlccore9-3.0.16-1.5.s390x", "openSUSE Tumbleweed:libvlccore9-3.0.16-1.5.x86_64", "openSUSE Tumbleweed:vlc-3.0.16-1.5.aarch64", "openSUSE Tumbleweed:vlc-3.0.16-1.5.ppc64le", "openSUSE Tumbleweed:vlc-3.0.16-1.5.s390x", "openSUSE Tumbleweed:vlc-3.0.16-1.5.x86_64", "openSUSE Tumbleweed:vlc-codec-gstreamer-3.0.16-1.5.aarch64", "openSUSE Tumbleweed:vlc-codec-gstreamer-3.0.16-1.5.ppc64le", "openSUSE Tumbleweed:vlc-codec-gstreamer-3.0.16-1.5.s390x", "openSUSE Tumbleweed:vlc-codec-gstreamer-3.0.16-1.5.x86_64", "openSUSE Tumbleweed:vlc-devel-3.0.16-1.5.aarch64", "openSUSE Tumbleweed:vlc-devel-3.0.16-1.5.ppc64le", "openSUSE Tumbleweed:vlc-devel-3.0.16-1.5.s390x", "openSUSE Tumbleweed:vlc-devel-3.0.16-1.5.x86_64", "openSUSE Tumbleweed:vlc-jack-3.0.16-1.5.aarch64", "openSUSE Tumbleweed:vlc-jack-3.0.16-1.5.ppc64le", "openSUSE Tumbleweed:vlc-jack-3.0.16-1.5.s390x", "openSUSE Tumbleweed:vlc-jack-3.0.16-1.5.x86_64", "openSUSE Tumbleweed:vlc-lang-3.0.16-1.5.aarch64", "openSUSE Tumbleweed:vlc-lang-3.0.16-1.5.ppc64le", "openSUSE Tumbleweed:vlc-lang-3.0.16-1.5.s390x", "openSUSE Tumbleweed:vlc-lang-3.0.16-1.5.x86_64", "openSUSE Tumbleweed:vlc-noX-3.0.16-1.5.aarch64", "openSUSE Tumbleweed:vlc-noX-3.0.16-1.5.ppc64le", "openSUSE Tumbleweed:vlc-noX-3.0.16-1.5.s390x", "openSUSE Tumbleweed:vlc-noX-3.0.16-1.5.x86_64", "openSUSE Tumbleweed:vlc-opencv-3.0.16-1.5.aarch64", "openSUSE Tumbleweed:vlc-opencv-3.0.16-1.5.ppc64le", "openSUSE Tumbleweed:vlc-opencv-3.0.16-1.5.s390x", "openSUSE Tumbleweed:vlc-opencv-3.0.16-1.5.x86_64", "openSUSE Tumbleweed:vlc-qt-3.0.16-1.5.aarch64", "openSUSE Tumbleweed:vlc-qt-3.0.16-1.5.ppc64le", "openSUSE Tumbleweed:vlc-qt-3.0.16-1.5.s390x", "openSUSE Tumbleweed:vlc-qt-3.0.16-1.5.x86_64", "openSUSE Tumbleweed:vlc-vdpau-3.0.16-1.5.aarch64", "openSUSE Tumbleweed:vlc-vdpau-3.0.16-1.5.ppc64le", "openSUSE Tumbleweed:vlc-vdpau-3.0.16-1.5.s390x", "openSUSE Tumbleweed:vlc-vdpau-3.0.16-1.5.x86_64", ], }, ], scores: [ { cvss_v3: { baseScore: 5.5, baseSeverity: "MEDIUM", vectorString: "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", version: "3.1", }, products: [ "openSUSE Tumbleweed:libvlc5-3.0.16-1.5.aarch64", "openSUSE Tumbleweed:libvlc5-3.0.16-1.5.ppc64le", "openSUSE Tumbleweed:libvlc5-3.0.16-1.5.s390x", "openSUSE Tumbleweed:libvlc5-3.0.16-1.5.x86_64", "openSUSE Tumbleweed:libvlccore9-3.0.16-1.5.aarch64", "openSUSE Tumbleweed:libvlccore9-3.0.16-1.5.ppc64le", "openSUSE Tumbleweed:libvlccore9-3.0.16-1.5.s390x", "openSUSE Tumbleweed:libvlccore9-3.0.16-1.5.x86_64", "openSUSE Tumbleweed:vlc-3.0.16-1.5.aarch64", "openSUSE Tumbleweed:vlc-3.0.16-1.5.ppc64le", "openSUSE Tumbleweed:vlc-3.0.16-1.5.s390x", "openSUSE Tumbleweed:vlc-3.0.16-1.5.x86_64", "openSUSE Tumbleweed:vlc-codec-gstreamer-3.0.16-1.5.aarch64", "openSUSE Tumbleweed:vlc-codec-gstreamer-3.0.16-1.5.ppc64le", "openSUSE Tumbleweed:vlc-codec-gstreamer-3.0.16-1.5.s390x", "openSUSE Tumbleweed:vlc-codec-gstreamer-3.0.16-1.5.x86_64", "openSUSE Tumbleweed:vlc-devel-3.0.16-1.5.aarch64", "openSUSE Tumbleweed:vlc-devel-3.0.16-1.5.ppc64le", "openSUSE Tumbleweed:vlc-devel-3.0.16-1.5.s390x", "openSUSE Tumbleweed:vlc-devel-3.0.16-1.5.x86_64", "openSUSE Tumbleweed:vlc-jack-3.0.16-1.5.aarch64", "openSUSE Tumbleweed:vlc-jack-3.0.16-1.5.ppc64le", "openSUSE Tumbleweed:vlc-jack-3.0.16-1.5.s390x", "openSUSE Tumbleweed:vlc-jack-3.0.16-1.5.x86_64", "openSUSE Tumbleweed:vlc-lang-3.0.16-1.5.aarch64", "openSUSE Tumbleweed:vlc-lang-3.0.16-1.5.ppc64le", "openSUSE Tumbleweed:vlc-lang-3.0.16-1.5.s390x", "openSUSE Tumbleweed:vlc-lang-3.0.16-1.5.x86_64", "openSUSE Tumbleweed:vlc-noX-3.0.16-1.5.aarch64", "openSUSE Tumbleweed:vlc-noX-3.0.16-1.5.ppc64le", "openSUSE Tumbleweed:vlc-noX-3.0.16-1.5.s390x", "openSUSE Tumbleweed:vlc-noX-3.0.16-1.5.x86_64", "openSUSE Tumbleweed:vlc-opencv-3.0.16-1.5.aarch64", "openSUSE Tumbleweed:vlc-opencv-3.0.16-1.5.ppc64le", "openSUSE Tumbleweed:vlc-opencv-3.0.16-1.5.s390x", "openSUSE Tumbleweed:vlc-opencv-3.0.16-1.5.x86_64", "openSUSE Tumbleweed:vlc-qt-3.0.16-1.5.aarch64", "openSUSE Tumbleweed:vlc-qt-3.0.16-1.5.ppc64le", "openSUSE Tumbleweed:vlc-qt-3.0.16-1.5.s390x", "openSUSE Tumbleweed:vlc-qt-3.0.16-1.5.x86_64", "openSUSE Tumbleweed:vlc-vdpau-3.0.16-1.5.aarch64", "openSUSE Tumbleweed:vlc-vdpau-3.0.16-1.5.ppc64le", "openSUSE Tumbleweed:vlc-vdpau-3.0.16-1.5.s390x", "openSUSE Tumbleweed:vlc-vdpau-3.0.16-1.5.x86_64", ], }, ], threats: [ { category: "impact", date: "2024-06-15T00:00:00Z", details: "moderate", }, ], title: "CVE-2019-5460", }, { cve: "CVE-2020-13428", ids: [ { system_name: "SUSE CVE Page", text: "https://www.suse.com/security/cve/CVE-2020-13428", }, ], notes: [ { category: "general", text: "A heap-based buffer overflow in the hxxx_AnnexB_to_xVC function in modules/packetizer/hxxx_nal.c in VideoLAN VLC media player before 3.0.11 for macOS/iOS allows remote attackers to cause a denial of service (application crash) or execute arbitrary code via a crafted H.264 Annex-B video (.avi for example) file.", title: "CVE description", }, ], product_status: { recommended: [ "openSUSE Tumbleweed:libvlc5-3.0.16-1.5.aarch64", "openSUSE Tumbleweed:libvlc5-3.0.16-1.5.ppc64le", "openSUSE Tumbleweed:libvlc5-3.0.16-1.5.s390x", "openSUSE Tumbleweed:libvlc5-3.0.16-1.5.x86_64", "openSUSE Tumbleweed:libvlccore9-3.0.16-1.5.aarch64", "openSUSE Tumbleweed:libvlccore9-3.0.16-1.5.ppc64le", "openSUSE Tumbleweed:libvlccore9-3.0.16-1.5.s390x", "openSUSE Tumbleweed:libvlccore9-3.0.16-1.5.x86_64", "openSUSE Tumbleweed:vlc-3.0.16-1.5.aarch64", "openSUSE Tumbleweed:vlc-3.0.16-1.5.ppc64le", "openSUSE Tumbleweed:vlc-3.0.16-1.5.s390x", "openSUSE Tumbleweed:vlc-3.0.16-1.5.x86_64", "openSUSE Tumbleweed:vlc-codec-gstreamer-3.0.16-1.5.aarch64", "openSUSE Tumbleweed:vlc-codec-gstreamer-3.0.16-1.5.ppc64le", "openSUSE Tumbleweed:vlc-codec-gstreamer-3.0.16-1.5.s390x", "openSUSE Tumbleweed:vlc-codec-gstreamer-3.0.16-1.5.x86_64", "openSUSE Tumbleweed:vlc-devel-3.0.16-1.5.aarch64", "openSUSE Tumbleweed:vlc-devel-3.0.16-1.5.ppc64le", "openSUSE Tumbleweed:vlc-devel-3.0.16-1.5.s390x", "openSUSE Tumbleweed:vlc-devel-3.0.16-1.5.x86_64", "openSUSE Tumbleweed:vlc-jack-3.0.16-1.5.aarch64", "openSUSE Tumbleweed:vlc-jack-3.0.16-1.5.ppc64le", "openSUSE Tumbleweed:vlc-jack-3.0.16-1.5.s390x", "openSUSE Tumbleweed:vlc-jack-3.0.16-1.5.x86_64", "openSUSE Tumbleweed:vlc-lang-3.0.16-1.5.aarch64", "openSUSE Tumbleweed:vlc-lang-3.0.16-1.5.ppc64le", "openSUSE Tumbleweed:vlc-lang-3.0.16-1.5.s390x", "openSUSE Tumbleweed:vlc-lang-3.0.16-1.5.x86_64", "openSUSE Tumbleweed:vlc-noX-3.0.16-1.5.aarch64", "openSUSE Tumbleweed:vlc-noX-3.0.16-1.5.ppc64le", "openSUSE Tumbleweed:vlc-noX-3.0.16-1.5.s390x", "openSUSE Tumbleweed:vlc-noX-3.0.16-1.5.x86_64", "openSUSE Tumbleweed:vlc-opencv-3.0.16-1.5.aarch64", "openSUSE Tumbleweed:vlc-opencv-3.0.16-1.5.ppc64le", "openSUSE Tumbleweed:vlc-opencv-3.0.16-1.5.s390x", "openSUSE Tumbleweed:vlc-opencv-3.0.16-1.5.x86_64", "openSUSE Tumbleweed:vlc-qt-3.0.16-1.5.aarch64", "openSUSE Tumbleweed:vlc-qt-3.0.16-1.5.ppc64le", "openSUSE Tumbleweed:vlc-qt-3.0.16-1.5.s390x", "openSUSE Tumbleweed:vlc-qt-3.0.16-1.5.x86_64", "openSUSE Tumbleweed:vlc-vdpau-3.0.16-1.5.aarch64", "openSUSE Tumbleweed:vlc-vdpau-3.0.16-1.5.ppc64le", "openSUSE Tumbleweed:vlc-vdpau-3.0.16-1.5.s390x", "openSUSE Tumbleweed:vlc-vdpau-3.0.16-1.5.x86_64", ], }, references: [ { category: "external", summary: "CVE-2020-13428", url: "https://www.suse.com/security/cve/CVE-2020-13428", }, { category: "external", summary: "SUSE Bug 1172727 for CVE-2020-13428", url: "https://bugzilla.suse.com/1172727", }, ], remediations: [ { category: "vendor_fix", details: "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n", product_ids: [ "openSUSE Tumbleweed:libvlc5-3.0.16-1.5.aarch64", "openSUSE Tumbleweed:libvlc5-3.0.16-1.5.ppc64le", "openSUSE Tumbleweed:libvlc5-3.0.16-1.5.s390x", "openSUSE Tumbleweed:libvlc5-3.0.16-1.5.x86_64", "openSUSE Tumbleweed:libvlccore9-3.0.16-1.5.aarch64", "openSUSE Tumbleweed:libvlccore9-3.0.16-1.5.ppc64le", "openSUSE Tumbleweed:libvlccore9-3.0.16-1.5.s390x", "openSUSE Tumbleweed:libvlccore9-3.0.16-1.5.x86_64", "openSUSE Tumbleweed:vlc-3.0.16-1.5.aarch64", "openSUSE Tumbleweed:vlc-3.0.16-1.5.ppc64le", "openSUSE Tumbleweed:vlc-3.0.16-1.5.s390x", "openSUSE Tumbleweed:vlc-3.0.16-1.5.x86_64", "openSUSE Tumbleweed:vlc-codec-gstreamer-3.0.16-1.5.aarch64", "openSUSE Tumbleweed:vlc-codec-gstreamer-3.0.16-1.5.ppc64le", "openSUSE Tumbleweed:vlc-codec-gstreamer-3.0.16-1.5.s390x", "openSUSE Tumbleweed:vlc-codec-gstreamer-3.0.16-1.5.x86_64", "openSUSE Tumbleweed:vlc-devel-3.0.16-1.5.aarch64", "openSUSE Tumbleweed:vlc-devel-3.0.16-1.5.ppc64le", "openSUSE Tumbleweed:vlc-devel-3.0.16-1.5.s390x", "openSUSE Tumbleweed:vlc-devel-3.0.16-1.5.x86_64", "openSUSE Tumbleweed:vlc-jack-3.0.16-1.5.aarch64", "openSUSE Tumbleweed:vlc-jack-3.0.16-1.5.ppc64le", "openSUSE Tumbleweed:vlc-jack-3.0.16-1.5.s390x", "openSUSE Tumbleweed:vlc-jack-3.0.16-1.5.x86_64", "openSUSE Tumbleweed:vlc-lang-3.0.16-1.5.aarch64", "openSUSE Tumbleweed:vlc-lang-3.0.16-1.5.ppc64le", "openSUSE Tumbleweed:vlc-lang-3.0.16-1.5.s390x", "openSUSE Tumbleweed:vlc-lang-3.0.16-1.5.x86_64", "openSUSE Tumbleweed:vlc-noX-3.0.16-1.5.aarch64", "openSUSE Tumbleweed:vlc-noX-3.0.16-1.5.ppc64le", "openSUSE Tumbleweed:vlc-noX-3.0.16-1.5.s390x", "openSUSE Tumbleweed:vlc-noX-3.0.16-1.5.x86_64", "openSUSE Tumbleweed:vlc-opencv-3.0.16-1.5.aarch64", "openSUSE Tumbleweed:vlc-opencv-3.0.16-1.5.ppc64le", "openSUSE Tumbleweed:vlc-opencv-3.0.16-1.5.s390x", "openSUSE Tumbleweed:vlc-opencv-3.0.16-1.5.x86_64", "openSUSE Tumbleweed:vlc-qt-3.0.16-1.5.aarch64", "openSUSE Tumbleweed:vlc-qt-3.0.16-1.5.ppc64le", "openSUSE Tumbleweed:vlc-qt-3.0.16-1.5.s390x", "openSUSE Tumbleweed:vlc-qt-3.0.16-1.5.x86_64", "openSUSE Tumbleweed:vlc-vdpau-3.0.16-1.5.aarch64", "openSUSE Tumbleweed:vlc-vdpau-3.0.16-1.5.ppc64le", "openSUSE Tumbleweed:vlc-vdpau-3.0.16-1.5.s390x", "openSUSE Tumbleweed:vlc-vdpau-3.0.16-1.5.x86_64", ], }, ], scores: [ { cvss_v3: { baseScore: 7.8, baseSeverity: "HIGH", vectorString: "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", version: "3.1", }, products: [ "openSUSE Tumbleweed:libvlc5-3.0.16-1.5.aarch64", "openSUSE Tumbleweed:libvlc5-3.0.16-1.5.ppc64le", "openSUSE Tumbleweed:libvlc5-3.0.16-1.5.s390x", "openSUSE Tumbleweed:libvlc5-3.0.16-1.5.x86_64", "openSUSE Tumbleweed:libvlccore9-3.0.16-1.5.aarch64", "openSUSE Tumbleweed:libvlccore9-3.0.16-1.5.ppc64le", "openSUSE Tumbleweed:libvlccore9-3.0.16-1.5.s390x", "openSUSE Tumbleweed:libvlccore9-3.0.16-1.5.x86_64", "openSUSE Tumbleweed:vlc-3.0.16-1.5.aarch64", "openSUSE Tumbleweed:vlc-3.0.16-1.5.ppc64le", "openSUSE Tumbleweed:vlc-3.0.16-1.5.s390x", "openSUSE Tumbleweed:vlc-3.0.16-1.5.x86_64", "openSUSE Tumbleweed:vlc-codec-gstreamer-3.0.16-1.5.aarch64", "openSUSE Tumbleweed:vlc-codec-gstreamer-3.0.16-1.5.ppc64le", "openSUSE Tumbleweed:vlc-codec-gstreamer-3.0.16-1.5.s390x", "openSUSE Tumbleweed:vlc-codec-gstreamer-3.0.16-1.5.x86_64", "openSUSE Tumbleweed:vlc-devel-3.0.16-1.5.aarch64", "openSUSE Tumbleweed:vlc-devel-3.0.16-1.5.ppc64le", "openSUSE Tumbleweed:vlc-devel-3.0.16-1.5.s390x", "openSUSE Tumbleweed:vlc-devel-3.0.16-1.5.x86_64", "openSUSE Tumbleweed:vlc-jack-3.0.16-1.5.aarch64", "openSUSE Tumbleweed:vlc-jack-3.0.16-1.5.ppc64le", "openSUSE Tumbleweed:vlc-jack-3.0.16-1.5.s390x", "openSUSE Tumbleweed:vlc-jack-3.0.16-1.5.x86_64", "openSUSE Tumbleweed:vlc-lang-3.0.16-1.5.aarch64", "openSUSE Tumbleweed:vlc-lang-3.0.16-1.5.ppc64le", "openSUSE Tumbleweed:vlc-lang-3.0.16-1.5.s390x", "openSUSE Tumbleweed:vlc-lang-3.0.16-1.5.x86_64", "openSUSE Tumbleweed:vlc-noX-3.0.16-1.5.aarch64", "openSUSE Tumbleweed:vlc-noX-3.0.16-1.5.ppc64le", "openSUSE Tumbleweed:vlc-noX-3.0.16-1.5.s390x", "openSUSE Tumbleweed:vlc-noX-3.0.16-1.5.x86_64", "openSUSE Tumbleweed:vlc-opencv-3.0.16-1.5.aarch64", "openSUSE Tumbleweed:vlc-opencv-3.0.16-1.5.ppc64le", "openSUSE Tumbleweed:vlc-opencv-3.0.16-1.5.s390x", "openSUSE Tumbleweed:vlc-opencv-3.0.16-1.5.x86_64", "openSUSE Tumbleweed:vlc-qt-3.0.16-1.5.aarch64", "openSUSE Tumbleweed:vlc-qt-3.0.16-1.5.ppc64le", "openSUSE Tumbleweed:vlc-qt-3.0.16-1.5.s390x", "openSUSE Tumbleweed:vlc-qt-3.0.16-1.5.x86_64", "openSUSE Tumbleweed:vlc-vdpau-3.0.16-1.5.aarch64", "openSUSE Tumbleweed:vlc-vdpau-3.0.16-1.5.ppc64le", "openSUSE Tumbleweed:vlc-vdpau-3.0.16-1.5.s390x", "openSUSE Tumbleweed:vlc-vdpau-3.0.16-1.5.x86_64", ], }, ], threats: [ { category: "impact", date: "2024-06-15T00:00:00Z", details: "important", }, ], title: "CVE-2020-13428", }, { cve: "CVE-2020-26664", ids: [ { system_name: "SUSE CVE Page", text: "https://www.suse.com/security/cve/CVE-2020-26664", }, ], notes: [ { category: "general", text: "A vulnerability in EbmlTypeDispatcher::send in VideoLAN VLC media player 3.0.11 allows attackers to trigger a heap-based buffer overflow via a crafted .mkv file.", title: "CVE description", }, ], product_status: { recommended: [ "openSUSE Tumbleweed:libvlc5-3.0.16-1.5.aarch64", "openSUSE Tumbleweed:libvlc5-3.0.16-1.5.ppc64le", "openSUSE Tumbleweed:libvlc5-3.0.16-1.5.s390x", "openSUSE Tumbleweed:libvlc5-3.0.16-1.5.x86_64", "openSUSE Tumbleweed:libvlccore9-3.0.16-1.5.aarch64", "openSUSE Tumbleweed:libvlccore9-3.0.16-1.5.ppc64le", "openSUSE Tumbleweed:libvlccore9-3.0.16-1.5.s390x", "openSUSE Tumbleweed:libvlccore9-3.0.16-1.5.x86_64", "openSUSE Tumbleweed:vlc-3.0.16-1.5.aarch64", "openSUSE Tumbleweed:vlc-3.0.16-1.5.ppc64le", "openSUSE Tumbleweed:vlc-3.0.16-1.5.s390x", "openSUSE Tumbleweed:vlc-3.0.16-1.5.x86_64", "openSUSE Tumbleweed:vlc-codec-gstreamer-3.0.16-1.5.aarch64", "openSUSE Tumbleweed:vlc-codec-gstreamer-3.0.16-1.5.ppc64le", "openSUSE Tumbleweed:vlc-codec-gstreamer-3.0.16-1.5.s390x", "openSUSE Tumbleweed:vlc-codec-gstreamer-3.0.16-1.5.x86_64", "openSUSE Tumbleweed:vlc-devel-3.0.16-1.5.aarch64", "openSUSE Tumbleweed:vlc-devel-3.0.16-1.5.ppc64le", "openSUSE Tumbleweed:vlc-devel-3.0.16-1.5.s390x", "openSUSE Tumbleweed:vlc-devel-3.0.16-1.5.x86_64", "openSUSE Tumbleweed:vlc-jack-3.0.16-1.5.aarch64", "openSUSE Tumbleweed:vlc-jack-3.0.16-1.5.ppc64le", "openSUSE Tumbleweed:vlc-jack-3.0.16-1.5.s390x", "openSUSE Tumbleweed:vlc-jack-3.0.16-1.5.x86_64", "openSUSE Tumbleweed:vlc-lang-3.0.16-1.5.aarch64", "openSUSE Tumbleweed:vlc-lang-3.0.16-1.5.ppc64le", "openSUSE Tumbleweed:vlc-lang-3.0.16-1.5.s390x", "openSUSE Tumbleweed:vlc-lang-3.0.16-1.5.x86_64", "openSUSE Tumbleweed:vlc-noX-3.0.16-1.5.aarch64", "openSUSE Tumbleweed:vlc-noX-3.0.16-1.5.ppc64le", "openSUSE Tumbleweed:vlc-noX-3.0.16-1.5.s390x", "openSUSE Tumbleweed:vlc-noX-3.0.16-1.5.x86_64", "openSUSE Tumbleweed:vlc-opencv-3.0.16-1.5.aarch64", "openSUSE Tumbleweed:vlc-opencv-3.0.16-1.5.ppc64le", "openSUSE