opensuse-su-2020:0545-1
Vulnerability from csaf_opensuse
Published
2020-04-23 08:12
Modified
2020-04-23 08:12
Summary
Security update for vlc
Notes
Title of the patch
Security update for vlc
Description of the patch
This update for vlc fixes the following issues:
vlc was updated to version 3.0.9.2:
+ Misc: Properly bump the version in configure.ac.
Changes from version 3.0.9.1:
+ Misc: Fix VLSub returning 401 for earch request.
Changes from version 3.0.9:
+ Core: Work around busy looping when playing an invalid item
through VLM.
+ Access:
* Multiple dvdread and dvdnav crashs fixes
* Fixed DVD glitches on clip change
* Fixed dvdread commands/data sequence inversion in some cases causing
unwanted glitches
* Better handling of authored as corrupted DVD
* Added libsmb2 support for SMB2/3 shares
+ Demux:
* Fix TTML entities not passed to decoder
* Fixed some WebVTT styling tags being not applied
* Misc raw H264/HEVC frame rate fixes
* Fix adaptive regression on TS format change (mostly HLS)
* Fixed MP4 regression with twos/sowt PCM audio
* Fixed some MP4 raw quicktime and ms-PCM audio
* Fixed MP4 interlacing handling
* Multiple adaptive stack (DASH/HLS/Smooth) fixes
* Enabled Live seeking for HLS
* Fixed seeking in some cases for HLS
* Improved Live playback for Smooth and DASH
* Fixed adaptive unwanted end of stream in some cases
* Faster adaptive start and new buffering control options
+ Packetizers:
* Fixes H264/HEVC incomplete draining in some cases
* packetizer_helper: Fix potential trailing junk on last packet
* Added missing drain in packetizers that was causing missing
last frame or audio
* Improved check to prevent fLAC synchronization drops
+ Decoder:
* avcodec: revector video decoder to fix incomplete drain
* spudec: implemented palette updates, fixing missing subtitles
on some DVD
* Fixed WebVTT CSS styling not being applied on Windows/macOS
* Fixed Hebrew teletext pages support in zvbi
* Fixed Dav1d aborting decoding on corrupted picture
* Extract and display of all CEA708 subtitles
* Update libfaad to 2.9.1
* Add DXVA support for VP9 Profile 2 (10 bits)
* Mediacodec aspect ratio with Amazon devices
+ Audio output:
* Added support for iOS audiounit audio above 48KHz
* Added support for amem audio up to 384KHz
+ Video output:
* Fix for opengl glitches in some drivers
* Fix GMA950 opengl support on macOS
* YUV to RGB StretchRect fixes with NVIDIA drivers
* Use libpacebo new tone mapping desaturation algorithm
+ Text renderer:
* Fix crashes on macOS with SSA/ASS subtitles containing emoji
* Fixed unwanted growing background in Freetype rendering and Y padding
+ Mux: Fixed some YUV mappings
+ Service Discovery: Update libmicrodns to 0.1.2.
+ Misc:
* Update YouTube, SoundCloud and Vocaroo scripts: this restores
playback of YouTube URLs.
* Add missing .wpl & .zpl file associations on Windows
* Improved chromecast audio quality
Update to version 3.0.8 'vetinari':
+ Fix stuttering for low framerate videos
+ Improve adaptive streaming
+ Improve audio output for external audio devices on macOS/iOS
+ Fix hardware acceleration with Direct3D11 for some AMD drivers
+ Fix WebVTT subtitles rendering
+ Vetinari is a major release changing a lot in the media engine of VLC.
It is one of the largest release we've ever done.
Notably, it:
- activates hardware decoding on all platforms, of H.264 & H.265, 8 & 10bits,
allowing 4K60 or even 8K decoding with little CPU consumption,
- merges all the code from the mobile ports into the same codebase with
common numbering and releases,
- supports 360 video and 3D audio, and prepares for VR content,
- supports direct HDR and HDR tone-mapping,
- updates the audio passthrough for HD Audio codecs,
- allows browsing of local network drives like SMB, FTP, SFTP, NFS...
- stores the passwords securely,
- brings a new subtitle rendering engine, supporting ComplexTextLayout
and font fallback to support multiple languages and fonts,
- supports ChromeCast with the new renderer framework,
- adds support for numerous new formats and codecs, including WebVTT,
AV1, TTML, HQX, 708, Cineform, and many more,
- improves Bluray support with Java menus, aka BD-J,
- updates the macOS interface with major cleaning and improvements,
- support HiDPI UI on Windows, with the switch to Qt5,
- prepares the experimental support for Wayland on Linux, and
switches to OpenGL by default on Linux.
+ Security fixes included:
* Fix a buffer overflow in the MKV demuxer (CVE-2019-14970)
* Fix a read buffer overflow in the avcodec decoder (CVE-2019-13962)
* Fix a read buffer overflow in the FAAD decoder
* Fix a read buffer overflow in the OGG demuxer (CVE-2019-14437, CVE-2019-14438)
* Fix a read buffer overflow in the ASF demuxer (CVE-2019-14776)
* Fix a use after free in the MKV demuxer (CVE-2019-14777, CVE-2019-14778)
* Fix a use after free in the ASF demuxer (CVE-2019-14533)
* Fix a couple of integer underflows in the MP4 demuxer (CVE-2019-13602)
* Fix a null dereference in the dvdnav demuxer
* Fix a null dereference in the ASF demuxer (CVE-2019-14534)
* Fix a null dereference in the AVI demuxer
* Fix a division by zero in the CAF demuxer (CVE-2019-14498)
* Fix a division by zero in the ASF demuxer (CVE-2019-14535)
- Disbale mod-plug for the time being: libmodplug 0.8.9 is not yet available.
- Disable SDL_image (SDL 1.2) based codec. It is only a wrapper around some
image loading libraries (libpng, libjpeg, ...) which are either wrapped
by vlc itself (libpng_plugin.so) or via libavcodec (libavcodec_plugin.so).
Patchnames
openSUSE-2020-545
Terms of use
CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).
{
"document": {
"aggregate_severity": {
"namespace": "https://www.suse.com/support/security/rating/",
"text": "moderate"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright 2024 SUSE LLC. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "Security update for vlc",
"title": "Title of the patch"
},
{
"category": "description",
