Bug 1142161 - (CVE-2019-13962) VUL-1: CVE-2019-13962: vlc: lavc_CopyPicture in modules/codec/avcodec/video.c in VideoLAN VLC media player through 3.0.7 has a heap-based buffer over-read because it does not properly validate the width and height.
(CVE-2019-13962)
VUL-1: CVE-2019-13962: vlc: lavc_CopyPicture in modules/codec/avcodec/video.c...
Status: RESOLVED FIXED
Classification: openSUSE
Product: openSUSE Distribution
Classification: openSUSE
Component: Other
Leap 42.3
Other Other
: P4 - Low : Minor (vote)
: ---
Assigned To: Security Team bot
Security Team bot
https://smash.suse.de/issue/237689/
:
Depends on:
Blocks:
  Show dependency treegraph
 
Reported: 2019-07-19 08:41 UTC by Marcus Meissner
Modified: 2020-04-29 10:15 UTC (History)
0 users

See Also:
Found By: Security Response Team
Services Priority:
Business Priority:
Blocker: ---
Marketing QA Status: ---
IT Deployment: ---


Attachments

Note You need to log in before you can comment on or make changes to this bug.
Description Marcus Meissner 2019-07-19 08:41:49 UTC
CVE-2019-13962

lavc_CopyPicture in modules/codec/avcodec/video.c in VideoLAN VLC media player
through 3.0.7 has a heap-based buffer over-read because it does not properly
validate the width and height.

References:
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2019-13962
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-13962
http://www.cvedetails.com/cve/CVE-2019-13962/
https://trac.videolan.org/vlc/ticket/22240
http://git.videolan.org/?p=vlc/vlc-3.0.git;a=commit;h=2b4f9d0b0e0861f262c90e9b9b94e7d53b864509
Comment 1 Swamp Workflow Management 2019-07-31 09:00:31 UTC
This is an autogenerated message for OBS integration:
This bug (1142161) was mentioned in
https://build.opensuse.org/request/show/719998 15.1 / vlc
https://build.opensuse.org/request/show/719999 15.0 / vlc
Comment 2 Swamp Workflow Management 2019-08-08 19:10:43 UTC
openSUSE-SU-2019:1840-1: An update that fixes 7 vulnerabilities is now available.

Category: security (important)
Bug References: 1118586,1138354,1138933,1141522,1142161,1143547,1143549
CVE References: CVE-2018-19857,CVE-2019-12874,CVE-2019-13602,CVE-2019-13962,CVE-2019-5439,CVE-2019-5459,CVE-2019-5460
Sources used:
openSUSE Leap 15.1 (src):    vlc-3.0.7.1-lp151.6.3.1
Comment 3 Swamp Workflow Management 2019-08-15 13:15:17 UTC
openSUSE-SU-2019:1897-1: An update that fixes 7 vulnerabilities is now available.

Category: security (important)
Bug References: 1118586,1138354,1138933,1141522,1142161,1143547,1143549
CVE References: CVE-2018-19857,CVE-2019-12874,CVE-2019-13602,CVE-2019-13962,CVE-2019-5439,CVE-2019-5459,CVE-2019-5460
Sources used:
openSUSE Backports SLE-15-SP1 (src):    vlc-3.0.7.1-bp151.5.3.3
Comment 4 Swamp Workflow Management 2019-08-15 13:20:14 UTC
openSUSE-SU-2019:1909-1: An update that solves 7 vulnerabilities and has three fixes is now available.

Category: security (important)
Bug References: 1093732,1094893,1118586,1133290,1138354,1138933,1141522,1142161,1143547,1143549
CVE References: CVE-2018-19857,CVE-2019-12874,CVE-2019-13602,CVE-2019-13962,CVE-2019-5439,CVE-2019-5459,CVE-2019-5460
Sources used:
openSUSE Leap 15.0 (src):    libaom-1.0.0-lp150.2.1, vlc-3.0.7.1-lp150.8.1
Comment 5 Swamp Workflow Management 2019-08-26 19:11:45 UTC
openSUSE-SU-2019:2015-1: An update that solves 7 vulnerabilities and has three fixes is now available.

Category: security (important)
Bug References: 1093732,1094893,1118586,1133290,1138354,1138933,1141522,1142161,1143547,1143549
CVE References: CVE-2018-19857,CVE-2019-12874,CVE-2019-13602,CVE-2019-13962,CVE-2019-5439,CVE-2019-5459,CVE-2019-5460
Sources used:
openSUSE Backports SLE-15 (src):    libaom-1.0.0-bp150.2.1, vlc-3.0.7.1-bp150.2.6.1
Comment 6 Dominique Leuenberger 2019-12-11 15:13:41 UTC
Update has been released
Comment 7 Swamp Workflow Management 2020-04-23 13:44:48 UTC
openSUSE-SU-2020:0545-1: An update that fixes 12 vulnerabilities is now available.

Category: security (moderate)
Bug References: 1142161,1146428
CVE References: CVE-2019-13602,CVE-2019-13962,CVE-2019-14437,CVE-2019-14438,CVE-2019-14498,CVE-2019-14533,CVE-2019-14534,CVE-2019-14535,CVE-2019-14776,CVE-2019-14777,CVE-2019-14778,CVE-2019-14970
Sources used:
openSUSE Leap 15.1 (src):    vlc-3.0.9.2-lp151.6.6.1
Comment 8 Swamp Workflow Management 2020-04-29 10:15:59 UTC
openSUSE-SU-2020:0562-1: An update that fixes 12 vulnerabilities is now available.

Category: security (moderate)
Bug References: 1142161,1146428
CVE References: CVE-2019-13602,CVE-2019-13962,CVE-2019-14437,CVE-2019-14438,CVE-2019-14498,CVE-2019-14533,CVE-2019-14534,CVE-2019-14535,CVE-2019-14776,CVE-2019-14777,CVE-2019-14778,CVE-2019-14970
Sources used:
openSUSE Backports SLE-15-SP1 (src):    vlc-3.0.9.2-bp151.5.6.1