Tumbleweed:vlc-opencv-3.0.16-1.5.s390x", "openSUSE Tumbleweed:vlc-opencv-3.0.16-1.5.x86_64", "openSUSE Tumbleweed:vlc-qt-3.0.16-1.5.aarch64", "openSUSE Tumbleweed:vlc-qt-3.0.16-1.5.ppc64le", "openSUSE Tumbleweed:vlc-qt-3.0.16-1.5.s390x", "openSUSE Tumbleweed:vlc-qt-3.0.16-1.5.x86_64", "openSUSE Tumbleweed:vlc-vdpau-3.0.16-1.5.aarch64", "openSUSE Tumbleweed:vlc-vdpau-3.0.16-1.5.ppc64le", "openSUSE Tumbleweed:vlc-vdpau-3.0.16-1.5.s390x", "openSUSE Tumbleweed:vlc-vdpau-3.0.16-1.5.x86_64", ], }, references: [ { category: "external", summary: "CVE-2020-26664", url: "https://www.suse.com/security/cve/CVE-2020-26664", }, { category: "external", summary: "SUSE Bug 1180755 for CVE-2020-26664", url: "https://bugzilla.suse.com/1180755", }, ], remediations: [ { category: "vendor_fix", details: "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n", product_ids: [ "openSUSE Tumbleweed:libvlc5-3.0.16-1.5.aarch64", "openSUSE Tumbleweed:libvlc5-3.0.16-1.5.ppc64le", "openSUSE Tumbleweed:libvlc5-3.0.16-1.5.s390x", "openSUSE Tumbleweed:libvlc5-3.0.16-1.5.x86_64", "openSUSE Tumbleweed:libvlccore9-3.0.16-1.5.aarch64", "openSUSE Tumbleweed:libvlccore9-3.0.16-1.5.ppc64le", "openSUSE Tumbleweed:libvlccore9-3.0.16-1.5.s390x", "openSUSE Tumbleweed:libvlccore9-3.0.16-1.5.x86_64", "openSUSE Tumbleweed:vlc-3.0.16-1.5.aarch64", "openSUSE Tumbleweed:vlc-3.0.16-1.5.ppc64le", "openSUSE Tumbleweed:vlc-3.0.16-1.5.s390x", "openSUSE Tumbleweed:vlc-3.0.16-1.5.x86_64", "openSUSE Tumbleweed:vlc-codec-gstreamer-3.0.16-1.5.aarch64", "openSUSE Tumbleweed:vlc-codec-gstreamer-3.0.16-1.5.ppc64le", "openSUSE Tumbleweed:vlc-codec-gstreamer-3.0.16-1.5.s390x", "openSUSE Tumbleweed:vlc-codec-gstreamer-3.0.16-1.5.x86_64", "openSUSE Tumbleweed:vlc-devel-3.0.16-1.5.aarch64", "openSUSE Tumbleweed:vlc-devel-3.0.16-1.5.ppc64le", "openSUSE Tumbleweed:vlc-devel-3.0.16-1.5.s390x", "openSUSE Tumbleweed:vlc-devel-3.0.16-1.5.x86_64", "openSUSE Tumbleweed:vlc-jack-3.0.16-1.5.aarch64", "openSUSE Tumbleweed:vlc-jack-3.0.16-1.5.ppc64le", "openSUSE Tumbleweed:vlc-jack-3.0.16-1.5.s390x", "openSUSE Tumbleweed:vlc-jack-3.0.16-1.5.x86_64", "openSUSE Tumbleweed:vlc-lang-3.0.16-1.5.aarch64", "openSUSE Tumbleweed:vlc-lang-3.0.16-1.5.ppc64le", "openSUSE Tumbleweed:vlc-lang-3.0.16-1.5.s390x", "openSUSE Tumbleweed:vlc-lang-3.0.16-1.5.x86_64", "openSUSE Tumbleweed:vlc-noX-3.0.16-1.5.aarch64", "openSUSE Tumbleweed:vlc-noX-3.0.16-1.5.ppc64le", "openSUSE Tumbleweed:vlc-noX-3.0.16-1.5.s390x", "openSUSE Tumbleweed:vlc-noX-3.0.16-1.5.x86_64", "openSUSE Tumbleweed:vlc-opencv-3.0.16-1.5.aarch64", "openSUSE Tumbleweed:vlc-opencv-3.0.16-1.5.ppc64le", "openSUSE Tumbleweed:vlc-opencv-3.0.16-1.5.s390x", "openSUSE Tumbleweed:vlc-opencv-3.0.16-1.5.x86_64", "openSUSE Tumbleweed:vlc-qt-3.0.16-1.5.aarch64", "openSUSE Tumbleweed:vlc-qt-3.0.16-1.5.ppc64le", "openSUSE Tumbleweed:vlc-qt-3.0.16-1.5.s390x", "openSUSE Tumbleweed:vlc-qt-3.0.16-1.5.x86_64", "openSUSE Tumbleweed:vlc-vdpau-3.0.16-1.5.aarch64", "openSUSE Tumbleweed:vlc-vdpau-3.0.16-1.5.ppc64le", "openSUSE Tumbleweed:vlc-vdpau-3.0.16-1.5.s390x", "openSUSE Tumbleweed:vlc-vdpau-3.0.16-1.5.x86_64", ], }, ], scores: [ { cvss_v3: { baseScore: 7.8, baseSeverity: "HIGH", vectorString: "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", version: "3.1", }, products: [ "openSUSE Tumbleweed:libvlc5-3.0.16-1.5.aarch64", "openSUSE Tumbleweed:libvlc5-3.0.16-1.5.ppc64le", "openSUSE Tumbleweed:libvlc5-3.0.16-1.5.s390x", "openSUSE Tumbleweed:libvlc5-3.0.16-1.5.x86_64", "openSUSE Tumbleweed:libvlccore9-3.0.16-1.5.aarch64", "openSUSE Tumbleweed:libvlccore9-3.0.16-1.5.ppc64le", "openSUSE Tumbleweed:libvlccore9-3.0.16-1.5.s390x", "openSUSE Tumbleweed:libvlccore9-3.0.16-1.5.x86_64", "openSUSE Tumbleweed:vlc-3.0.16-1.5.aarch64", "openSUSE Tumbleweed:vlc-3.0.16-1.5.ppc64le", "openSUSE Tumbleweed:vlc-3.0.16-1.5.s390x", "openSUSE Tumbleweed:vlc-3.0.16-1.5.x86_64", "openSUSE Tumbleweed:vlc-codec-gstreamer-3.0.16-1.5.aarch64", "openSUSE Tumbleweed:vlc-codec-gstreamer-3.0.16-1.5.ppc64le", "openSUSE Tumbleweed:vlc-codec-gstreamer-3.0.16-1.5.s390x", "openSUSE Tumbleweed:vlc-codec-gstreamer-3.0.16-1.5.x86_64", "openSUSE Tumbleweed:vlc-devel-3.0.16-1.5.aarch64", "openSUSE Tumbleweed:vlc-devel-3.0.16-1.5.ppc64le", "openSUSE Tumbleweed:vlc-devel-3.0.16-1.5.s390x", "openSUSE Tumbleweed:vlc-devel-3.0.16-1.5.x86_64", "openSUSE Tumbleweed:vlc-jack-3.0.16-1.5.aarch64", "openSUSE Tumbleweed:vlc-jack-3.0.16-1.5.ppc64le", "openSUSE Tumbleweed:vlc-jack-3.0.16-1.5.s390x", "openSUSE Tumbleweed:vlc-jack-3.0.16-1.5.x86_64", "openSUSE Tumbleweed:vlc-lang-3.0.16-1.5.aarch64", "openSUSE Tumbleweed:vlc-lang-3.0.16-1.5.ppc64le", "openSUSE Tumbleweed:vlc-lang-3.0.16-1.5.s390x", "openSUSE Tumbleweed:vlc-lang-3.0.16-1.5.x86_64", "openSUSE Tumbleweed:vlc-noX-3.0.16-1.5.aarch64", "openSUSE Tumbleweed:vlc-noX-3.0.16-1.5.ppc64le", "openSUSE Tumbleweed:vlc-noX-3.0.16-1.5.s390x", "openSUSE Tumbleweed:vlc-noX-3.0.16-1.5.x86_64", "openSUSE Tumbleweed:vlc-opencv-3.0.16-1.5.aarch64", "openSUSE Tumbleweed:vlc-opencv-3.0.16-1.5.ppc64le", "openSUSE Tumbleweed:vlc-opencv-3.0.16-1.5.s390x", "openSUSE Tumbleweed:vlc-opencv-3.0.16-1.5.x86_64", "openSUSE Tumbleweed:vlc-qt-3.0.16-1.5.aarch64", "openSUSE Tumbleweed:vlc-qt-3.0.16-1.5.ppc64le", "openSUSE Tumbleweed:vlc-qt-3.0.16-1.5.s390x", "openSUSE Tumbleweed:vlc-qt-3.0.16-1.5.x86_64", "openSUSE Tumbleweed:vlc-vdpau-3.0.16-1.5.aarch64", "openSUSE Tumbleweed:vlc-vdpau-3.0.16-1.5.ppc64le", "openSUSE Tumbleweed:vlc-vdpau-3.0.16-1.5.s390x", "openSUSE Tumbleweed:vlc-vdpau-3.0.16-1.5.x86_64", ], }, ], threats: [ { category: "impact", date: "2024-06-15T00:00:00Z", details: "important", }, ], title: "CVE-2020-26664", }, ], }
opensuse-su-2021:0121-1
Vulnerability from csaf_opensuse
Published
2021-01-19 17:24
Modified
2021-01-19 17:24
Summary
Security update for vlc
Notes
Title of the patch
Security update for vlc
Description of the patch
This update for vlc fixes the following issues:
Update to 3.0.11.1:
- CVE-2020-13428: Fixed heap-based buffer overflow in the hxxx_AnnexB_to_xVC () (boo#1172727)
- CVE-2020-26664: Fixed heap-based buffer overflow in EbmlTypeDispatcher:send () (boo#1180755)
This update was imported from the openSUSE:Leap:15.1:Update update project.
Patchnames
openSUSE-2021-121
Terms of use
CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).