"text": "This update for vlc fixes the following issues:\n\nvlc was updated to version 3.0.9.2:\n\n+ Misc: Properly bump the version in configure.ac.\n\nChanges from version 3.0.9.1:\n\n+ Misc: Fix VLSub returning 401 for earch request.\n\nChanges from version 3.0.9:\n\n+ Core: Work around busy looping when playing an invalid item\n through VLM.\n+ Access:\n * Multiple dvdread and dvdnav crashs fixes\n * Fixed DVD glitches on clip change\n * Fixed dvdread commands/data sequence inversion in some cases causing\n unwanted glitches\n * Better handling of authored as corrupted DVD\n * Added libsmb2 support for SMB2/3 shares\n+ Demux:\n * Fix TTML entities not passed to decoder\n * Fixed some WebVTT styling tags being not applied\n * Misc raw H264/HEVC frame rate fixes\n * Fix adaptive regression on TS format change (mostly HLS)\n * Fixed MP4 regression with twos/sowt PCM audio\n * Fixed some MP4 raw quicktime and ms-PCM audio\n * Fixed MP4 interlacing handling\n * Multiple adaptive stack (DASH/HLS/Smooth) fixes\n * Enabled Live seeking for HLS\n * Fixed seeking in some cases for HLS\n * Improved Live playback for Smooth and DASH\n * Fixed adaptive unwanted end of stream in some cases\n * Faster adaptive start and new buffering control options\n+ Packetizers:\n * Fixes H264/HEVC incomplete draining in some cases\n * packetizer_helper: Fix potential trailing junk on last packet\n * Added missing drain in packetizers that was causing missing\n last frame or audio\n * Improved check to prevent fLAC synchronization drops\n+ Decoder:\n * avcodec: revector video decoder to fix incomplete drain\n * spudec: implemented palette updates, fixing missing subtitles\n on some DVD\n * Fixed WebVTT CSS styling not being applied on Windows/macOS\n * Fixed Hebrew teletext pages support in zvbi\n * Fixed Dav1d aborting decoding on corrupted picture\n * Extract and display of all CEA708 subtitles\n * Update libfaad to 2.9.1\n * Add DXVA support for VP9 Profile 2 (10 bits)\n * Mediacodec aspect ratio with Amazon devices\n+ Audio output:\n * Added support for iOS audiounit audio above 48KHz\n * Added support for amem audio up to 384KHz\n+ Video output:\n * Fix for opengl glitches in some drivers\n * Fix GMA950 opengl support on macOS\n * YUV to RGB StretchRect fixes with NVIDIA drivers\n * Use libpacebo new tone mapping desaturation algorithm\n+ Text renderer:\n * Fix crashes on macOS with SSA/ASS subtitles containing emoji\n * Fixed unwanted growing background in Freetype rendering and Y padding\n+ Mux: Fixed some YUV mappings\n+ Service Discovery: Update libmicrodns to 0.1.2.\n+ Misc:\n * Update YouTube, SoundCloud and Vocaroo scripts: this restores\n playback of YouTube URLs.\n * Add missing .wpl \u0026 .zpl file associations on Windows\n * Improved chromecast audio quality\n\nUpdate to version 3.0.8 \u0027vetinari\u0027:\n\n+ Fix stuttering for low framerate videos\n+ Improve adaptive streaming\n+ Improve audio output for external audio devices on macOS/iOS\n+ Fix hardware acceleration with Direct3D11 for some AMD drivers\n+ Fix WebVTT subtitles rendering\n+ Vetinari is a major release changing a lot in the media engine of VLC.\n It is one of the largest release we\u0027ve ever done.\n Notably, it:\n - activates hardware decoding on all platforms, of H.264 \u0026 H.265, 8 \u0026 10bits,\n allowing 4K60 or even 8K decoding with little CPU consumption,\n - merges all the code from the mobile ports into the same codebase with\n common numbering and releases,\n - supports 360 video and 3D audio, and prepares for VR content,\n - supports direct HDR and HDR tone-mapping,\n - updates the audio passthrough for HD Audio codecs,\n - allows browsing of local network drives like SMB, FTP, SFTP, NFS...\n - stores the passwords securely,\n - brings a new subtitle rendering engine, supporting ComplexTextLayout\n and font fallback to support multiple languages and fonts,\n - supports ChromeCast with the new renderer framework,\n - adds support for numerous new formats and codecs, including WebVTT,\n AV1, TTML, HQX, 708, Cineform, and many more,\n - improves Bluray support with Java menus, aka BD-J,\n - updates the macOS interface with major cleaning and improvements,\n - support HiDPI UI on Windows, with the switch to Qt5,\n - prepares the experimental support for Wayland on Linux, and\n switches to OpenGL by default on Linux.\n+ Security fixes included:\n * Fix a buffer overflow in the MKV demuxer (CVE-2019-14970)\n * Fix a read buffer overflow in the avcodec decoder (CVE-2019-13962)\n * Fix a read buffer overflow in the FAAD decoder\n * Fix a read buffer overflow in the OGG demuxer (CVE-2019-14437, CVE-2019-14438)\n * Fix a read buffer overflow in the ASF demuxer (CVE-2019-14776)\n * Fix a use after free in the MKV demuxer (CVE-2019-14777, CVE-2019-14778)\n * Fix a use after free in the ASF demuxer (CVE-2019-14533)\n * Fix a couple of integer underflows in the MP4 demuxer (CVE-2019-13602)\n * Fix a null dereference in the dvdnav demuxer\n * Fix a null dereference in the ASF demuxer (CVE-2019-14534)\n * Fix a null dereference in the AVI demuxer\n * Fix a division by zero in the CAF demuxer (CVE-2019-14498)\n * Fix a division by zero in the ASF demuxer (CVE-2019-14535)\n- Disbale mod-plug for the time being: libmodplug 0.8.9 is not yet available.\n\n- Disable SDL_image (SDL 1.2) based codec. It is only a wrapper around some\n image loading libraries (libpng, libjpeg, ...) which are either wrapped\n by vlc itself (libpng_plugin.so) or via libavcodec (libavcodec_plugin.so).\n",
"title": "Description of the patch"
},
{
"category": "details",
"text": "openSUSE-2020-545",
"title": "Patchnames"
},
{
"category": "legal_disclaimer",
"text": "CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).",
"title": "Terms of use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://www.suse.com/support/security/contact/",
"name": "SUSE Product Security Team",
"namespace": "https://www.suse.com/"
},
"references": [
{
"category": "external",
"summary": "SUSE ratings",
"url": "https://www.suse.com/support/security/rating/"
},
{
"category": "self",
"summary": "URL of this CSAF notice",
"url": "https://ftp.suse.com/pub/projects/security/csaf/opensuse-su-2020_0545-1.json"
},
{
"category": "self",
"summary": "URL for openSUSE-SU-2020:0545-1",
"url": "https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/SFHFURFW5IFIHSRDD3YMUC6GB232FD3U/"
},
{
"category": "self",
"summary": "E-Mail link for openSUSE-SU-2020:0545-1",
"url": "https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/SFHFURFW5IFIHSRDD3YMUC6GB232FD3U/"
},
{
"category": "self",
"summary": "SUSE Bug 1142161",
"url": "https://bugzilla.suse.com/1142161"
},
{
"category": "self",
"summary": "SUSE Bug 1146428",
"url": "https://bugzilla.suse.com/1146428"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2019-13602 page",
"url": "https://www.suse.com/security/cve/CVE-2019-13602/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2019-13962 page",
"url": "https://www.suse.com/security/cve/CVE-2019-13962/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2019-14437 page",
"url": "https://www.suse.com/security/cve/CVE-2019-14437/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2019-14438 page",
"url": "https://www.suse.com/security/cve/CVE-2019-14438/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2019-14498 page",
"url": "https://www.suse.com/security/cve/CVE-2019-14498/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2019-14533 page",
"url": "https://www.suse.com/security/cve/CVE-2019-14533/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2019-14534 page",
"url": "https://www.suse.com/security/cve/CVE-2019-14534/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2019-14535 page",
"url": "https://www.suse.com/security/cve/CVE-2019-14535/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2019-14776 page",
"url": "https://www.suse.com/security/cve/CVE-2019-14776/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2019-14777 page",
"url": "https://www.suse.com/security/cve/CVE-2019-14777/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2019-14778 page",
"url": "https://www.suse.com/security/cve/CVE-2019-14778/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2019-14970 page",
"url": "https://www.suse.com/security/cve/CVE-2019-14970/"
}
],
"title": "Security update for vlc",
"tracking": {
"current_release_date": "2020-04-23T08:12:41Z",
"generator": {
"date": "2020-04-23T08:12:41Z",
"engine": {
"name": "cve-database.git:bin/generate-csaf.pl",
"version": "1"
}
},
"id": "openSUSE-SU-2020:0545-1",
"initial_release_date": "2020-04-23T08:12:41Z",
"revision_history": [
{
"date": "2020-04-23T08:12:41Z",
"number": "1",
"summary": "Current version"
}
],
"status": "final",
"version": "1"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_version",
"name": "vlc-lang-3.0.9.2-lp151.6.6.1.noarch",
"product": {
"name": "vlc-lang-3.0.9.2-lp151.6.6.1.noarch",
"product_id": "vlc-lang-3.0.9.2-lp151.6.6.1.noarch"
}
}
],
"category": "architecture",
"name": "noarch"
},
{
"branches": [
{
"category": "product_version",
"name": "libvlc5-3.0.9.2-lp151.6.6.1.x86_64",
"product": {
"name": "libvlc5-3.0.9.2-lp151.6.6.1.x86_64",
"product_id": "libvlc5-3.0.9.2-lp151.6.6.1.x86_64"
}
},
{
"category": "product_version",
"name": "libvlccore9-3.0.9.2-lp151.6.6.1.x86_64",
"product": {
"name": "libvlccore9-3.0.9.2-lp151.6.6.1.x86_64",
"product_id": "libvlccore9-3.0.9.2-lp151.6.6.1.x86_64"
}
},
{
"category": "product_version",
"name": "vlc-3.0.9.2-lp151.6.6.1.x86_64",
"product": {
"name": "vlc-3.0.9.2-lp151.6.6.1.x86_64",
"product_id": "vlc-3.0.9.2-lp151.6.6.1.x86_64"
}
},
{
"category": "product_version",
"name": "vlc-codec-gstreamer-3.0.9.2-lp151.6.6.1.x86_64",
"product": {
"name": "vlc-codec-gstreamer-3.0.9.2-lp151.6.6.1.x86_64",
"product_id": "vlc-codec-gstreamer-3.0.9.2-lp151.6.6.1.x86_64"
}
},
{
"category": "product_version",
"name": "vlc-devel-3.0.9.2-lp151.6.6.1.x86_64",
"product": {
"name": "vlc-devel-3.0.9.2-lp151.6.6.1.x86_64",
"product_id": "vlc-devel-3.0.9.2-lp151.6.6.1.x86_64"
}
},
{
"category": "product_version",
"name": "vlc-jack-3.0.9.2-lp151.6.6.1.x86_64",
"product": {
"name": "vlc-jack-3.0.9.2-lp151.6.6.1.x86_64",
"product_id": "vlc-jack-3.0.9.2-lp151.6.6.1.x86_64"
}
},
{
"category": "product_version",
"name": "vlc-noX-3.0.9.2-lp151.6.6.1.x86_64",
"product": {
"name": "vlc-noX-3.0.9.2-lp151.6.6.1.x86_64",
"product_id": "vlc-noX-3.0.9.2-lp151.6.6.1.x86_64"
}
},
{
"category": "product_version",
"name": "vlc-opencv-3.0.9.2-lp151.6.6.1.x86_64",
"product": {
"name": "vlc-opencv-3.0.9.2-lp151.6.6.1.x86_64",
"product_id": "vlc-opencv-3.0.9.2-lp151.6.6.1.x86_64"
}
},
{
"category": "product_version",
"name": "vlc-qt-3.0.9.2-lp151.6.6.1.x86_64",
"product": {
"name": "vlc-qt-3.0.9.2-lp151.6.6.1.x86_64",
"product_id": "vlc-qt-3.0.9.2-lp151.6.6.1.x86_64"
}
},
{
"category": "product_version",
"name": "vlc-vdpau-3.0.9.2-lp151.6.6.1.x86_64",
"product": {
"name": "vlc-vdpau-3.0.9.2-lp151.6.6.1.x86_64",
"product_id": "vlc-vdpau-3.0.9.2-lp151.6.6.1.x86_64"
}
}
],
"category": "architecture",
"name": "x86_64"
},
{
"branches": [
{
"category": "product_name",
"name": "openSUSE Leap 15.1",
"product": {
"name": "openSUSE Leap 15.1",
"product_id": "openSUSE Leap 15.1",
"product_identification_helper": {
"cpe": "cpe:/o:opensuse:leap:15.1"
}
}
}
],
"category": "product_family",
"name": "SUSE Linux Enterprise"
}
],
"category": "vendor",
"name": "SUSE"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "libvlc5-3.0.9.2-lp151.6.6.1.x86_64 as component of openSUSE Leap 15.1",
"product_id": "openSUSE Leap 15.1:libvlc5-3.0.9.2-lp151.6.6.1.x86_64"
},
"product_reference": "libvlc5-3.0.9.2-lp151.6.6.1.x86_64",
"relates_to_product_reference": "openSUSE Leap 15.1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libvlccore9-3.0.9.2-lp151.6.6.1.x86_64 as component of openSUSE Leap 15.1",
"product_id": "openSUSE Leap 15.1:libvlccore9-3.0.9.2-lp151.6.6.1.x86_64"
},
"product_reference": "libvlccore9-3.0.9.2-lp151.6.6.1.x86_64",
"relates_to_product_reference": "openSUSE Leap 15.1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "vlc-3.0.9.2-lp151.6.6.1.x86_64 as component of openSUSE Leap 15.1",
"product_id": "openSUSE Leap 15.1:vlc-3.0.9.2-lp151.6.6.1.x86_64"
},
"product_reference": "vlc-3.0.9.2-lp151.6.6.1.x86_64",
"relates_to_product_reference": "openSUSE Leap 15.1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "vlc-codec-gstreamer-3.0.9.2-lp151.6.6.1.x86_64 as component of openSUSE Leap 15.1",
"product_id": "openSUSE Leap 15.1:vlc-codec-gstreamer-3.0.9.2-lp151.6.6.1.x86_64"
},
"product_reference": "vlc-codec-gstreamer-3.0.9.2-lp151.6.6.1.x86_64",
"relates_to_product_reference": "openSUSE Leap 15.1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "vlc-devel-3.0.9.2-lp151.6.6.1.x86_64 as component of openSUSE Leap 15.1",
"product_id": "openSUSE Leap 15.1:vlc-devel-3.0.9.2-lp151.6.6.1.x86_64"
},
"product_reference": "vlc-devel-3.0.9.2-lp151.6.6.1.x86_64",
"relates_to_product_reference": "openSUSE Leap 15.1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "vlc-jack-3.0.9.2-lp151.6.6.1.x86_64 as component of openSUSE Leap 15.1",
"product_id": "openSUSE Leap 15.1:vlc-jack-3.0.9.2-lp151.6.6.1.x86_64"
},
"product_reference": "vlc-jack-3.0.9.2-lp151.6.6.1.x86_64",
"relates_to_product_reference": "openSUSE Leap 15.1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "vlc-lang-3.0.9.2-lp151.6.6.1.noarch as component of openSUSE Leap 15.1",
"product_id": "openSUSE Leap 15.1:vlc-lang-3.0.9.2-lp151.6.6.1.noarch"
},
"product_reference": "vlc-lang-3.0.9.2-lp151.6.6.1.noarch",
"relates_to_product_reference": "openSUSE Leap 15.1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "vlc-noX-3.0.9.2-lp151.6.6.1.x86_64 as component of openSUSE Leap 15.1",
"product_id": "openSUSE Leap 15.1:vlc-noX-3.0.9.2-lp151.6.6.1.x86_64"
},
"product_reference": "vlc-noX-3.0.9.2-lp151.6.6.1.x86_64",
"relates_to_product_reference": "openSUSE Leap 15.1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "vlc-opencv-3.0.9.2-lp151.6.6.1.x86_64 as component of openSUSE Leap 15.1",
"product_id": "openSUSE Leap 15.1:vlc-opencv-3.0.9.2-lp151.6.6.1.x86_64"
},
"product_reference": "vlc-opencv-3.0.9.2-lp151.6.6.1.x86_64",
"relates_to_product_reference": "openSUSE Leap 15.1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "vlc-qt-3.0.9.2-lp151.6.6.1.x86_64 as component of openSUSE Leap 15.1",
"product_id": "openSUSE Leap 15.1:vlc-qt-3.0.9.2-lp151.6.6.1.x86_64"
},
"product_reference": "vlc-qt-3.0.9.2-lp151.6.6.1.x86_64",