{ document: { aggregate_severity: { namespace: "https://www.suse.com/support/security/rating/", text: "important", }, category: "csaf_security_advisory", csaf_version: "2.0", distribution: { text: "Copyright 2024 SUSE LLC. All rights reserved.", tlp: { label: "WHITE", url: "https://www.first.org/tlp/", }, }, lang: "en", notes: [ { category: "summary", text: "Security update for vlc", title: "Title of the patch", }, { category: "description", text: "This update for vlc fixes the following issues:\n\nUpdate to 3.0.11.1:\n \n- CVE-2020-13428: Fixed heap-based buffer overflow in the hxxx_AnnexB_to_xVC () (boo#1172727)\n- CVE-2020-26664: Fixed heap-based buffer overflow in EbmlTypeDispatcher:send () (boo#1180755)\n\nThis update was imported from the openSUSE:Leap:15.1:Update update project.", title: "Description of the patch", }, { category: "details", text: "openSUSE-2021-121", title: "Patchnames", }, { category: "legal_disclaimer", text: "CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).", title: "Terms of use", }, ], publisher: { category: "vendor", contact_details: "https://www.suse.com/support/security/contact/", name: "SUSE Product Security Team", namespace: "https://www.suse.com/", }, references: [ { category: "external", summary: "SUSE ratings", url: "https://www.suse.com/support/security/rating/", }, { category: "self", summary: "URL of this CSAF notice", url: "https://ftp.suse.com/pub/projects/security/csaf/opensuse-su-2021_0121-1.json", }, { category: "self", summary: "URL for openSUSE-SU-2021:0121-1", url: "https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/IYGQU4F6PPW4XHK4LTESKSQ2CPHZS3QW/", }, { category: "self", summary: "E-Mail link for openSUSE-SU-2021:0121-1", url: "https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/IYGQU4F6PPW4XHK4LTESKSQ2CPHZS3QW/", }, { category: "self", summary: "SUSE Bug 1133290", url: "https://bugzilla.suse.com/1133290", }, { category: "self", summary: "SUSE Bug 1172727", url: "https://bugzilla.suse.com/1172727", }, { category: "self", summary: "SUSE Bug 1180755", url: "https://bugzilla.suse.com/1180755", }, { category: "self", summary: "SUSE CVE CVE-2020-13428 page", url: "https://www.suse.com/security/cve/CVE-2020-13428/", }, { category: "self", summary: "SUSE CVE CVE-2020-26664 page", url: "https://www.suse.com/security/cve/CVE-2020-26664/", }, ], title: "Security update for vlc", tracking: { current_release_date: "2021-01-19T17:24:42Z", generator: { date: "2021-01-19T17:24:42Z", engine: { name: "cve-database.git:bin/generate-csaf.pl", version: "1", }, }, id: "openSUSE-SU-2021:0121-1", initial_release_date: "2021-01-19T17:24:42Z", revision_history: [ { date: "2021-01-19T17:24:42Z", number: "1", summary: "Current version", }, ], status: "final", version: "1", }, }, product_tree: { branches: [ { branches: [ { branches: [ { category: "product_version", name: "vlc-lang-3.0.11.1-bp151.5.12.1.noarch", product: { name: "vlc-lang-3.0.11.1-bp151.5.12.1.noarch", product_id: "vlc-lang-3.0.11.1-bp151.5.12.1.noarch", }, }, ], category: "architecture", name: "noarch", }, { branches: [ { category: "product_version", name: "libvlc5-3.0.11.1-bp151.5.12.1.x86_64", product: { name: "libvlc5-3.0.11.1-bp151.5.12.1.x86_64", product_id: "libvlc5-3.0.11.1-bp151.5.12.1.x86_64", }, }, { category: "product_version", name: "libvlccore9-3.0.11.1-bp151.5.12.1.x86_64", product: { name: "libvlccore9-3.0.11.1-bp151.5.12.1.x86_64", product_id: "libvlccore9-3.0.11.1-bp151.5.12.1.x86_64", }, }, { category: "product_version", name: "vlc-3.0.11.1-bp151.5.12.1.x86_64", product: { name: "vlc-3.0.11.1-bp151.5.12.1.x86_64", product_id: "vlc-3.0.11.1-bp151.5.12.1.x86_64", }, }, { category: "product_version", name: "vlc-codec-gstreamer-3.0.11.1-bp151.5.12.1.x86_64", product: { name: "vlc-codec-gstreamer-3.0.11.1-bp151.5.12.1.x86_64", product_id: "vlc-codec-gstreamer-3.0.11.1-bp151.5.12.1.x86_64", }, }, { category: "product_version", name: "vlc-devel-3.0.11.1-bp151.5.12.1.x86_64", product: { name: "vlc-devel-3.0.11.1-bp151.5.12.1.x86_64", product_id: "vlc-devel-3.0.11.1-bp151.5.12.1.x86_64", }, }, { category: "product_version", name: "vlc-jack-3.0.11.1-bp151.5.12.1.x86_64", product: { name: "vlc-jack-3.0.11.1-bp151.5.12.1.x86_64", product_id: "vlc-jack-3.0.11.1-bp151.5.12.1.x86_64", }, }, { category: "product_version", name: "vlc-noX-3.0.11.1-bp151.5.12.1.x86_64", product: { name: "vlc-noX-3.0.11.1-bp151.5.12.1.x86_64", product_id: "vlc-noX-3.0.11.1-bp151.5.12.1.x86_64", }, }, { category: "product_version", name: "vlc-opencv-3.0.11.1-bp151.5.12.1.x86_64", product: { name: "vlc-opencv-3.0.11.1-bp151.5.12.1.x86_64", product_id: "vlc-opencv-3.0.11.1-bp151.5.12.1.x86_64", }, }, { category: "product_version", name: "vlc-qt-3.0.11.1-bp151.5.12.1.x86_64", product: { name: "vlc-qt-3.0.11.1-bp151.5.12.1.x86_64", product_id: "vlc-qt-3.0.11.1-bp151.5.12.1.x86_64", }, }, { category: "product_version", name: "vlc-vdpau-3.0.11.1-bp151.5.12.1.x86_64", product: { name: "vlc-vdpau-3.0.11.1-bp151.5.12.1.x86_64", product_id: "vlc-vdpau-3.0.11.1-bp151.5.12.1.x86_64", }, }, ], category: "architecture", name: "x86_64", }, { branches: [ { category: "product_name", name: "SUSE Package Hub 15 SP1", product: { name: "SUSE Package Hub 15 SP1", product_id: "SUSE Package Hub 15 SP1", }, }, ], category: "product_family", name: "SUSE Linux Enterprise", }, ], category: "vendor", name: "SUSE", }, ], relationships: [ { category: "default_component_of", full_product_name: { name: "libvlc5-3.0.11.1-bp151.5.12.1.x86_64 as component of SUSE Package Hub 15 SP1", product_id: "SUSE Package Hub 15 SP1:libvlc5-3.0.11.1-bp151.5.12.1.x86_64", }, product_reference: "libvlc5-3.0.11.1-bp151.5.12.1.x86_64", relates_to_product_reference: "SUSE Package Hub 15 SP1", }, { category: "default_component_of", full_product_name: { name: "libvlccore9-3.0.11.1-bp151.5.12.1.x86_64 as component of SUSE Package Hub 15 SP1", product_id: "SUSE Package Hub 15 SP1:libvlccore9-3.0.11.1-bp151.5.12.1.x86_64", }, product_reference: "libvlccore9-3.0.11.1-bp151.5.12.1.x86_64", relates_to_product_reference: "SUSE Package Hub 15 SP1", }, { category: "default_component_of", full_product_name: { name: "vlc-3.0.11.1-bp151.5.12.1.x86_64 as component of SUSE Package Hub 15 SP1", product_id: "SUSE Package Hub 15 SP1:vlc-3.0.11.1-bp151.5.12.1.x86_64", }, product_reference: "vlc-3.0.11.1-bp151.5.12.1.x86_64", relates_to_product_reference: "SUSE Package Hub 15 SP1", }, { category: "default_component_of", full_product_name: { name: "vlc-codec-gstreamer-3.0.11.1-bp151.5.12.1.x86_64 as component of SUSE Package Hub 15 SP1", product_id: "SUSE Package Hub 15 SP1:vlc-codec-gstreamer-3.0.11.1-bp151.5.12.1.x86_64", }, product_reference: "vlc-codec-gstreamer-3.0.11.1-bp151.5.12.1.x86_64", relates_to_product_reference: "SUSE Package Hub 15 SP1", }, { category: "default_component_of", full_product_name: { name: "vlc-devel-3.0.11.1-bp151.5.12.1.x86_64 as component of SUSE Package Hub 15 SP1", product_id: "SUSE Package Hub 15 SP1:vlc-devel-3.0.11.1-bp151.5.12.1.x86_64", }, product_reference: "vlc-devel-3.0.11.1-bp151.5.12.1.x86_64", relates_to_product_reference: "SUSE Package Hub 15 SP1", }, { category: "default_component_of", full_product_name: { name: "vlc-jack-3.0.11.1-bp151.5.12.1.x86_64 as component of SUSE Package Hub 15 SP1", product_id: "SUSE Package Hub 15 SP1:vlc-jack-3.0.11.1-bp151.5.12.1.x86_64", }, product_reference: "vlc-jack-3.0.11.1-bp151.5.12.1.x86_64", relates_to_product_reference: "SUSE Package Hub 15 SP1", }, { category: "default_component_of", full_product_name: { name: "vlc-lang-3.0.11.1-bp151.5.12.1.noarch as component of SUSE Package Hub 15 SP1", product_id: "SUSE Package Hub 15 SP1:vlc-lang-3.0.11.1-bp151.5.12.1.noarch", }, product_reference: "vlc-lang-3.0.11.1-bp151.5.12.1.noarch", relates_to_product_reference: "SUSE Package Hub 15 SP1", }, { category: "default_component_of", full_product_name: { name: "vlc-noX-3.0.11.1-bp151.5.12.1.x86_64 as component of SUSE Package Hub 15 SP1", product_id: "SUSE Package Hub 15 SP1:vlc-noX-3.0.11.1-bp151.5.12.1.x86_64", }, product_reference: "vlc-noX-3.0.11.1-bp151.5.12.1.x86_64", relates_to_product_reference: "SUSE Package Hub 15 SP1", }, { category: "default_component_of", full_product_name: { name: "vlc-opencv-3.0.11.1-bp151.5.12.1.x86_64 as component of