"relates_to_product_reference": "openSUSE Leap 15.1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "vlc-vdpau-3.0.9.2-lp151.6.6.1.x86_64 as component of openSUSE Leap 15.1",
"product_id": "openSUSE Leap 15.1:vlc-vdpau-3.0.9.2-lp151.6.6.1.x86_64"
},
"product_reference": "vlc-vdpau-3.0.9.2-lp151.6.6.1.x86_64",
"relates_to_product_reference": "openSUSE Leap 15.1"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2019-13602",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2019-13602"
}
],
"notes": [
{
"category": "general",
"text": "An Integer Underflow in MP4_EIA608_Convert() in modules/demux/mp4/mp4.c in VideoLAN VLC media player through 3.0.7.1 allows remote attackers to cause a denial of service (heap-based buffer overflow and crash) or possibly have unspecified other impact via a crafted .mp4 file.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Leap 15.1:libvlc5-3.0.9.2-lp151.6.6.1.x86_64",
"openSUSE Leap 15.1:libvlccore9-3.0.9.2-lp151.6.6.1.x86_64",
"openSUSE Leap 15.1:vlc-3.0.9.2-lp151.6.6.1.x86_64",
"openSUSE Leap 15.1:vlc-codec-gstreamer-3.0.9.2-lp151.6.6.1.x86_64",
"openSUSE Leap 15.1:vlc-devel-3.0.9.2-lp151.6.6.1.x86_64",
"openSUSE Leap 15.1:vlc-jack-3.0.9.2-lp151.6.6.1.x86_64",
"openSUSE Leap 15.1:vlc-lang-3.0.9.2-lp151.6.6.1.noarch",
"openSUSE Leap 15.1:vlc-noX-3.0.9.2-lp151.6.6.1.x86_64",
"openSUSE Leap 15.1:vlc-opencv-3.0.9.2-lp151.6.6.1.x86_64",
"openSUSE Leap 15.1:vlc-qt-3.0.9.2-lp151.6.6.1.x86_64",
"openSUSE Leap 15.1:vlc-vdpau-3.0.9.2-lp151.6.6.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2019-13602",
"url": "https://www.suse.com/security/cve/CVE-2019-13602"
},
{
"category": "external",
"summary": "SUSE Bug 1141522 for CVE-2019-13602",
"url": "https://bugzilla.suse.com/1141522"
},
{
"category": "external",
"summary": "SUSE Bug 1146428 for CVE-2019-13602",
"url": "https://bugzilla.suse.com/1146428"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Leap 15.1:libvlc5-3.0.9.2-lp151.6.6.1.x86_64",
"openSUSE Leap 15.1:libvlccore9-3.0.9.2-lp151.6.6.1.x86_64",
"openSUSE Leap 15.1:vlc-3.0.9.2-lp151.6.6.1.x86_64",
"openSUSE Leap 15.1:vlc-codec-gstreamer-3.0.9.2-lp151.6.6.1.x86_64",
"openSUSE Leap 15.1:vlc-devel-3.0.9.2-lp151.6.6.1.x86_64",
"openSUSE Leap 15.1:vlc-jack-3.0.9.2-lp151.6.6.1.x86_64",
"openSUSE Leap 15.1:vlc-lang-3.0.9.2-lp151.6.6.1.noarch",
"openSUSE Leap 15.1:vlc-noX-3.0.9.2-lp151.6.6.1.x86_64",
"openSUSE Leap 15.1:vlc-opencv-3.0.9.2-lp151.6.6.1.x86_64",
"openSUSE Leap 15.1:vlc-qt-3.0.9.2-lp151.6.6.1.x86_64",
"openSUSE Leap 15.1:vlc-vdpau-3.0.9.2-lp151.6.6.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.0"
},
"products": [
"openSUSE Leap 15.1:libvlc5-3.0.9.2-lp151.6.6.1.x86_64",
"openSUSE Leap 15.1:libvlccore9-3.0.9.2-lp151.6.6.1.x86_64",
"openSUSE Leap 15.1:vlc-3.0.9.2-lp151.6.6.1.x86_64",
"openSUSE Leap 15.1:vlc-codec-gstreamer-3.0.9.2-lp151.6.6.1.x86_64",
"openSUSE Leap 15.1:vlc-devel-3.0.9.2-lp151.6.6.1.x86_64",
"openSUSE Leap 15.1:vlc-jack-3.0.9.2-lp151.6.6.1.x86_64",
"openSUSE Leap 15.1:vlc-lang-3.0.9.2-lp151.6.6.1.noarch",
"openSUSE Leap 15.1:vlc-noX-3.0.9.2-lp151.6.6.1.x86_64",
"openSUSE Leap 15.1:vlc-opencv-3.0.9.2-lp151.6.6.1.x86_64",
"openSUSE Leap 15.1:vlc-qt-3.0.9.2-lp151.6.6.1.x86_64",
"openSUSE Leap 15.1:vlc-vdpau-3.0.9.2-lp151.6.6.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2020-04-23T08:12:41Z",
"details": "important"
}
],
"title": "CVE-2019-13602"
},
{
"cve": "CVE-2019-13962",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2019-13962"
}
],
"notes": [
{
"category": "general",
"text": "lavc_CopyPicture in modules/codec/avcodec/video.c in VideoLAN VLC media player through 3.0.7 has a heap-based buffer over-read because it does not properly validate the width and height.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Leap 15.1:libvlc5-3.0.9.2-lp151.6.6.1.x86_64",
"openSUSE Leap 15.1:libvlccore9-3.0.9.2-lp151.6.6.1.x86_64",
"openSUSE Leap 15.1:vlc-3.0.9.2-lp151.6.6.1.x86_64",
"openSUSE Leap 15.1:vlc-codec-gstreamer-3.0.9.2-lp151.6.6.1.x86_64",
"openSUSE Leap 15.1:vlc-devel-3.0.9.2-lp151.6.6.1.x86_64",
"openSUSE Leap 15.1:vlc-jack-3.0.9.2-lp151.6.6.1.x86_64",
"openSUSE Leap 15.1:vlc-lang-3.0.9.2-lp151.6.6.1.noarch",
"openSUSE Leap 15.1:vlc-noX-3.0.9.2-lp151.6.6.1.x86_64",
"openSUSE Leap 15.1:vlc-opencv-3.0.9.2-lp151.6.6.1.x86_64",
"openSUSE Leap 15.1:vlc-qt-3.0.9.2-lp151.6.6.1.x86_64",
"openSUSE Leap 15.1:vlc-vdpau-3.0.9.2-lp151.6.6.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2019-13962",
"url": "https://www.suse.com/security/cve/CVE-2019-13962"
},
{
"category": "external",
"summary": "SUSE Bug 1142161 for CVE-2019-13962",
"url": "https://bugzilla.suse.com/1142161"
},
{
"category": "external",
"summary": "SUSE Bug 1146428 for CVE-2019-13962",
"url": "https://bugzilla.suse.com/1146428"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Leap 15.1:libvlc5-3.0.9.2-lp151.6.6.1.x86_64",
"openSUSE Leap 15.1:libvlccore9-3.0.9.2-lp151.6.6.1.x86_64",
"openSUSE Leap 15.1:vlc-3.0.9.2-lp151.6.6.1.x86_64",
"openSUSE Leap 15.1:vlc-codec-gstreamer-3.0.9.2-lp151.6.6.1.x86_64",
"openSUSE Leap 15.1:vlc-devel-3.0.9.2-lp151.6.6.1.x86_64",
"openSUSE Leap 15.1:vlc-jack-3.0.9.2-lp151.6.6.1.x86_64",
"openSUSE Leap 15.1:vlc-lang-3.0.9.2-lp151.6.6.1.noarch",
"openSUSE Leap 15.1:vlc-noX-3.0.9.2-lp151.6.6.1.x86_64",
"openSUSE Leap 15.1:vlc-opencv-3.0.9.2-lp151.6.6.1.x86_64",
"openSUSE Leap 15.1:vlc-qt-3.0.9.2-lp151.6.6.1.x86_64",
"openSUSE Leap 15.1:vlc-vdpau-3.0.9.2-lp151.6.6.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"openSUSE Leap 15.1:libvlc5-3.0.9.2-lp151.6.6.1.x86_64",
"openSUSE Leap 15.1:libvlccore9-3.0.9.2-lp151.6.6.1.x86_64",
"openSUSE Leap 15.1:vlc-3.0.9.2-lp151.6.6.1.x86_64",
"openSUSE Leap 15.1:vlc-codec-gstreamer-3.0.9.2-lp151.6.6.1.x86_64",
"openSUSE Leap 15.1:vlc-devel-3.0.9.2-lp151.6.6.1.x86_64",
"openSUSE Leap 15.1:vlc-jack-3.0.9.2-lp151.6.6.1.x86_64",
"openSUSE Leap 15.1:vlc-lang-3.0.9.2-lp151.6.6.1.noarch",
"openSUSE Leap 15.1:vlc-noX-3.0.9.2-lp151.6.6.1.x86_64",
"openSUSE Leap 15.1:vlc-opencv-3.0.9.2-lp151.6.6.1.x86_64",
"openSUSE Leap 15.1:vlc-qt-3.0.9.2-lp151.6.6.1.x86_64",
"openSUSE Leap 15.1:vlc-vdpau-3.0.9.2-lp151.6.6.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2020-04-23T08:12:41Z",
"details": "critical"
}
],
"title": "CVE-2019-13962"
},
{
"cve": "CVE-2019-14437",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2019-14437"
}
],
"notes": [
{
"category": "general",
"text": "The xiph_SplitHeaders function in modules/demux/xiph.h in VideoLAN VLC media player 3.0.7.1 does not check array bounds properly. As a result, a heap-based buffer over-read can be triggered via a crafted .ogg file.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Leap 15.1:libvlc5-3.0.9.2-lp151.6.6.1.x86_64",
"openSUSE Leap 15.1:libvlccore9-3.0.9.2-lp151.6.6.1.x86_64",
"openSUSE Leap 15.1:vlc-3.0.9.2-lp151.6.6.1.x86_64",
"openSUSE Leap 15.1:vlc-codec-gstreamer-3.0.9.2-lp151.6.6.1.x86_64",
"openSUSE Leap 15.1:vlc-devel-3.0.9.2-lp151.6.6.1.x86_64",
"openSUSE Leap 15.1:vlc-jack-3.0.9.2-lp151.6.6.1.x86_64",
"openSUSE Leap 15.1:vlc-lang-3.0.9.2-lp151.6.6.1.noarch",
"openSUSE Leap 15.1:vlc-noX-3.0.9.2-lp151.6.6.1.x86_64",
"openSUSE Leap 15.1:vlc-opencv-3.0.9.2-lp151.6.6.1.x86_64",
"openSUSE Leap 15.1:vlc-qt-3.0.9.2-lp151.6.6.1.x86_64",
"openSUSE Leap 15.1:vlc-vdpau-3.0.9.2-lp151.6.6.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2019-14437",
"url": "https://www.suse.com/security/cve/CVE-2019-14437"
},
{
"category": "external",
"summary": "SUSE Bug 1146428 for CVE-2019-14437",
"url": "https://bugzilla.suse.com/1146428"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Leap 15.1:libvlc5-3.0.9.2-lp151.6.6.1.x86_64",
"openSUSE Leap 15.1:libvlccore9-3.0.9.2-lp151.6.6.1.x86_64",
"openSUSE Leap 15.1:vlc-3.0.9.2-lp151.6.6.1.x86_64",
"openSUSE Leap 15.1:vlc-codec-gstreamer-3.0.9.2-lp151.6.6.1.x86_64",
"openSUSE Leap 15.1:vlc-devel-3.0.9.2-lp151.6.6.1.x86_64",
"openSUSE Leap 15.1:vlc-jack-3.0.9.2-lp151.6.6.1.x86_64",
"openSUSE Leap 15.1:vlc-lang-3.0.9.2-lp151.6.6.1.noarch",
"openSUSE Leap 15.1:vlc-noX-3.0.9.2-lp151.6.6.1.x86_64",
"openSUSE Leap 15.1:vlc-opencv-3.0.9.2-lp151.6.6.1.x86_64",
"openSUSE Leap 15.1:vlc-qt-3.0.9.2-lp151.6.6.1.x86_64",
"openSUSE Leap 15.1:vlc-vdpau-3.0.9.2-lp151.6.6.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.0"
},
"products": [
"openSUSE Leap 15.1:libvlc5-3.0.9.2-lp151.6.6.1.x86_64",
"openSUSE Leap 15.1:libvlccore9-3.0.9.2-lp151.6.6.1.x86_64",
"openSUSE Leap 15.1:vlc-3.0.9.2-lp151.6.6.1.x86_64",
"openSUSE Leap 15.1:vlc-codec-gstreamer-3.0.9.2-lp151.6.6.1.x86_64",
"openSUSE Leap 15.1:vlc-devel-3.0.9.2-lp151.6.6.1.x86_64",
"openSUSE Leap 15.1:vlc-jack-3.0.9.2-lp151.6.6.1.x86_64",
"openSUSE Leap 15.1:vlc-lang-3.0.9.2-lp151.6.6.1.noarch",
"openSUSE Leap 15.1:vlc-noX-3.0.9.2-lp151.6.6.1.x86_64",
"openSUSE Leap 15.1:vlc-opencv-3.0.9.2-lp151.6.6.1.x86_64",
"openSUSE Leap 15.1:vlc-qt-3.0.9.2-lp151.6.6.1.x86_64",
"openSUSE Leap 15.1:vlc-vdpau-3.0.9.2-lp151.6.6.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2020-04-23T08:12:41Z",
"details": "moderate"
}
],
"title": "CVE-2019-14437"
},
{
"cve": "CVE-2019-14438",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2019-14438"
}
],
"notes": [
{
"category": "general",
"text": "A heap-based buffer over-read in xiph_PackHeaders() in modules/demux/xiph.h in VideoLAN VLC media player 3.0.7.1 allows remote attackers to trigger a heap-based buffer over-read via a crafted .ogg file.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Leap 15.1:libvlc5-3.0.9.2-lp151.6.6.1.x86_64",
"openSUSE Leap 15.1:libvlccore9-3.0.9.2-lp151.6.6.1.x86_64",
"openSUSE Leap 15.1:vlc-3.0.9.2-lp151.6.6.1.x86_64",
"openSUSE Leap 15.1:vlc-codec-gstreamer-3.0.9.2-lp151.6.6.1.x86_64",
"openSUSE Leap 15.1:vlc-devel-3.0.9.2-lp151.6.6.1.x86_64",
"openSUSE Leap 15.1:vlc-jack-3.0.9.2-lp151.6.6.1.x86_64",
"openSUSE Leap 15.1:vlc-lang-3.0.9.2-lp151.6.6.1.noarch",
"openSUSE Leap 15.1:vlc-noX-3.0.9.2-lp151.6.6.1.x86_64",
"openSUSE Leap 15.1:vlc-opencv-3.0.9.2-lp151.6.6.1.x86_64",
"openSUSE Leap 15.1:vlc-qt-3.0.9.2-lp151.6.6.1.x86_64",
"openSUSE Leap 15.1:vlc-vdpau-3.0.9.2-lp151.6.6.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2019-14438",
"url": "https://www.suse.com/security/cve/CVE-2019-14438"
},
{
"category": "external",
"summary": "SUSE Bug 1146428 for CVE-2019-14438",
"url": "https://bugzilla.suse.com/1146428"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Leap 15.1:libvlc5-3.0.9.2-lp151.6.6.1.x86_64",
"openSUSE Leap 15.1:libvlccore9-3.0.9.2-lp151.6.6.1.x86_64",
"openSUSE Leap 15.1:vlc-3.0.9.2-lp151.6.6.1.x86_64",
"openSUSE Leap 15.1:vlc-codec-gstreamer-3.0.9.2-lp151.6.6.1.x86_64",
"openSUSE Leap 15.1:vlc-devel-3.0.9.2-lp151.6.6.1.x86_64",
"openSUSE Leap 15.1:vlc-jack-3.0.9.2-lp151.6.6.1.x86_64",
"openSUSE Leap 15.1:vlc-lang-3.0.9.2-lp151.6.6.1.noarch",
"openSUSE Leap 15.1:vlc-noX-3.0.9.2-lp151.6.6.1.x86_64",
"openSUSE Leap 15.1:vlc-opencv-3.0.9.2-lp151.6.6.1.x86_64",
"openSUSE Leap 15.1:vlc-qt-3.0.9.2-lp151.6.6.1.x86_64",
"openSUSE Leap 15.1:vlc-vdpau-3.0.9.2-lp151.6.6.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.0"
},
"products": [
"openSUSE Leap 15.1:libvlc5-3.0.9.2-lp151.6.6.1.x86_64",
"openSUSE Leap 15.1:libvlccore9-3.0.9.2-lp151.6.6.1.x86_64",
"openSUSE Leap 15.1:vlc-3.0.9.2-lp151.6.6.1.x86_64",
"openSUSE Leap 15.1:vlc-codec-gstreamer-3.0.9.2-lp151.6.6.1.x86_64",
"openSUSE Leap 15.1:vlc-devel-3.0.9.2-lp151.6.6.1.x86_64",
"openSUSE Leap 15.1:vlc-jack-3.0.9.2-lp151.6.6.1.x86_64",
"openSUSE Leap 15.1:vlc-lang-3.0.9.2-lp151.6.6.1.noarch",
"openSUSE Leap 15.1:vlc-noX-3.0.9.2-lp151.6.6.1.x86_64",
"openSUSE Leap 15.1:vlc-opencv-3.0.9.2-lp151.6.6.1.x86_64",
"openSUSE Leap 15.1:vlc-qt-3.0.9.2-lp151.6.6.1.x86_64",
"openSUSE Leap 15.1:vlc-vdpau-3.0.9.2-lp151.6.6.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2020-04-23T08:12:41Z",
"details": "moderate"
}
],
"title": "CVE-2019-14438"
},
{
"cve": "CVE-2019-14498",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2019-14498"
}
],
"notes": [
{
"category": "general",
"text": "A divide-by-zero error exists in the Control function of demux/caf.c in VideoLAN VLC media player 3.0.7.1. As a result, an FPE can be triggered via a crafted CAF file.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Leap 15.1:libvlc5-3.0.9.2-lp151.6.6.1.x86_64",
"openSUSE Leap 15.1:libvlccore9-3.0.9.2-lp151.6.6.1.x86_64",
"openSUSE Leap 15.1:vlc-3.0.9.2-lp151.6.6.1.x86_64",
"openSUSE Leap 15.1:vlc-codec-gstreamer-3.0.9.2-lp151.6.6.1.x86_64",
"openSUSE Leap 15.1:vlc-devel-3.0.9.2-lp151.6.6.1.x86_64",
"openSUSE Leap 15.1:vlc-jack-3.0.9.2-lp151.6.6.1.x86_64",
"openSUSE Leap 15.1:vlc-lang-3.0.9.2-lp151.6.6.1.noarch",
"openSUSE Leap 15.1:vlc-noX-3.0.9.2-lp151.6.6.1.x86_64",
"openSUSE Leap 15.1:vlc-opencv-3.0.9.2-lp151.6.6.1.x86_64",
"openSUSE Leap 15.1:vlc-qt-3.0.9.2-lp151.6.6.1.x86_64",
"openSUSE Leap 15.1:vlc-vdpau-3.0.9.2-lp151.6.6.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2019-14498",
"url": "https://www.suse.com/security/cve/CVE-2019-14498"
},
{
"category": "external",
"summary": "SUSE Bug 1146428 for CVE-2019-14498",
"url": "https://bugzilla.suse.com/1146428"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Leap 15.1:libvlc5-3.0.9.2-lp151.6.6.1.x86_64",
"openSUSE Leap 15.1:libvlccore9-3.0.9.2-lp151.6.6.1.x86_64",
"openSUSE Leap 15.1:vlc-3.0.9.2-lp151.6.6.1.x86_64",
"openSUSE Leap 15.1:vlc-codec-gstreamer-3.0.9.2-lp151.6.6.1.x86_64",
"openSUSE Leap 15.1:vlc-devel-3.0.9.2-lp151.6.6.1.x86_64",
"openSUSE Leap 15.1:vlc-jack-3.0.9.2-lp151.6.6.1.x86_64",
"openSUSE Leap 15.1:vlc-lang-3.0.9.2-lp151.6.6.1.noarch",
"openSUSE Leap 15.1:vlc-noX-3.0.9.2-lp151.6.6.1.x86_64",
"openSUSE Leap 15.1:vlc-opencv-3.0.9.2-lp151.6.6.1.x86_64",
"openSUSE Leap 15.1:vlc-qt-3.0.9.2-lp151.6.6.1.x86_64",
"openSUSE Leap 15.1:vlc-vdpau-3.0.9.2-lp151.6.6.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.0"