SUSE Package Hub 15 SP1", product_id: "SUSE Package Hub 15 SP1:vlc-opencv-3.0.11.1-bp151.5.12.1.x86_64", }, product_reference: "vlc-opencv-3.0.11.1-bp151.5.12.1.x86_64", relates_to_product_reference: "SUSE Package Hub 15 SP1", }, { category: "default_component_of", full_product_name: { name: "vlc-qt-3.0.11.1-bp151.5.12.1.x86_64 as component of SUSE Package Hub 15 SP1", product_id: "SUSE Package Hub 15 SP1:vlc-qt-3.0.11.1-bp151.5.12.1.x86_64", }, product_reference: "vlc-qt-3.0.11.1-bp151.5.12.1.x86_64", relates_to_product_reference: "SUSE Package Hub 15 SP1", }, { category: "default_component_of", full_product_name: { name: "vlc-vdpau-3.0.11.1-bp151.5.12.1.x86_64 as component of SUSE Package Hub 15 SP1", product_id: "SUSE Package Hub 15 SP1:vlc-vdpau-3.0.11.1-bp151.5.12.1.x86_64", }, product_reference: "vlc-vdpau-3.0.11.1-bp151.5.12.1.x86_64", relates_to_product_reference: "SUSE Package Hub 15 SP1", }, ], }, vulnerabilities: [ { cve: "CVE-2020-13428", ids: [ { system_name: "SUSE CVE Page", text: "https://www.suse.com/security/cve/CVE-2020-13428", }, ], notes: [ { category: "general", text: "A heap-based buffer overflow in the hxxx_AnnexB_to_xVC function in modules/packetizer/hxxx_nal.c in VideoLAN VLC media player before 3.0.11 for macOS/iOS allows remote attackers to cause a denial of service (application crash) or execute arbitrary code via a crafted H.264 Annex-B video (.avi for example) file.", title: "CVE description", }, ], product_status: { recommended: [ "SUSE Package Hub 15 SP1:libvlc5-3.0.11.1-bp151.5.12.1.x86_64", "SUSE Package Hub 15 SP1:libvlccore9-3.0.11.1-bp151.5.12.1.x86_64", "SUSE Package Hub 15 SP1:vlc-3.0.11.1-bp151.5.12.1.x86_64", "SUSE Package Hub 15 SP1:vlc-codec-gstreamer-3.0.11.1-bp151.5.12.1.x86_64", "SUSE Package Hub 15 SP1:vlc-devel-3.0.11.1-bp151.5.12.1.x86_64", "SUSE Package Hub 15 SP1:vlc-jack-3.0.11.1-bp151.5.12.1.x86_64", "SUSE Package Hub 15 SP1:vlc-lang-3.0.11.1-bp151.5.12.1.noarch", "SUSE Package Hub 15 SP1:vlc-noX-3.0.11.1-bp151.5.12.1.x86_64", "SUSE Package Hub 15 SP1:vlc-opencv-3.0.11.1-bp151.5.12.1.x86_64", "SUSE Package Hub 15 SP1:vlc-qt-3.0.11.1-bp151.5.12.1.x86_64", "SUSE Package Hub 15 SP1:vlc-vdpau-3.0.11.1-bp151.5.12.1.x86_64", ], }, references: [ { category: "external", summary: "CVE-2020-13428", url: "https://www.suse.com/security/cve/CVE-2020-13428", }, { category: "external", summary: "SUSE Bug 1172727 for CVE-2020-13428", url: "https://bugzilla.suse.com/1172727", }, ], remediations: [ { category: "vendor_fix", details: "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n", product_ids: [ "SUSE Package Hub 15 SP1:libvlc5-3.0.11.1-bp151.5.12.1.x86_64", "SUSE Package Hub 15 SP1:libvlccore9-3.0.11.1-bp151.5.12.1.x86_64", "SUSE Package Hub 15 SP1:vlc-3.0.11.1-bp151.5.12.1.x86_64", "SUSE Package Hub 15 SP1:vlc-codec-gstreamer-3.0.11.1-bp151.5.12.1.x86_64", "SUSE Package Hub 15 SP1:vlc-devel-3.0.11.1-bp151.5.12.1.x86_64", "SUSE Package Hub 15 SP1:vlc-jack-3.0.11.1-bp151.5.12.1.x86_64", "SUSE Package Hub 15 SP1:vlc-lang-3.0.11.1-bp151.5.12.1.noarch", "SUSE Package Hub 15 SP1:vlc-noX-3.0.11.1-bp151.5.12.1.x86_64", "SUSE Package Hub 15 SP1:vlc-opencv-3.0.11.1-bp151.5.12.1.x86_64", "SUSE Package Hub 15 SP1:vlc-qt-3.0.11.1-bp151.5.12.1.x86_64", "SUSE Package Hub 15 SP1:vlc-vdpau-3.0.11.1-bp151.5.12.1.x86_64", ], }, ], scores: [ { cvss_v3: { baseScore: 7.8, baseSeverity: "HIGH", vectorString: "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", version: "3.1", }, products: [ "SUSE Package Hub 15 SP1:libvlc5-3.0.11.1-bp151.5.12.1.x86_64", "SUSE Package Hub 15 SP1:libvlccore9-3.0.11.1-bp151.5.12.1.x86_64", "SUSE Package Hub 15 SP1:vlc-3.0.11.1-bp151.5.12.1.x86_64", "SUSE Package Hub 15 SP1:vlc-codec-gstreamer-3.0.11.1-bp151.5.12.1.x86_64", "SUSE Package Hub 15 SP1:vlc-devel-3.0.11.1-bp151.5.12.1.x86_64", "SUSE Package Hub 15 SP1:vlc-jack-3.0.11.1-bp151.5.12.1.x86_64", "SUSE Package Hub 15 SP1:vlc-lang-3.0.11.1-bp151.5.12.1.noarch", "SUSE Package Hub 15 SP1:vlc-noX-3.0.11.1-bp151.5.12.1.x86_64", "SUSE Package Hub 15 SP1:vlc-opencv-3.0.11.1-bp151.5.12.1.x86_64", "SUSE Package Hub 15 SP1:vlc-qt-3.0.11.1-bp151.5.12.1.x86_64", "SUSE Package Hub 15 SP1:vlc-vdpau-3.0.11.1-bp151.5.12.1.x86_64", ], }, ], threats: [ { category: "impact", date: "2021-01-19T17:24:42Z", details: "important", }, ], title: "CVE-2020-13428", }, { cve: "CVE-2020-26664", ids: [ { system_name: "SUSE CVE Page", text: "https://www.suse.com/security/cve/CVE-2020-26664", }, ], notes: [ { category: "general", text: "A vulnerability in EbmlTypeDispatcher::send in VideoLAN VLC media player 3.0.11 allows attackers to trigger a heap-based buffer overflow via a crafted .mkv file.", title: "CVE description", }, ], product_status: { recommended: [ "SUSE Package Hub 15 SP1:libvlc5-3.0.11.1-bp151.5.12.1.x86_64", "SUSE Package Hub 15 SP1:libvlccore9-3.0.11.1-bp151.5.12.1.x86_64", "SUSE Package Hub 15 SP1:vlc-3.0.11.1-bp151.5.12.1.x86_64", "SUSE Package Hub 15 SP1:vlc-codec-gstreamer-3.0.11.1-bp151.5.12.1.x86_64", "SUSE Package Hub 15 SP1:vlc-devel-3.0.11.1-bp151.5.12.1.x86_64", "SUSE Package Hub 15 SP1:vlc-jack-3.0.11.1-bp151.5.12.1.x86_64", "SUSE Package Hub 15 SP1:vlc-lang-3.0.11.1-bp151.5.12.1.noarch", "SUSE Package Hub 15 SP1:vlc-noX-3.0.11.1-bp151.5.12.1.x86_64", "SUSE Package Hub 15 SP1:vlc-opencv-3.0.11.1-bp151.5.12.1.x86_64", "SUSE Package Hub 15 SP1:vlc-qt-3.0.11.1-bp151.5.12.1.x86_64", "SUSE Package Hub 15 SP1:vlc-vdpau-3.0.11.1-bp151.5.12.1.x86_64", ], }, references: [ { category: "external", summary: "CVE-2020-26664", url: "https://www.suse.com/security/cve/CVE-2020-26664", }, { category: "external", summary: "SUSE Bug 1180755 for CVE-2020-26664", url: "https://bugzilla.suse.com/1180755", }, ], remediations: [ { category: "vendor_fix", details: "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n", product_ids: [ "SUSE Package Hub 15 SP1:libvlc5-3.0.11.1-bp151.5.12.1.x86_64", "SUSE Package Hub 15 SP1:libvlccore9-3.0.11.1-bp151.5.12.1.x86_64", "SUSE Package Hub 15 SP1:vlc-3.0.11.1-bp151.5.12.1.x86_64", "SUSE Package Hub 15 SP1:vlc-codec-gstreamer-3.0.11.1-bp151.5.12.1.x86_64", "SUSE Package Hub 15 SP1:vlc-devel-3.0.11.1-bp151.5.12.1.x86_64", "SUSE Package Hub 15 SP1:vlc-jack-3.0.11.1-bp151.5.12.1.x86_64", "SUSE Package Hub 15 SP1:vlc-lang-3.0.11.1-bp151.5.12.1.noarch", "SUSE Package Hub 15 SP1:vlc-noX-3.0.11.1-bp151.5.12.1.x86_64", "SUSE Package Hub 15 SP1:vlc-opencv-3.0.11.1-bp151.5.12.1.x86_64", "SUSE Package Hub 15 SP1:vlc-qt-3.0.11.1-bp151.5.12.1.x86_64", "SUSE Package Hub 15 SP1:vlc-vdpau-3.0.11.1-bp151.5.12.1.x86_64", ], }, ], scores: [ { cvss_v3: { baseScore: 7.8, baseSeverity: "HIGH", vectorString: "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", version: "3.1", }, products: [ "SUSE Package Hub 15 SP1:libvlc5-3.0.11.1-bp151.5.12.1.x86_64", "SUSE Package Hub 15 SP1:libvlccore9-3.0.11.1-bp151.5.12.1.x86_64", "SUSE Package Hub 15 SP1:vlc-3.0.11.1-bp151.5.12.1.x86_64", "SUSE Package Hub 15 SP1:vlc-codec-gstreamer-3.0.11.1-bp151.5.12.1.x86_64", "SUSE Package Hub 15 SP1:vlc-devel-3.0.11.1-bp151.5.12.1.x86_64", "SUSE Package Hub 15 SP1:vlc-jack-3.0.11.1-bp151.5.12.1.x86_64", "SUSE Package Hub 15 SP1:vlc-lang-3.0.11.1-bp151.5.12.1.noarch", "SUSE Package Hub 15 SP1:vlc-noX-3.0.11.1-bp151.5.12.1.x86_64", "SUSE Package Hub 15 SP1:vlc-opencv-3.0.11.1-bp151.5.12.1.x86_64", "SUSE Package Hub 15 SP1:vlc-qt-3.0.11.1-bp151.5.12.1.x86_64", "SUSE Package Hub 15 SP1:vlc-vdpau-3.0.11.1-bp151.5.12.1.x86_64", ], }, ], threats: [ { category: "impact", date: "2021-01-19T17:24:42Z", details: "important", }, ], title: "CVE-2020-26664", }, ], }