},
"products": [
"openSUSE Leap 15.1:libvlc5-3.0.9.2-lp151.6.6.1.x86_64",
"openSUSE Leap 15.1:libvlccore9-3.0.9.2-lp151.6.6.1.x86_64",
"openSUSE Leap 15.1:vlc-3.0.9.2-lp151.6.6.1.x86_64",
"openSUSE Leap 15.1:vlc-codec-gstreamer-3.0.9.2-lp151.6.6.1.x86_64",
"openSUSE Leap 15.1:vlc-devel-3.0.9.2-lp151.6.6.1.x86_64",
"openSUSE Leap 15.1:vlc-jack-3.0.9.2-lp151.6.6.1.x86_64",
"openSUSE Leap 15.1:vlc-lang-3.0.9.2-lp151.6.6.1.noarch",
"openSUSE Leap 15.1:vlc-noX-3.0.9.2-lp151.6.6.1.x86_64",
"openSUSE Leap 15.1:vlc-opencv-3.0.9.2-lp151.6.6.1.x86_64",
"openSUSE Leap 15.1:vlc-qt-3.0.9.2-lp151.6.6.1.x86_64",
"openSUSE Leap 15.1:vlc-vdpau-3.0.9.2-lp151.6.6.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2020-04-23T08:12:41Z",
"details": "moderate"
}
],
"title": "CVE-2019-14498"
},
{
"cve": "CVE-2019-14533",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2019-14533"
}
],
"notes": [
{
"category": "general",
"text": "The Control function of demux/asf/asf.c in VideoLAN VLC media player 3.0.7.1 has a use-after-free.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Leap 15.1:libvlc5-3.0.9.2-lp151.6.6.1.x86_64",
"openSUSE Leap 15.1:libvlccore9-3.0.9.2-lp151.6.6.1.x86_64",
"openSUSE Leap 15.1:vlc-3.0.9.2-lp151.6.6.1.x86_64",
"openSUSE Leap 15.1:vlc-codec-gstreamer-3.0.9.2-lp151.6.6.1.x86_64",
"openSUSE Leap 15.1:vlc-devel-3.0.9.2-lp151.6.6.1.x86_64",
"openSUSE Leap 15.1:vlc-jack-3.0.9.2-lp151.6.6.1.x86_64",
"openSUSE Leap 15.1:vlc-lang-3.0.9.2-lp151.6.6.1.noarch",
"openSUSE Leap 15.1:vlc-noX-3.0.9.2-lp151.6.6.1.x86_64",
"openSUSE Leap 15.1:vlc-opencv-3.0.9.2-lp151.6.6.1.x86_64",
"openSUSE Leap 15.1:vlc-qt-3.0.9.2-lp151.6.6.1.x86_64",
"openSUSE Leap 15.1:vlc-vdpau-3.0.9.2-lp151.6.6.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2019-14533",
"url": "https://www.suse.com/security/cve/CVE-2019-14533"
},
{
"category": "external",
"summary": "SUSE Bug 1146428 for CVE-2019-14533",
"url": "https://bugzilla.suse.com/1146428"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Leap 15.1:libvlc5-3.0.9.2-lp151.6.6.1.x86_64",
"openSUSE Leap 15.1:libvlccore9-3.0.9.2-lp151.6.6.1.x86_64",
"openSUSE Leap 15.1:vlc-3.0.9.2-lp151.6.6.1.x86_64",
"openSUSE Leap 15.1:vlc-codec-gstreamer-3.0.9.2-lp151.6.6.1.x86_64",
"openSUSE Leap 15.1:vlc-devel-3.0.9.2-lp151.6.6.1.x86_64",
"openSUSE Leap 15.1:vlc-jack-3.0.9.2-lp151.6.6.1.x86_64",
"openSUSE Leap 15.1:vlc-lang-3.0.9.2-lp151.6.6.1.noarch",
"openSUSE Leap 15.1:vlc-noX-3.0.9.2-lp151.6.6.1.x86_64",
"openSUSE Leap 15.1:vlc-opencv-3.0.9.2-lp151.6.6.1.x86_64",
"openSUSE Leap 15.1:vlc-qt-3.0.9.2-lp151.6.6.1.x86_64",
"openSUSE Leap 15.1:vlc-vdpau-3.0.9.2-lp151.6.6.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.0"
},
"products": [
"openSUSE Leap 15.1:libvlc5-3.0.9.2-lp151.6.6.1.x86_64",
"openSUSE Leap 15.1:libvlccore9-3.0.9.2-lp151.6.6.1.x86_64",
"openSUSE Leap 15.1:vlc-3.0.9.2-lp151.6.6.1.x86_64",
"openSUSE Leap 15.1:vlc-codec-gstreamer-3.0.9.2-lp151.6.6.1.x86_64",
"openSUSE Leap 15.1:vlc-devel-3.0.9.2-lp151.6.6.1.x86_64",
"openSUSE Leap 15.1:vlc-jack-3.0.9.2-lp151.6.6.1.x86_64",
"openSUSE Leap 15.1:vlc-lang-3.0.9.2-lp151.6.6.1.noarch",
"openSUSE Leap 15.1:vlc-noX-3.0.9.2-lp151.6.6.1.x86_64",
"openSUSE Leap 15.1:vlc-opencv-3.0.9.2-lp151.6.6.1.x86_64",
"openSUSE Leap 15.1:vlc-qt-3.0.9.2-lp151.6.6.1.x86_64",
"openSUSE Leap 15.1:vlc-vdpau-3.0.9.2-lp151.6.6.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2020-04-23T08:12:41Z",
"details": "moderate"
}
],
"title": "CVE-2019-14533"
},
{
"cve": "CVE-2019-14534",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2019-14534"
}
],
"notes": [
{
"category": "general",
"text": "In VideoLAN VLC media player 3.0.7.1, there is a NULL pointer dereference at the function SeekPercent of demux/asf/asf.c that will lead to a denial of service attack.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Leap 15.1:libvlc5-3.0.9.2-lp151.6.6.1.x86_64",
"openSUSE Leap 15.1:libvlccore9-3.0.9.2-lp151.6.6.1.x86_64",
"openSUSE Leap 15.1:vlc-3.0.9.2-lp151.6.6.1.x86_64",
"openSUSE Leap 15.1:vlc-codec-gstreamer-3.0.9.2-lp151.6.6.1.x86_64",
"openSUSE Leap 15.1:vlc-devel-3.0.9.2-lp151.6.6.1.x86_64",
"openSUSE Leap 15.1:vlc-jack-3.0.9.2-lp151.6.6.1.x86_64",
"openSUSE Leap 15.1:vlc-lang-3.0.9.2-lp151.6.6.1.noarch",
"openSUSE Leap 15.1:vlc-noX-3.0.9.2-lp151.6.6.1.x86_64",
"openSUSE Leap 15.1:vlc-opencv-3.0.9.2-lp151.6.6.1.x86_64",
"openSUSE Leap 15.1:vlc-qt-3.0.9.2-lp151.6.6.1.x86_64",
"openSUSE Leap 15.1:vlc-vdpau-3.0.9.2-lp151.6.6.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2019-14534",
"url": "https://www.suse.com/security/cve/CVE-2019-14534"
},
{
"category": "external",
"summary": "SUSE Bug 1146428 for CVE-2019-14534",
"url": "https://bugzilla.suse.com/1146428"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Leap 15.1:libvlc5-3.0.9.2-lp151.6.6.1.x86_64",
"openSUSE Leap 15.1:libvlccore9-3.0.9.2-lp151.6.6.1.x86_64",
"openSUSE Leap 15.1:vlc-3.0.9.2-lp151.6.6.1.x86_64",
"openSUSE Leap 15.1:vlc-codec-gstreamer-3.0.9.2-lp151.6.6.1.x86_64",
"openSUSE Leap 15.1:vlc-devel-3.0.9.2-lp151.6.6.1.x86_64",
"openSUSE Leap 15.1:vlc-jack-3.0.9.2-lp151.6.6.1.x86_64",
"openSUSE Leap 15.1:vlc-lang-3.0.9.2-lp151.6.6.1.noarch",
"openSUSE Leap 15.1:vlc-noX-3.0.9.2-lp151.6.6.1.x86_64",
"openSUSE Leap 15.1:vlc-opencv-3.0.9.2-lp151.6.6.1.x86_64",
"openSUSE Leap 15.1:vlc-qt-3.0.9.2-lp151.6.6.1.x86_64",
"openSUSE Leap 15.1:vlc-vdpau-3.0.9.2-lp151.6.6.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
"version": "3.0"
},
"products": [
"openSUSE Leap 15.1:libvlc5-3.0.9.2-lp151.6.6.1.x86_64",
"openSUSE Leap 15.1:libvlccore9-3.0.9.2-lp151.6.6.1.x86_64",
"openSUSE Leap 15.1:vlc-3.0.9.2-lp151.6.6.1.x86_64",
"openSUSE Leap 15.1:vlc-codec-gstreamer-3.0.9.2-lp151.6.6.1.x86_64",
"openSUSE Leap 15.1:vlc-devel-3.0.9.2-lp151.6.6.1.x86_64",
"openSUSE Leap 15.1:vlc-jack-3.0.9.2-lp151.6.6.1.x86_64",
"openSUSE Leap 15.1:vlc-lang-3.0.9.2-lp151.6.6.1.noarch",
"openSUSE Leap 15.1:vlc-noX-3.0.9.2-lp151.6.6.1.x86_64",
"openSUSE Leap 15.1:vlc-opencv-3.0.9.2-lp151.6.6.1.x86_64",
"openSUSE Leap 15.1:vlc-qt-3.0.9.2-lp151.6.6.1.x86_64",
"openSUSE Leap 15.1:vlc-vdpau-3.0.9.2-lp151.6.6.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2020-04-23T08:12:41Z",
"details": "moderate"
}
],
"title": "CVE-2019-14534"
},
{
"cve": "CVE-2019-14535",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2019-14535"
}
],
"notes": [
{
"category": "general",
"text": "A divide-by-zero error exists in the SeekIndex function of demux/asf/asf.c in VideoLAN VLC media player 3.0.7.1. As a result, an FPE can be triggered via a crafted WMV file.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Leap 15.1:libvlc5-3.0.9.2-lp151.6.6.1.x86_64",
"openSUSE Leap 15.1:libvlccore9-3.0.9.2-lp151.6.6.1.x86_64",
"openSUSE Leap 15.1:vlc-3.0.9.2-lp151.6.6.1.x86_64",
"openSUSE Leap 15.1:vlc-codec-gstreamer-3.0.9.2-lp151.6.6.1.x86_64",
"openSUSE Leap 15.1:vlc-devel-3.0.9.2-lp151.6.6.1.x86_64",
"openSUSE Leap 15.1:vlc-jack-3.0.9.2-lp151.6.6.1.x86_64",
"openSUSE Leap 15.1:vlc-lang-3.0.9.2-lp151.6.6.1.noarch",
"openSUSE Leap 15.1:vlc-noX-3.0.9.2-lp151.6.6.1.x86_64",
"openSUSE Leap 15.1:vlc-opencv-3.0.9.2-lp151.6.6.1.x86_64",
"openSUSE Leap 15.1:vlc-qt-3.0.9.2-lp151.6.6.1.x86_64",
"openSUSE Leap 15.1:vlc-vdpau-3.0.9.2-lp151.6.6.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2019-14535",
"url": "https://www.suse.com/security/cve/CVE-2019-14535"
},
{
"category": "external",
"summary": "SUSE Bug 1146428 for CVE-2019-14535",
"url": "https://bugzilla.suse.com/1146428"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Leap 15.1:libvlc5-3.0.9.2-lp151.6.6.1.x86_64",
"openSUSE Leap 15.1:libvlccore9-3.0.9.2-lp151.6.6.1.x86_64",
"openSUSE Leap 15.1:vlc-3.0.9.2-lp151.6.6.1.x86_64",
"openSUSE Leap 15.1:vlc-codec-gstreamer-3.0.9.2-lp151.6.6.1.x86_64",
"openSUSE Leap 15.1:vlc-devel-3.0.9.2-lp151.6.6.1.x86_64",
"openSUSE Leap 15.1:vlc-jack-3.0.9.2-lp151.6.6.1.x86_64",
"openSUSE Leap 15.1:vlc-lang-3.0.9.2-lp151.6.6.1.noarch",
"openSUSE Leap 15.1:vlc-noX-3.0.9.2-lp151.6.6.1.x86_64",
"openSUSE Leap 15.1:vlc-opencv-3.0.9.2-lp151.6.6.1.x86_64",
"openSUSE Leap 15.1:vlc-qt-3.0.9.2-lp151.6.6.1.x86_64",
"openSUSE Leap 15.1:vlc-vdpau-3.0.9.2-lp151.6.6.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.0"
},
"products": [
"openSUSE Leap 15.1:libvlc5-3.0.9.2-lp151.6.6.1.x86_64",
"openSUSE Leap 15.1:libvlccore9-3.0.9.2-lp151.6.6.1.x86_64",
"openSUSE Leap 15.1:vlc-3.0.9.2-lp151.6.6.1.x86_64",
"openSUSE Leap 15.1:vlc-codec-gstreamer-3.0.9.2-lp151.6.6.1.x86_64",
"openSUSE Leap 15.1:vlc-devel-3.0.9.2-lp151.6.6.1.x86_64",
"openSUSE Leap 15.1:vlc-jack-3.0.9.2-lp151.6.6.1.x86_64",
"openSUSE Leap 15.1:vlc-lang-3.0.9.2-lp151.6.6.1.noarch",
"openSUSE Leap 15.1:vlc-noX-3.0.9.2-lp151.6.6.1.x86_64",
"openSUSE Leap 15.1:vlc-opencv-3.0.9.2-lp151.6.6.1.x86_64",
"openSUSE Leap 15.1:vlc-qt-3.0.9.2-lp151.6.6.1.x86_64",
"openSUSE Leap 15.1:vlc-vdpau-3.0.9.2-lp151.6.6.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2020-04-23T08:12:41Z",
"details": "moderate"
}
],
"title": "CVE-2019-14535"
},
{
"cve": "CVE-2019-14776",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2019-14776"
}
],
"notes": [
{
"category": "general",
"text": "A heap-based buffer over-read exists in DemuxInit() in demux/asf/asf.c in VideoLAN VLC media player 3.0.7.1 via a crafted .mkv file.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Leap 15.1:libvlc5-3.0.9.2-lp151.6.6.1.x86_64",
"openSUSE Leap 15.1:libvlccore9-3.0.9.2-lp151.6.6.1.x86_64",
"openSUSE Leap 15.1:vlc-3.0.9.2-lp151.6.6.1.x86_64",
"openSUSE Leap 15.1:vlc-codec-gstreamer-3.0.9.2-lp151.6.6.1.x86_64",
"openSUSE Leap 15.1:vlc-devel-3.0.9.2-lp151.6.6.1.x86_64",
"openSUSE Leap 15.1:vlc-jack-3.0.9.2-lp151.6.6.1.x86_64",
"openSUSE Leap 15.1:vlc-lang-3.0.9.2-lp151.6.6.1.noarch",
"openSUSE Leap 15.1:vlc-noX-3.0.9.2-lp151.6.6.1.x86_64",
"openSUSE Leap 15.1:vlc-opencv-3.0.9.2-lp151.6.6.1.x86_64",
"openSUSE Leap 15.1:vlc-qt-3.0.9.2-lp151.6.6.1.x86_64",
"openSUSE Leap 15.1:vlc-vdpau-3.0.9.2-lp151.6.6.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2019-14776",
"url": "https://www.suse.com/security/cve/CVE-2019-14776"
},
{
"category": "external",
"summary": "SUSE Bug 1146428 for CVE-2019-14776",
"url": "https://bugzilla.suse.com/1146428"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Leap 15.1:libvlc5-3.0.9.2-lp151.6.6.1.x86_64",
"openSUSE Leap 15.1:libvlccore9-3.0.9.2-lp151.6.6.1.x86_64",
"openSUSE Leap 15.1:vlc-3.0.9.2-lp151.6.6.1.x86_64",
"openSUSE Leap 15.1:vlc-codec-gstreamer-3.0.9.2-lp151.6.6.1.x86_64",
"openSUSE Leap 15.1:vlc-devel-3.0.9.2-lp151.6.6.1.x86_64",
"openSUSE Leap 15.1:vlc-jack-3.0.9.2-lp151.6.6.1.x86_64",
"openSUSE Leap 15.1:vlc-lang-3.0.9.2-lp151.6.6.1.noarch",
"openSUSE Leap 15.1:vlc-noX-3.0.9.2-lp151.6.6.1.x86_64",
"openSUSE Leap 15.1:vlc-opencv-3.0.9.2-lp151.6.6.1.x86_64",
"openSUSE Leap 15.1:vlc-qt-3.0.9.2-lp151.6.6.1.x86_64",
"openSUSE Leap 15.1:vlc-vdpau-3.0.9.2-lp151.6.6.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.0"
},
"products": [
"openSUSE Leap 15.1:libvlc5-3.0.9.2-lp151.6.6.1.x86_64",
"openSUSE Leap 15.1:libvlccore9-3.0.9.2-lp151.6.6.1.x86_64",
"openSUSE Leap 15.1:vlc-3.0.9.2-lp151.6.6.1.x86_64",
"openSUSE Leap 15.1:vlc-codec-gstreamer-3.0.9.2-lp151.6.6.1.x86_64",
"openSUSE Leap 15.1:vlc-devel-3.0.9.2-lp151.6.6.1.x86_64",
"openSUSE Leap 15.1:vlc-jack-3.0.9.2-lp151.6.6.1.x86_64",
"openSUSE Leap 15.1:vlc-lang-3.0.9.2-lp151.6.6.1.noarch",
"openSUSE Leap 15.1:vlc-noX-3.0.9.2-lp151.6.6.1.x86_64",
"openSUSE Leap 15.1:vlc-opencv-3.0.9.2-lp151.6.6.1.x86_64",
"openSUSE Leap 15.1:vlc-qt-3.0.9.2-lp151.6.6.1.x86_64",
"openSUSE Leap 15.1:vlc-vdpau-3.0.9.2-lp151.6.6.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2020-04-23T08:12:41Z",
"details": "moderate"
}
],
"title": "CVE-2019-14776"
},
{
"cve": "CVE-2019-14777",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2019-14777"
}
],
"notes": [
{
"category": "general",
"text": "The Control function of demux/mkv/mkv.cpp in VideoLAN VLC media player 3.0.7.1 has a use-after-free.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Leap 15.1:libvlc5-3.0.9.2-lp151.6.6.1.x86_64",
"openSUSE Leap 15.1:libvlccore9-3.0.9.2-lp151.6.6.1.x86_64",
"openSUSE Leap 15.1:vlc-3.0.9.2-lp151.6.6.1.x86_64",
"openSUSE Leap 15.1:vlc-codec-gstreamer-3.0.9.2-lp151.6.6.1.x86_64",
"openSUSE Leap 15.1:vlc-devel-3.0.9.2-lp151.6.6.1.x86_64",
"openSUSE Leap 15.1:vlc-jack-3.0.9.2-lp151.6.6.1.x86_64",
"openSUSE Leap 15.1:vlc-lang-3.0.9.2-lp151.6.6.1.noarch",
"openSUSE Leap 15.1:vlc-noX-3.0.9.2-lp151.6.6.1.x86_64",
"openSUSE Leap 15.1:vlc-opencv-3.0.9.2-lp151.6.6.1.x86_64",
"openSUSE Leap 15.1:vlc-qt-3.0.9.2-lp151.6.6.1.x86_64",
"openSUSE Leap 15.1:vlc-vdpau-3.0.9.2-lp151.6.6.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2019-14777",
"url": "https://www.suse.com/security/cve/CVE-2019-14777"
},
{
"category": "external",
"summary": "SUSE Bug 1146428 for CVE-2019-14777",
"url": "https://bugzilla.suse.com/1146428"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Leap 15.1:libvlc5-3.0.9.2-lp151.6.6.1.x86_64",
"openSUSE Leap 15.1:libvlccore9-3.0.9.2-lp151.6.6.1.x86_64",
"openSUSE Leap 15.1:vlc-3.0.9.2-lp151.6.6.1.x86_64",
"openSUSE Leap 15.1:vlc-codec-gstreamer-3.0.9.2-lp151.6.6.1.x86_64",
"openSUSE Leap 15.1:vlc-devel-3.0.9.2-lp151.6.6.1.x86_64",
"openSUSE Leap 15.1:vlc-jack-3.0.9.2-lp151.6.6.1.x86_64",
"openSUSE Leap 15.1:vlc-lang-3.0.9.2-lp151.6.6.1.noarch",
"openSUSE Leap 15.1:vlc-noX-3.0.9.2-lp151.6.6.1.x86_64",
"openSUSE Leap 15.1:vlc-opencv-3.0.9.2-lp151.6.6.1.x86_64",
"openSUSE Leap 15.1:vlc-qt-3.0.9.2-lp151.6.6.1.x86_64",
"openSUSE Leap 15.1:vlc-vdpau-3.0.9.2-lp151.6.6.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.0"
},
"products": [
"openSUSE Leap 15.1:libvlc5-3.0.9.2-lp151.6.6.1.x86_64",