gsd-2020-13428
Vulnerability from gsd
Modified
2023-12-13 01:21
Details
A heap-based buffer overflow in the hxxx_AnnexB_to_xVC function in modules/packetizer/hxxx_nal.c in VideoLAN VLC media player before 3.0.11 for macOS/iOS allows remote attackers to cause a denial of service (application crash) or execute arbitrary code via a crafted H.264 Annex-B video (.avi for example) file.
Aliases
Aliases
{ GSD: { alias: "CVE-2020-13428", description: "A heap-based buffer overflow in the hxxx_AnnexB_to_xVC function in modules/packetizer/hxxx_nal.c in VideoLAN VLC media player before 3.0.11 for macOS/iOS allows remote attackers to cause a denial of service (application crash) or execute arbitrary code via a crafted H.264 Annex-B video (.avi for example) file.", id: "GSD-2020-13428", references: [ "https://www.suse.com/security/cve/CVE-2020-13428.html", "https://www.debian.org/security/2020/dsa-4704", "https://advisories.mageia.org/CVE-2020-13428.html", ], }, gsd: { metadata: { exploitCode: "unknown", remediation: "unknown", reportConfidence: "confirmed", type: "vulnerability", }, osvSchema: { aliases: [ "CVE-2020-13428", ], details: "A heap-based buffer overflow in the hxxx_AnnexB_to_xVC function in modules/packetizer/hxxx_nal.c in VideoLAN VLC media player before 3.0.11 for macOS/iOS allows remote attackers to cause a denial of service (application crash) or execute arbitrary code via a crafted H.264 Annex-B video (.avi for example) file.", id: "GSD-2020-13428", modified: "2023-12-13T01:21:46.971836Z", schema_version: "1.4.0", }, }, namespaces: { "cve.org": { CVE_data_meta: { ASSIGNER: "cve@mitre.org", ID: "CVE-2020-13428", STATE: "PUBLIC", }, affects: { vendor: { vendor_data: [ { product: { product_data: [ { product_name: "n/a", version: { version_data: [ { version_value: "n/a", }, ], }, }, ], }, vendor_name: "n/a", }, ], }, }, data_format: "MITRE", data_type: "CVE", data_version: "4.0", description: { description_data: [ { lang: "eng", value: "A heap-based buffer overflow in the hxxx_AnnexB_to_xVC function in modules/packetizer/hxxx_nal.c in VideoLAN VLC media player before 3.0.11 for macOS/iOS allows remote attackers to cause a denial of service (application crash) or execute arbitrary code via a crafted H.264 Annex-B video (.avi for example) file.", }, ], }, problemtype: { problemtype_data: [ { description: [ { lang: "eng", value: "n/a", }, ], }, ], }, references: { reference_data: [ { name: "https://github.com/videolan/vlc/commits/master/modules/packetizer/hxxx_nal.c", refsource: "MISC", url: "https://github.com/videolan/vlc/commits/master/modules/packetizer/hxxx_nal.c", }, { name: "http://git.videolan.org/?p=vlc/vlc-3.0.git;a=commit;h=d5c43c21c747ff30ed19fcca745dea3481c733e0", refsource: "MISC", url: "http://git.videolan.org/?p=vlc/vlc-3.0.git;a=commit;h=d5c43c21c747ff30ed19fcca745dea3481c733e0", }, { name: "https://github.com/videolan/vlc-3.0/releases/tag/3.0.11", refsource: "CONFIRM", url: "https://github.com/videolan/vlc-3.0/releases/tag/3.0.11", }, { name: "DSA-4704", refsource: "DEBIAN", url: "https://www.debian.org/security/2020/dsa-4704", }, { name: "https://www.videolan.org/security/sb-vlc3011.html", refsource: "CONFIRM", url: "https://www.videolan.org/security/sb-vlc3011.html", }, ], }, }, "nvd.nist.gov": { configurations: { CVE_data_version: "4.0", nodes: [ { children: [], cpe_match: [ { cpe23Uri: "cpe:2.3:a:videolan:vlc_media_player:*:*:*:*:*:iphone_os:*:*", cpe_name: [], versionEndExcluding: "3.0.11", vulnerable: true, }, { cpe23Uri: "cpe:2.3:a:videolan:vlc_media_player:*:*:*:*:*:macos:*:*", cpe_name: [], versionEndExcluding: "3.0.11", vulnerable: true, }, ], operator: "OR", }, { children: [], cpe_match: [ { cpe23Uri: "cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*", cpe_name: [], vulnerable: true, }, { cpe23Uri: "cpe:2.3:o:debian:debian_linux:10.0:*:*:*:*:*:*:*", cpe_name: [], vulnerable: true, }, ], operator: "OR", }, ], }, cve: { CVE_data_meta: { ASSIGNER: "cve@mitre.org", ID: "CVE-2020-13428", }, data_format: "MITRE", data_type: "CVE", data_version: "4.0", description: { description_data: [ { lang: "en", value: "A heap-based buffer overflow in the hxxx_AnnexB_to_xVC function in modules/packetizer/hxxx_nal.c in VideoLAN VLC media player before 3.0.11 for macOS/iOS allows remote attackers to cause a denial of service (application crash) or execute arbitrary code via a crafted H.264 Annex-B video (.avi for example) file.", }, ], }, problemtype: { problemtype_data: [ { description: [ { lang: "en", value: "CWE-787", }, ], }, ], }, references: { reference_data: [ { name: "https://github.com/videolan/vlc-3.0/releases/tag/3.0.11", refsource: "CONFIRM", tags: [ "Release Notes", "Third Party Advisory", ], url: "https://github.com/videolan/vlc-3.0/releases/tag/3.0.11", }, { name: "https://github.com/videolan/vlc/commits/master/modules/packetizer/hxxx_nal.c", refsource: "MISC", tags: [ "Patch", "Third Party Advisory", ], url: "https://github.com/videolan/vlc/commits/master/modules/packetizer/hxxx_nal.c", }, { name: "http://git.videolan.org/?p=vlc/vlc-3.0.git;a=commit;h=d5c43c21c747ff30ed19fcca745dea3481c733e0", refsource: "MISC", tags: [ "Patch", "Third Party Advisory", ], url: "http://git.videolan.org/?p=vlc/vlc-3.0.git;a=commit;h=d5c43c21c747ff30ed19fcca745dea3481c733e0", }, { name: "DSA-4704", refsource: "DEBIAN", tags: [ "Third Party Advisory", ], url: "https://www.debian.org/security/2020/dsa-4704", }, { name: "https://www.videolan.org/security/sb-vlc3011.html", refsource: "CONFIRM", tags: [ "Vendor Advisory", ], url: "https://www.videolan.org/security/sb-vlc3011.html", }, ], }, }, impact: { baseMetricV2: { acInsufInfo: false, cvssV2: { accessComplexity: "MEDIUM", accessVector: "NETWORK", authentication: "NONE", availabilityImpact: "PARTIAL", baseScore: 6.8, confidentialityImpact: "PARTIAL", integrityImpact: "PARTIAL", vectorString: "AV:N/AC:M/Au:N/C:P/I:P/A:P", version: "2.0", }, exploitabilityScore: 8.6, impactScore: 6.4, obtainAllPrivilege: false, obtainOtherPrivilege: false, obtainUserPrivilege: false, severity: "MEDIUM", userInteractionRequired: true, }, baseMetricV3: { cvssV3: { attackComplexity: "LOW", attackVector: "LOCAL", availabilityImpact: "HIGH", baseScore: 7.8, baseSeverity: "HIGH", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "REQUIRED", vectorString: "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", version: "3.1", }, exploitabilityScore: 1.8, impactScore: 5.9, }, }, lastModifiedDate: "2023-03-03T02:45Z", publishedDate: "2020-06-08T19:15Z", }, }, }
WID-SEC-W-2023-1516
Vulnerability from csaf_certbund
Published
2020-06-08 22:00
Modified
2023-06-20 22:00
Summary
VLC: Schwachstelle ermöglicht Ausführen von beliebigem Programmcode
Notes
Das BSI ist als Anbieter für die eigenen, zur Nutzung bereitgestellten Inhalte nach den allgemeinen Gesetzen verantwortlich. Nutzerinnen und Nutzer sind jedoch dafür verantwortlich, die Verwendung und/oder die Umsetzung der mit den Inhalten bereitgestellten Informationen sorgfältig im Einzelfall zu prüfen.
Produktbeschreibung
VLC Media Player ist ein Programm zur Wiedergabe von Multimedia-Dateien und Netzwerkstreams.
Angriff
Ein entfernter, anonymer Angreifer kann eine Schwachstelle in VLC ausnutzen, um beliebigen Programmcode mit Benutzerrechten auszuführen oder um einen Denial of Service Zustand herbeizuführen.
Betroffene Betriebssysteme
- MacOS X
- iPhoneOS
{ document: { aggregate_severity: { text: "hoch", }, category: "csaf_base", csaf_version: "2.0", distribution: { tlp: { label: "WHITE", url: "https://www.first.org/tlp/", }, }, lang: "de-DE", notes: [ { category: "legal_disclaimer", text: "Das BSI ist als Anbieter für die eigenen, zur Nutzung bereitgestellten Inhalte nach den allgemeinen Gesetzen verantwortlich. Nutzerinnen und Nutzer sind jedoch dafür verantwortlich, die Verwendung und/oder die Umsetzung der mit den Inhalten bereitgestellten Informationen sorgfältig im Einzelfall zu prüfen.", }, { category: "description", text: "VLC Media Player ist ein Programm zur Wiedergabe von Multimedia-Dateien und Netzwerkstreams.", title: "Produktbeschreibung", }, { category: "summary", text: "Ein entfernter, anonymer Angreifer kann eine Schwachstelle in VLC ausnutzen, um beliebigen Programmcode mit Benutzerrechten auszuführen oder um einen Denial of Service Zustand herbeizuführen.", title: "Angriff", }, { category: "general", text: "- MacOS X\n- iPhoneOS", title: "Betroffene Betriebssysteme", }, ], publisher: { category: "other", contact_details: "csaf-provider@cert-bund.de", name: "Bundesamt für Sicherheit in der Informationstechnik", namespace: "https://www.bsi.bund.de", }, references: [ { category: "self", summary: "WID-SEC-W-2023-1516 - CSAF Version", url: "https://wid.cert-bund.de/.well-known/csaf/white/2020/wid-sec-w-2023-1516.json", }, { category: "self", summary: "WID-SEC-2023-1516 - Portal Version", url: "https://wid.cert-bund.de/portal/wid/securityadvisory?name=WID-SEC-2023-1516", }, { category: "external", summary: "Ubuntu Security Notice USN-6180-1 vom 2023-06-21", url: "https://ubuntu.com/security/notices/USN-6180-1", }, { category: "external", summary: "VLC Release 3.0.11 vom 2020-06-04", url: "https://github.com/videolan/vlc-3.0/releases/tag/3.0.11", }, { category: "external", summary: "National Vulnerability Database CVE-2020-13428 vom 2020-06-08", url: "https://nvd.nist.gov/vuln/detail/CVE-2020-13428", }, { category: "external", summary: "Debian Security Advisory DSA-4704 vom 2020-06-17", url: "https://www.debian.org/security/2020/dsa-4704", }, ], source_lang: "en-US", title: "VLC: Schwachstelle ermöglicht Ausführen von beliebigem Programmcode", tracking: { current_release_date: "2023-06-20T22:00:00.000+00:00", generator: { date: "2024-08-15T17:52:49.205+00:00", engine: { name: "BSI-WID", version: "1.3.5", }, }, id: "WID-SEC-W-2023-1516", initial_release_date: "2020-06-08T22:00:00.000+00:00", revision_history: [ { date: "2020-06-08T22:00:00.000+00:00", number: "1", summary: "Initiale Fassung", }, { date: "2020-06-16T22:00:00.000+00:00", number: "2", summary: "Neue Updates von Debian aufgenommen", }, { date: "2023-06-20T22:00:00.000+00:00", number: "3", summary: "Neue Updates von Ubuntu aufgenommen", }, ], status: "final", version: "3", }, }, product_tree: { branches: [ { branches: [ { category: "product_name", name: "Debian Linux", product: { name: "Debian Linux", product_id: "2951", product_identification_helper: { cpe: "cpe:/o:debian:debian_linux:-", }, }, }, ], category: "vendor", name: "Debian", }, { branches: [ { branches: [ { category: "product_name", name: "Open Source VLC iOS <= 3.2.8", product: { name: "Open Source VLC iOS <= 3.2.8", product_id: "T016693", product_identification_helper: { cpe: "cpe:/a:videolan:vlc_media_player:3.2.8::ios", }, }, }, { category: "product_name", name: "Open Source VLC macOS <= 3.0.10", product: { name: "Open Source VLC macOS <= 3.0.10", product_id: "T016694", product_identification_helper: { cpe: "cpe:/a:videolan:vlc_media_player:3.0.10::macos", }, }, }, ], category: "product_name", name: "VLC", }, ], category: "vendor", name: "Open Source", }, { branches: [ { category: "product_name", name: "Ubuntu Linux", product: { name: "Ubuntu Linux", product_id: "T000126", product_identification_helper: { cpe: "cpe:/o:canonical:ubuntu_linux:-", }, }, }, ], category: "vendor", name: "Ubuntu", }, ], }, vulnerabilities: [ { cve: "CVE-2020-13428", notes: [ { category: "description", text: "In VLC für iOS und VLC für macOS existiert eine Schwachstelle aufgrund eines heap-basierten Pufferüberlaufs in der Funktion \"hxxx_AnnexB_to_xVC\" in [modules/packetizer/hxxx_nal.c]. Ein Angreifer kann eine speziell gestaltete Videodatei in H.264 Annex-B-Kodierung verwenden, um beliebigen Code auszuführen oder die Anwendung zum Absturz zu bringen. Für eine erfolgreiche Ausnutzung muss der Angreifer einen Benutzer dazu bringen, eine bösartig gestaltete Videodatei zu öffnen.", }, ], product_status: { known_affected: [ "2951", "T000126", ], last_affected: [ "T016693", "T016694", ], }, release_date: "2020-06-08T22:00:00.000+00:00", title: "CVE-2020-13428", }, ], }
wid-sec-w-2023-1516
Vulnerability from csaf_certbund
Published
2020-06-08 22:00
Modified
2023-06-20 22:00
Summary
VLC: Schwachstelle ermöglicht Ausführen von beliebigem Programmcode
Notes
Das BSI ist als Anbieter für die eigenen, zur Nutzung bereitgestellten Inhalte nach den allgemeinen Gesetzen verantwortlich. Nutzerinnen und Nutzer sind jedoch dafür verantwortlich, die Verwendung und/oder die Umsetzung der mit den Inhalten bereitgestellten Informationen sorgfältig im Einzelfall zu prüfen.
Produktbeschreibung
VLC Media Player ist ein Programm zur Wiedergabe von Multimedia-Dateien und Netzwerkstreams.
Angriff
Ein entfernter, anonymer Angreifer kann eine Schwachstelle in VLC ausnutzen, um beliebigen Programmcode mit Benutzerrechten auszuführen oder um einen Denial of Service Zustand herbeizuführen.