"openSUSE Leap 15.1:libvlccore9-3.0.9.2-lp151.6.6.1.x86_64",
"openSUSE Leap 15.1:vlc-3.0.9.2-lp151.6.6.1.x86_64",
"openSUSE Leap 15.1:vlc-codec-gstreamer-3.0.9.2-lp151.6.6.1.x86_64",
"openSUSE Leap 15.1:vlc-devel-3.0.9.2-lp151.6.6.1.x86_64",
"openSUSE Leap 15.1:vlc-jack-3.0.9.2-lp151.6.6.1.x86_64",
"openSUSE Leap 15.1:vlc-lang-3.0.9.2-lp151.6.6.1.noarch",
"openSUSE Leap 15.1:vlc-noX-3.0.9.2-lp151.6.6.1.x86_64",
"openSUSE Leap 15.1:vlc-opencv-3.0.9.2-lp151.6.6.1.x86_64",
"openSUSE Leap 15.1:vlc-qt-3.0.9.2-lp151.6.6.1.x86_64",
"openSUSE Leap 15.1:vlc-vdpau-3.0.9.2-lp151.6.6.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2020-04-23T08:12:41Z",
"details": "moderate"
}
],
"title": "CVE-2019-14777"
},
{
"cve": "CVE-2019-14778",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2019-14778"
}
],
"notes": [
{
"category": "general",
"text": "The mkv::virtual_segment_c::seek method of demux/mkv/virtual_segment.cpp in VideoLAN VLC media player 3.0.7.1 has a use-after-free.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Leap 15.1:libvlc5-3.0.9.2-lp151.6.6.1.x86_64",
"openSUSE Leap 15.1:libvlccore9-3.0.9.2-lp151.6.6.1.x86_64",
"openSUSE Leap 15.1:vlc-3.0.9.2-lp151.6.6.1.x86_64",
"openSUSE Leap 15.1:vlc-codec-gstreamer-3.0.9.2-lp151.6.6.1.x86_64",
"openSUSE Leap 15.1:vlc-devel-3.0.9.2-lp151.6.6.1.x86_64",
"openSUSE Leap 15.1:vlc-jack-3.0.9.2-lp151.6.6.1.x86_64",
"openSUSE Leap 15.1:vlc-lang-3.0.9.2-lp151.6.6.1.noarch",
"openSUSE Leap 15.1:vlc-noX-3.0.9.2-lp151.6.6.1.x86_64",
"openSUSE Leap 15.1:vlc-opencv-3.0.9.2-lp151.6.6.1.x86_64",
"openSUSE Leap 15.1:vlc-qt-3.0.9.2-lp151.6.6.1.x86_64",
"openSUSE Leap 15.1:vlc-vdpau-3.0.9.2-lp151.6.6.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2019-14778",
"url": "https://www.suse.com/security/cve/CVE-2019-14778"
},
{
"category": "external",
"summary": "SUSE Bug 1146428 for CVE-2019-14778",
"url": "https://bugzilla.suse.com/1146428"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Leap 15.1:libvlc5-3.0.9.2-lp151.6.6.1.x86_64",
"openSUSE Leap 15.1:libvlccore9-3.0.9.2-lp151.6.6.1.x86_64",
"openSUSE Leap 15.1:vlc-3.0.9.2-lp151.6.6.1.x86_64",
"openSUSE Leap 15.1:vlc-codec-gstreamer-3.0.9.2-lp151.6.6.1.x86_64",
"openSUSE Leap 15.1:vlc-devel-3.0.9.2-lp151.6.6.1.x86_64",
"openSUSE Leap 15.1:vlc-jack-3.0.9.2-lp151.6.6.1.x86_64",
"openSUSE Leap 15.1:vlc-lang-3.0.9.2-lp151.6.6.1.noarch",
"openSUSE Leap 15.1:vlc-noX-3.0.9.2-lp151.6.6.1.x86_64",
"openSUSE Leap 15.1:vlc-opencv-3.0.9.2-lp151.6.6.1.x86_64",
"openSUSE Leap 15.1:vlc-qt-3.0.9.2-lp151.6.6.1.x86_64",
"openSUSE Leap 15.1:vlc-vdpau-3.0.9.2-lp151.6.6.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.0"
},
"products": [
"openSUSE Leap 15.1:libvlc5-3.0.9.2-lp151.6.6.1.x86_64",
"openSUSE Leap 15.1:libvlccore9-3.0.9.2-lp151.6.6.1.x86_64",
"openSUSE Leap 15.1:vlc-3.0.9.2-lp151.6.6.1.x86_64",
"openSUSE Leap 15.1:vlc-codec-gstreamer-3.0.9.2-lp151.6.6.1.x86_64",
"openSUSE Leap 15.1:vlc-devel-3.0.9.2-lp151.6.6.1.x86_64",
"openSUSE Leap 15.1:vlc-jack-3.0.9.2-lp151.6.6.1.x86_64",
"openSUSE Leap 15.1:vlc-lang-3.0.9.2-lp151.6.6.1.noarch",
"openSUSE Leap 15.1:vlc-noX-3.0.9.2-lp151.6.6.1.x86_64",
"openSUSE Leap 15.1:vlc-opencv-3.0.9.2-lp151.6.6.1.x86_64",
"openSUSE Leap 15.1:vlc-qt-3.0.9.2-lp151.6.6.1.x86_64",
"openSUSE Leap 15.1:vlc-vdpau-3.0.9.2-lp151.6.6.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2020-04-23T08:12:41Z",
"details": "moderate"
}
],
"title": "CVE-2019-14778"
},
{
"cve": "CVE-2019-14970",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2019-14970"
}
],
"notes": [
{
"category": "general",
"text": "A vulnerability in mkv::event_thread_t in VideoLAN VLC media player 3.0.7.1 allows remote attackers to trigger a heap-based buffer overflow via a crafted .mkv file.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Leap 15.1:libvlc5-3.0.9.2-lp151.6.6.1.x86_64",
"openSUSE Leap 15.1:libvlccore9-3.0.9.2-lp151.6.6.1.x86_64",
"openSUSE Leap 15.1:vlc-3.0.9.2-lp151.6.6.1.x86_64",
"openSUSE Leap 15.1:vlc-codec-gstreamer-3.0.9.2-lp151.6.6.1.x86_64",
"openSUSE Leap 15.1:vlc-devel-3.0.9.2-lp151.6.6.1.x86_64",
"openSUSE Leap 15.1:vlc-jack-3.0.9.2-lp151.6.6.1.x86_64",
"openSUSE Leap 15.1:vlc-lang-3.0.9.2-lp151.6.6.1.noarch",
"openSUSE Leap 15.1:vlc-noX-3.0.9.2-lp151.6.6.1.x86_64",
"openSUSE Leap 15.1:vlc-opencv-3.0.9.2-lp151.6.6.1.x86_64",
"openSUSE Leap 15.1:vlc-qt-3.0.9.2-lp151.6.6.1.x86_64",
"openSUSE Leap 15.1:vlc-vdpau-3.0.9.2-lp151.6.6.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2019-14970",
"url": "https://www.suse.com/security/cve/CVE-2019-14970"
},
{
"category": "external",
"summary": "SUSE Bug 1146428 for CVE-2019-14970",
"url": "https://bugzilla.suse.com/1146428"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Leap 15.1:libvlc5-3.0.9.2-lp151.6.6.1.x86_64",
"openSUSE Leap 15.1:libvlccore9-3.0.9.2-lp151.6.6.1.x86_64",
"openSUSE Leap 15.1:vlc-3.0.9.2-lp151.6.6.1.x86_64",
"openSUSE Leap 15.1:vlc-codec-gstreamer-3.0.9.2-lp151.6.6.1.x86_64",
"openSUSE Leap 15.1:vlc-devel-3.0.9.2-lp151.6.6.1.x86_64",
"openSUSE Leap 15.1:vlc-jack-3.0.9.2-lp151.6.6.1.x86_64",
"openSUSE Leap 15.1:vlc-lang-3.0.9.2-lp151.6.6.1.noarch",
"openSUSE Leap 15.1:vlc-noX-3.0.9.2-lp151.6.6.1.x86_64",
"openSUSE Leap 15.1:vlc-opencv-3.0.9.2-lp151.6.6.1.x86_64",
"openSUSE Leap 15.1:vlc-qt-3.0.9.2-lp151.6.6.1.x86_64",
"openSUSE Leap 15.1:vlc-vdpau-3.0.9.2-lp151.6.6.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.0"
},
"products": [
"openSUSE Leap 15.1:libvlc5-3.0.9.2-lp151.6.6.1.x86_64",
"openSUSE Leap 15.1:libvlccore9-3.0.9.2-lp151.6.6.1.x86_64",
"openSUSE Leap 15.1:vlc-3.0.9.2-lp151.6.6.1.x86_64",
"openSUSE Leap 15.1:vlc-codec-gstreamer-3.0.9.2-lp151.6.6.1.x86_64",
"openSUSE Leap 15.1:vlc-devel-3.0.9.2-lp151.6.6.1.x86_64",
"openSUSE Leap 15.1:vlc-jack-3.0.9.2-lp151.6.6.1.x86_64",
"openSUSE Leap 15.1:vlc-lang-3.0.9.2-lp151.6.6.1.noarch",
"openSUSE Leap 15.1:vlc-noX-3.0.9.2-lp151.6.6.1.x86_64",
"openSUSE Leap 15.1:vlc-opencv-3.0.9.2-lp151.6.6.1.x86_64",
"openSUSE Leap 15.1:vlc-qt-3.0.9.2-lp151.6.6.1.x86_64",
"openSUSE Leap 15.1:vlc-vdpau-3.0.9.2-lp151.6.6.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2020-04-23T08:12:41Z",
"details": "moderate"
}
],
"title": "CVE-2019-14970"
}
]
}
Loading…
Loading…
Sightings
| Author | Source | Type | Date |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
- Confirmed: The vulnerability is confirmed from an analyst perspective.
- Published Proof of Concept: A public proof of concept is available for this vulnerability.
- Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
- Patched: This vulnerability was successfully patched by the user reporting the sighting.
- Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
- Not confirmed: The user expresses doubt about the veracity of the vulnerability.
- Not patched: This vulnerability was not successfully patched by the user reporting the sighting.
Loading…
Loading…