Betroffene Betriebssysteme
- MacOS X
- iPhoneOS
{ document: { aggregate_severity: { text: "hoch", }, category: "csaf_base", csaf_version: "2.0", distribution: { tlp: { label: "WHITE", url: "https://www.first.org/tlp/", }, }, lang: "de-DE", notes: [ { category: "legal_disclaimer", text: "Das BSI ist als Anbieter für die eigenen, zur Nutzung bereitgestellten Inhalte nach den allgemeinen Gesetzen verantwortlich. Nutzerinnen und Nutzer sind jedoch dafür verantwortlich, die Verwendung und/oder die Umsetzung der mit den Inhalten bereitgestellten Informationen sorgfältig im Einzelfall zu prüfen.", }, { category: "description", text: "VLC Media Player ist ein Programm zur Wiedergabe von Multimedia-Dateien und Netzwerkstreams.", title: "Produktbeschreibung", }, { category: "summary", text: "Ein entfernter, anonymer Angreifer kann eine Schwachstelle in VLC ausnutzen, um beliebigen Programmcode mit Benutzerrechten auszuführen oder um einen Denial of Service Zustand herbeizuführen.", title: "Angriff", }, { category: "general", text: "- MacOS X\n- iPhoneOS", title: "Betroffene Betriebssysteme", }, ], publisher: { category: "other", contact_details: "csaf-provider@cert-bund.de", name: "Bundesamt für Sicherheit in der Informationstechnik", namespace: "https://www.bsi.bund.de", }, references: [ { category: "self", summary: "WID-SEC-W-2023-1516 - CSAF Version", url: "https://wid.cert-bund.de/.well-known/csaf/white/2020/wid-sec-w-2023-1516.json", }, { category: "self", summary: "WID-SEC-2023-1516 - Portal Version", url: "https://wid.cert-bund.de/portal/wid/securityadvisory?name=WID-SEC-2023-1516", }, { category: "external", summary: "Ubuntu Security Notice USN-6180-1 vom 2023-06-21", url: "https://ubuntu.com/security/notices/USN-6180-1", }, { category: "external", summary: "VLC Release 3.0.11 vom 2020-06-04", url: "https://github.com/videolan/vlc-3.0/releases/tag/3.0.11", }, { category: "external", summary: "National Vulnerability Database CVE-2020-13428 vom 2020-06-08", url: "https://nvd.nist.gov/vuln/detail/CVE-2020-13428", }, { category: "external", summary: "Debian Security Advisory DSA-4704 vom 2020-06-17", url: "https://www.debian.org/security/2020/dsa-4704", }, ], source_lang: "en-US", title: "VLC: Schwachstelle ermöglicht Ausführen von beliebigem Programmcode", tracking: { current_release_date: "2023-06-20T22:00:00.000+00:00", generator: { date: "2024-08-15T17:52:49.205+00:00", engine: { name: "BSI-WID", version: "1.3.5", }, }, id: "WID-SEC-W-2023-1516", initial_release_date: "2020-06-08T22:00:00.000+00:00", revision_history: [ { date: "2020-06-08T22:00:00.000+00:00", number: "1", summary: "Initiale Fassung", }, { date: "2020-06-16T22:00:00.000+00:00", number: "2", summary: "Neue Updates von Debian aufgenommen", }, { date: "2023-06-20T22:00:00.000+00:00", number: "3", summary: "Neue Updates von Ubuntu aufgenommen", }, ], status: "final", version: "3", }, }, product_tree: { branches: [ { branches: [ { category: "product_name", name: "Debian Linux", product: { name: "Debian Linux", product_id: "2951", product_identification_helper: { cpe: "cpe:/o:debian:debian_linux:-", }, }, }, ], category: "vendor", name: "Debian", }, { branches: [ { branches: [ { category: "product_name", name: "Open Source VLC iOS <= 3.2.8", product: { name: "Open Source VLC iOS <= 3.2.8", product_id: "T016693", product_identification_helper: { cpe: "cpe:/a:videolan:vlc_media_player:3.2.8::ios", }, }, }, { category: "product_name", name: "Open Source VLC macOS <= 3.0.10", product: { name: "Open Source VLC macOS <= 3.0.10", product_id: "T016694", product_identification_helper: { cpe: "cpe:/a:videolan:vlc_media_player:3.0.10::macos", }, }, }, ], category: "product_name", name: "VLC", }, ], category: "vendor", name: "Open Source", }, { branches: [ { category: "product_name", name: "Ubuntu Linux", product: { name: "Ubuntu Linux", product_id: "T000126", product_identification_helper: { cpe: "cpe:/o:canonical:ubuntu_linux:-", }, }, }, ], category: "vendor", name: "Ubuntu", }, ], }, vulnerabilities: [ { cve: "CVE-2020-13428", notes: [ { category: "description", text: "In VLC für iOS und VLC für macOS existiert eine Schwachstelle aufgrund eines heap-basierten Pufferüberlaufs in der Funktion \"hxxx_AnnexB_to_xVC\" in [modules/packetizer/hxxx_nal.c]. Ein Angreifer kann eine speziell gestaltete Videodatei in H.264 Annex-B-Kodierung verwenden, um beliebigen Code auszuführen oder die Anwendung zum Absturz zu bringen. Für eine erfolgreiche Ausnutzung muss der Angreifer einen Benutzer dazu bringen, eine bösartig gestaltete Videodatei zu öffnen.", }, ], product_status: { known_affected: [ "2951", "T000126", ], last_affected: [ "T016693", "T016694", ], }, release_date: "2020-06-08T22:00:00.000+00:00", title: "CVE-2020-13428", }, ], }
fkie_cve-2020-13428
Vulnerability from fkie_nvd
Published
2020-06-08 19:15
Modified
2024-11-21 05:01
Severity ?
Summary
A heap-based buffer overflow in the hxxx_AnnexB_to_xVC function in modules/packetizer/hxxx_nal.c in VideoLAN VLC media player before 3.0.11 for macOS/iOS allows remote attackers to cause a denial of service (application crash) or execute arbitrary code via a crafted H.264 Annex-B video (.avi for example) file.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| videolan | vlc_media_player | * | |
| videolan | vlc_media_player | * | |
| debian | debian_linux | 9.0 | |
| debian | debian_linux | 10.0 |
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:videolan:vlc_media_player:*:*:*:*:*:iphone_os:*:*", matchCriteriaId: "02E30712-5A58-4DA5-95B5-6336DA1754F2", versionEndExcluding: "3.0.11", vulnerable: true, }, { criteria: "cpe:2.3:a:videolan:vlc_media_player:*:*:*:*:*:macos:*:*", matchCriteriaId: "472504D8-7E66-4B5E-B5FA-DCFC5D2D33FA", versionEndExcluding: "3.0.11", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*", matchCriteriaId: "DEECE5FC-CACF-4496-A3E7-164736409252", vulnerable: true, }, { criteria: "cpe:2.3:o:debian:debian_linux:10.0:*:*:*:*:*:*:*", matchCriteriaId: "07B237A9-69A3-4A9C-9DA0-4E06BD37AE73", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "A heap-based buffer overflow in the hxxx_AnnexB_to_xVC function in modules/packetizer/hxxx_nal.c in VideoLAN VLC media player before 3.0.11 for macOS/iOS allows remote attackers to cause a denial of service (application crash) or execute arbitrary code via a crafted H.264 Annex-B video (.avi for example) file.", }, { lang: "es", value: "Un desbordamiento del búfer en la región heap de la memoria en la función hxxx_AnnexB_to_xVC en el archivo modules/packetizer/hxxx_nal.c en el reproductor multimedia VideoLAN VLC en versines anteriores a la 3.0.11 para macOS/iOS permite a los atacantes remotos causar una denegación de servicio (bloqueo de la aplicación) o ejecutar un código arbitrario a través de un archivo de vídeo H.264 Anexo-B elaborado (.avi por ejemplo)", }, ], id: "CVE-2020-13428", lastModified: "2024-11-21T05:01:14.460", metrics: { cvssMetricV2: [ { acInsufInfo: false, baseSeverity: "MEDIUM", cvssData: { accessComplexity: "MEDIUM", accessVector: "NETWORK", authentication: "NONE", availabilityImpact: "PARTIAL", baseScore: 6.8, confidentialityImpact: "PARTIAL", integrityImpact: "PARTIAL", vectorString: "AV:N/AC:M/Au:N/C:P/I:P/A:P", version: "2.0", }, exploitabilityScore: 8.6, impactScore: 6.4, obtainAllPrivilege: false, obtainOtherPrivilege: false, obtainUserPrivilege: false, source: "nvd@nist.gov", type: "Primary", userInteractionRequired: true, }, ], cvssMetricV31: [ { cvssData: { attackComplexity: "LOW", attackVector: "LOCAL", availabilityImpact: "HIGH", baseScore: 7.8, baseSeverity: "HIGH", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "REQUIRED", vectorString: "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", version: "3.1", }, exploitabilityScore: 1.8, impactScore: 5.9, source: "nvd@nist.gov", type: "Primary", }, ], }, published: "2020-06-08T19:15:10.580", references: [ { source: "cve@mitre.org", url: "http://git.videolan.org/?p=vlc/vlc-3.0.git%3Ba=commit%3Bh=d5c43c21c747ff30ed19fcca745dea3481c733e0", }, { source: "cve@mitre.org", tags: [ "Release Notes", "Third Party Advisory", ], url: "https://github.com/videolan/vlc-3.0/releases/tag/3.0.11", }, { source: "cve@mitre.org", tags: [ "Patch", "Third Party Advisory", ], url: "https://github.com/videolan/vlc/commits/master/modules/packetizer/hxxx_nal.c", }, { source: "cve@mitre.org", tags: [ "Third Party Advisory", ], url: "https://www.debian.org/security/2020/dsa-4704", }, { source: "cve@mitre.org", tags: [ "Vendor Advisory", ], url: "https://www.videolan.org/security/sb-vlc3011.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://git.videolan.org/?p=vlc/vlc-3.0.git%3Ba=commit%3Bh=d5c43c21c747ff30ed19fcca745dea3481c733e0", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Release Notes", "Third Party Advisory", ], url: "https://github.com/videolan/vlc-3.0/releases/tag/3.0.11", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Patch", "Third Party Advisory", ], url: "https://github.com/videolan/vlc/commits/master/modules/packetizer/hxxx_nal.c", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", ], url: "https://www.debian.org/security/2020/dsa-4704", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Vendor Advisory", ], url: "https://www.videolan.org/security/sb-vlc3011.html", }, ], sourceIdentifier: "cve@mitre.org", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "CWE-787", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Log in or create an account to share your comment.
Security Advisory comment format.
This schema specifies the format of a comment related to a security advisory.
UUIDv4 of the comment
UUIDv4 of the Vulnerability-Lookup instance
When the comment was created originally
When the comment was last updated
Title of the comment
Description of the comment
The identifier of the vulnerability (CVE ID, GHSA-ID, PYSEC ID, etc.).
Loading…
Loading…
Loading…
Sightings
| Author | Source | Type | Date |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
- Confirmed: The vulnerability is confirmed from an analyst perspective.
- Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
- Patched: This vulnerability was successfully patched by the user reporting the sighting.
- Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
- Not confirmed: The user expresses doubt about the veracity of the vulnerability.
- Not patched: This vulnerability was not successfully patched by the user reporting the sighting.